Chapter 1 Enterprise

HSRP Overview
 First-hop redundancy allows a highly available network to recover
from the failure of the device acting as the default gateway for the
end stations on a physical segment.
 Layer 3 default gateway service for the corresponding Layer 2
domain to maintain the availability of such key functions.
 Cisco has developed the Hot Standby Router Protocol (HSRP) to
address this need.
 The Hot Standby Router Protocol (HSRP) protects data traffic
from a failed router or circuit, like GLBP and VRRP, while
allowing packet load sharing between a group of redundant routers.
 When HSRP is used to provide default gateway redundancy, the
backup members of the peer relationship are idle, waiting for a
failure event to occur for them to take over and actively forward
traffic,
GLBP Overview
 GLBP utilized uplinks more efficiently and to ensure that
STP/RSTP root roles are alternated between distribution node
peers.
 GLBP offers all the benefits of HSRP plus load balancing the
default gateway.
 GLBP, a group of routers function as one virtual router by sharing
one virtual IP address but using multiple virtual MAC addresses
for traffic forwarding.
 Consequently, traffic from a single common subnet can go through
multiple redundant gateways using a single virtual IP address.
 GLBP leads to asymmetrical routing because it will send outbound
traffic flows over the available upstream paths, and most probably
 the return traffic of these distributed flows will come back over a
single return path.
 The solution to this issue is to consider HSRP and align the subnet
advertisement to the outside networks to ensure return traffic
comes back over the same path by default, lead to asymmetrical
routing.

Chapter 2 EIGRP Design

EIGRP hub-and-spoke Scalability Optimization
EIGRP in hub-and-spoke topologies relies on several factors.
- When Spokes are connected to the hub over multiple interfaces, the
processor is the primary limiting factor.
- With point-to-multipoint topology over a single interface, the primary
limiting factor is the queue congestion. EIGRP has a theoretical limitation of
4000 peers per interface, when they are in the same prefix.
 - To achieve a scalable EIGRP design that is capable of supporting a large
number of spokes without sacrificing network stability and its ability to
converge fast.
- Stubs are a must in an EIGRP hub-and-spoke topology if you want to
achieve a resilient, scalable, and reliable design.
- With the EIGRP stub routing feature, the routers configured as a stub will
send a special peer information packet to all neighboring devices to report its
status as a stub router.
- A router that has a stub peer will not query that peer.
EIGRP Hub-and-Spoke Design
Hub and spoke is one of the most common topologies used to interconnect
multiple branches to a single (or dual) headquarter site or data center over a wide
area network (WAN) transport.
Route Summarization
Implementing EIGRP summarization provides several benefits. Not only does it
reduce the size of routing tables on the routers but it also limits the query scope
The typical challenges route summarization introduces are
■ Routing black holes
■ Suboptimal routing
Route Filtering
 Route filtering is a method for selectively identifying routes that are
advertised or received from neighbor routers.
 Route filtering may be used to manipulate traffic flows, reduce memory
utilization, or to improve security.
 Route filtering limit the EIGRP query scope (propagation) and minimize
convergence time. The subsequent sections over these aspects in more detail.
OSPF
Virtual Link
Virtual linke is an OSPF feature that creates a logical extension of the
backbones. A virtual link is a link that allows discontiguous area 0s to be
connected, or a disconnected area to be connected to area 0, via a transit area.

ABR1(config-router)#area 10 virtual-link 2.2.2.2

ABR2(config-router)#area 10 virtual-link 1.1.1.1
When are virtual links useful?
Are useful when there needs to be a temporary extension of the backbone, either
because the backbone became discontiguous or a new area got added onto an
existing area.
Why are virtual links a poor long-term solution
- Poor long term solution
OSPF full-mesh Design
 Full-mesh networks are expensive and complex because they experience
quadratic growth of interconnecting links as you add the number of routers
and, thus, pose a specific scaling challenge for OSPF.
 a network that consists of two routers requires a single interconnection, a full
mesh of 6 routers requires 15 interconnections, and so on.
 The calculation is the number of interconnections required by following this
formula, where n routers require ((n) (n – 1)) / 2 interconnections.
 Flooding routing information through a full-mesh topology is the main
concern.
 Intermediate System–to–Intermediate System (IS-IS) provides a simple
mechanism to counter full-mesh flooding, called mesh groups.
 OSPF uses a technique similar to the mesh groups in concept, by reducing
the flooding in a full-mesh network by manual database-filter configuration
using the logic listed.
Chapter 4 IS-IS Design
IS-IS
IS-IS vs. OSPF
Similarities
1. Both are Link-State routing protocols.
2. Both use the Dijkstra algorithm to determine the shortest path.
3. Both are classless and support VLSMs.
4. Both use a cost metric.
5. Both use areas to minimize the size of topology and routing tables.
6. Both elect a designated router on broadcast links to contain link-state update
traffic.
Differences
1. OSPF supports only IP, IS-IS supports both IP and CLNS.
2. IS-IS does not require IP connectivity between routers to share routing
information. Updates are sent via CLNS instead of IP.
3. In OSPF, interfaces belong to areas. In IS-IS, the entire router belongs to an
area.
4. An IS-IS router belongs to only one Level-2 area, which results in less LSP
traffic. IS-IS is thus more efficient and scalable than OSPF, and supports
more routers per area.
5. There is no Area 0 backbone area for IS-IS. The IS-IS backbone is a
contiguous group of Level 1-2 and Level 2 routers.
6. IS-IS does not elect a backup DIS. Additionally, DIS election is preemptive.
7. On broadcast networks, even with an elected DIS, IS-IS routers still form
adjacencies with all other routers. In OSPF, routers will only form
adjacencies with the DR and BDR on broadcast links.
8. IS-IS uses an arbitrary cost metric. OSPF’s cost metric is based on the
bandwidth of the link.
9. IS-IS provides far more granular control of link-state and SPF timers than
OSPF.
Protocol Updates (OSPF Versus IS-IS)(4mks) or Link-state information verses
IS-IS vs OSPF

 OSPF relies on LSAs to send updates; however, it produces many small

LSAs.
 Network complexity increases, the number of IS-IS updates is not an
issue.
 IS-IS uses significantly fewer LSPs, more routers, at least 1000, can
reside in a single area, making IS-IS more scalable than OSPF.
  OSPF runs over IP, whereas IS-IS runs through CLNS, which may give
preference to OSPF in designs where it needs to run over IP, such as over
a GRE or mGRE tunnel.
 IS-IS is also more efficient than OSPF in the use of CPU resources
physical links can be placed in these two groups:

■ Broadcast: Multiaccess subnetworks that support the addressing of a group of attached systems.

■ Point-to-point: Permanent or dynamically established links.

IS-IS and OSPF area Designs

OSPF Area Design
OSPF is based on a central backbone, Area 0, with all other areas being
physically attached to Area 0.
 IS-IS Area Design
 Unlike OSPF, IS-IS has a hierarchy of Level 1 and Level 2, or Level 1–2
routers, and the area borders lie on links.
 The ability of IS-IS to support overlapping between Level 1 and Level 2 at
the ABR offers a more flexible approach to extending the backbone, as well
as facilitate achieving more optimal routing in complex networks.
 Can extend the backbone by simply adding more Level 2 and Level 1–2
routers, a less complex process than with OSPF

Chapter 5 Border Gateway Protocol Design

BGP
iBGP Scalability limitations(4mks )
 IBGP requires a full mesh of BGP peers to function.
 IBGP speakers do not re-advertise routes that are learned via IBGP peer to
other IBGP peers.
 This is to prevent information from circulating between IBGP speaking
routers in routing information loop.
 A full mesh of IBGP sessions between routers is needed to propagate all the
routing information to all IBGP peers in a BGP AS.
Primary approaches to scale IBGP and to overcome the shortcomings of IBGP full-
mesh design (10 mks)
 BGP route reflectors (RR)
 BGP confederations

Table 5-1 BGP Confederations Versus BGP Route Reflectors

BGP Route Reflectors Redundancy Design Options and Considerations (pic)
Route Reflector Clusters

Chapter 9 Enterprise-Managed WANs

DMVPN
 Dynamic Multipoint VPN (DMVPN) is a feature that simplifies the
deployment of large hub-and-spoke, partially meshed, and fully meshed
virtual private networks.
 DMVPN combines mGRE tunnels, IPsec encryption, and NHRP to provide
simplified provisioning to better scale large and small IPsec VPNs.

mGRE:
Multipoint GRE enables a single GRE interface to support multiple
GRE tunnels and simplifies the complexity of the configuration.
All DMVPN members use GRE or mGRE interfaces to build tunnels
between devices.
NHRP
the hub acts as an NHRP server and the spokes act as NHRP clients.
The hub maintains an NHRP database of mappings between the outer
(public, physical, NBMA interface) and tunnel (inside the tunnel interface)
IP addresses of each spoke.
IPsec
Internet Protocol Security provides transmission protection for GRE
tunnels.
Major features of the DMVPN solution include the following:
■ Configuration reduction
■ Zero-touch deployment (ZTD)
■ Dynamic routing protocol support
■ QoS and per tunnel QoS support
■ Hub-and-spoke multicast support
■ Support for dynamically addressed peers
■ Support for devices behind NAT
■ Partial-mesh and full-mesh VPN capabilities
 ■ Capability to be used with or without IPsec encryption
Deployment Models
DMVPN supports two deployment models:
Hub and spoke:
A strict hub-and-spoke DMVPN deployment model requires each branch to
be configured with a point-to-point GRE interface to the hub. All traffic between
spoke networks must flow through the hub router. DMVPN provides scalable
configuration to the hub router but does not facilitate direct spoke-to-spoke
communication.
Spoke-to-spoke:
A spoke-to-spoke DMVPN deployment model requires each branch to be
configured with an mGRE interface in which dynamic spoke-to-spoke tunnels are
used for the spoke-to-spoke traffic. In this model, DMVPN provides a scalable
configuration model for all involved devices and also allows spoke devices to
dynamically peer and establish optimal routing paths. DMVPN will not
immediately produce a partially meshed or fully meshed topology. DMVPN
initially establishes a permanent hub-and-spoke topology, from which a partial
mesh or full mesh is dynamically generated based on traffic patterns and DMVPN
Phase 2 or Phase 3 configuration, which is discussed later in this chapter (DMVPN

Phase 2 subsection).
Point to Point Vs Multipoint
Transport Mode Vs Tunnel Mode
■ Tunnel mode: This mode introduces a new IPsec header to the packet, and the
complete user IP packet is encapsulated as the payload.
■ Transport mode: This mode preserves the original IP header, and forwarding
decisions are based on this original header.
QoS

IntServ Vs DiffServ

QoS Traffic Descriptors

Policers Vs Shaping (Traffic Handeling)

QoS Queuing
Classification and Marking Design Principles
 The first fundamental design principle is that QoS policies should always be
enabled in hardware whenever possible.
 Cisco routers perform QoS in software, and such behavior can increase the
load on the CPU.
 Dedicated hardware called application-specific integrated circuits (ASIC),
which are used to perform QoS operations.
 Cisco ASR, can perform QoS operations (such as queuing) in dedicated
hardware ASICs,
 Classification and marking should be done closest to the source of traffic.
 This design principle promotes DiffServ and per-hop behaviors (PHB) as the
recommended end-to-end design.
 To provide interoperability on the border between enterprise and service
provider n etworks, you should use standard-based DSCP PHB markings
DSCP markings are the recommended method for marking IP traffic for the
following reasons:
■ It has support for end-to-end Layer 3 marking.
■ It is a more granular method of marking that supports 64 levels as compared
to class of service (CoS) and MPLS Experimental EXP, which have 8 levels.
■ It is more extensible than Layer 2 markings as these markings are lost when
media changes.
12class strategy