CCNP Routing and

Switching ROUTE 300-101

Official Cert Guide

Kevin Wallace
CCIE No. 7945

Cisco Press
800 East 96th Street

Indianapolis, IN 46240

10/24/14 3:17 PM
 ii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

CCNP Routing and Switching ROUTE 300-101

Official Cert Guide
Kevin Wallace

Copyright© 2015 Pearson Education, Inc.

Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage and retrieval
system, without written permission from the publisher, except for the inclusion of brief quotations in a
review.

Printed in the United States of America

First Printing November 2014

Library of Congress Control Number: 2014951132

ISBN-13: 978-1-58720-559-0
ISBN-10: 1-58720-559-9

Warning and Disclaimer

This book is designed to provide information about the Cisco ROUTE exam (300-101). Every effort
has been made to make this book as complete and as accurate as possible, but no warranty or fitness is
implied.

The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book or from the use of the discs or programs that may
accompany it.

The opinions expressed in this book belong to the authors and are not necessarily those of Cisco
Systems, Inc.

ROUTE.indb ii
 iii

Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropri-
ately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information.
Use of a term in this book should not be regarded as affecting the validity of any trademark or service
mark.

Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may
include electronic versions; custom cover designs; and content particular to your business, training
goals, marketing focus, or branding interests), please contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.

For government sales inquiries, please contact governmentsales@pearsoned.com.

For questions about sales outside the U.S., please contact international@pearsoned.com.

Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise
of members from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at feedback@ciscopress.com. Please make sure to include the book title and ISBN in your
message.

We greatly appreciate your assistance.

Publisher: Paul Boger Copy Editor: John Edwards

Associate Publisher: Dave Dusthimer Technical Editors: Michelle Plumb,

Michael J. Shannon
Business Operation Manager, Cisco Press:
Jan Cornelssen Editorial Assistant: Vanessa Evans

Executive Editor: Brett Bartow Cover Designer: Mark Shirar

Managing Editor: Sandra Schroeder Composition: Bronkella Publishing

Senior Development Editor: Indexer: Tim Wright

Christopher Cleveland
Proofreader: Debbie Williams
Senior Project Editor: Tonya Simpson

10/24/14 3:17 PM
iv CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

About the Author

Kevin Wallace, CCIEx2 No. 7945 (Route/Switch and Collaboration), is a Certified Cisco
Systems Instructor (CCSI No. 20061) and holds multiple Cisco professional and associ-
ate-level certifications in the Route/Switch, Collaboration, Security, Design, and Data
Center tracks. With Cisco experience dating back to 1989, Kevin has been a network
design specialist for the Walt Disney World Resort, an instructor of Cisco courses for
Skillsoft, and a network manager for Eastern Kentucky University.

Currently, Kevin produces video courses and writes books for Cisco Press/Pearson IT
Certification (http://kwtrain.com/books). Also, he owns and operates Kevin Wallace
Training, LLC (http://kwtrain.com), a provider of self-paced training materials that sim-
plify computer networking. Kevin holds a Bachelor of Science degree in electrical engi-
neering from the University of Kentucky, and he lives in central Kentucky with his wife
(Vivian) and two daughters (Sabrina and Stacie).

Kevin can be followed on these social media platforms:

Blog: http://kwtrain.com

Twitter: http://twitter.com/kwallaceccie

Facebook: http://facebook.com/kwallaceccie

YouTube: http://youtube.com/kwallaceccie

LinkedIn: http://linkedin.com/in/kwallaceccie

Google+: http://google.com/+KevinWallace
 v

About the Technical Reviewers

Michelle Plumb is a full-time CCSI (Certified Cisco Systems Instructor) as well as being
certified as a Cisco Leading Classroom Virtual Instructor for Skillsoft. Michelle has 25
plus years’ experience in the field as an IT professional and telephony specialist. She
maintains a high level of Cisco, Microsoft, and CompTIA certifications. Michelle has
been a technical reviewer for numerous books related to the Cisco CCNP Routing and
Switching, CCNP Voice, and CompTIA course material tracks. She has also written
numerous articles around training and implementation of modern technologies. When
she is not busy trying out the latest technology gadgets, she spends time at home in
Phoenix, Arizona, with her husband and two dogs.

Michael J. Shannon began his career in IT when he transitioned from a studio recording
engineer to a network technician for a large telecom in the early 1990s. He soon began
to focus on security and was one of the first to attain the Certified HIPAA Security
Specialist (CHSS) certification. He has worked as an employee, contractor, and con-
sultant for a number of large companies including Platinum Technologies, MindSharp,
IBM, State Farm, Fujitsu, Skillsoft, Pearson PLC, and several others. He has attained
the following certifications: CCSI No. 32364, CISSP, CCSP/CCNP Security, ITIL 2011
Intermediate SO/RCV, CWNA, MCSE, Security+, and Network+. He has authored
several books and written several articles concerning HealthCare IT Security. He resides
with his wife in Corpus Christi, Texas.

10/24/14 3:17 PM
 vi CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Dedication
For the greatest teachers in my life. Career: my role model, Walter Elias Disney.
Mentally: authors Zig Ziglar and Anthony Robbins. Spiritually: Pastors Dr. Virgil Grant
and Michael Denney. Physically: personal trainers Christopher Poe and Terri Stein (along
with all the trainers at Edge Body Boot Camp). Emotionally: the wisest person I know,
my best friend and wife, Vivian Wallace.

ROUTE.indb vi
 vii

Acknowledgments
I am very grateful to executive editor Brett Bartow. Over the years, Brett has given me
many opportunities to reach people in the Cisco community through books and videos.
Also, thanks to the entire team at Cisco Press. Working with each of you is a pleasure.

To my friend Wendell Odom, who made major contributions to this book, thank you
for all you’ve done for the Cisco community. Thanks also go out to technical editors
Michelle Plumb and Michael Shannon. I’ve had the privilege of working with each of
you and respect how deeply you care about your students.

What I do would be impossible without support from my wife, Vivian, and my daugh-
ters, Stacie and Sabrina. Knowing that you are cheering me on means more to me than
you know.

Finally, thanks to Jesus Christ, the source of my strength.

10/24/14 3:17 PM
 viii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Contents at a Glance
Introduction xxix

Part I Fundamental Routing Concepts

Chapter 1 Characteristics of Routing Protocols 3

Chapter 2 Remote Site Connectivity 47

Part II IGP Routing Protocols

Chapter 3 IPv6 Review and RIPng 71

Chapter 4 Fundamental EIGRP Concepts 121

Chapter 5 Advanced EIGRP Concepts 155

Chapter 6 EIGRP for IPv6 and Named EIGRP 233

Chapter 7 Fundamental OSPF Concepts 259

Chapter 8 The OSPF Link-State Database 301

Chapter 9 Advanced OSPF Concepts 345

Part III Route Redistribution and Selection

Chapter 10 Route Redistribution 399

Chapter 11 Route Selection 471

Part IV Internet Connectivity

Chapter 12 Fundamentals of Internet Connectivity 511

Chapter 13 Fundamental BGP Concepts 533

Chapter 14 Advanced BGP Concepts 595

Chapter 15 IPv6 Internet Connectivity 669

Part V Router and Routing Security

Chapter 16 Fundamental Router Security Concepts 701

Chapter 17 Routing Protocol Authentication 737

Part VI Final Preparation

Chapter 18 Final Preparation 769

ROUTE.indb viii
 ix

Part VII Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 779

Appendix B ROUTE Exam Updates 805

Appendix C Conversion Tables 809

Index 812

CD-Only Appendixes and Glossary

Appendix D Memory Tables

Appendix E Memory Tables Answer Key

Appendix F Completed Planning Practice Tables

Appendix G Study Planner

Glossary

10/24/14 3:17 PM
Contents
Introduction xxix

Part I Fundamental Routing Concepts

Chapter 1 Characteristics of Routing Protocols 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Routing Protocol Fundamentals 6
The Role of Routing in an Enterprise Network 6
Routing Protocol Selection 7
Scalability 8
Vendor Interoperability 8
IT Staff’s Familiarity with Protocol 9
Speed of Convergence 9
Capability to Perform Summarization 9
Interior or Exterior Routing 10
Routing Protocol Categories 11
Network Technology Fundamentals 16
Network Traffic Types 16
Unicast 16
Broadcast 16
Multicast 17
Anycast 18
Network Architecture Types 19
Point-to-Point Network 19
Broadcast Network 19
NBMA 20
TCP/IP Fundamentals 21
IP Characteristics 21
Routing Review 24
Asymmetric Routing 27
Maximum Transmission Unit 30
ICMP Messages 30
TCP Characteristics 31
Three-Way Handshake 33
TCP Sliding Window 33
Out-of-Order Delivery 35
UDP Characteristics 35
 xi

Network Migration Strategies 36

Routing Protocol Changes 36
IPv6 Migration 37
Spanning Tree Protocol Migration 38
Migration to Easy Virtual Networking 39
Exam Preparation Tasks 42
Planning Practice 42
Design Review Table 42
Implementation Plan Peer Review Table 43
Review All the Key Topics 44
Complete the Tables and Lists from Memory 45
Definitions of Key Terms 45

Chapter 2 Remote Site Connectivity 47

“Do I Know This Already?” Quiz 47
Foundation Topics 50
Remote Connectivity Overview 50
MPLS-Based Virtual Private Networks 50
Tunnel-Based Virtual Private Networks 50
Hybrid Virtual Private Networks 51
MPLS VPN 51
Layer 2 MPLS VPN 51
Layer 3 MPLS VPN 52
GRE 53
DMVPN 56
Multipoint GRE 57
NHRP 59
IPsec 61
Exam Preparation Tasks 66
Planning Practice 66
Design Review Table 66
Implementation Plan Peer Review Table 67
Create an Implementation Plan Table 68
Choose Commands for a Verification Plan Table 68
Review All the Key Topics 69
Complete the Tables and Lists from Memory 69
Define Key Terms 69
xii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Part II IGP Routing Protocols

Chapter 3 IPv6 Review and RIPng 71

“Do I Know This Already?” Quiz 71
Foundation Topics 75
Global Unicast Addressing, Routing, and Subnetting 76
Global Route Aggregation for Efficient Routing 77
Conventions for Representing IPv6 Addresses 79
Conventions for Writing IPv6 Prefixes 80
Global Unicast Prefix Assignment Example 82
Subnetting Global Unicast IPv6 Addresses Inside an Enterprise 84
Prefix Terminology 87
IPv6 Global Unicast Addresses Assignment 87
Stateful DHCP for IPv6 88
Stateless Autoconfiguration 89
Learning the Prefix/Length and Default Router with NDP Router
Advertisements 89
Calculating the Interface ID Using EUI-64 91
Finding the DNS IP Addresses Using Stateless DHCP 92
Static IPv6 Address Configuration 93
Survey of IPv6 Addressing 93
Overview of IPv6 Addressing 93
Unicast IPv6 Addresses 94
Unique Local IPv6 Addresses 94
Link-local Unicast Addresses 95
IPv6 Unicast Address Summary 96
Multicast and Other Special IPv6 Addresses 97
Layer 2 Addressing Mapping and Duplicate Address Detection 97
Neighbor Discovery Protocol for Layer 2 Mapping 98
Duplicate Address Detection (DAD) 99
Inverse Neighbor Discovery 99
Configuring IPv6 Addresses on Cisco Routers 100
Configuring Static IPv6 Addresses on Routers 101
Multicast Groups Joined by IPv6 Router Interfaces 103
Connected Routes and Neighbors 104
The IPv6 Neighbor Table 104
Stateless Autoconfiguration 105
 xiii

RIP Next Generation (RIPng) 107

RIPng: Theory and Comparisons to RIPv2 108
Configuring RIPng 109
Verifying RIPng 112
Exam Preparation Tasks 115
Planning Practice 115
Design Review Table 115
Implementation Plan Peer Review Table 115
Create an Implementation Plan Table 116
Choose Commands for a Verification Plan Table 117
Review All the Key Topics 118
Complete the Tables and Lists from Memory 118
Define Key Terms 118

Chapter 4 Fundamental EIGRP Concepts 121

“Do I Know This Already?” Quiz 121
Foundation Topics 125
EIGRP Fundamentals 125
Configuration Review 125
Verification Review 127
Internals Review 131
Exchanging Topology Information 131
Calculating the Best Routes for the Routing Table 132
EIGRP Neighborships 134
Manipulating EIGRP Hello and Hold Timers 134
Configuring the Hello/Hold Timers 135
Verifying the Hello/Hold Timers 137
Preventing Unwanted Neighbors Using Passive Interfaces 138
Controlling Neighborships with Static Configuration 141
Configuring Static EIGRP Neighbors 142
Caveat When Using EIGRP Static Neighbors 143
Configuration Settings That Could Prevent Neighbor Relationships 144
Configuring EIGRP Metric Components (K-values) 145
EIGRP Router ID 146
Neighborship over WANs 147
Neighborship on Frame Relay 147
Neighborship on MPLS VPN 148
Neighborship on Metro Ethernet 149
xiv CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Exam Preparation Tasks 150

Planning Practice 150
Design Review Table 150
Implementation Plan Peer Review Table 150
Create an Implementation Plan Table 151
Choose Commands for a Verification Plan Table 151
Review All the Key Topics 152
Complete the Tables and Lists from Memory 153
Define Key Terms 153

Chapter 5 Advanced EIGRP Concepts 155

“Do I Know This Already?” Quiz 155
Foundation Topics 162
Building the EIGRP Topology Table 162
Seeding the EIGRP Topology Table 162
The Content of EIGRP Update Message 163
The EIGRP Update Process 166
WAN Issues for EIGRP Topology Exchange 167
Split Horizon Default on Frame Relay Multipoint Subinterfaces 167
EIGRP WAN Bandwidth Control 170
Building the IP Routing Table 172
Calculating the Metrics: Feasible Distance and Reported Distance 172
EIGRP Metric Tuning 174
Configuring Bandwidth and Delay 175
Choosing Bandwidth Settings on WAN Subinterfaces 175
Metric Weights (K-values) 178
Offset Lists 178
Unequal Metric Route Load Sharing 180
Optimizing EIGRP Convergence 183
Fast Convergence to Feasible Successors 183
Successor and Feasible Successor Concepts 184
Verification of Feasible Successors 185
Converging by Going Active 188
The Impact of Stub Routers on Query Scope 190
The Impact of Summary Routes on Query Scope 192
Stuck in Active 193
 xv

Route Filtering 194

Filtering by Referencing ACLs 196
Filtering by Referencing IP Prefix Lists 198
IP Prefix List Concepts 199
Samples of Prefix List Matching 201
Using IP Prefix Lists to Filter EIGRP Routes 202
Filtering by Using Route Maps 204
Route Map Concepts 204
Using Route Maps to Filter EIGRP Routes 206
Route Summarization 208
Calculating Summary Routes 209
Choosing Where to Summarize Routes 209
Influencing the Choice of Best Route for Summary Routes 210
Suboptimal Forwarding with Summarization 211
Route Summarization Benefits and Trade-offs 213
Configuring EIGRP Route Summarization 213
Auto-summary 217
Default Routes 219
Default Routing to the Internet Router 219
Default Routing Configuration with EIGRP 220
Advertising Static Default Routes with EIGRP 220
Configuring a Default Network 221
Exam Preparation Tasks 225
Planning Practice 225
Design Review Table 225
Implementation Plan Peer Review Table 226
Create an Implementation Plan Table 227
Choose Commands for a Verification Plan Table 228
Review All the Key Topics 229
Complete the Tables and Lists from Memory 230
Define Key Terms 230

Chapter 6 EIGRP for IPv6 and Named EIGRP 233

“Do I Know This Already?” Quiz 233
Foundation Topics 236
EIGRP for IPv6 236
EIGRP for IPv4 and IPv6: Theory and Comparisons 236
Configuring EIGRP for IPv6 237
Verifying EIGRP for IPv6 240
xvi CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Named EIGRP 243

The Named EIGRP Hierarchical Structure 244
Traditional EIGRP and Named EIGRP Configurations Compared 245
Verifying Named EIGRP 250
Exam Preparation Tasks 253
Planning Practice 253
Design Review Table 253
Implementation Plan Peer Review Table 253
Create an Implementation Plan Table 254
Choose Commands for a Verification Plan Table 255
Review All the Key Topics 255
Complete the Tables and Lists from Memory 256
Define Key Terms 256

Chapter 7 Fundamental OSPF Concepts 259

“Do I Know This Already?” Quiz 259
Foundation Topics 263
OSPF Review 263
OSPF Link-State Concepts 263
OSPF Configuration Review 266
OSPF Verification Review 268
OSPF Feature Summary 271
OSPF Neighbors and Adjacencies on LANs 272
Enabling OSPF Neighbor Discovery on LANs 272
Settings That Must Match for OSPF Neighborship 274
Optimizing Convergence Using Hello and Dead Timers 275
Using a Unique OSPF Router ID 278
Using the Same IP MTU 279
OSPF Neighbors and Adjacencies on WANs 281
OSPF Network Types 281
OSPF Neighborship over Point-to-Point Links 282
Neighborship over Frame Relay Point-to-Point Subinterfaces 284
Neighborship on MPLS VPN 285
Neighborship on Metro Ethernet 287
Virtual Links 288
Understanding OSPF Virtual Link Concepts 289
Configuring OSPF Virtual Links 291
Verifying the OSPF Virtual Link 292
 xvii

Exam Preparation Tasks 295

Planning Practice 295
Design Review Table 295
Implementation Plan Peer Review Table 295
Create an Implementation Plan Table 296
Choose Commands for a Verification Plan Table 297
Review All the Key Topics 298
Complete the Tables and Lists from Memory 299
Define Key Terms 299

Chapter 8 The OSPF Link-State Database 301

“Do I Know This Already?” Quiz 301
Foundation Topics 305
LSAs and the OSPF Link-State Database 305
LSA Type 1: Router LSA 306
LSA Type 2: Network LSA 312
Background on Designated Routers 312
Type 2 Network LSA Concepts 312
Type 2 LSA show Commands 313
LSA Type 3: Summary LSA 317
Limiting the Number of LSAs 320
Summary of Internal LSA Types 321
The Database Exchange Process 321
OSPF Message and Neighbor State Reference 322
Exchange Without a Designated Router 323
Discovering a Description of the Neighbor’s LSDB 324
Exchanging the LSAs 325
Exchange with a Designated Router 326
Flooding Throughout the Area 328
Periodic Flooding 329
Choosing the Best OSPF Routes 330
OSPF Metric Calculation for Internal OSPF Routes 330
Calculating the Cost of Intra-Area Routes 331
Calculating the Cost of Interarea Routes 332
Special Rules Concerning Intra-Area and Interarea Routes on
ABRs 336
Metric and SPF Calculations 337
xviii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Metric Tuning 337

Changing the Reference Bandwidth 338
Setting Bandwidth 338
Configuring Cost Directly 339
Verifying OSPF Cost Settings 339
Exam Preparation Tasks 340
Planning Practice 340
Design Review Table 340
Implementation Plan Peer Review Table 340
Create an Implementation Plan Table 341
Choose Commands for a Verification Plan Table 342
Review All the Key Topics 343
Complete the Tables and Lists from Memory 343
Define Key Terms 343

Chapter 9 Advanced OSPF Concepts 345

“Do I Know This Already?” Quiz 345
Foundation Topics 350
Route Filtering 350
Type 3 LSA Filtering 351
Filtering OSPF Routes Added to the Routing Table 355
Route Summarization 356
Manual Summarization at ABRs 357
Manual Summarization at ASBRs 360
Default Routes and Stub Areas 361
Domain-Wide Defaults Using the default-information originate
Command 362
Stubby Areas 364
Introducing Stubby Area Types 365
Configuring and Verifying Stubby Areas 366
Configuring and Verifying Totally Stubby Areas 371
The Not-So-Stubby Area (NSSA) 374
OSPF Version 3 376
OSPFv2 and OSPFv3 Comparison 376
OSPFv3 Traditional Configuration 377
OSPFv3 Address Family Configuration 384
Exam Preparation Tasks 392
 xix

Planning Practice 392

Design Review Table 392
Implementation Plan Peer Review Table 393
Create an Implementation Plan Table 394
Choose Commands for a Verification Plan Table 394
Review All the Key Topics 396
Complete the Tables and Lists from Memory 396
Define Key Terms 396

Part III Route Redistribution and Selection

Chapter 10 Route Redistribution 399

“Do I Know This Already?” Quiz 399
Foundation Topics 405
Route Redistribution Basics 405
The Need for Route Redistribution 405
Redistribution Concepts and Processes 408
Redistribution into EIGRP 410
EIGRP redistribute Command Reference 410
Baseline Configuration for EIGRP Redistribution Examples 411
Configuring EIGRP Redistribution with Default Metric Components 412
Verifying EIGRP Redistribution 415
Redistribution into OSPF 417
OSPF redistribute Command Reference 418
Configuring OSPF Redistribution with Minimal Parameters 419
Setting OSPF Metrics on Redistributed Routes 423
LSAs and Metrics for External Type 2 Routes 423
Determining the Next Hop for Type 2 External Routes—
Intra-area 425
Determining the Next Hop for Type 2 External Routes—Interarea 427
Redistributing into OSPF as E1 Routes 431
A Brief Comparison of E1 and E2 Routes 432
External Routes in NSSAs 433
Redistribution with Route Maps and Distribute Lists 436
Overview of Using Route Maps with Redistribution 436
Filtering Redistributed Routes with Route Maps 438
Configuring Route Filtering with Redistribution 439
Verifying Redistribution Filtering Operations 441
xx CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Setting Metrics When Redistributing 443

Configuring the Metric Settings 443
Verifying the Metric Settings 445
Setting the External Route Type 446
Redistribution Filtering with the distribute-list Command 447
Issues with Multiple Redistribution Points 447
Preventing Routing Domain Loops with Higher Metrics 448
Preventing Routing Domain Loops with Administrative Distance 449
EIGRP Default AD Defeats Loop from EIGRP to OSPF to EIGRP 450
EIGRP Default AD Defeats Loop from OSPF to EIGRP to OSPF 451
Setting AD per Route Source for Internal and External Routes 452
Domain Loop Problems with More Than Two Routing Domains 453
Using Per-Route Administrative Distance Settings 454
Preventing Domain Loops by Filtering on Subnet While
Redistributing 458
Preventing Domain Loops by Filtering on Route Tag Using Distribute
Lists 459
Exam Preparation Tasks 462
Planning Practice 462
Design Review Table 462
Implementation Plan Peer Review Table 463
Create an Implementation Plan Table 465
Choose Commands for a Verification Plan Table 465
Review All the Key Topics 467
Complete the Tables and Lists from Memory 468
Define Key Terms 468

Chapter 11 Route Selection 471

“Do I Know This Already?” Quiz 471
Foundation Topics 476
Cisco Express Forwarding 476
Operation of Process Switching 476
Operation of Fast Switching 477
Operation of Cisco Express Forwarding 478
Policy-Based Routing 483
Matching the Packet and Setting the Route 484
PBR Configuration Example 485
How the default Keyword Impacts PBR Logic Ordering 488
 xxi

Additional PBR Functions 489

Applying PBR to Locally Created Packets 489
Setting IP Precedence 489
PBR with IP SLA 490
IP Service-Level Agreement 490
Understanding IP SLA Concepts 491
Configuring and Verifying IP SLA 492
Tracking SLA Operations to Influence Routing 496
Configuring a Static Route to Track an IP SLA Operation 496
Configuring PBR to Track an IP SLA 499
VRF-Lite 499
VRF-Lite Configuration 500
VRF Verification 502
Exam Preparation Tasks 505
Planning Practice 505
Design Review Table 505
Implementation Plan Peer Review Table 506
Create an Implementation Plan Table 507
Choose Commands for a Verification Plan Table 507
Review All the Key Topics 508
Complete the Tables and Lists from Memory 509
Definitions of Key Terms 509

Part IV Internet Connectivity

Chapter 12 Fundamentals of Internet Connectivity 511

“Do I Know This Already?” Quiz 511
Foundation Topics 514
Provider-Assigned IPv4 Addresses 514
Static IP Address Assignment 514
Dynamic IP Address Assignment 516
NAT 518
Basic NAT 518
Dynamic NAT Configuration and Verification 520
Static NAT Configuration and Verification 522
PAT 523
NAT Design Considerations 526
NVI 526
Exam Preparation Tasks 528
xxii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Planning Practice 528

Design Review Table 528
Implementation Plan Peer Review Table 528
Create an Implementation Plan Table 529
Choose Commands for a Verification Plan Table 530
Review All the Key Topics 531
Complete the Tables and Lists from Memory 531
Define Key Terms 531

Chapter 13 Fundamental BGP Concepts 533

“Do I Know This Already?” Quiz 533
Foundation Topics 539
The Basics of Internet Routing and Addressing 539
Public IP Address Assignment 540
Internet Route Aggregation 541
The Impact of NAT/PAT 543
Private IPv4 Addresses and Other Special Addresses 544
Introduction to BGP 545
BGP Basics 545
BGP ASNs and the AS_SEQ Path Attribute 546
Internal and External BGP 549
Public and Private ASNs 550
Outbound Routing Toward the Internet 551
Comparing BGP and Default Routing for Enterprises 551
Single-Homed 553
Dual-Homed 554
Preferring One Path over Another for All Destinations 556
Choosing One Path over Another Using BGP 557
Partial and Full BGP Updates 559
Single-Multihomed 561
Dual-Multihomed 562
External BGP for Enterprises 563
eBGP Neighbor Configuration 564
Requirements for Forming eBGP Neighborships 565
Issues When Redundancy Exists Between eBGP Neighbors 567
eBGP Multihop Concepts 569
BGP Internals and Verifying eBGP Neighbors 570
Verifying eBGP Neighbor Status 571
Administratively Controlling Neighbor Status 574
BGP Message Summary 576
 xxiii

Verifying the BGP Table 576

The BGP Update Message 577
Examining the BGP Table 577
Viewing Subsets of the BGP Table 580
Injecting Routes into BGP for Advertisement to the ISPs 583
Injecting Routes Using the network Command 583
The Effect of auto-summary on the BGP network Command 585
Injecting Routes Using Redistribution 585
Exam Preparation Tasks 588
Planning Practice 588
Design Review Table 588
Implementation Plan Peer Review Table 589
Create an Implementation Plan Table 589
Choose Commands for a Verification Plan Table 590
Review All the Key Topics 591
Complete the Tables and Lists from Memory 592
Define Key Terms 593

Chapter 14 Advanced BGP Concepts 595

“Do I Know This Already?” Quiz 597
Foundation Topics 602
Internal BGP Between Internet-Connected Routers 602
Establishing the Need for iBGP with Two Internet-Connected
Routers 602
Configuring iBGP 603
Verifying iBGP 606
Examining iBGP BGP Table Entries 607
Understanding Next-Hop Reachability Issues with iBGP 611
Ensuring That Routes Exist to the Next-Hop Address 612
Using neighbor neighbor-ip next-hop-self to Change the Next-Hop
Address 613
Avoiding Routing Loops When Forwarding Toward the Internet 614
Using an iBGP Mesh 616
IGP Redistribution and BGP Synchronization 618
Route Filtering and Clearing BGP Peers 620
BGP Filtering Overview 620
Inbound and Outbound BGP Filtering on Prefix/Length 621
Clearing BGP Neighbors 625
xxiv CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Displaying the Results of BGP Filtering 627

Peer Groups 629
BGP Path Attributes and Best-Path Algorithm 631
BGP Path Attributes 631
Overview of the BGP Best-Path Algorithm 633
Perspectives on the Core Eight Best-Path Steps 635
Memorization Tips for BGP Best Path 636
Influencing an Enterprise’s Outbound Routes 637
Influencing BGP Weight 637
Sample Internetwork Used in the Weight Examples 638
Setting the BGP Administrative Weight Using a Route Map 642
Setting Weight Using the neighbor weight Command 643
Setting the Local Preference 644
Sample Internetwork Used in the Local_Pref and AS_Path Length
Examples 645
Setting the BGP Local_Pref Using a Route Map 648
IP Routes Based on BGP Best Paths 651
Example of a BGP RIB Failure 652
BGP and the maximum-paths Command 654
Increasing the Length of the AS_Path Using AS_Path Prepend 654
Influencing an Enterprise’s Inbound Routes with MED 656
MED Concepts 657
MED Configuration 659
Exam Preparation Tasks 661
Planning Practice 661
Design Review Table 661
Implementation Plan Peer Review Table 662
Create an Implementation Plan Table 663
Choosing Commands for a Verification Plan Table 664
Review All the Key Topics 666
Complete the Tables and Lists from Memory 666
Define Key Terms 667

Chapter 15 IPv6 Internet Connectivity 669

“Do I Know This Already?” Quiz 669
Foundation Topics 672
IPv6 Internet Connections 672
Methods of Assigning an IPv6 Address to a Customer Router 672
Manual Configuration of IPv6 Address and Default Route 673
 xxv

IPv6 Access Control Lists 674

IPv6 Internet Connection Security 677
BGP Support for IPv6 677
Multiprotocol BGP Fundamentals 678
IPv6 Routing over an IPv4 BGP Session 678
IPv6 Routing over an IPv6 BGP Session 684
Single IPv4 BGP Session Versus Dual (IPv4 and IPv6) Sessions 689
Filtering IPv6 Routes with Prefix Lists 689
Using Local Preference for IPv6 Path Selection 693
Exam Preparation Tasks 695
Planning Practice 695
Design Review Table 695
Implementation Plan Peer Review Table 695
Create an Implementation Plan Table 696
Choose Commands for a Verification Plan Table 698
Review All the Key Topics 698
Complete the Tables and Lists from Memory 699
Define Key Terms 699

Part V Router and Routing Security

Chapter 16 Fundamental Router Security Concepts 701

“Do I Know This Already?” Quiz 701
Foundation Topics 704
Elements of a Router Security Policy 704
Access Control Lists 705
Time-Based ACLs 705
Infrastructure ACLs 707
Management Plane Security 708
Secure Shell Versus Telnet 709
Password Encryption 711
Enable Secret Password 711
Line Password 712
Username Password 713
Unicast Reverse Path Forwarding 714
Authentication, Authorization, and Accounting 719
SNMP Security 721
NTP Authentication 724
Exam Preparation Tasks 729
xxvi CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Planning Practice 729

Design Review Table 729
Implementation Plan Peer Review Table 730
Create an Implementation Plan Table 731
Choose Commands for a Verification Plan Table 732
Review All the Key Topics 733
Complete the Tables and Lists from Memory 734
Define Key Terms 734

Chapter 17 Routing Protocol Authentication 737

“Do I Know This Already?” Quiz 737
Foundation Topics 740
Authentication Methods 740
Plain Text Authentication 740
Hashing Authentication 741
Key Chains 742
EIGRP Authentication 744
EIGRP for IPv4 Authentication 744
EIGRP for IPv6 Authentication 746
Named EIGRP Authentication 749
OSPF Authentication 751
Plain Text OSPFv2 Authentication 751
OSPFv2 MD5 Authentication 754
OSPFv3 Authentication 756
BGP Authentication 759
IPv4 BGP Authentication 760
IPv6 BGP Authentication 761
Exam Preparation Tasks 764
Planning Practice 764
Design Review Table 764
Implementation Plan Peer Review Table 764
Create an Implementation Plan Table 765
Choose Commands for a Verification Plan Table 766
Review All the Key Topics 767
Complete the Tables and Lists from Memory 767
Define Key Terms 767
 xxvii

Part VI Final Preparation

Chapter 18 Final Preparation 769

Tools for Final Preparation 769
Exam Engine and Questions on the CD 769
Install the Exam Engine 770
Activate and Download the Practice Exam 770
Activating Other Exams 771
Premium Edition 771
The Cisco Learning Network 771
Memory Tables 771
Chapter-Ending Review Tools 772
Suggested Plan for Final Review/Study 772
Step 1: Review Key Topics and DIKTA Questions 773
Step 3: Hands-On Practice 773
Step 6: Subnetting Practice 774
Step 7: Use the Exam Engine 774
Summary 776
Keep in Touch with Kevin 776

Part VII Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 779

Appendix B ROUTE Exam Updates 805

Appendix C Conversion Tables 809

Index 812

CD-Only

Appendix D Memory Tables

Appendix E Memory Tables Answer Key

Appendix F Completed Planning Practice Tables

Appendix G Study Planner

Glossary
 xxviii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Icons Used in This Book

Router Workgroup Multilayer Switch Firewall Server

Switch

Network Cloud Serial Cable Line: Ethernet VPN Tunnel PC

Standing Scroll
Man

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these conven-
tions as follows:

■ Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).

■ Italics indicate arguments for which you supply actual values.

■ Vertical bars (|) separate alternative, mutually exclusive elements.

■ Square brackets ([ ]) indicate an optional element.

■ Braces ({ }) indicate a required choice.

■ Braces within brackets ([{ }]) indicate a required choice within an optional element.

ROUTE.indb xxviii
 xxix

Introduction
This book focuses on one major goal: to help you prepare to pass the ROUTE exam
(300-101). To help you prepare, this book achieves other useful goals as well: It explains
a wide range of networking topics, shows how to configure those features on Cisco
routers, and explains how to determine whether the feature is working. As a result, you
also can use this book as a general reference for IP routing and IP routing protocols.
However, the motivation for this book, and the reason it sits within the Cisco Press
Official Certification Guide series, is that its primary goal is to help you pass the ROUTE
exam.

The rest of this introduction focuses on two topics: the ROUTE exam and a description
of this book.

The CCNP ROUTE Exam

Cisco announced the original ROUTE exam (642-902) in January 2010. The term
ROUTE does not act as an acronym; instead, the name describes the content of the
exam, which focuses on IP routing. Generally, the exam includes detailed coverage of
the EIGRP, OSPF, and BGP IP routing protocols; IPv6; and a few other smaller topics
related to IP routing.

Cisco first announced its initial professional-level certifications in 1998 with the CCNP
Routing and Switching certification. CCNP Routing and Switching certification from
its inception has included the same kinds of IP routing topics found in today’s ROUTE
exam, but the exam names changed over the years. The exam names have tracked the
names of the associated Cisco authorized courses for the same topics: Advanced Cisco
Router Configuration (ACRC) in the early days, followed by Building Scalable Cisco
Internetworks (BSCI), and now ROUTE, because the current Cisco-authorized course
also goes by the name ROUTE.

Like its ancestors, the ROUTE exam is a part of the certification requirements for both
of the following Cisco certifications:

■ Cisco Certified Networking Professional (CCNP)

■ Cisco Certified Design Professional (CCDP)

Each of these certifications emphasizes different perspectives on some similar topics.

CCNP focuses on the skills needed by a network engineer working for an enterprise—
that is, a company that deploys networking gear for its own purposes. CCDP focuses
more on design, but good design requires solid knowledge of the technology and con-
figuration. So, although this book frequently refers to the most popular certification of
these two—CCNP—the ROUTE exam does apply to both certifications.
xxx CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Contents of the ROUTE Exam

Every student who ever takes an exam wants to know what’s on the exam. As with all its
exams, Cisco publishes a set of exam topics. These exam topics give general guidance as
to what’s on the exam.

You can find the exam topics at Cisco.com. The most memorable way to navigate is to
go to www.cisco.com/go/ccnp and look for the ROUTE exam. Also, you can go to the
Cisco Learning Network website (www.cisco.com/go/learnnetspace)—a less memorable
URL but a great Cisco certification site. The Cisco Learning Network site hosts exam
information, learning tools, and forums in which you can communicate with others and
learn more about this and other Cisco exams.

Interestingly, some of the topics on the ROUTE (300-101) exam are topics that you
covered in your CCNA studies (that is, in the CCENT [ICND1] and ICND2 curriculum).
Also, several topics on the ROUTE exam are not covered in the Cisco official ROUTE
course. A big goal of this book is to make sure that you are prepared for any topic you
might encounter on the ROUTE exam. Therefore, in addition to covering topics in the
official ROUTE course, this book also covers topics not found in the ROUTE course.
Additionally, you might want to review your CCENT (ICND1) and ICND2 materials for
exam topics coming from those courses.

Table I-1 lists the topics on the ROUTE exam blueprint, with a reference to the part
of this book that covers the topic or a reference to the CCNA course (that is, CCENT
[ICND1] or ICND2) that covers the topic.

Table I-1 ROUTE Exam (300-101) Topics

Book Part Exam Topic

(or CCNA Content)
Network Principles
III Identify Cisco Express Forwarding Concepts
I Explain General Network Challenges
I Describe IP Operations
I Explain TCP Operations
I Describe UDP Operations
I Recognize Proposed Changes to a Network
Layer 2 Technologies
ICND2 WAN Circuit Technologies
ICND2 Explain Frame Relay
Layer 3 Technologies
CCENT Identify, Configure, and Verify IPv4 Addressing and Subnetting
III Identify IPv6 Addressing and Subnetting
 xxxi

Book Part Exam Topic

(or CCNA Content)
CCENT Configure and Verify Static Routing
II Configure and Verify Default Routing
I Evaluate Routing Protocol Types
II Describe Administrative Distance
II Troubleshoot Passive Interfaces
III Configure and Verify VRF-Lite
II Configure and Verify Filtering with any Routing Protocol
III Configure and Verify Redistribution Between any Routing Protocol/
Source
II Configure and Verify Manual and Auto Summarization with any
Routing Protocol
III Configure and Verify Policy-Based Routing
III Identify Sub-Optimal Routing
III Explain Route Maps
III Configure and Verify Loop Prevention Mechanisms
II Configure and Verify RIPv2
II Describe RIPng
II Describe EIGRP Packet Types
II, V Configure and Verify EIGRP Neighbor Relationship and
Authentication
II Configure and Verify EIGRP Stubs
II Configure and Verify EIGRP Load-Balancing
II Describe and Optimize EIGRP Metrics
II Configure and Verify EIGRP for IPv6
II Describe OSPF Packet Types
II, V Configure and Verify OSPF Neighbor Relationships and
Authentication
II Configure and Verify OSPF Network Types, Area Types, and Router
Types
II Configure and Verify OSPF Path Preference
II Configure and Verify OSPF Operations
II Configure and Verify OSPF for IPv6 (OSPFv3)

10/24/14 3:17 PM
xxxii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Book Part Exam Topic

(or CCNA Content)
V Describe, Configure, and Verify BGP Peer Relationships and
Authentication
IV Configure and Verify eBGP
IV Explain BGP Attributes and Best-Path Selection
Change to VPN Technologies
I Configure and Verify GRE
I Describe DMVPN
I Describe Easy Virtual Networking (EVN)
Infrastructure Security
V Describe Cisco IOS AAA Using Local Database
V Describe Device Security Using Cisco IOS AAA with TACACS+ and
RADIUS
V Configure and Verify Device Access Control
IV, V Configure and Verify Router Security Features
Infrastructure Services
CCENT Configure and Verify Device Management
ICND2 Configure and Verify SNMP
ICND2 Configure and Verify Logging
V Configure and Verify Network Time Protocol
CCENT Configure and Verify IPv4 and IPv6 DHCP
CCENT Configure and Verify IPv4 Network Address Translation
CCENT Describe IPv6 Network Address Translation
III Describe the SLA Architecture
III Configure and Verify IP SLA
III Configure and Verify Tracking Objects
ICND2 Configure and Verify NetFlow

Note Supplemental study materials are available from Cisco Press:

CCNP ROUTE Complete Video Course: http://kwtrain.com/routecourse
CCNA Complete Video Course: http://kwtrain.com/ccnacourse
CCNA Official Certification Library: http://kwtrain.com/ccnabooks
 xxxiii

How to Take the ROUTE Exam

As of the publication of this book, Cisco exclusively uses testing vendor Pearson Vue
(www.vue.com) for delivery of all Cisco career certification exams. To register, go to
www.vue.com, establish a login, and register for the 300-101 ROUTE exam. You also
need to choose a testing center near your home.

Who Should Take This Exam and Read This Book

This book has one primary audience, with several secondary audiences. First, this book
is intended for anyone wanting to prepare for the ROUTE 300-101 exam. The audience
includes self-study readers—people who pass the test by studying 100 percent on their
own. It includes Cisco Networking Academy students taking the CCNP curriculum, who
use this book to round out their preparation as they get close to the end of the Academy
curriculum.

The broader question about the audience might well be why you should take the
ROUTE exam. First, the exam is required for the aforementioned CCNP and CCDP
certifications from Cisco. These certifications exist at the midpoint of the Cisco certifi-
cation hierarchy. These certifications have broader and deeper technology requirements
as compared to the Cisco Certified Entry Network Technician (CCENT) and Cisco
Certified Network Associate (CCNA) certifications.

The real question then about the audience for this book—at least the intended audi-
ence—is whether you have motivation to get one of these professional-level Cisco certi-
fications. CCNP in particular happens to be a popular, well-respected certification. Also,
CCDP has been a solid certification for a long time, particularly for engineers who spend
a lot of time designing networks with customers, rather than troubleshooting.

Format of the CCNP ROUTE Exam

The ROUTE exam follows the same general format as the other Cisco exams. When you
get to the testing center and check in, the proctor will give you some general instructions
and then take you into a quiet room with a PC. When you’re at the PC, you have a few
things to do before the timer starts on your exam. For example, you can take a sample
quiz, just to get accustomed to the PC and to the testing engine. Anyone who has user-
level skills in getting around a PC should have no problems with the testing environment.

When you start the exam, you will be asked a series of questions. You answer the ques-
tion and then move on to the next question. The exam engine does not let you go back
and change your answer.

The exam questions can be in any of the following formats:

■ Multiple-choice (MC)

■ Testlet

■ Drag-and-drop (DND)
xxxiv CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

■ Simulated lab (Sim)

■ Simlet

The first three types of questions are relatively common in many testing environments.
The multiple-choice format simply requires that you point and click on a circle (that is, a
radio button) beside the correct answer for a single-answer question or on squares (that
is, check boxes) beside the correct answers for a multi-answer question. Cisco tradition-
ally tells you how many answers you need to choose, and the testing software prevents
you from choosing too many answers. Testlets are questions with one general scenario,
with a collection of multiple-choice questions about the overall scenario. Drag-and-drop
questions require you to left-click and hold a mouse button, move an object (for exam-
ple, a text box) to another area on the screen, and release the mouse button to place the
object somewhere else—typically into a list. For some questions, as an example, to get
the question correct, you might need to put a list of five things into the proper order.

The last two types both use a network simulator to ask questions. Interestingly, the two
types actually allow Cisco to assess two very different skills. First, sim questions gener-
ally describe a problem, and your task is to configure one or more routers and/or switch-
es to fix the problem. The exam then grades the question based on the configuration
that you changed or added. The simlet questions might well be the most difficult style
of question on the exams. Simlet questions also use a network simulator, but instead
of answering the question by changing the configuration, the question includes one or
more MC questions. The questions require that you use the simulator to examine the
current behavior of a network, interpreting the output of any show commands that you
can remember to answer the question. Although sim questions require you to trouble-
shoot problems related to a configuration, simlets require you to both analyze working
networks and networks with problems, correlating show command output with your
knowledge of networking theory and configuration commands.

The Cisco Learning Network website (http://learningnetwork.cisco.com) has tools that

let you experience the environment and see how each of these question types works.
The environment should be the same as when you passed CCNA (a prerequisite for
CCNP and CCDP).

CCNP ROUTE 300-101 Official Cert Guide

This section lists a general description of the contents of this book. The description
includes an overview of each chapter and a list of book features seen throughout the
book.

Book Features and Exam Preparation Methods

This book uses several key methodologies to help you discover the exam topics on
which you need more review, to help you fully understand and remember those details,
and to help you prove to yourself that you have retained your knowledge of those top-
ics. Therefore, this book does not try to help you pass the exams only by memorization
but by truly learning and understanding the topics.
 xxxv

The book includes many features that provide different ways to study and be ready for
the exam. If you understand a topic when you read it, but do not study it any further,
you will probably not be ready to pass the exam with confidence. The features included
in this book give you tools that help you determine what you know, review what you
know, better learn what you don’t know, and be well prepared for the exam. These tools
include

■ “Do I Know This Already?” Quizzes: Each chapter begins with a quiz that helps
you determine the amount of time that you need to spend studying that chapter.

■ Foundation Topics: These are the core sections of each chapter. They explain the
protocols, concepts, and configurations for the topics in that chapter.

■ Exam Preparation Tasks: The “Exam Preparation Tasks” section lists a series of
study activities that should be done after reading the “Foundation Topics” section.
Each chapter includes the activities that make the most sense for studying the topics
in that chapter. The activities include

■ Planning Tables: The ROUTE exam topics include some perspectives on

how an engineer plans for various tasks. The idea is that the CCNP-level en-
gineer in particular takes the design from another engineer, plans the imple-
mentation, and plans the verification steps—handing off the actual tasks to
engineers working during change-window hours. Because the engineer plans
the tasks, but might not be at the keyboard when implementing a feature,
that engineer must master the configuration and verification commands so
that the planned commands work for the engineer making the changes off-
shift. The planning tables at the end of the chapter give you the chance to
take the details in the Foundation Topics core of the chapter and think about
them as if you were writing the planning documents.
■ Key Topics Review: The Key Topic icon is shown next to the most impor-
Key tant items in the “Foundation Topics” section of the chapter. The Key Topics
Topic
Review activity lists the key topics from the chapter and the page number
where each key topic can be found. Although the contents of the entire
chapter could be on the exam, you should definitely know the information
listed in each key topic. Review these topics carefully.
■ Memory Tables: To help you exercise your memory and memorize some
lists of facts, many of the more important lists and tables from the chapter
are included in a document on the CD. This document lists only partial in-
formation, allowing you to complete the table or list. CD-only Appendix D
holds the incomplete tables, and Appendix E includes the completed tables
from which you can check your work.
■ Definition of Key Terms: Although Cisco exams might be unlikely to ask
a question such as “Define this term,” the ROUTE exam requires that you
learn and know a lot of networking terminology. This section lists some
of the most important terms from the chapter, asking you to write a short
definition and compare your answer to the Glossary on the enclosed CD.

10/24/14 3:17 PM
xxxvi CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

■ CD-Based Practice Exam: The companion CD contains an exam engine, including

access to a bank of multiple-choice questions. Chapter 18 gives two suggestions on
how to use these questions: either as study questions or to simulate the ROUTE exam.

■ Companion Website: The website http://kwtrain.com/routebook posts up-to-the-

minute materials that further clarify complex exam topics. Check this site regularly
for new and updated postings written by the author that provide further insight into
the more troublesome topics on the exam.

Book Organization
This book contains 18 chapters, plus appendixes. The topics all focus in some way on IP
routing and IP routing protocols, making the topics somewhat focused, but with deep
coverage on those topics.

The book organizes the topics into six major parts. The following list outlines the major
part organization of this book:

■ Part I: “Fundamental Routing Concepts”: This part includes two chapters that focus
on routing fundamentals within an enterprise network (including connections to
remote offices):

■ Chapter 1: “Characteristics of Routing Protocols”: This introductory chap-

ter is theory based and contains minimal Cisco IOS configuration. Specifi-
cally, the chapter reviews routing protocol characteristics. The last section
of the chapter then introduces a newer routing technology, the ability to run
multiple virtual routers inside a single physical router.
■ Chapter 2: “Remote Site Connectivity”: This chapter discusses how Virtual
Private Networks (VPN) can be used to connect an enterprise headquarters
to remote sites. While a variety of VPN technologies are discussed, the
Cisco IOS configuration presented focuses on setting up a GRE tunnel.
■ Part II: “IGP Routing Protocols”: Because current versions of RIP, EIGRP, and OSPF
support IPv6 routing (in addition to IPv4), this seven-chapter part begins with a
review of IPv6 addressing and a look at RIPng configuration. Then, this part covers
EIGRP and OSPF theory and configuration in detail:

■ Chapter 3: “IPv6 Review and RIPng”: The new version of the ROUTE cur-
riculum dramatically increases the focus on routing IPv6 networks. There-
fore, this chapter begins with a CCNA-level review of IPv6 addressing. Then,
this chapter shows how to configure RIPng, which supports IPv6 routing
(after contrasting RIPng with RIPv2).
■ Chapter 4: “Fundamental EIGRP Concepts”: This chapter reviews the
basics of EIGRP, including EIGRP path selection and neighbor formation.
■ Chapter 5: “Advanced EIGRP Concepts”: This chapter discusses the details
of how EIGRP builds its topology table, how those EIGRP-learned routes
become candidates to be injected into a router’s IP routing table, and options
for optimizing EIGRP convergence. Then, the chapter explores EIGRP route
filtering, route summarization, and the use of default routes with EIGRP.
 xxxvii

■ Chapter 6: “EIGRP for IPv6 and Named EIGRP”: This chapter begins by
contrasting EIGRP for IPv4 and EIGRP for IPv6. Then, a hierarchical EIGRP
configuration approach, called Named EIGRP, is demonstrated.
■ Chapter 7: “Fundamental OSPF Concepts”: This chapter reviews the basics
of OSPF, including configuration, verification, and neighbor formation. The
chapter then concludes with a look at virtual links.
■ Chapter 8: “The OSPF Link-State Database”: This chapter explains the
various LSA types that OSPF uses to construct a link-state database. The
process involved in exchanging link-state database routers with neighboring
routers is also discussed.
■ Chapter 9: “Advanced OSPF Concepts”: This chapter discusses OSPF
route filtering, route summarization, sourcing default route information,
and special area types. Then, the chapter concludes with an examination of
OSPFv3 and describes how it can be used to route IPv6 networks.
■ Part III: “Route Redistribution and Selection”: Because many enterprise networks
need to simultaneously support multiple IGPs, this part begins by explaining how
IGPs can coexist and be redistributed into one another. Then, the discussion delves
into how a Cisco router makes its packet-switching decisions and how those deci-
sions can be altered using the Policy-Based Routing (PBR) and IP Service-Level
Agreement (IP SLA) features:

■ Chapter 10: “Route Redistribution”: This chapter offers an extensive look

into route redistribution. Specifically, the chapter begins by explaining
route redistribution basics, followed by configuring route redistribution into
EIGRP, route redistribution into OSPF, and tuning route redistribution using
route maps and distribute lists. Finally, this chapter discusses IPv6 IGP route
redistribution.
■ Chapter 11: “Route Selection”: This chapter begins with a comparison of
packet-switching technologies supported by Cisco IOS routers, with a focus
on Cisco Express Forwarding (CEF). Then, this chapter discusses how a
router’s route selection can be influenced with the use of the Cisco Policy-
Based Routing (PBR) and IP Service-Level Agreement (IP SLA) features.
Finally, this chapter concludes by examining a basic configuration of VRF-
Lite, which can allow a single physical router to run multiple virtual router
instances.
■ Part IV: “Internet Connectivity”: When an enterprise network connects to the
Internet, it might do so through a single connection and a default static route. Such a
connection often uses Network Address Translation (NAT). However, with multiple
Internet connections, the enterprise network might need to run Border Gateway
Protocol (BGP). This part of the book examines both approaches to Internet con-
nectivity (along with a discussion of NAT), including how BGP can connect to the
Internet through IPv6:

■ Chapter 12: “Fundamentals of Internet Connectivity”: This chapter

discusses how a network could connect to the Internet using a single con-
nection, using either a statically assigned or a dynamically learned address.

10/24/14 3:17 PM
 xxxviii CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Additionally, this chapter contrasts various approaches to NAT configura-

tion, including a new approach, called NAT Virtual Interface (NVI).
■ Chapter 13: “Fundamental BGP Concepts”: This chapter begins with an
overview of Internet routing and addressing, followed by an introduction to
BGP. Single-homed and multi-homed Internet connections are contrasted.
Then, this chapter discusses a variety of external BGP (eBGP) configuration
options.
■ Chapter 14: “Advanced BGP Concepts”: While BGP is primarily consid-
ered to be an exterior gateway protocol (EGP), internal BGP (iBGP) can be
used within an autonomous system. This chapter examines the operation,
configuration, and verification of iBGP. Then, this chapter discusses ap-
proaches for avoiding BGP routing loops, how to filter BGP routes, how BGP
makes its route selection decisions, and how to administratively influence
those decisions.
■ Chapter 15: “IPv6 Internet Connectivity”: As support for IPv6 continues
to grow, enterprise networks have an increasing need to connect to their
Internet Service Provider(s) through IPv6. This chapter discusses how an ISP
could assign an IPv6 address to a customer router, and how that customer
router could use a static, default IPv6 route to point to its ISP. Additionally,
this chapter introduces Multiprotocol BGP (MP-BGP), which adds a collec-
tion of extensions to BGP version 4 and supports IPv6.
■ Part V: “Router and Routing Security”: Although Cisco has an entire CCNP
Security track, the ROUTE curriculum, and this part of the book, does cover general
strategies for better securing a Cisco router and authenticating routing protocols
used between routers:

■ Chapter 16: “Fundamental Router Security Concepts”: This chapter intro-

duces the concept of a router security policy, covers time-based ACLs, and
offers tips for securing a router’s management plane.
■ Chapter 17: “Routing Protocol Authentication”: This chapter compares
various router authentication methods, and then focuses on how to authenti-
cate specific routing protocols, including EIGRP, OSPF, and BGP.
■ Part VI: “Final Preparation”: This part concludes the book with recommendations
for exam preparation.

■ Chapter 18: “Final Preparation”: This nontechnical chapter identifies and

explains how to use various exam preparation tools, followed by a step-by-
step strategy for using this book to prepare for the ROUTE exam.
In addition to the core chapters of the book, the book has several appendixes. Some
appendixes exist in the printed book, whereas others exist in soft-copy form on the CD
included with the book.

ROUTE.indb xxxviii
 xxxix

Appendixes printed in the book include

■ Appendix A , “Answers to the ‘Do I Know This Already?’ Quizzes”: Includes the
answers to all the questions from Chapters 1 through 17.

■ Appendix B, “ROUTE Exam Updates”: Covers a variety of short topics that either
clarify or expand upon topics covered earlier in the book. This appendix is updated
from time to time, and posted at http://kwtrain.com/routebook, with the most
recent version available at the time of printing included here as Appendix B. (The
first page of the appendix includes instructions on how to check to see whether a
later version of Appendix B is available online.)

■ Appendix C, “Conversion Tables”: Lists a decimal-to-binary conversion table, deci-

mal values 0 through 255, along with the binary equivalents. It also lists a hex-to-
decimal conversion table.

The appendixes included on the CD-ROM are

■ Appendix D, “Memory Tables”: This appendix holds the key tables and lists from
each chapter with some of the content removed. You can print this appendix, and as
a memory exercise, complete the tables and lists. The goal is to help you memorize
facts that can be useful on the exam.

■ Appendix E, “Memory Tables Answer Key”: This appendix contains the answer
key for the exercises in Appendix D.

■ Appendix F, “Completed Planning Practice Tables”: The ends of Chapters 1

through 17 list planning tables that you can complete to help learn the content more
deeply. If you use these tables, refer to this appendix for the suggested answers.

■ Appendix G, “Study Planner”: A spreadsheet with major study milestones, where

you can track your progress through your study.

■ Glossary: The glossary contains definitions for all the terms listed in the “Define
Key Terms” sections at the conclusions of Chapters 1 through 17.

For More Information

If you have any comments about the book, you can submit those through
www.ciscopress.com. Just go to the website, select Contact Us, and type in your
message.

Cisco might make changes that affect the ROUTE exam from time to time. You should
always check www.cisco.com/go/ccnp for the latest details.
 This chapter covers the following subjects:

■ Routing Protocol Fundamentals: This section

offers an overview of the role that routing plays in
an enterprise network and contrasts various types of
routing protocols.

■ Network Technology Fundamentals: This section

distinguishes between different types of network
traffic flows and network architectures.

■ TCP/IP Fundamentals: This section reviews the

fundamental characteristics of IP, ICMP, TCP, and
UDP.

■ Network Migration Strategies: This section offers

a collection of design considerations for making
changes to a network.

ROUTE.indb 2
 CHAPTER 1

Characteristics of Routing Protocols

One of the most fundamental technologies in network is routing. Routing, at its essence,
is concerned with forwarding packets from their source on one subnet to their destina-
tion on another subnet. Of course, a multitude of options and protocols are available for
making this happen. In fact, routing is the theme of this entire book, the focus of Cisco’s
ROUTE course, and the accompanying ROUTE exam (300-101).

This chapter launches the discussion of routing by providing a conceptual introduction.

Specifically, this chapter begins with a discussion of routing protocol fundamentals, fol-
lowed by the basics of network technology and the TCP/IP suite of protocols.

The chapter then concludes with a design discussion revolving around how to accommo-
date the inevitable changes your network will undergo. For example, you will be given a
collection of strategies for changing routing protocols in your network or migrating from
IPv4 to IPv6.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read the
entire chapter. If you miss no more than one of these eight self-assessment questions, you
might want to move ahead to the “Exam Preparation Tasks” section. Table 1-1 lists the
major headings in this chapter and the “Do I Know This Already?” quiz questions cover-
ing the material in those headings so that you can assess your knowledge of these spe-
cific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A.

Table 1-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

Foundation Topics Section Questions

Routing Protocol Fundamentals 1, 2
Network Technology Fundamentals 3, 4
TCP/IP Fundamentals 5, 6
Network Migration Strategies 7, 8
 4 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

1. Which of the following features prevents a route learned on one interface from being
advertised back out of that interface?

a. Poison Reverse

b. Summarization

c. Split Horizon

d. Convergence

2. Identify the distance-vector routing protocols from the following. (Choose the two
best answers.)

a. IS-IS

b. EIGRP

c. RIP

d. OSPF

e. BGP

3. Select the type of network communication flow that is best described as “one-to-
nearest.”

a. Unicast

b. Multicast

c. Broadcast

d. Anycast

4. An NBMA network has which of the following design issues? (Choose the two best
answers.)

a. Split Horizon issues

b. Bandwidth issues

c. Quality of service issues

d. Designated router issues

5. Which of the following best defines TCP MSS?

a. The total data in a TCP segment, including only the TCP header
b. The total data in a TCP segment, not including any headers

c. The total data in a TCP segment, including only the IP and TCP headers

d. The total data in a TCP segment, including the Layer 2, IP, and TCP headers

ROUTE.indb 4
 Chapter 1: Characteristics of Routing Protocols 5

6. A network segment has a bandwidth of 10 Mbps, and packets experience an end-

to-end latency of 100 ms. What is the bandwidth-delay product of the network
segment?

a. 100,000,000 bits

b. 10,000,000 bits

c. 1,000,000 bits

d. 100,000 bits

7. When migrating from a PVST+ to Rapid-PVST+, which PVST+ features can be dis-
abled, because similar features are built into Rapid-PVST+? (Choose the two best
answers.)

a. UplinkFast

b. Loop Guard

c. BackboneFast

d. PortFast

8. Cisco EVN uses what type of trunk to carry traffic for all virtual networks between
two physical routers?

a. VNET

b. ISL

c. dot1Q

d. 802.10

10/24/14 3:17 PM
6 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Foundation Topics

Routing Protocol Fundamentals

Routing occurs when a router or some other Layer 3 device (for example, a multilayer
switch) makes a forwarding decision based on network address information (that is, Layer
3 information). A fundamental question, however, addressed throughout this book, is
from where does the routing information originate?

A router could know how to reach a network by simply having one of its interfaces
directly connect that network. Perhaps you statically configured a route, telling a router
exactly how to reach a certain destination network. However, for large enterprises, the
use of static routes does not scale well. Therefore, dynamic routing protocols are typi-
cally seen in larger networks (and many small networks, too). A dynamic routing protocol
allows routers configured for that protocol to exchange route information and update
that information based on changing network conditions.

The first topic in this section explores the role of routing in an enterprise network. Then
some of the characteristics of routing protocols are presented, to help you decide which
routing protocol to use in a specific environment and to help you better understand the
nature of routing protocols you find already deployed in a network.

The Role of Routing in an Enterprise Network

An enterprise network typically interconnects multiple buildings, has connectivity to one
or more remote offices, and has one or more connections to the Internet. Figure 1-1 iden-
tifies some of the architectural layers often found in an enterprise network design:

■ Building Access: This layer is part of the Campus network and is used to provide
user access to the network. Security (especially authentication) is important at this
layer, to verify that a user should have access to the network. Layer 2 switching is
typically used at this layer, in conjunction with VLANs.

■ Building Distribution: This layer is part of the Campus network that aggregates
building access switches. Multilayer switches are often used here.

■ Campus Backbone: This layer is part of the Campus network and is concerned with
the high-speed transfer of data through the network. High-end multilayer switches
are often used here.

■ Edge Distribution: This layer is part of the Campus network and serves as the
ingress and egress point for all traffic into and out of the Campus network. Routers
or multilayer switches are appropriate devices for this layer.

■ Internet Gateways: This layer contains routers that connect the Campus network
out to the Internet. Some enterprise networks have a single connection out to the
Internet, while others have multiple connections out to one or more Internet Service
Providers (ISP).
 Chapter 1: Characteristics of Routing Protocols 7

Campus
(RIP, OSPF, EIGRP) Internet Gateways
(BGP)

Edge
Distribution Internet

Campus
Backbone

WAN Aggregation
(RIP, OSPF, EIGRP)

IP WAN Remote Offices

Building
Distribution

Building Access

Figure 1-1 Typical Components of an Enterprise Network

■ WAN Aggregation: This layer contains routers that connect the Campus network
out to remote offices. Enterprises use a variety of WAN technologies to connect to
remote offices (for example, Multiprotocol Label Switching [MPLS]).

Routing protocols used within the Campus network and within the WAN aggregation
layer are often versions of Routing Information Protocol (RIP), Open Shortest Path First
(OSPF), or Enhanced Interior Gateway Routing Protocol (EIGRP). However, when con-
necting out to the Internet, Border Gateway Protocol (BGP) is usually the protocol of
choice for enterprises having more than one Internet connection.

An emerging industry trend is to connect a campus to a remote office over the Internet,
as opposed to using a traditional WAN technology. Of course, the Internet is considered
an untrusted network, and traffic might need to traverse multiple routers on its way from
the campus to a remote office. However, a technology called Virtual Private Networks
(VPN) allows a logical connection to be securely set up across an Internet connection.
Chapter 2, “Remote Site Connectivity,” examines VPNs in more detail.

Routing Protocol Selection

As you read through this book, you will learn about the RIPv2, RIPng, OSPFv2, OSPFv3,
EIGRP, BGP, and MP-BGP routing protocols. With all of these choices (and even more)
available, a fundamental network design consideration becomes which routing protocol

10/24/14 3:17 PM
 8 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

to use in your network. As you learn more about these routing protocols, keeping the fol-
lowing characteristics in mind can help you do a side-by-side comparison of protocols:

■ Scalability

■ Vendor interoperability

■ IT staff’s familiarity with protocol

■ Speed of convergence

■ Capability to perform summarization

■ Interior or exterior routing

■ Type of routing protocol

This section of the chapter concludes by taking a closer look at each of these
characteristics.

Scalability
How large is your network now, and how large is it likely to become? The answers to
those questions can help determine which routing protocols not to use in your network.
For example, while you could use statically configured routes in a network with just a
couple of routers, such a routing solution does not scale well to dozens of routers.

While all the previously mentioned dynamic routing protocols are capable of support-
ing most medium-sized enterprise networks, you should be aware of any limitations. For
example, all versions of RIP have a maximum hop count (that is, the maximum number
of routers across which routing information can be exchanged) of 15 routers. BGP, on the
other hand, is massively scalable. In fact, BGP is the primary routing protocol used on the
Internet.

Vendor Interoperability
Will you be using all Cisco routers in your network, or will your Cisco routers need to
interoperate with non-Cisco routers? A few years ago, the answer to this question could
be a deal-breaker for using EIGRP, because EIGRP was a Cisco-proprietary routing
protocol.

However, in early 2013, Cisco announced that it was releasing EIGRP to the Internet
Engineering Task Force (IETF) standards body as an Informational RFC. As a result,
any networking hardware vendor can use EIGRP on its hardware. If you are working in
an environment with routers from multiple vendors, you should ensure that your Cisco
router has an appropriate Cisco IOS feature set to support your desired routing protocol
and that the third-party router(s) also support that routing protocol.

ROUTE.indb 8
 Chapter 1: Characteristics of Routing Protocols 9

IT Staff’s Familiarity with Protocol

You and the IT staff at your company (or your customer’s company) might be much more
familiar with one routing protocol than another. Choosing the routing protocol with
which the IT staff is more familiar could reduce downtime (because of faster resolutions
to troubleshooting issues). Also, if the IT staff is more familiar with the inner workings of
one routing protocol, they would be more likely to take advantage of the protocol’s non-
trivial features and tune the protocol’s parameters for better performance.

Speed of Convergence
A benefit of dynamic routing protocols over statically configured routes is the ability of
a dynamic routing protocol to reroute around a network failure. For example, consider
Figure 1-2. Router R1’s routing protocol might have selected the path through Router R3
as the best route to reach the 192.168.1.0 /24 network connected to Router R4. However,
imagine that a link failure occurred on the Fast Ethernet link between Routers R3 and R4.
Router R1’s routing protocol should be able to reroute around the link failure by sending
packets destined for the 192.168.1.0 /24 network through Router R2.

th S1
Pa R2 /1
p /0
c ku S1
Ba
/0 S1
S1 /0
Fa0/0 Fa0/1
Fa
SW1 R1 0/ R4 SW2
1
10.1.1.0/24 Link Failure
0/0 192.168.1.0/24
Fa Fa
0/0 /1
Fa0

R3

Figure 1-2 Routing Protocol Convergence

After this failover occurs, and the network reaches a steady-state condition (that is, the
routing protocol is aware of current network conditions and forwards traffic based on
those conditions), the network is said to be a converged network. The amount of time
for the failover to occur is called the convergence time.

Some routing protocols have faster convergence times than others. RIP and BGP, for
example, might take a few minutes to converge, depending on the network topology. By
contrast, OSPF and EIGRP can converge in just a few seconds.

Capability to Perform Summarization

Large enterprise networks can have routing tables with many route entries. The more
entries a router maintains in its routing table, the more router CPU resources are required
to calculate the best path to a destination network. Fortunately, many routing protocols

10/24/14 3:17 PM
 10 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

support the ability to do network summarization, although the summarization options

and how summarization is performed do differ.

Network summarization allows multiple routes to be summarized in a single route adver-

tisement. Not only does summarization reduce the number of entries in a router’s routing
table, but it also reduces the number of network advertisements that need to be sent.

Figure 1-3 shows an example of route summarization. Specifically, Router R1 is summa-

rizing the 10.0.0.0 /24, 10.0.1.0 /24, 10.0.2.0 /24, and 10.0.3.0 /24 networks into a single
network advertisement of 10.0.0.0 /22. Notice that the first two octets (and therefore the
first 16 bits) of all the networks are the same. Also, as shown in the figure, the first 6 bits
in the third octet are the same for all the networks. Therefore, all the networks have the
first 22 bits (that is, 16 bits in the first two octets plus 6 bits in the third octet) in com-
mon. By using those 22 bits and setting the remaining bits to 0s, you find the network
address, 10.0.0.0 /22.

10.0.0.0/24
Key 10.0.1.0/24
Topic 10.0.0.0/22
10.0.2.0/24
10.0.3.0/24

R1

Third Octet
Third 128 64 32 16 8 4 2 1
Octet
Value
0 0 0 0 0 0 0 0 0
1 0 0 0 0 0 0 0 1
2 0 0 0 0 0 0 1 0
3 0 0 0 0 0 0 1 1

6 Bits in Common in the Third Octet

Figure 1-3 Network Summarization

Interior or Exterior Routing

An autonomous system (AS) is a network under a single administrative control. Your
company’s network, as an example, might be in a single AS. When your company con-
nects out to two different ISPs, they are each in their own AS. Figure 1-4 shows such a
topology.

ROUTE.indb 10
 Chapter 1: Characteristics of Routing Protocols 11

ISP 1
AS: 65100

Company A ISP 2
AS: 65000 AS: 65200

Figure 1-4 Interconnection of Autonomous Systems

In Figure 1-4, Company A is represented with an AS number of 65000. ISP 1 is using an

AS number of 65100, and ISP 2 has an AS number of 65200.

When selecting a routing protocol, you need to determine where the protocol will run.
Will it run within an autonomous system or between autonomous systems? The answer
to that question determines whether you need an interior gateway protocol (IGP) or an
exterior gateway protocol (EGP):

■ IGP: An IGP exchanges routes between routers in a single AS. Common IGPs include
Key OSPF and EIGRP. Although less popular, RIP and IS-IS are also considered IGPs.
Topic
Also, be aware that BGP is used as an EGP; however, you can use interior BGP
(iBGP) within an AS.

■ EGP: Today, the only EGP in use is BGP. However, from a historical perspective, be
aware that there was once another EGP, which was actually named Exterior Gateway
Protocol (EGP).

Routing Protocol Categories

Another way to categorize a routing protocol is based on how it receives, advertises, and
stores routing information. The three fundamental approaches are distance-vector, link-
state, and path-vector.

Distance-Vector
A distance-vector routing protocol sends a full copy of its routing table to its directly
attached neighbors. This is a periodic advertisement, meaning that even if there have been
no topological changes, a distance-vector routing protocol will, at regular intervals, re-
advertise its full routing table to its neighbors.

Obviously, this periodic advertisement of redundant information is inefficient. Ideally,

you want a full exchange of route information to occur only once and subsequent
updates to be triggered by topological changes.

Another drawback to distance-vector routing protocols is the time they take to converge,
which is the time required for all routers to update their routing table in response to a
topological change in a network. Hold-down timers can speed the convergence process.

10/24/14 3:17 PM
 12 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

After a router makes a change to a route entry, a hold-down timer prevents any subse-
quent updates for a specified period of time. This approach helps stop flapping routes
(which are routes that oscillate between being available and unavailable) from preventing
convergence.

Yet another issue with distance-vector routing protocols is the potential of a routing loop.
To illustrate, consider Figure 1-5. In this topology, the metric being used is hop count,
which is the number of routers that must be crossed to reach a network. As one example,
Router R3’s routing table has a route entry for network 10.1.1.0 /24 available off of Router
R1. For Router R3 to reach that network, two routers must be transited (Routers R2 and
R1). As a result, network 10.1.1.0 /24 appears in Router R3’s routing table with a metric
(hop count) of 2.

Ethernet 1/0 Ethernet 1/0

10.1.1.0/24

10.1.4.0/24
10.1.2.0/24 10.1.3.0/24
Serial 0/0 Serial 0/0
Serial 0/0 Serial 0/1
R1 R2 R3

Router R2’s Routing Table Router R3’s Routing Table

Network Interface Metric Network Interface Metric
10.1.1.0/24 S0/0 1 10.1.1.0/24 S0/0 2
10.1.2.0/24 S0/0 0 10.1.2.0/24 S0/0 1
10.1.3.0/24 S0/1 0 10.1.3.0/24 S0/0 0
10.1.4.0/24 S0/1 1 10.1.4.0/24 E1/0 0

Figure 1-5 Routing Loop: Before Link Failure

Continuing with the example, imagine that interface Ethernet 1/0 on Router R3 goes
down. As shown in Figure 1-6, Router R3 loses its directly connected route (with a metric
of 0) to network 10.1.4.0 /24; however, Router R2 had a route to 10.1.4.0 /24 in its routing
table (with a metric of 1), and this route was advertised to Router R3. Router R3 adds this
entry for 10.1.4.0 to its routing table and increments the metric by 1.

Ethernet 1/0 Ethernet 1/0

10.1.1.0/24

10.1.4.0/24

10.1.2.0/24 10.1.3.0/24
Serial 0/0 Serial 0/0
Serial 0/0 Serial 0/1
R1 R2 R3

Router R2’s Routing Table Router R3’s Routing Table

Network Interface Metric Network Interface Metric
10.1.1.0/24 S0/0 1 10.1.1.0/24 S0/0 2
10.1.2.0/24 S0/0 0 10.1.2.0/24 S0/0 1
10.1.3.0/24 S0/1 0 10.1.3.0/24 S0/0 0
10.1.4.0/24 S0/1 1 10.1.4.0/24 10.1.4.0/24 E1/0 0
Hop Count 1
10.1.4.0/24 S0/0 2

Figure 1-6 Routing Loop: After Link Failure

ROUTE.indb 12
 Chapter 1: Characteristics of Routing Protocols 13

The problem with this scenario is that the 10.1.4.0 /24 entry in Router R2’s routing table
was because of an advertisement that Router R2 received from Router R3. Now, Router
R3 is relying on that route, which is no longer valid. The routing loop continues as Router
R3 advertises its newly learned route of 10.1.4.0 /24 with a metric of 2 to its neighbor,
Router R2. Because Router R2 originally learned the 10.1.4.0 /24 network from Router
R3, when it sees Router R3 advertising that same route with a metric of 2, the network
gets updated in Router R2’s routing table to have a metric of 3, as shown in Figure 1-7.

Ethernet 1/0 Ethernet 1/0

10.1.1.0/24

10.1.4.0/24
10.1.2.0/24 10.1.3.0/24
Serial 0/0 Serial 0/0
Serial 0/0 Serial 0/1
R1 R2 R3

Router R2’s Routing Table Router R3’s Routing Table

Network Interface Metric Network Interface Metric
10.1.1.0/24 S0/0 1 10.1.1.0/24 S0/0 2
10.1.2.0/24 S0/0 0 10.1.2.0/24 S0/0 1
10.1.3.0/24 S0/1 0 10.1.3.0/24 S0/0 0
10.1.4.0/24
10.1.4.0/24 S0/1 1 10.1.4.0/24 E1/0 0
Hop Count 2
10.1.4.0/24 S0/1 3 10.1.4.0/24 S0/0 2

Figure 1-7 Routing Loop: Routers R2 and R3 Incrementing the Metric for 10.1.4.0 /24

The metric for the 10.1.4.0 /24 network continues to increment in the routing tables for
both Routers R2 and R3, until the metric reaches a value considered to be an unreachable
value (for example, 16 in the case of RIP). This process is referred to as a routing loop.

Distance-vector routing protocols typically use one of two approaches for preventing
routing loops:

■ Split Horizon: The Split Horizon feature prevents a route learned on one interface
Key from being advertised back out of that same interface.
Topic
■ Poison Reverse: The Poison Reverse feature causes a route received on one interface
to be advertised back out of that same interface with a metric considered to be
infinite.

Having either approach applied to the previous example would have prevented Router
R3 from adding the 10.1.4.0 /24 network into its routing table based on an advertisement
from Router R2.

Routing protocols falling under the distance-vector category include

■ Routing Information Protocol (RIP): A distance-vector routing protocol that uses a

metric of hop count. The maximum number of hops between two routers in an RIP-
based network is 15. Therefore, a hop count of 16 is considered to be infinite. Also,
RIP is an IGP. Three primary versions of RIP exist. RIPv1 periodically broadcasts its
entire IP routing table, and it supports only fixed-length subnet masks. RIPv2 sup-
ports variable-length subnet masks, and it uses multicasts (to a multicast address of

10/24/14 3:17 PM
 14 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

224.0.0.9) to advertise its IP routing table, as opposed to broadcasts. RIP next genera-
tion (RIPng) supports the routing of IPv6 networks, while RIPv1 and RIPv2 support
the routing of IPv4 networks.

■ Enhanced Interior Gateway Routing Protocol (EIGRP): A Cisco-proprietary proto-

col until early 2013, EIGRP has been popular in Cisco-only networks; however, other
vendors can now implement EIGRP on their routers.

EIGRP is classified as an advanced distance-vector routing protocol, because it

improves on the fundamental characteristics of a distance-vector routing protocol. For
example, EIGRP does not periodically send out its entire IP routing table to its neighbors.
Instead it uses triggered updates, and it converges quickly. Also, EIGRP can support mul-
tiple routed protocols (for example, IPv4 and IPv6). EIGRP can even advertise network
services (for example, route plan information for a unified communications network)
using the Cisco Service Advertisement Framework (SAF).

By default, EIGRP uses bandwidth and delay in its metric calculation; however, other
parameters can be considered. These optional parameters include reliability, load, and
maximum transmission unit (MTU) size.

The algorithm EIGRP uses for its route selection is not Dijkstra’s Shortest Path First algo-
rithm (as used by OSPF). Instead, EIGRP uses Diffusing Update Algorithm (DUAL).

Link-State
Rather than having neighboring routers exchange their full routing tables with one anoth-
er, a link-state routing protocol allows routers to build a topological map of a network.
Then, similar to a global positioning system (GPS) in a car, a router can execute an algo-
rithm to calculate an optimal path (or paths) to a destination network.
Routers send link-state advertisements (LSA) to advertise the networks they know how to
reach. Routers then use those LSAs to construct the topological map of a network. The
algorithm run against this topological map is Dijkstra’s Shortest Path First algorithm.

Unlike distance-vector routing protocols, link-state routing protocols exchange full

routing information only when two routers initially form their adjacency. Then, routing
updates are sent in response to changes in the network, as opposed to being sent periodi-
cally. Also, link-state routing protocols benefit from shorter convergence times, as com-
pared to distance-vector routing protocols (although convergence times are comparable
to EIGRP).

Routing protocols that can be categorized as link-state routing protocols include

■ Open Shortest Path First (OSPF): A link-state routing protocol that uses a metric of
cost, which is based on the link speed between two routers. OSPF is a popular IGP,
because of its scalability, fast convergence, and vendor interoperability.

■ Intermediate System–to–Intermediate System (IS-IS): This link-state routing pro-

tocol is similar in its operation to OSPF. It uses a configurable, yet dimensionless,
metric associated with an interface and runs Dijkstra’s Shortest Path First algorithm.

ROUTE.indb 14
 Chapter 1: Characteristics of Routing Protocols 15

Although using IS-IS as an IGP offers the scalability, fast convergence, and vendor
interoperability benefits of OSPF, it has not been as widely deployed as OSPF.

Path-Vector
A path-vector routing protocol includes information about the exact path packets take to
reach a specific destination network. This path information typically consists of a series
of autonomous systems through which packets travel to reach their destination. Border
Gateway Protocol (BGP) is the only path-vector protocol you are likely to encounter in a
modern network.

Also, BGP is the only EGP in widespread use today. In fact, BGP is considered to be the
routing protocol that runs the Internet, which is an interconnection of multiple autono-
mous systems.

BGP’s path selection is not solely based on AS hops, however. BGP has a variety of other
parameters that it can consider. Interestingly, none of those parameters are based on
link speed. Also, although BGP is incredibly scalable, it does not quickly converge in
the event of a topological change. The current version of BGP is BGP version 4 (BGP-4).
However, an enhancement to BGP-4, called Multiprotocol BGP (MP-BGP), supports the
routing of multiple routed protocols, such as IPv4 and IPv6.

Summary of Categories
As a reference, Table 1-2 categorizes the previously listed routing protocols, based on
their type and whether they are primarily an IGP or an EGP.

Table 1-2 Routing Protocol Characteristics

Key
Topic Routing Protocol Type Primarily IGP or EGP
RIP Distance-Vector IGP
EIGRP (Advanced) Distance-Vector IGP
OSPF Link-State IGP
IS-IS Link-State IGP
BGP Path-Vector EGP

Note that a network can simultaneously support more than one routing protocol through
the process of route redistribution. For example, a router could have one of its inter-
faces participating in an OSPF area of the network and have another interface participat-
ing in an EIGRP area of the network. This router could then take routes learned through
OSPF and inject those routes into the EIGRP routing process. Similarly, EIGRP-learned
routes could be redistributed into the OSPF routing process.

10/24/14 3:17 PM
16 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Network Technology Fundamentals

When designing a new network or analyzing an existing network, the ability to determine
how traffic flows through that network is a necessary skill. Traffic flow is determined
both by the traffic type (for example, unicast, multicast, broadcast, or anycast) and the
network architecture type (for example, point-to-point, broadcast, and nonbroadcast
multiaccess [NMBA]). This section provides you with the basic characteristics of these
network technologies.

Network Traffic Types

Traffic can be sent to a single network host, all hosts on a subnet, or a select grouping of
hosts that requested to receive the traffic. These traffic types include unicast, broadcast,
multicast, and anycast.

Older routing protocols, such as RIPv1 and IGRP (the now-antiquated predecessor to
EIGRP), used broadcasts to advertise routing information; however, most modern IGPs
use multicasts for their route advertisements.

Note BGP establishes a TCP session between peers. Therefore, unicast transmissions are
used for BGP route advertisement.

Unicast
Most network traffic is unicast in nature, meaning that traffic travels from a single source
device to a single destination device. Figure 1-8 illustrates an example of a unicast trans-
mission. In IPv4 networks, unicast addresses are made up of Class A, B, and C addresses.
IPv6 networks instead use global unicast addresses, which begin with the 2000::/3 prefix.

Receiver
10.1.1.1
Receiver
10.1.1.2

Destination Destination
Address: Address: Non-Receiver
Video Server 10.1.1.1 10.1.1.2 10.1.1.3

Figure 1-8 Sample IPv4 Unicast Transmission

Broadcast
Broadcast traffic travels from a single source to all destinations in a subnet (that is, a
broadcast domain). A broadcast address of 255.255.255.255 might seem that it would
reach all hosts on an interconnected network. However, 255.255.255.255 targets all
 Chapter 1: Characteristics of Routing Protocols 17

devices on a single network, specifically the network local to the device sending a packet
destined for 255.255.255.255. Another type of broadcast address is a directed broad-
cast address, which targets all devices in a remote network. For example, the address
172.16.255.255 /16 is a directed broadcast targeting all devices in the 172.16.0.0 /16 net-
work. Figure 1-9 illustrates an example of a broadcast transmission.

Note Broadcasts are used in IPv4 networks, but not in IPv6 networks.

Receiver
10.1.1.1
Receiver
10.1.1.2

Destination
Address: Non-Receiver
Video Server 255.255.255.255 10.1.1.3

Figure 1-9 Sample IPv4 Broadcast Transmission

Multicast
Multicast technology provides an efficient mechanism for a single host to send traffic
to multiple, yet specific, destinations. For example, imagine a network with 100 users.
Twenty of those users want to receive a video stream from a video server. With a unicast
solution, the video server would have to send 20 individual streams, one stream for each
recipient. Such a solution could consume a significant amount of network bandwidth and
put a heavy processor burden on the video server.

With a broadcast solution, the video server would only have to send the video stream
once; however, the stream would be received by every device on the local subnet, even
devices not wanting to receive it. Even though those devices do not want to receive the
video stream, they still have to pause what they are doing and take time to check each of
these unwanted packets.

As shown in Figure 1-10, multicast offers a compromise, allowing the video server to send
the video stream only once, and only sending the video stream to devices on the network
that want to receive the stream.

What makes this possible in IPv4 networks is the use of a Class D address. A Class D
address, such as 239.1.2.3, represents the address of a multicast group. The video server
could, in this example, send a single copy of each video stream packet destined for
239.1.2.3. Devices wanting to receive the video stream can join the multicast group. Based
on the device request, switches and routers in the topology can then dynamically deter-
mine out of which ports the video stream should be forwarded.

10/24/14 3:17 PM
 18 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Multicast Group: 239.1.2.3

Receiver
10.1.1.1
Receiver
10.1.1.2

Destination
Address: 239.1.2.3
Video Server
Non-Receiver
10.1.1.3

Figure 1-10 Sample IPv4 Multicast Transmission

Note In IPv6 networks, multicast addresses have a prefix of ff00::/8.

Anycast
With anycast, a single IPv6 address is assigned to multiple devices, as depicted in Figure
1-11. The communication flow is one-to-nearest (from the perspective of a router’s rout-
ing table).
2200::1

Server A

R2

R1
Destination Address:
2200::1
R3

2100::1 Server B

2200::1

Figure 1-11 IPv6 Anycast Example

ROUTE.indb 18
 Chapter 1: Characteristics of Routing Protocols 19

In Figure 1-11, a client with an IPv6 address of 2100::1 wants to send traffic to a desti-
nation IPv6 address of 2200::1. Notice that two servers (Server A and Server B) have an
IPv6 address of 2200::1. In the figure, the traffic destined for 2200::1 is sent to Server A
through Router R2, because the network on which Server A resides appears to be closer
than the network on which Server B resides, from the perspective of Router R1’s IPv6
routing table.

Note Anycast is an IPv6 concept and is not found in IPv4 networks. Also, note that IPv6
anycast addresses are not unique from IPv6 unicast addresses.

Network Architecture Types

Another set of network technologies that impact routing, and determine traffic flow, deal
with network architecture types (for example, point-to-point, broadcast, and NBMA). For
design and troubleshooting purposes, you should be familiar with the characteristics of
each.

Point-to-Point Network
A very basic network architecture type is a point-to-point network. As seen in Figure
1-12, a point-to-point network segment consists of a single network link interconnecting
two routers. This network type is commonly found on serial links.

R1 R2

Figure 1-12 Point-to-Point Network Type

Broadcast Network
A broadcast network segment uses an architecture in which a broadcast sent from one of
the routers on the network segment is propagated to all other routers on that segment.
An Ethernet network, as illustrated in Figure 1-13, is a common example of a broadcast
network.

10/24/14 3:17 PM
 20 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

R1

Broadcast

SW1

R2 R3

Figure 1-13 Broadcast Network Type

NBMA
As its name suggests, a nonbroadcast multiaccess (NBMA) network does not support
broadcasts. As a result, if an interface on a router connects to two other routers, as depict-
ed in Figure 1-14, individual messages must be sent to each router.

01
I=2
DLC
Frame Relay Switch BR1
2 S1/0: 10.1.1.2/24
DLCI = 10

HQ
DLCI = 10
3
S1/0: 10.1.1.1/24

DLC
I=3 BR2
01
S1/0: 10.1.1.3/24

Figure 1-14 NBMA Network Type

The absence of broadcast support also implies an absence of multicast support. This
can lead to an issue with dynamic routing protocols (such as OSPF and EIGRP) that
dynamically form neighborships with neighboring routers discovered through multicasts.
Because neighbors cannot be dynamically discovered, neighboring IP addresses must be
statically configured. Examples of NBMA networks include ATM and Frame Relay.

The requirement for static neighbor configuration is not the only routing protocol issue
stemming from an NBMA network. Consider the following:

ROUTE.indb 20
 Chapter 1: Characteristics of Routing Protocols 21

■ Split Horizon issues: Distance-vector routing protocols (RIP and EIGRP, for exam-
Key ple) can use the previously mentioned Split Horizon rule, which prevents routes
Topic
learned on one interface from being advertised back out of that same interface.
Consider Figure 1-14 again. Imagine that Router BR2 advertised a route to Router
HQ, and Router HQ had Split Horizon enabled for its S 1/0 interface. That condi-
tion would prevent Router HQ from advertising that newly learned route to Router
BR1, because it would be advertising that route out the same interface on which it
was learned. Fortunately, in situations like this, you can administratively disable Split
Horizon.

■ Designated router issues: Recall from your CCNA studies that a broadcast net-
work (for example, an Ethernet network) OSPF elects a designated router (DR), with
which all other routers on a network segment form an adjacency. Interestingly, OSPF
attempts to elect a DR on an NMBA network, by default. Once again considering
Figure 1-14, notice that only Router HQ has a direct connection to the other rout-
ers; therefore, Router HQ should be the DR. This election might not happen without
administrative intervention, however. Specifically, in such a topology, you would
need to set the OSPF Priority to 0 on both Routers BR1 and BR2, which prevents
them from participating in a DR election.

TCP/IP Fundamentals
Recall from your CCNA studies that the Internet layer of the TCP/IP stack maps to Layer
3 (that is, the network layer) of the Open Systems Interconnection (OSI) model. While
multiple routed protocols (for example, IP, IPX, and AppleTalk) reside at the OSI model’s
network layer, Internet Protocol (IP) has become the de-facto standard for network
communication.

Sitting just above IP, at the transport layer (of both the TCP/IP and OSI models) is
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). This sec-
tion reviews the basic operation of the TCP/IP suite of protocols, as their behavior is the
foundation of the routing topics in the remainder of this book.

IP Characteristics
Figure 1-15 shows the IP version 4 packet header format.
 22 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Header
Version Type of Service Total Length
Length

Identification IP Flags Fragment Offset

TTL Protocol Header Checksum

Source Address

Destination Address

IP Option (Variable Length)

Figure 1-15 IP Version 4 Packet Header Format

The functions of the fields in an IPv4 header are as follows:

■ Version field: The Version field indicates IPv4 (with a value of 0100).

■ Header Length field: The Header Length field (commonly referred to as the Internet
Header Length (IHL) field) is a 4-bit field indicating the number of 4-byte words in
the IPv4 header.

■ Type of Service field: The Type of Service (ToS) field (commonly referred to as
the ToS Byte or DHCP field) has 8 bits used to set quality of service (QoS) mark-
ings. Specifically, the 6 leftmost bits are used for the Differentiated Service Code
Point (DSCP) marking, and the 2 rightmost bits are used for Explicit Congestion
Notification (an extension of Weighted Random Early Detection (WRED), used for
flow control).

■ Total Length field: The Total Length field is a 16-bit value indicating the size of the
packet (in bytes).

■ Identification field: The Identification field is a 16-bit value used to mark fragments
that came from the same packet.

■ IP Flags field: The IP Flags field is a 3-bit field, where the first bit is always set to a
0. The second bit (the Don’t Fragment [DF] bit) indicates that a packet should not
be fragmented. The third bit (the More Fragments [MF] bit) is set on all of a pack-
et’s fragments, except the last fragment.

■ Fragment Offset field: The Fragment Offset field is a 13-bit field that specifies the
offset of a fragment from the beginning of the first fragment in a packet, in 8-byte
units.

■ Time to Live (TTL) field: The Time to Live (TTL) field is an 8-bit field that is dec-
remented by 1 every time the packet is routed from one IP network to another (that

ROUTE.indb 22
 Chapter 1: Characteristics of Routing Protocols 23

is, passes through a router). If the TTL value ever reaches 0, the packet is discarded
from the network. This behavior helps prevent routing loops.

■ Protocol field: The Protocol field is an 8-bit field that specifies the type of data
encapsulated in the packet. TCP and UDP are common protocols identified by this
field.

■ Header Checksum field: The Header Checksum field is a 16-bit field that performs
error checking for a packet’s header. Interestingly, this error checking is performed
for UDP segments, in addition to TCP segments, even though UDP is itself an “unre-
liable” protocol.

■ Source Address field: The 32-bit Source Address field indicates the source of an
IPv4 packet.

■ Destination Address field: The 32-bit Destination Address field indicates the desti-
nation of an IPv4 packet.

■ IP Option field: The IP Option field is a seldom-used field that can specify a variety
of nondefault packet options. If the IP Option field is used, its length varies based on
the options specified.

An IPv6 packet header, as seen in Figure 1-16, is simpler in structure than the IPv4 packet
header.

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

Figure 1-16 IP Version 6 Packet Header Format

The purposes of the fields found in an IPv6 header are as follows:

■ Version field: Like an IPv4 header, an IPv6 header has a Version field, indicating
IPv6 (with a value of 0110).

■ Traffic Class field: The Traffic Class field is the same size, performs the same func-
tions, and takes on the same values as the Type of Service field in an IPv4 header.

■ Flow Label field: The 20-bit Flow Label field can be used to instruct a router to use
a specific outbound connection for a traffic flow (if a router has multiple outbound
connections). By having all packets in the same flow use the same connection, the
probability of packets arriving at their destination out of order is reduced.

10/24/14 3:17 PM
 24 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

■ Payload Length field: The Payload Length field is a 16-bit field indicating the size
(in bytes) of the payload being carried by an IPv6 packet.

■ Next Header field: The Next Header field, similar to the Protocol field in an IPv4
header, indicates the type of header encapsulated in the IPv6 header. Typically, this
8-bit header indicates a specific transport layer protocol.

■ Hop Limit field: The 8-bit Hop Limit field replaces, and performs the same function
as, the IPv4 header’s TTL field. Specifically, it is decremented at each router hop until
it reaches 0, at which point the packet is discarded.

■ Source Address field: Similar to the IPv4 header’s 32-bit Source Address field, the
IPv6 Source Address field is 128 bits in size and indicates the source of an IPv6
packet.

■ Destination Address field: Similar to the IPv4 header’s 32-bit Destination Address
field, the IPv6 Destination Address field is 128 bits in size and indicates the destina-
tion of an IPv6 packet.

Routing Review
As a review from your CCNA studies, recall how the fields in an IP header are used to
route a packet from one network to another. While the process is similar for IPv6, the fol-
lowing example considers IPv4.

In the topology shown in Figure 1-17, PC1 needs to send traffic to Server1. Notice that
these devices are on different networks. So, the question becomes, “How does a packet
from a source IP address of 192.168.1.2 get forwarded to a destination IP address of
192.168.3.2?”

IP Address: 192.168.1.2/24 IP Address: 192.168.3.2/24

MAC Address: MAC Address: 2222.2222.2222
1111.1111.1111 Default Gateway: 192.168.3.1
Default Gateway: 192.168.1.1

PC1

Server1

S1/1
SW1 Fa0/0 R1 192.168.2.1/30 S1/1 R2 Fa0/0 SW2
192.168.1.1/24 192.168.2.2/30 192.168.3.1/24
AAAA.AAAA.AAAA BBBB.BBBB.BBBB

Figure 1-17 Basic Routing Topology

The answer is routing, as summarized in the following steps:

Step 1. PC1 compares its IP address and subnet mask of 192.168.1.2 /24 with the des-
tination IP address and subnet mask of 192.168.3.2 /24. PC1 concludes that
the destination IP address resides on a remote subnet. Therefore, PC1 needs to

ROUTE.indb 24
 Chapter 1: Characteristics of Routing Protocols 25

send the packet to its default gateway, which could have been manually con-
figured on PC1 or dynamically learned through Dynamic Host Configuration
Protocol (DHCP). In this example, PC1 has a default gateway of 192.168.1.1
(Router R1). However, to construct a Layer 2 frame, PC1 also needs the MAC
address of its default gateway. PC1 sends an Address Resolution Protocol
(ARP) request for Router R1’s MAC address. After PC1 receives an ARP reply
from Router R1, PC1 adds Router R1’s MAC address to its ARP cache. PC1
now sends its data in a frame destined for Server1, as shown in Figure 1-18.

Note ARP uses broadcasts, which are not supported by IPv6. Therefore, IPv6 exchanges
Neighbor Discovery messages with adjacent devices to perform functions similar to ARP.

IP Address: 192.168.1.2/24 IP Address: 192.168.3.2/24

MAC Address: MAC Address: 2222.2222.2222
1111.1111.1111 Default Gateway: 192.168.3.1
Default Gateway: 192.168.1.1

PC1 PC1’s ARP Cache

192.168.1.1 AAAA.AAAA.AAAA
Server1

ARP Request

ARP Reply

S1/1
SW1 Fa0/0 R1 192.168.2.1/30 S1/1 R2 Fa0/0 SW2
192.168.1.1/24 192.168.2.2/30 192.168.3.1/24
AAAA.AAAA.AAAA BBBB.BBBB.BBBB

Data Frame

Source IP Address: 192.168.1.2

Source MAC Address: 1111.1111.1111
Destination IP Address: 192.168.3.2
Destination MAC Address: AAAA.AAAA.AAAA

Figure 1-18 Basic Routing: Step 1

Step 2. Router R1 receives the frame sent from PC1 and interrogates the IP header.
An IP header contains a Time to Live (TTL) field, which is decremented once
for each router hop. Therefore, Router R1 decrements the packet’s TTL field.
If the value in the TTL field is reduced to 0, the router discards the frame and
sends a time exceeded Internet Control Message Protocol (ICMP) message
back to the source. Assuming that the TTL is not decremented to 0, Router
R1 checks its routing table to determine the best path to reach network
192.168.3.0 /24. In this example, Router R1’s routing table has an entry stating
that network 192.168.3.0 /24 is accessible through interface Serial 1/1. Note
that ARPs are not required for serial interfaces, because these interface types
do not have MAC addresses. Router R1, therefore, forwards the frame out of
its Serial 1/1 interface, as shown in Figure 1-19.

10/24/14 3:17 PM
 26 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

IP Address: 192.168.1.2/24 IP Address: 192.168.3.2/24

MAC Address: MAC Address: 2222.2222.2222
1111.1111.1111 Default Gateway: 192.168.3.1
Default Gateway: 192.168.1.1

PC1

Source IP Address: 192.168.1.2 Server1

Source MAC Address: N/A
Destination IP Address: 192.168.3.2
Destination MAC Address: N/A

Data Frame

S1/1
SW1 Fa0/0 R1 192.168.2.1/30 S1/1 R2 Fa0/0 SW2
192.168.1.1/24 192.168.2.2/30 192.168.3.1/24
AAAA.AAAA.AAAA BBBB.BBBB.BBBB

Router R1’s Route Entry

192.168.3.0/24 Serial 1/1

Figure 1-19 Basic Routing: Step 2

Step 3. When Router R2 receives the frame, it decrements the TTL in the IP header,
just as Router R1 did. Again, assuming that the TTL did not get decremented
to 0, Router R2 interrogates the IP header to determine the destination net-
work. In this case, the destination network of 192.168.3.0 /24 is directly
attached to Router R2’s Fast Ethernet 0/0 interface. Similar to how PC1 sent
out an ARP request to determine the MAC address of its default gateway,
Router R2 sends an ARP request to determine the MAC address of Server1.
After an ARP Reply is received from Server1, Router R2 forwards the frame
out of its Fast Ethernet 0/0 interface to Server1, as illustrated in Figure 1-20.

IP Address: 192.168.1.2/24 IP Address: 192.168.3.2/24

MAC Address: MAC Address: 2222.2222.2222
1111.1111.1111 Default Gateway: 192.168.3.1
Default Gateway: 192.168.1.1

PC1

Server1

Router R2’s ARP Cache ARP Request

192.168.3.2 2222.2222.2222
ARP Reply

S1/1
SW1 Fa0/0 R1 192.168.2.1/30 S1/1 R2 Fa0/0 SW2
192.168.1.1/24 192.168.2.2/30 192.168.3.1/24
AAAA.AAAA.AAAA BBBB.BBBB.BBBB

Data Frame

Source IP Address: 192.168.1.2

Source MAC Address: BBBB.BBBB.BBBB
Destination IP Address: 192.168.3.2
Destination MAC Address: 2222.2222.2222

Figure 1-20 Basic Routing: Step 3

ROUTE.indb 26
 Chapter 1: Characteristics of Routing Protocols 27

Asymmetric Routing
Many times, routing operations are impacted by Layer 2 switching in a network. As an
example, consider a situation, as depicted in Figure 1-21, where a VLAN is spread across
multiple access layer switches, and a First-Hop Redundancy Protocol (FHRP) (for exam-
ple, HSRP, VRRP, or GLBP) is being used on multilayer switches at the distribution layer.

Internet

Core
CSW1 Layer

Active HSRP Standby HSRP

Router Router

Distribution
DSW1 DSW2 Layer

ASW1 ASW2 Access

Layer

VLAN 100 VLAN 100

10.1.1.100/24 PC1 PC2 10.1.1.101/24

Figure 1-21 Topology with Asymmetric Routing

In the figure, notice that VLAN 100 (that is, 10.1.1.0 /24) exists on both switches ASW1
and ASW2 at the access layer. Also, notice that there are two multilayer switches (that
is, DSW1 and DSW2) at the distribution layer with an HSRP configuration to provide
default gateway redundancy to hosts in VLAN 100. The multilayer switch in the core
layer (that is, CSW1) supports equal-cost load balancing between DSW1 and DSW2.

10/24/14 3:17 PM
 28 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Focusing on the HSRP configuration, imagine that DSW1 is the active HSRP “router”
and DSW2 is the standby HSRP “router.” Next, imagine that PC1 sends traffic out to the
Internet. The traffic flows through ASW1, DSW1 (the active HSRP router), and CSW1, as
shown in Figure 1-22.

Internet

Core
Outbound Traffic CSW1 Layer
Flow

Active HSRP Standby HSRP

Router Router

Distribution
DSW1 DSW2 Layer

ASW1 ASW2 Access

Layer

VLAN 100 VLAN 100

10.1.1.100/24 PC1 PC2 10.1.1.101/24

Figure 1-22 Unidirectional Outbound Traffic

A challenge with this common scenario can occur with the return traffic, as illustrated in
Figure 1-23. The return traffic flows from the Internet and into CSW1, which then load-
balances between DSW1 and DSW2. When the path through DSW1 is used, the MAC
address of PC1 is known to DSW1’s ARP cache (because it just saw PC1’s MAC address
being used as the source MAC address in a packet going out to the Internet). However,
when the path through DSW2 is used, DSW2 might not have PC1’s MAC address in its
ARP cache (because PC1 isn’t normally using DSW2 as its default gateway). As a result,
DSW2 floods this unknown unicast traffic out all its other ports. This issue is known as

ROUTE.indb 28
 Chapter 1: Characteristics of Routing Protocols 29

asymmetric routing, because traffic might leave through one path (for example, through
DSW1) and return through a different path (for example, through DSW2). Another name
given to this issue is unicast flooding, because of the potential for a backup FHRP rout-
er or multilayer switch to flood unknown unicast traffic for returning traffic.

Key
Topic Internet

Core
Inbound Traffic Flow
CSW1 Layer
from Internet to CSW1
One Possible Load
Balancing Path from
CSW1 to DSW1
Another Possible Load
Balancing Path from Active HSRP Standby HSRP
CSW1 to DSW2 Router Router

Distribution
DSW1 DSW2 Layer

ASW1 ASW2 Access

Layer

VLAN 100 VLAN 100

10.1.1.100/24 PC1 PC2 10.1.1.101/24

Figure 1-23 Unidirectional Flooding of Inbound Traffic

Cisco recommends that you do not span a VLAN across more than one access layer
switch to avoid such an issue. However, if a particular design requires the spanning of
a VLAN across multiple access layer switches, the best-practice recommendation from
Cisco is that you adjust the FHRP device’s ARP timer to be equal to or less than the
Content Addressable Memory (CAM) aging time. Otherwise, the CAM table entry for
the end station will time out before the ARP entry times out, meaning that the FHRP
device knows (from its ARP cache) the MAC address corresponding to the destination IP
address, and therefore does not need to ARP for the MAC address. However, if the CAM

10/24/14 3:17 PM
 30 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

entry has timed out, the FHRP device needs to flood the traffic to make sure that it gets
to the intended destination. With an ARP timer equal to or less than the CAM aging
time, there will never be an ARP entry for a MAC address not also stored in the CAM
table. As a result, if the FHRP device’s ARP entry has timed out, it will use ARP to get
the MAC address of the destination IP address, thus causing the CAM table to learn the
appropriate egress port.

Maximum Transmission Unit

A Maximum Transmission Unit (MTU), in the context of Cisco routers, typically refers
to the largest packet size supported on a router interface; 1500 bytes is a common value.
Smaller MTU sizes result in more overhead, because more packets (and therefore more
headers) are required to transmit the same amount of data. However, if you are sending
data over slower link speeds, large MTU values could cause delay for latency-sensitive
traffic.

Note Latency is the time required for a packet to travel from its source to destination.
Some applications, such as Voice over IP (VoIP), are latency sensitive, meaning that they do
not perform satisfactorily if the latency of their packets is too high. For example, the G.114
recommendation states that the one-way latency for VoIP traffic should not exceed 150
ms.Latency is a factor in the calculation of the bandwidth-delay product. Specifically, the
bandwidth-delay product is a measurement of the maximum number of bits that can be on
a network segment at any one time, and it is calculated by multiplying the segment’s band-
width (in bits/sec) by the latency packets experience as they cross the segment (in sec).
For example, a network segment with a bandwidth of 768 kbps and an end-to-end latency
of 100 ms would have a bandwidth-delay product of 76,800 bits (that is 768,000 * 0.1 =
76,800).

ICMP Messages
Another protocol residing alongside IP at Layer 3 of the OSI model is Internet Control
Message Protocol (ICMP). ICMP is most often associated with the Ping utility, used
to check connectivity with a remote network address (using ICMP Echo Request and
ICMP Echo Reply messages).

Note There is some debate in the industry about where ICMP fits into the OSI model.
Although it is generally considered to be a Layer 3 protocol, be aware that ICMP is encap-
sulated inside of an IP packet, and some of its messages are based on Layer 4 events.

ROUTE.indb 30
 Chapter 1: Characteristics of Routing Protocols 31

ICMP does have other roles beyond Ping. By using a variety of message types, ICMP can
be used by network devices (for example, routers) to provide information to one another.
Figure 1-24 shows the structure of an ICMP packet header.

Type Code Checksum

Rest of Header

Figure 1-24 ICMP Packet Header Format

The purposes of the fields found in an ICMP packet header are as follows:

■ Type: The 1-byte Type field contains a number indicating the specific type of ICMP
message. Here are a few examples: A Type 0 is an Echo Reply message, a Type 3 is a
Destination Unreachable message, a Type 5 is a Redirect message, and a Type 8 is
an ICMP Echo Request message.

■ Code: The 1-byte Code field further defines the ICMP type. For example, there are
16 codes for Destination Unreachable ICMP messages. Here are a couple of exam-
ples: A code of 0 means that the destination network is unreachable, while a code of
1 means that the destination host is unreachable.

■ Checksum: The 2-byte Checksum field performs error checking.

■ Rest of Header: The 4-byte Rest of Header field is 4 bytes in length, and its con-
tents are dependent on the specific ICMP type.

While ICMP has multiple messages types and codes, for purposes of the ROUTE exam,
you should primarily be familiar with the two following ICMP message types:

■ Destination Unreachable: If a packet enters a router destined for an address that the
Key router does not know how to reach, the router can let the sender know by sending a
Topic
Destination Unreachable ICMP message back to the sender.

■ Redirect: A host might have routing information indicating that to reach a particu-
lar destination network, packets should be sent to a certain next-hop IP address.
However, if network conditions change and a different next-hop IP address should
be used, the original next-hop router can let the host know to use a different path by
sending the host a Redirect ICMP message.

TCP Characteristics
TCP is commonly touted as being a reliable transport mechanism, as compared to its
unreliable counterpart, UDP. Examination of the TCP segment header format, as shown in
Figure 1-25, provides valuable insight into how this reliability happens.

10/24/14 3:17 PM
 32 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Source Port Destination Port

Sequence Number

Acknowledgment Number

Offset Reserved TCP Flags Window

Checksum Urgent Pointer

TCP Options (Optional)

Figure 1-25 TCP Segment Header Format

The purposes of the fields found in a TCP segment header are as follows:

■ Source Port field: The Source Port field is a 16-bit field indicating the sending port
number.

■ Destination Port field: The Destination Port field is a 16-bit field indicating the
receiving port number.

■ Sequence Number field: The Sequence Number field is a 32-bit field indicting the
amount of data sent during a TCP session. The sending party can be assured that
the receiving party really received the data, because the receiving party uses the
sequence number as the basis for the acknowledgment number in the next seg-
ment it sends back to the sender. Specifically, the acknowledgment number in that
segment equals the received sequence number plus 1. Interestingly, at the begin-
ning of a TCP session, the initial sequence number can be any number in the range
0–4,294,967,295 (that is, the range of numbers that can be represented by 32 bits).
However, when you are doing troubleshooting and performing a packet capture of
a TCP session, the initial sequence number might appear to be a relative sequence
number of 0. The use of a relative sequence number can often make data easier to
interpret while troubleshooting.

■ Acknowledgment Number field: The 32-bit Acknowledgment Number field is used

by the recipient of a segment to request the next segment in the TCP session. The
value of this field is calculated by adding 1 to the previously received sequence
number.

■ Offset field: The Offset field is a 4-bit field that specifies the offset between the
data in a TCP segment and the start of the segment, in units of 4-byte words.

ROUTE.indb 32
 Chapter 1: Characteristics of Routing Protocols 33

■ Reserved field: The 3-bit Reserved field is not used, and each of the 3 bits are set to
a value of 0.

■ TCP Flags field: The TCP Flags field is comprised of 9 flag bits (also known as con-
trol bits), which indicate a variety of segment parameters.

■ Window field: The 16-bit Window field specifies the number of bytes a sender is
willing to transmit before receiving an acknowledgment from the receiver.
■ Checksum field: The Checksum field is a 16-bit field that performs error checking
for a segment.

■ Urgent Pointer field: The 16-bit Urgent Pointer field indicates that last byte of a
segment’s data that was considered urgent. The field specifies the number of bytes
between the current sequence number and that urgent data byte.

■ TCP Options field: The optional TCP Options field can range in size from 0 to 320
bits (as long as the number of bits is evenly divisible by 32), and the field can contain
a variety of TCP segment parameters.

Three-Way Handshake
The process of setting up a TCP session involves a three-way handshake, as listed in the
following steps and as illustrated in Figure 1-26.

Step 1. The session initiator sends a Synchronization (SYN) message to the target
Key host.
Topic
Step 2. The target host acknowledges receipt of the SYN message with an
Acknowledgment (ACK) message and also sends a SYN message of its own.

Step 3. The session initiator receives the SYN messages from the target host and
acknowledges receipt by sending an ACK message.

1 SYN

SYN + ACK 2

3 ACK

Session Initiator Session Target

Figure 1-26 TCP Three-Way Handshake

TCP Sliding Window

TCP communication uses windowing, meaning that one or more segments are sent at
one time, and a receiver can acknowledge the receipt of all the segments in a window

10/24/14 3:17 PM
 34 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

with a single acknowledgment. In some cases, as illustrated in Figure 1-27, TCP uses a
sliding window, where the window size begins with one segment. If there is a successful
acknowledgment of that one segment (that is, the receiver sends an ACK asking for the
next segment), the window size doubles to two segments. Upon successful receipt of
those two segments, the next window contains four segments. This exponential increase
in window size continues until the receiver does not acknowledge successful receipt of
all segments within a certain time period (known as the round-trip time [RTT], which
is sometimes called real transfer time), or until a configured maximum window size is
reached.

Window Size 1
Key
Topic Segment 1
ACK 2

Window Size 2
Sender Segment 2 Receiver
Segment 3
ACK 4

Window Size 4
Segment 4
Segment 5
Segment 6
Segment 7
ACK 8

Figure 1-27 TCP Sliding Window

The TCP Maximum Segment Size (MSS) is the amount of data that can be contained in
a single TCP segment. The value is dependent on the current TCP window size.

Note The term Maximum Segment Size (MSS) seems to imply the size of the entire
Layer 4 segment (that is, including Layer 2, Layer 3, and Layer 4 headers). However, MSS
only refers to the amount of data in a segment.

If a single TCP flow drops a packet, that flow might experience TCP slow start, mean-
ing that the window size is reduced to one segment. The window size then grows expo-
nentially until it reaches one-half of its congestion window size (that is, the window size
when congestion was previously experienced). At that point, the window size begins to
grow linearly instead of exponentially.

If a router interface’s output queue fills to capacity, all TCP flows can simultaneously
start to drop packets, causing all TCP flows to experience slow start. This condition,
called global synchronization or TCP synchronization, results in a very inefficient

ROUTE.indb 34
 Chapter 1: Characteristics of Routing Protocols 35

use of bandwidth, because of all TCP flows having reduced window sizes and therefore
spending more time waiting for acknowledgments.

Note To prevent global synchronization, Cisco IOS supports a feature called Weighted
Random Early Detection (WRED), which can pseudo-randomly drop packets from flows
based on the number of packets currently in a queue and the quality of service (QoS)
markings on the packets. By dropping packets before the queue fills to capacity, the global
synchronization issue is avoided.

Out-of-Order Delivery
In many routed environments, a router has more than one egress interface that can reach
a destination IP address. If load balancing is enabled in such a scenario, some packets
in a traffic flow might go out one interface, while other packets go out of another inter-
face. With traffic flowing out of multiple interfaces, there is a chance that the packets
will arrive out of order. Fortunately, TCP can help prevent out-of-order packets by either
sequencing them in the correct order or by requesting the retransmission of out-of-order
packets.

UDP Characteristics
Figure 1-28 presents the structure of a UDP segment header. Because UDP is considered
to be a connectionless, unreliable protocol, it lacks the sequence numbering, window
size, and acknowledgment numbering present in the header of a TCP segment. Rather
the UDP segment’s header contains only source and destination port numbers, a UDP
checksum (which is an optional field used to detect transmission errors), and the segment
length (measured in bytes).

Source Port Destination Port

UDP Length UDP Checksum

Figure 1-28 UDP Segment Header Format

Because a UDP segment header is so much smaller than a TCP segment header, UDP
becomes a good candidate for the transport layer protocol serving applications that need
to maximize bandwidth and do not require acknowledgments (for example, audio or
video streams). In fact, the primary protocol used to carry voice and video traffic, Real-
time Transport Protocol (RTP), is a Layer 4 protocol that is encapsulated inside of UDP.

If RTP is carrying interactive voice or video streams, the latency between the participants
in a voice and/or video call should ideally be no greater than 150 ms. To help ensure that
RTP experiences minimal latency, even during times of congestion, Cisco recommends a
queuing technology called Low Latency Queuing (LLQ). LLQ allows one or more traffic

10/24/14 3:17 PM
36 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

types to be buffered in a priority queue, which is serviced first (up to a maximum band-
width limit) during times of congestion. Metaphorically, LLQ works much like a carpool
lane found in highway systems in larger cities. With a carpool lane, if you are a special
type of traffic (for example, a vehicle with two or more passengers), you get to drive in
a separate lane with less congestion. However, the carpool lane is not the autobahn (a
German highway without a speed limit). You are still restricted as to how fast you can go.
With LLQ, you can treat special traffic types (for example, voice and video using RTP)
in a special way, by placing them in a priority queue. Traffic in the priority queue (much
like a carpool lane) gets to go ahead of nonpriority traffic; however, there is a bandwidth
limit (much like a speed limit) that traffic in the priority queue cannot exceed. Therefore,
priority traffic does not starve out nonpriority traffic.

Network Migration Strategies

As networks undergo expansion or as new technologies are introduced, network engi-
neers need to understand the implications of the changes being made. This section iden-
tifies a few key areas where change is likely to occur (if it has not already occurred) in
enterprise networks.

Routing Protocol Changes

The primary focus of this book is on routing protocols. As you read through the subse-
quent chapters covering protocols such as RIPng, OSPF, EIGRP, and BGP, be on the look-
out for protocol-specific parameters that need to match between neighboring devices.

As one example, in Chapter 4, “Fundamental EIGRP Concepts,” you will read about
EIGRP K-values and how they must match between EIGRP neighbors. Therefore, if you
make a K-value change on one router, that change needs to be reflected on neighboring
routers.

In addition to making adjustments to existing routing protocols, network engineers some-

times need to migrate to an entirely new routing protocol. For example, a network that
was running RIP might migrate to OSPF. Two common approaches to routing protocol
migration are as follows:

■ Using Administrative Distance (AD): When migrating from one routing protocol
Key to another, one approach is to configure both routing protocols on all your routers,
Topic
allowing them to run concurrently. However, when you do your configuration of the
new routing protocol, you should make sure that it has a higher AD than the existing
routing protocol. This approach allows you to make sure that the new routing proto-
col has successfully learned all the routes it needs to learn and has appropriate next
hops for its route entries. After you are convinced that the new routing protocol is
configured appropriately, you can adjust the AD on either the old or the new routing
protocol such that the new routing protocol is preferred.

■ Using route redistribution: Another approach to migrating between routing proto-

cols is to use redistribution, such that you cut over one section of your network at
 Chapter 1: Characteristics of Routing Protocols 37

a time, and mutually redistribute routes between portions of your network using
the old routing protocol and portions using the new routing protocol. This approach
allows you to, at your own pace, roll out and test the new routing protocol in your
network locations.

IPv6 Migration
You could argue that there are two kinds of IP networks: those that have already migrat-
ed to IPv6 and those that will migrate to IPv6. With the depletion of the IPv4 address
space, the adoption of IPv6 for most every IP-based network is an eventuality. Following
are a few strategies to consider when migrating your network, or your customers’ net-
works, from IPv4 to IPv6:

■ Check equipment for IPv6 compatibility: Before rolling out IPv6, you should check
Key your existing network devices (for example, switches, routers, and firewalls) for IPv6
Topic
compatibility. In some cases, you might be able to upgrade the Cisco IOS on your
existing gear to add IPv6 support for those devices.

■ Run IPv4 and IPv6 concurrently: Most network devices (including end-user com-
puters) that support IPv6 also support IPv4 and can run both at the same time. This
type of configuration is called a dual-stack configuration. A dual-stack approach
allows you to gradually add IPv6 support to your devices and then cut over to just
IPv6 after all devices have their IPv6 configuration in place.

■ Check the ISP’s IPv6 support: Many Internet Service Providers (ISP) allow you to
connect with them using IPv6. The connection could be a default static route, or you
might be running Multiprotocol BGP (MP-BGP) to peer with multiple ISPs. These
options are discussed in Chapter 15, “IPv6 Internet Connectivity.”

■ Configure NAT64: During the transition from a network running IPv4 to a network
running IPv6, you might have an IPv6 host that needs to communicate with an IPv4
host. One approach to allow this is to use NAT64. You probably recall from your
CCNA studies that Network Address Translation (NAT) in IPv4 networks is often
used to translate private IP addresses used inside of a network (referred to as inside
local addresses) into publicly routable IP addresses for use on the Internet (referred
to as inside global addresses). However, NAT64 allows IPv6 addresses to be trans-
lated into corresponding IPv4 addresses, thus permitting communication between an
IPv4 host and an IPv6 host.

A router configured for NAT64 maintains a mapping table that specifies which
IPv4 address corresponds to an IPv6 address. This mapping table can be manually
configured, which is called stateless translation. Unfortunately, such a manual con-
figuration is not very scalable. However, a stateless translation can be useful when
you have a relatively small number of IPv4 hosts (for example, servers) that need to
be reached by IPv6 clients. For more scalability, stateful translation can be used.
A router configured for stateful translation allows a dynamic IPv6-to-IPv4 address
binding to be created.

10/24/14 3:17 PM
 38 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

■ Use NPTv6: Another type of translation that can benefit IPv6 networks is Network
Prefix Translation version 6 (NPTv6). NPTv6 is sometimes referred to as IPv6-to-
IPv6 Network Prefix Translation. Unlike NAT, NPTv6 cannot do any sort of NAT
address overloading. Instead it simply translates one IPv6 prefix to another. For
example, a router configured for NPTv6 might translate a prefix from 2001:1::/64 to
2001:2::/64.
Many IPv6 networks will have no need for NPTv6. However, as an example of where
it can be particularly beneficial, consider a situation where an IPv6 host has more
than one global unicast address assigned to a network interface card. Perhaps one
of the global unicast addresses has permission (based on network filters in place) to
reach a specific destination, while the other global unicast address would be dropped
if it attempted to reach that destination. Because the host might not know from
which of these IPv6 addresses to source a packet, it might use a source address that
gets dropped by the network filter. However, a router configured for NPTv6 can
translate the host’s unpermitted global unicast IPv6 address into a global unicast
IPv6 address that is permitted.

■ Send IPv6 traffic over an IPv6-over-IPv4 tunnel: Yet another approach to having
IPv6 addressing and IPv4 addressing peacefully coexist on the same network is to
have an IPv4 tunnel that spans an IPv4-only portion of the network. Routers at each
end of this tunnel can run both IPv4 and IPv6 and can encapsulate IPv6 traffic inside
of the IPv4 tunnel packets, thus allowing IPv6 traffic to traverse an IPv4-only por-
tion of the network. This type of tunnel is called an IPv6-over-IPv4 tunnel.

Spanning Tree Protocol Migration

Spanning Tree Protocol (STP), to which you were introduced in your CCNA studies,
supports redundancy in a Layer 2 network, while preserving a loop-free topology. Several
variants of STP have been developed since Radia Perlman’s first iteration of STP in the
mid 1980s.

Typically, the optimal type of STP to run on today’s Cisco Catalyst switches is Rapid
Per-VLAN Spanning Tree Protocol Plus (Rapid-PVST+). Rapid-PVST+ allows for much
faster convergence (commonly, less than one second) as compared to the relatively slow
convergence (up to 50 seconds) of IEEE 802.1D (the first industry-standard version of
STP). Another benefit of running Rapid-PVST+ is that it allows each VLAN to run its
own instance of STP, as opposed to all VLANs using the same spanning-tree topology
(which could lead to suboptimal paths for some VLANs).

Fortunately, Rapid-PVST+ is backward compatible with IEEE 802.1D. This backward

compatibility allows network engineers to take a phased approach in their migration to
Rapid-PVST+.

When converting a Cisco Catalyst switch to Rapid-PVST+, you can remove the following
features, because similar features are built into Rapid-PVST+:

■ UplinkFast

■ BackboneFast

ROUTE.indb 38
 Chapter 1: Characteristics of Routing Protocols 39

However, the following features still function with Rapid-PVST+ and do not need to be
removed from a Cisco Catalyst switch being migrated to Rapid-PVST+:

■ PortFast

■ BPDU Guard

■ BPDU Filter

■ Root Guard

■ Loop Guard

Migration to Easy Virtual Networking

In recent years, virtualization has become a hot topic in the IT industry. Today’s data
centers commonly use virtualization technologies (for example, VMware and Hyper-V) to
allow multiple server instances (possibly running different operating systems) to run on a
single physical server. This can make for a much more efficient use of hardware resources.

Interestingly, in addition to virtualizing server instances, you can virtualize networks.

Cisco supports a technology called Virtual Routing and Forwarding (VRF), which
allows a single router to run multiple virtual router instances. Each virtual router instance
can have its own configuration and its own IP routing process.

VRF is therefore able to segment networks and isolate paths as needed. The capability
to completely isolate one network from another (even though the networks use the same
infrastructure devices) has obvious security benefits.

Additionally, VRF helps network architects meet various industry regulations. For
example, the Sarbanes-Oxley Act and the HIPAA Privacy Rule require privacy for cus-
tomer and patient information. Also, the Payment Card Industry regulations require path
segmentation for credit card transactions. Other scenarios for multitenant networks (for
example, universities and airports) also have frequent network segmentation and path iso-
lation design requirements.

A traditional way to configure VRF on Cisco routers was to use an approach called VRF-
Lite. A newer approach to virtualized network configuration, called Cisco Easy Virtual
Network (EVN), dramatically simplifies the relatively complex configuration required by
VRF-Lite.

An EVN uses a Virtual Network Trunk (VNET Trunk) to carry traffic for each virtual
network, and eliminates the need to manually configure a subinterface for each virtual
network on all routers (which was a requirement with VRF-Lite). Traffic flowing over a
VNET Trunk is tagged with a VNET tag, identifying the virtual network to which the
traffic belongs. An EVN router connects to a Cisco Catalyst switch through an 802.1Q
trunk, with the different VLANs on the 802.1Q trunk carrying traffic for the different
virtual networks.

10/24/14 3:17 PM
 40 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Note Even though VRF is the underlying technology being used, a common practice is
to refer to a virtual network as a VRF. For example, an EVN might have three separate vir-
tual networks that you might call VRF A, VRF B, and VRF C.

Figure 1-29 provides a sample EVN topology.

VRFs
Key Traffic for VRF A (172.16.0.0/16)
Topic Traffic for VRF B (172.17.0.0/16)
Traffic for VRF C (172.18.0.0/16)

172.16.0.100/24 172.16.1.100/24
VNET Trunk

172.17.0.100/24 172.17.1.100/24
A A
B B
C C
172.18.0.100/24 172.18.1.100/24
R1 R2

802.1Q Trunk

Figure 1-29 Sample EVN Topology

Even though an EVN allows a network architect to isolate one virtual network from
another (as if they were physically separate networks), there is an occasional need for
one of the virtual networks to be accessible by other virtual networks. For example, one
virtual network might contain corporate DNS, DHCP, and email servers, which need to
be accessed by all the other virtual networks. Cisco EVN makes this possible through
a service called route replication. The route replication service allows IP routes known
to one virtual network to be known to other virtual networks. As an example, consider
Figure 1-30.

In Figure 1-30, the 172.16.0.0 /16 virtual network (VRF A) and the 172.17.0.0 /16 virtual
network (VRF B) are isolated from one another. However, the 192.168.0.0 /24 network
(VRF C) contains servers (for example, DHCP, DNS, and email servers) that need to be
accessed by both VRF A and VRF B. Route replication allows networks in VRF C to be
added to the routing tables of VRF A and VRF B, while still keeping VRF A and VRF B
separate from one another. Also, notice that the routing table for VRF C knows about
routes in the other two VRFs.

Note Even though different IP address spaces were used in this example for VRF A and
VRF B, in the real world, you could have overlapping address spaces in different VRFs.

ROUTE.indb 40
 Chapter 1: Characteristics of Routing Protocols 41

VRFs
Traffic for VRF A (172.16.0.0/16)
Traffic for VRF B (172.17.0.0/16)
172.16.0.100/24 Traffic for VRF C (192.168.0.0/24)

802.1Q Trunk
DHCP Server
192.168.0.1/28
172.17.0.100/24

A
B DNS Server
C 192.168.0.2/28
Gig 0/0/1 Gig 0/0/2
R1
Routing Table for VRF A
Email Server
172.16.0.0/16 => Gig 0/0/1.A 192.168.0.3/28
192.168.0.0/24 => Gig 0/0/2.C

Routing Table for VRF B

172.17.0.0/16 => Gig 0/0/1.B
192.168.0.0/24 => Gig 0/0/2.C
Routing Table for VRF C
172.16.0.0/16 => Gig 0/0/1.A
172.17.0.0/16 => Gig 0/0/1.B
192.168.0.0/24 => Gig 0/0/2.C

Figure 1-30 Route Replication

10/24/14 3:17 PM
42 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Exam Preparation Tasks

Planning Practice
The CCNP ROUTE exam expects test takers to review design documents, create imple-
mentation plans, and create verification plans. This section provides some exercises that
can help you to take a step back from the minute details of the topics in this chapter so
that you can think about the same technical topics from the planning perspective.

For each planning practice table, simply complete the table. Note that any numbers in
parentheses represent the number of options listed for each item in the solutions in
Appendix F, “Completed Planning Practice Tables.”

Design Review Table

Table 1-3 lists several design goals related to this chapter. If these design goals were listed
in a design document, and you had to take that document and develop an implementation
plan, what implementation options come to mind? You should write a general descrip-
tion; specific configuration commands are not required.

Table 1-3 Design Review

Design Goal Possible Implementation Choices

Covered in This Chapter
The design requires the number of entries in
a router’s routing table to be reduced.
The design calls for the use of a distance-
vector routing protocol. Identify the two
approaches that a distance-vector routing
protocol can use to prevent loops. (2)
The design calls for the use of a link-state
routing protocol. (2)
The design calls for IPv6 traffic to travel
from a source IPv6 address to the nearest
device of multiple devices assigned the same
destination IPv6 address.
The design calls for the use of an NBMA
network. Identify design issues that might be
encountered when using EIGRP or OSPF. (2)
The design calls for the use of Hot Standby
Router Protocol (HSRP). Identify the
condition that can be created when return
traffic flows through a standby HSRP router.
 Chapter 1: Characteristics of Routing Protocols 43

Design Goal Possible Implementation Choices

Covered in This Chapter
The design needs to mitigate a global
synchronization condition (where all TCP
flows simultaneously enter TCP slow start).
The design requires a network to be migrated
to a different routing protocol. (2)
The design requires that you virtualize
multiple routers inside of physical routers
and carry traffic for the virtual networks
between those physical routers.

Implementation Plan Peer Review Table

Table 1-4 shows a list of questions that others might ask, or that you might think about,
during a peer review of another network engineer’s implementation plan. Complete the
table by answering the questions.

Table 1-4 Notable Questions from This Chapter to Consider During an Implementation
Plan Peer Review

Question Answers
The plan requires that Split Horizon be
disabled for the hub router in a hub-and-
spoke topology. Describe the purpose of
Split Horizon.
The plan requires the use of EIGRP as the
routing protocol. Provide a brief description
of EIGRP.
The plan calls for the use of both IPv4 and
IPv6. What network traffic types do IPv4
and IPv6 have in common, and what traffic
types are different?
The plan calls for the use of Hot Standby
Router Protocol (HSRP). What can you do to
prevent an asymmetric routing issue, where
traffic is forwarded from a subnet using the
active HSRP router, and some of the return
traffic returns using the standby HSRP router
(because of load balancing)?

10/24/14 3:17 PM
44 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Question Answers
The design calls for the transmission of
interactive voice and video over a network.
What Layer 4 protocols are typically used to
transmit voice and data media? (2)
The plan requires that a network migrate
from IPv4 to IPv6. Identify three strategies
of a successful IPv6 migration. (3)
The plan calls for the use of Virtual Routing
and Forwarding (VRF). Identify two
approaches to configuring VRF. (2)

Review All the Key Topics

Review the most important topics from inside the chapter, noted with the Key Topic icon
in the outer margin of the page. Table 1-5 lists a reference of these key topics and the
page numbers on which each is found.

Table 1-5 Key Topics for Chapter 1

Key
Topic Key Topic Element Description Page Number
Figure 1-3 Network Summarization 10
List IGP and EGP definitions 11
List Distance-vector routing protocol approaches to avoid 13
routing loops
Table 1-2 Routing Protocol Characteristics 15
List NBMA design considerations 21
Figure 1-23 Unidirectional Flooding of Inbound Traffic 29
List Two ICMP message types 31
List TCP three-way handshake 33
Figure 1-27 TCP Sliding Window 34
List Approaches to routing protocol migration 36
List Strategies for IPv6 migration 37
Figure 1-29 Sample EVN Topology 40
 Chapter 1: Characteristics of Routing Protocols 45

Complete the Tables and Lists from Memory

Print a copy of Appendix D, “Memory Tables,” (found on the CD) or at least the section
for this chapter, and complete the tables and lists from memory. Appendix E, “Memory
Tables Answer Key,” also on the CD, includes completed tables and lists to check your
work.

Definitions of Key Terms

Define the following key terms from this chapter, and check your answers in the glossary.

convergence, route summarization, interior gateway protocol (IGP), exterior gateway

protocol (EGP), distance-vector, link-state, path-vector, anycast, nonbroadcast multi-
access (NBMA), Split Horizon, Poison Reverse, asymmetric routing, Administrative
Distance, Easy Virtual Networking (EVN)
 This chapter covers the following subjects:

■ Remote Connectivity Overview: This section

explains why VPNs are often a preferred method of
remotely connecting to sites and identifies a collec-
tion of available VPN technologies.

■ MPLS VPN: This section contrasts Layer 2 MPLS

VPNs and Layer 3 MPLS VPNs.

■ GRE: This section describes a GRE tunnel and dem-

onstrates GRE tunnel configuration and verification.

■ DMVPN: This section discusses how DMVPNs can

dynamically bring up connections between specific
spokes in a hub-and-spoke VPN topology.

■ Multipoint GRE: This section explains how a single

GRE interface can have connections to multiple GRE
peers.

■ NHRP: This section explains how NHRP can dis-

cover next-hop IP addresses in networks using IP
tunneling.
■ IPsec: This section explores how IPsec can be used
to secure a VPN connection.

ROUTE.indb 46
 CHAPTER 2

Remote Site Connectivity

Traditional wide-area network (WAN) connections used technologies such as dedicated
leased lines and permanent virtual circuits (PVC) defined in frame switching (for example,
Frame Relay) and cell switching (for example, ATM) networks. As an example, if a com-
pany opened a remote sales office, it might have purchased a Frame Relay connection for
that remote office and used a PVC that interconnected that remote office with the corpo-
rate headquarters.

However, with the current state of the Internet, high-speed connections are widely acces-
sible. For example, a remote sales office might purchase a DSL or cable modem con-
nection to the Internet, at a relatively low cost as compared to traditional leased lines
or frame/cell switching technologies. Over that Internet connection, a virtual private
network (VPN) could create a logical path between the sales office and the headquarters
location.

The theory and configuration of VPNs goes well beyond what is covered in this chapter;
however, the ROUTE exam blueprint only requires configuration knowledge for Generic
Routing Encapsulation (GRE) tunnels. Therefore, this chapter will help you understand
the theory of multiple VPN technologies, while showing the configuration and verifica-
tion of GRE.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read the
entire chapter. If you miss no more than one of these seven self-assessment questions,
you might want to move ahead to the “Exam Preparation Tasks” section. Table 2-1 lists
the major headings in this chapter and the “Do I Know This Already?” quiz questions
covering the material in those headings so that you can assess your knowledge of these
specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A.
 48 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Table 2-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

Foundation Topics Section Questions

Remote Connectivity Overview 1
MPLS VPN 2
GRE 3
DMVPN 4
Multipoint GRE 5
NHRP 6
IPsec 7

1. Which of the following is a valid design consideration for a hybrid VPN?

a. You cannot encapsulate an encrypted packet.

b. You cannot encrypt an encapsulated packet.

c. You might need to decrease the MTU size for frames on an interface.

d. You might need to increase the MTU size for frames on an interface.

2. In a Layer 3 MPLS VPN, with what does a CE router form a neighborship?

a. A PE in the MPLS network.

b. A CE at a remote location.

c. No neighborship is formed, because the MPLS network acts as a logical switch.

d. No neighborship is formed, because IP multicast traffic cannot be sent across

an MPLS network.

3. You want to interconnect two remote sites with a VPN tunnel. The tunnel needs
to support IP unicast, multicast, and broadcast traffic. Additionally, you need to
encrypt traffic being sent over the tunnel. Which of the following VPN solutions
meets the design requirements?

a. Use a GRE tunnel.

b. Use an IPsec tunnel.

c. Use a GRE tunnel inside of an IPsec tunnel.

d. Use an IPsec tunnel inside of a GRE tunnel.

4. Identify technologies required for a DMVPN network. (Choose three.)

a. NHRP

b. IPsec

c. MPLS

d. mGRE

ROUTE.indb 48
 Chapter 2: Remote Site Connectivity 49

5. Which of the following are characteristics of multipoint GRE? (Choose two.)

a. mGRE supports a wide variety of protocols.

b. A single mGRE interface can service multiple tunnels.

c. An mGRE interface is created for each tunnel.

d. mGRE only transports unicast IP packets.

6. Which of the following are true for NHRP? (Choose two.)

a. The hub router is configured with the IP addresses of the spoke routers.

b. The spoke routers are configured with the IP address of the hub router.

c. Spoke routers query the hub router asking what tunnel interface IP address cor-
responds to a known physical interface IP address.

d. Spoke routers query the hub router asking what physical interface IP address
corresponds to a known tunnel interface IP address.

7. Which IPsec feature primarily performs encryption?

a. Integrity

b. Confidentiality

c. Antireplay

d. Authentication

10/24/14 3:17 PM
50 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Foundation Topics

Remote Connectivity Overview

The voice, video, and data commonly sent between remote offices and central sites often
demand low latency and easy provisioning, all while maintaining a low cost. Traditional
WAN solutions (for example, leased lines, Frame Relay, and ATM) typically fail to simul-
taneously meet all these requirements. Fortunately, a variety of VPN technologies fit
nicely into such a design.

This section categorizes various VPN technologies. Then, the remainder of this chapter
examines these technologies in a bit more detail.

MPLS-Based Virtual Private Networks

Multiprotocol Label Switching (MPLS) is a technology commonly used by service
providers, although many large enterprises also use MPLS for their backbone network.
MPLS makes forwarding decisions based on labels rather than IP addresses. Specifically,
a 32-bit label is inserted between a frame’s Layer 2 and Layer 3 headers. As a result, an
MPLS header is often called a shim header, because it is stuck in between two existing
headers.

MPLS-based VPNs can be grouped into one of two primary categories:

■ Layer 2 MPLS VPNs

■ Layer 3 MPLS VPNs

These two approaches are discussed further in the section “MPLS VPN,” later in this
chapter.

Tunnel-Based Virtual Private Networks

A tunnel is a virtual connection that can physically span multiple router hops. However,
from the perspective of the traffic flowing through the tunnel, the transit from one end
of a tunnel to the other appears to be a single router hop.

Multiple VPN technologies make use of virtual tunnels. A few examples discussed in this
chapter include

■ Generic Routing Encapsulation (GRE)

■ Dynamic Multipoint VPN (DMVPN)

 Chapter 2: Remote Site Connectivity 51

■ Multipoint GRE

■ IPsec

Hybrid Virtual Private Networks

Rather than just using a single MPLS-based VPN technology or a single tunnel-based
VPN technology, you can use select VPN technologies in tandem. For example, you
might want to extend an MPLS network at one corporate location to MPLS networks at
remote corporate locations, while having a requirement that traffic traveling through a
service provider’s cloud be encrypted.

You could meet the requirements of such a design by having a Layer 3 MPLS VPN set up
over a DMVPN. The DMVPN technology carrying the Layer 3 MPLS VPN traffic allows
you to efficiently set up direct links between corporate locations, and it also allows you
to use IPsec, which can encrypt the traffic flowing through the service provider’s cloud.

When it comes to hybrid VPNs, a significant design consideration is overhead. Every

time you add an encapsulation, you are adding to the total header size of the packet.
With more headers, the amount of data you can carry inside a single packet is decreased.
As a result, you might have to configure a lower maximum transmission unit (MTU)
size for frames on an interface.

MPLS VPN
MPLS VPNs extend the capabilities of MPLS, supporting VPNs created across an MPLS
network. These VPNs, most commonly found in service provider or large enterprise net-
works, can be categorized as either Layer 2 MPLS VPNs or Layer 3 MPLS VPNs.

Layer 2 MPLS VPN

With a Layer 2 MPLS VPN, the MPLS network allows customer edge (CE) routers at dif-
ferent sites to form routing protocol neighborships with one another as if they were Layer
2 adjacent. Therefore, you can think of a Layer 2 MPLS VPN as a logical Layer 2 switch,
as depicted in Figure 2-1.
 52 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Key
Topic
CE
Neighborship CE

LSR
Location A
Location B
PE
LSR LSR (ELSR)

PE
(ELSR)

LSR

Service Provider’s
MPLS Cloud CE
CE
Location C Location D

Figure 2-1 Logical View of a Layer 2 MPLS VPN

Layer 3 MPLS VPN

With a Layer 3 MPLS VPN, a service provider’s provider edge (PE) router (also known
as an Edge Label Switch Router [ELSR]) establishes a peering relationship with a CE
router, as seen in Figure 2-2. Routes learned from the CE router are then sent to the
remote PE router in the MPLS cloud (typically using multiprotocol BGP [MP-BGP]),
where they are sent out to the remote CE router.

Key
Topic
CE CE
ip

LSR
Ne

rsh
ig

bo
hb

Location A Location B
igh
or
sh

LSR LSR
Ne
ip

PE PE
(ELSR) (ELSR)
Neig
ip
rsh

hbo
bo
igh

rshi

LSR
Ne

Service Provider’s
MPLS Cloud CE
CE
Location C Location D

Figure 2-2 Layer 3 MPLS VPN

ROUTE.indb 52
 Chapter 2: Remote Site Connectivity 53

GRE
As its name suggests, a Generic Routing Encapsulation (GRE) tunnel can encapsulate
nearly every type of data that you could send out of a physical router interface. In fact,
GRE can encapsulate any Layer 3 protocol, which makes it very flexible.

GRE by itself does not provide any security for the data it transmits; however, a GRE
packet can be sent over an IPsec VPN, causing the GRE packet (and therefore its con-
tents) to be protected. Such a configuration is commonly used, because IPsec can only
protect unicast IP packets. This limitation causes issues for routing protocols that use IP
multicasts. Fortunately, a GRE tunnel can encapsulate IP multicast packets. The resulting
GRE packet is an IP unicast packet, which can then be protected by an IPsec tunnel.

As an example, consider Figure 2-3. Routers R1 and R2 need to form an Open Shortest
Path First (OSPF) neighborship across the service provider’s cloud. Additionally, traffic
between these two routers needs to be protected. While IPsec can protect unicast IP traf-
fic, OSPF communicates through IP multicasts. Therefore, all traffic between Routers R1
and R2 (including the OSPF multicasts) is encapsulated inside of a GRE tunnel. Those
GRE packets, which are unicast IP packets, are then sent across, and protected by, an
IPsec tunnel.

GRE Tunnel IPsec Tunnel

R1 R2

Service Provider’s
Cloud

Figure 2-3 GRE over IPsec Tunnel

Note For exam purposes, the only type of tunnel you need to know how to configure,
based on the objectives listed in the ROUTE exam blueprint, is a GRE tunnel. Therefore,
this chapter only provides a configuration example for a GRE tunnel.

The steps to configure a GRE tunnel are as follows:

Step 1. Create a virtual tunnel interface in global configuration mode with the inter-
Key face tunnel id command.
Topic
Step 2. In interface configuration mode for the tunnel interface, add an IP address
with the ip address ip_address subnet_mask command.

Step 3. Specify the source of the tunnel with the tunnel source {interface_id | ip_
address} command.
 54 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Step 4. Specify the destination of the tunnel with the tunnel destination ip_address
command.

Step 5. Repeat the previous steps on the router at the far side of the tunnel.

To illustrate this configuration procedure, consider Example 2-1 and the topology shown
in Figure 2-4.

Tunnel 1 Tunnel 1
192.168.0.1/30 192.168.0.2/30

Lo0 GRE Tunnel Lo0

1.1.1.1/32 4.4.4.4/32

S1/0.2 S1/0.2 S1/0.2

S1/0.1 S1/1.1 S1/1.1
R1 R2 R3 R4
Fa0/0 192.0.2.0/30 203.0.113.0/30 198.51.100.0/30 Fa0/0
10.1.1.1/24 Lo0 Lo0 10.2.2.1/24
2.2.2.2/32 3.3.3.3/32

Figure 2-4 GRE Sample Topology

Example 2-1 GRE Sample Configuration

Key
Topic !ROUTER R1
interface Tunnel1
ip address 192.168.0.1 255.255.255.252
tunnel source Loopback0
tunnel destination 4.4.4.4

!ROUTER R4
interface Tunnel1
ip address 192.168.0.2 255.255.255.252
tunnel source Loopback0
tunnel destination 1.1.1.1

In Example 2-1, a virtual tunnel interface is created on Router R1 with the interface
Tunnel 1 command. An IP address is then assigned with the ip address 192.168.0.1
255.255.255.252 command. Next, the tunnel source Loopback0 command is used to
specify Router R1’s Lo 0 interface (and therefore its IP address of 1.1.1.1) as one end of
the GRE tunnel. The tunnel destination 4.4.4.4 command is then used to specify the Lo
0 interface on Router R4 as the other end of the tunnel. A mirrored configuration of the
tunnel interface is then entered on Router R4.

Example 2-2 shows verification of the GRE tunnel. In the output of the show interfaces
tunnel 1 command, notice that the interface is up at Layer 1 and Layer 2. Also, note that
the encapsulation type is TUNNEL. Also, the output of the traceroute 192.168.0.2 com-
mand shows that the IP address of 192.168.0.2 is logically a single hop away from Router
R1, even though it is physically three hops away.

ROUTE.indb 54
 Chapter 2: Remote Site Connectivity 55

Example 2-2 GRE Tunnel Verification

Key
Topic R1# show interfaces tunnel 1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.0.1/30
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1 (Loopback0), destination 4.4.4.4
Tunnel Subblocks:
src-track:
Tunnel1 source tracking subblock associated with Loopback0
Set of tunnels with source Loopback0, 1 member (includes iterators), on
interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters 00:54:43
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
779 packets input, 67357 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
787 packets output, 68037 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
R1# traceroute 192.168.0.2
Type escape sequence to abort.
Tracing the route to 192.168.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.2 108 msec 100 msec 108 msec

10/24/14 3:17 PM
56 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

DMVPN
Consider a hub-and-spoke VPN topology in which multiple remote sites have a site-
to-site VPN connection to a headquarters location. In such a topology, if one remote
site wanted to communicate securely with another remote site, the traffic would travel
between the sites through the headquarters location, rather than directly between the
sites. One fix for this suboptimal pathing issue would be to create a full mesh of IPsec
site-to-site VPN connections, which would provide a direct IPsec VPN connection
between any two remote sites. Such a solution, however, could be complex and expensive
to configure and maintain.

A more economical solution to providing optimal pathing without necessitating a full-

mesh topology is the Dynamic Multipoint VPN (DMVPN) feature. DMVPN allows a
VPN tunnel to be dynamically created and torn down between two remote sites on an
as-needed basis. Consider Figure 2-5, which shows a hub-and-spoke topology, with the
headquarters acting as the hub. Branch B and Branch C want to communicate with one
another. Therefore, a DMVPN tunnel is created between these two locations.

Branch A

Branch B

Headquarters

Dynamic Multipoint
VPN Tunnel

Branch C

Figure 2-5 Dynamic Multipoint VPN

 Chapter 2: Remote Site Connectivity 57

From a troubleshooting perspective, a common issue experienced with DMVPN net-

works is flapping (that is, the DMVPN tunnel is repeatedly torn down and reestablished).
When experiencing such an issue, Cisco recommends that you check the routing protocol
neighborship between the routers at each end of the DMVPN. If the neighborship is not
always up, the DMVPN might flap.

Note Multipoint GRE, Next Hop Resolution Protocol (NHRP), and IPsec are required to
support a DMVPN topology. Each of these technologies is discussed in the remainder of
this chapter.

Multipoint GRE
The scalability offered by DMVPN is made possible, in part, by multipoint GRE
(mGRE), which allows a router to support multiple GRE tunnels on a single GRE
interface.

Some of mGRE’s characteristics are as follows:

■ Like traditional GRE, mGRE can transport a wide variety of protocols (for example,
IP unicast, multicast, and broadcast).

■ In a hub-and-spoke topology, a hub router can have a single mGRE interface, and
multiple tunnels can use that single interface.

■ An interface configured for mGRE is able to dynamically form a GRE tunnel by

using Next Hop Resolution Protocol (NHRP) to discover the IP address of the
device at the far end of the tunnel.

You can deploy mGRE in a hub-and-spoke topology or a spoke-to-spoke topology.

Figure 2-6 illustrates a hub-and-spoke topology, where only the hub router is configured
with an mGRE interface.

Figure 2-7 shows a spoke-to-spoke mGRE topology. With a spoke-to-spoke mGRE topol-
ogy, each router has an mGRE interface, which allows the sites in the network to inter-
connect using a partial mesh or a full mesh collection of tunnels.
 58 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Branch A

Spoke

mGRE Interface Branch B

Spoke

Hub

Headquarters

Spoke

Branch C

Figure 2-6 Hub-and-Spoke mGRE Tunnel Topology

Branch A

mGRE Interface
Spoke
mGRE Interface Branch B

Spoke

Hub
mGRE Interface
Headquarters

Spoke
mGRE Interface

Branch C

Figure 2-7 Spoke-to-Spoke mGRE Tunnel Topology

ROUTE.indb 58
 Chapter 2: Remote Site Connectivity 59

NHRP
DMVPNs require that routers run Next Hop Resolution Protocol (NHRP), which uses
a client-server model. A router designated as a hub router acts as a server. The remaining
routers, designated as spokes, act as clients. NHRP spokes are configured with the IP
address of the NHRP hub, and when a spoke comes online, it informs the hub of both a
physical IP address (assigned to its physical interface) and a logical IP address (assigned
to its virtual tunnel interface) that are going to be used for its tunnels.

As an example, examine Figure 2-8.

Branch A

10.0.0.1 at 192.0.2.1

192.0.2.1
Headquarters Spoke 10.0.0.2 at 203.0.113.1
Branch B

Spoke

Hub
203.0.113.1

10.0.0.3 at 198.51.100.1

NHRP Database Spoke

Tunnel Interface Physical Interface
198.51.100.1
IP IP
10.0.0.1 192.0.2.1
10.0.0.2 203.0.113.1
10.0.0.3 198.51.100.1

Branch C

Figure 2-8 NHRP Registration Process

In Figure 2-8, the Headquarters router is acting as the hub, and the Branch A, Branch
B, and Branch C routers are acting as spokes. When the spokes come online, they each
advertise the IP address of their physical interface that is going to be used for tunnel for-
mation, along with the IP address of the virtual tunnel interface. For example, the Branch
A router informs the Headquarters router that the IP address of its virtual tunnel interface
is 10.0.0.1, and it is available at a physical interface’s IP address of 192.0.2.1. The Branch B
and Branch C routers send similar advertisements to the Headquarters router. As a result,
the Headquarters router populates its NHRP database.
 60 CCNP Routing and Switching ROUTE 300-101 Official Cert Guide

Note The prior description of NHRP used the term physical interface to distinguish
a nontunnel interface from a tunnel interface. Realize, however, that an interface being
referred to here as a physical interface could actually be a loopback interface.

With the hub’s database populated, a spoke can query the hub to find out the IP address
of a physical interface that corresponds to a specific tunnel interface’s IP address. As an
example, notice in Figure 2-9 how NHRP helps the Branch C router set up a GRE tunnel
with the Branch B router.

Branch A
NHRP Database
Tunnel Interface Physical Interface
IP IP
10.0.0.1 192.0.2.1
10.0.0.2 203.0.113.1
10.0.0.3 198.51.100.1

Headquarters 192.0.2.1
Spoke
Branch B

Spoke
(2) 10.0.0.2 is at 203.0.113.1.

Hub NH
RP 203.0.113.1
NH
RP Re
pl (3) Dynamic GRE tunnel formation.
Qu y
er
y
Spoke
(1) What physical interface’s IP address is
associated with a tunnel interface’s
IP address of 10.0.0.2? 198.51.100.1

Branch C

Figure 2-9 NHRP Query Process

In Figure 2-9, the Branch C router needs to dynamically form a GRE tunnel with the
Branch B router. The Branch C router knows that the other end of the tunnel it wants to
form has an IP address of 10.0.0.2. However, the Branch C router does not know the IP
address of the physical interface on the Branch B router that corresponds to the virtual
tunnel’s IP address. The process of discovering the remote physical IP address and the
formation of the tunnel is as follows:

Step 1. The Branch C router sends an NHRP query to the hub router asking what
Key physical interface’s IP address is associated with a tunnel interface’s IP address
Topic
of 10.0.0.2.

ROUTE.indb 60
 Chapter 2: Remote Site Connectivity 61

Step 2. The hub router (that is, the Headquarters router) checks its NHRP database
and responds to the query, telling the Branch C router that the physical inter-
face’s IP address corresponding to the tunnel interface IP address of 10.0.0.2 is
203.0.113.1, which is the IP address of the Branch B router.

Step 3. Having dynamically learned the IP address of the physical interface in the Branch
B router, the Branch C router sets up a GRE tunnel with the Branch B router.

While the configuration of NHRP is beyond the scope of the ROUTE curriculum, you
should be familiar with the output of the show ip nhrp verification command. Example
2-3 shows sample output from this command.

Example 2-3 Sample Output from the show ip nhrp Command

Key
Topic Router# show ip nhrp
192.168.0.2 255.255.255.255, tunnel 100 created 0:00:44 expire 1:59:15
Type: dynamic Flags: authoritative
NBMA address: 10.1111.1111.1111.1111.1111.1111.1111.1111.1111.11
192.168.0.1 255.255.255.255, Tunnel10 created 0:10:04 expire 1:49:56
Type: static Flags: authoritative
NBMA address: 192.168.1.2

The output in Example 2-3 shows the IP addresses (and corresponding subnet masks) in
the IP-to-NBMA address cache. Note that the subnet mask for an IP address is always a
/32 mask, because the Cisco implementation of NHRP does not support the aggrega-
tion of nonbroadcast multiaccess (NBMA) information. The output also shows the tunnel
interface name and how long it has been since the tunnel was created. Finally, notice the
authoritative flag. This flag indicates that a next-hop server (or router) provided the NHRP
information.

IPsec
Security in a DMVPN is provided by IPsec. The following four security features are
offered by IPsec:

■ Confidentiality: Data confidentiality is provided by encrypting data. If a third party

Key intercepts the encrypted data, the party would not be able to interpret the data.
Topic
■ Integrity: Data integrity ensures that data is not modified in transit. For example,
routers at each end of a tunnel could calculate a checksum value or a hash value for
the data, and if both routers calculate the same value, the data has most likely not
been modified in transit.

■ Authentication: Data authentication allows parties involved in a conversation to verify

that the other party is the party it claims to be.

■ Antireplay: IPsec uses antireplay protection to ensure that packets being sent are not
duplicate packets. For example, an attacker might capture packets that make up a valid
login to a host and attempt to play those packets back, so that he can gain access to
the host. However, IPsec uses sequence numbers to determine whether a packet is to
be considered a duplicate packet, and any duplicate packets are not transmitted.