Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Use VLAN 1 for all control and management traffic while placing end-user traffic in other
VLANs (VLANs 2–1000).
Use VLAN 1 for control traffic, another VLAN (such as VLAN 2) for management traffic,
and the remaining VLAN for end-user traffic (such as VLAN 3–1000).
Split horizon dictate that updates can only be send downstream, away from the original
source, rather than upstream.
Holddown timer works by ignoring updates for a particular route (when the route has
infinite metric) UNLESS:
- Original neighbor (from which route was heard) announce other new information about
that route
- Another neighbor advertising a route to the destination with a distance equal or less
than distance of the original route.
OSPF passes the update to neighbors THEN perform route calculation. This means
routers can converge as fast as they can route.
Route Calculation is independent of each other and no router is altering the update in
any way.
Route update must be the same for each and every router inside the same area to
prevent disagreement in how the update is presented. However, note that during
calculation, not all routers have identical LSDB.
Each router must not only identify itself and its directly connected links, but must also
identify any directly connected neighboring routers on those links. Neighbors are easily
identified if every router transmits messages—Hello messages—on its links announcing
its presence, and listening for Hellos from neighboring routers on the links. As long as
the Hellos are never forwarded off of a local link, receiving routers can be sure Hellos
are from neighbors.
The number of routers within an OSPF area is determined by the router with the least
memory or processing power.
Stability is another factor
Low-bandwidth link limit the amount of LSA you can send to that router.
Manageability is one the most difficult decision. Too many routers can be complicated
and difficult to predict.
Determining how to present the external interfaces can be challenging, most use either
passive interface (use T1 LSA) or redistribute connected (T5 LSA). Passive interface
provide less stability, while redistribute connected takes a large amount of memory due
to its policy calculation.
The most likely reason of long delay in OSPF processing is the excessive number of
T5 LSA. This may not be coincidental, the culprit can be
- A faulty routing policy that redistributed prefixes from BGP to IGP
- Redistribution of a large number of static routes into the IGP
- Redistribution of a large number of directly connected prefixes into IGP
Two routers are neighbors if they should be exchanging route information using a
common routing protocol. If two routers have identified each other as neighbors, each
has verified that the other is aware of this neighborship, and both have verified that no
condition exists that would prevent the exchange of route information, the neighbors are
adjacent.
Router A know Router B is aware of it by seeing Aʼs RID on the Bʼs Hello message.
Both sides must have this done, and this is known as three-way handshaking.
Route cost is determined by adding all the interface cost along the downstream side of
the route. Note that the costs on both ends of a link doesnʼt have to be equal, meaning
you can create an asymmetric network.
Link state protocol calculate destination based on step-by-step tree that has no loop in
the process.
IS-IS have message subtypes for L1 and L2, it has 3 message types, but 9 subtypes:
- L1 LAN IIH (used for both L1 and L2 hello)
- L2 LAN IIH
- PtP IIH
- L1 CSNP
- L2 CSNP
- L1 PSNP
- L2 PSNP
- L1 LSP
- L2 LSP
IS-IS functions has been classified into one of 2 categories by ISO: subnetwork
dependent and subnetwork independent functions.
Subnetwork dependent functions are functions between 2 neighboring router that can
differ depending on the particular data link protocol connecting the routers:
- Link demultiplexing: ability to recognize both ISO and IP packets
- Multiple IP address per interface: unlike OSPF, IS-IS can have many or no IP address
assigned to an interface
- LAN, DR and pseudonodes
- Maintaining router adjacencies
- Forwarding to incompatible router: incompatible here may refer to different types of IP
address or different unsupported feature
Subnetwork independent functions refer to the same actions taken regardless of type
of subnetwork:
- Addresses and addressing routers in IS-IS packets refer to how routers are identified
- Decision process
- Update process
- Forwarding process
- Exchange of routing information is the action of including necessary IP routing
information in IS-IS messages
- Routing parameter
- Hierarchical abbreviation of IP reachability information is the ability of summarizing
reachability information in a lower-level area to a higher-level area
- External links refer to the process of understanding redistributed routes
- ToS routing
- IP-only operation apply to IS-IS routers and deal with TLV that doesnʼt operate with IP
routing.
- Encapsulation
- Authentication
- Order of preference of routes / Dijkstra computation deals with selection of routes
For OSPF to start, it must have an up interface. If current RID (of a physical interface)
is shut down, there are 2 possibilities of what will happen:
- Ignore the shutdown and continue to use the address. However, this poses a problem
if the address was intentionally removed to be assigned to another router. Then, these
routers may have a duplicated RID problem
- Another approach is force the router to pick out a new RID and advertise all LSA with
that RID, causing SPF to be rerun in all routers (within the domain).
Misconfiguring routers with duplicated RID in OSPF causes route flapping. A good
practice is to configure RID using the command. Try to use an IP address that usually
wouldnʼt appear in your domain, such as the broadcast subnet or something like 0.0.0.0.
In IS-IS, MAC address or IP address can be used as System ID, but there is no limit to
what addressing method you can use.
DR and and BDR are not created due to large amount of adjacencies, but a mean to
become more efficient. A pseudonode is used so that each router advertising the
attached broadcast network and its adjacent neighbor on the link, a single
advertisement can be flooded that specifies the link and lists the nodes attached to the
links. The attached routers then advertise just an adjacency to the pseudonode rather
than adjacencies to the other attached routers.
The pseudonode shows a cost of 0, and maintain no extra hop because itʼs a virtual
router, it doesnʼt really exist, it just makes STP easier.
DR is the router responsible for faking the pseudonode, itʼs not the pseudonode, it just
advertise (T2) LSA that is suppose to belong to the pseudonode.
A DR is only elected at broadcast and NMBA networks. Since NMBA doesnʼt support
multicast and broadcast, DR has to send LSA to neighbors using unicast. There are 2
solutions:
- Manually specify how to reach each router. In frame relay, use mapping on multipoint
interface.
- If supported on router software, convert the interface to broadcast network type.
Remember to add ʻbroadcastʼ keyword to mapping as well.
When an OSPF router becomes first become active, it sets its DR and BDR field to
0.0.0.0 and start a wait timer (equal to dead interval in value). Hellos are send, if
neighbors reply with DR/BDR field set, accept the values and wait timer is stopped.
If no DR/BDR field is heard before wait timer expires, DR election starts.
When you have a group of routers, OSPF first elect the BDR based on priority and IP
address, then check if any router claim they WERE the DR, if not, BDR becomes DR
and a new BDR is elected.
Always remember that DR and BDR canʼt be preempted unless one of them fail.
OSPF has 2 primary database, LSDB and interface database for which interface data
structures are recorded.
One feature can be found in the interface database is InfTransDelay, which the
estimated number of seconds to transmit LSU to over the interface. Default to 1 second,
every time a LSA pass through a router, its Age field is incremented by InfTransDelay.
Another feature is RxmtInterval, which is 5 seconds by default, specify the amount of
time a router waits before retransmitting an LSA (or wait for an acknowledgement).
An interface can be one of the following state:
- Down: lower layers unusable. No packet send or received. All parameters are
disabled, no timers, and no adjacencies
- Loopback: for maintenance purpose, whether in hardware or software. No packet
transmitted, include interface address in Router LSA.
- Waiting: when the LSA still has an available wait timer
- Point-to-point: for point-to-point and point-to-multipoint network type. Packets are send
and received, if neighbor is available, try to form adjacency
- DR Other: Packets are send and received, try to form adjacency with DR and
synchronize database with DR
- Backup: if the router is BDR for the network. Establish adjacency with all other routers
but not performing database synchronization with them
- DR: if the router is DR for the network. Establish adjacency with all other routers,
perform database synchronization with them, and create Network LSA
Note: only NMBA and point-to-multipoint are standard, all other network types are Cisco
proprietary.
Whenever a LSU is send, the LSA it contains must be acknowledged by the receiving
neighbors to ensure reliable flooding. So when a LSA is send, itʼs added to a retransmit
list along with a configurable retransmit timer that defaults to 5 seconds. If a neighbor
fails to acknowledge too many times, the LSA is removed and an error log is entered.
OSPF internal route metric are expressed using 16 bits, and external route metric is
expressed using 24 bits. Note about E1 and E2:
- E1 routes are always preferred over E2 routes, regardless of metric
- If 2 ASBRs advertise the same prefix with same E2 cost, the cost of the internal paths
to the ASBR is considered and the router through the lowest-cost ASBR is chosen.
MaxAge in OSPF can be different because the same copy arrives at the router through
different routes. To prevent the router make false judgements about LSA with different
MaxAge, a constant called MaxAgeDiff is used to solve the problem. Itʼs 15 minutes,
this means if copies of the same LSA have a MaxAge difference less than 15 minutes,
itʼs considered the same LSA.
LSA is flooded out the same interface from which it comes from if connected network is
LAN or NMBA and router is DR, otherwise, itʼs not flooded out the same interface (from
which itʼs received from).
The higher RID router will send the first DD packet, which has no LSA header. The
neighbor receiving the packet checks to confirm itʼs the slave, then send a DD packet
listing its LSAs to begin the exchange process. This packet has the same sequence
number as the first DD packet send by the master.
However, if the neighbor disagree (neighbor think it should be the master), neighbor
send back an empty DD packet with its own sequence number
An OSPF router uses one of the following state to describe its relationship with its
neighbor:
- Down: no Hellos are heard. For NMBA networks, if a neighbor is down, local router still
send Hello to it, but at PollInterval, by default, is 2 minutes.
- Attempt: only occur in NMBA network for which neighbor have been manually
configured to aggressively send Hellos every HelloInterval
- Init: Hello have been received from the neighbor, but local routerʼs RID is not on
neighbor list
- 2-Way: bidirectional communication is established with the presence of both RID on
other routerʼs neighbor list. Must be in this state or higher to participate in B/DR
- ExStart: start of database synchronization process. Elect Master, and exchange first
DD packet and reply. All state above include this are considered adjacent
- Exchange: sending DD packets. Can also send LSR
- Loading: finished loading the database but not yet finished requesting LSA, this means
LSR list is not yet empty
- Full: neighbor are fully adjacent and this adjacency will appear in T1 and T2 LSA.
The most obvious way an area will fail is through the failure of routers, therefore,
redundancy is important, especially for router that connects an area together and the
ABR.
Stub area:
- Canʼt have any ASBR in the area since T5 LSA is prohibited
- ABR advertise a default route
- All routers in the area has to agree that they are stub and the specific type of stub
- Area 0 canʼt be stub
- Virtual link canʼt be configured over a stub area
- E bit = 0, means doesnʼt support external routing. If disagree, then adjacency canʼt
form.
- Block T4, and T5 LSA
Totally stubby eliminate all other T3 LSA except default route to ABR, so all traffic is
directly toward ABR
NSSA:
- Allow (multiple) ASBR to reside within an area = allow redistributed routes as T7 LSA
- Prevent ABR from distributing T5 LSA
- T7 LSA has the same format as T5 LSA except Type = 7. T7 has area-flooding scope,
meaning they are not permitted outside the area from which they are originated.
- Forwarding address must be 1) external peerʼs interface address, or 2) ASBRʼs
interface address
- N/P (N in T5 and P in T7) bit for NSSA is on by default, if P bit of T7 LSA is not on, itʼs
not translated into a T5 LSA by the ABR. If on, and there are multiple ABRs, the ABR
with highest RID will perform 7 to 5 translation.
- When ASR receives T7 LSA, it translates it into a T5 LSA, which has an AS flooding
scope, meaning the prefix is advertised throughout the domain.
- All routes from other areas are advertised as T3 LSA into this area
- ASBR can advertise a default route so if none of T3 LSA generated by ABR match, the
packet can go through ASBR.
- ABR can also advertise a default route, but this must be using T7 LSA because T3
LSA is internal, which means it will be preferred over T7 LSA. The P bit = 0 in this case
because, if translated into a T5 LSA, this LSA might be translated by another ABR
attached to the area back and set preference over current T7 LSA, causing inaccurate
routing and probably loops
- E bit = 0, doesnʼt support external routing
- Block T5 and T4 LSA, but allow T3 LSA
- Default route using ʻarea X nssa default-information-originateʼ command. 1) default
route must be in the routing table for ASBR, but from non-OSPF protocol, 2) default
route doesnʼt have to be in the routing table for ABR.
Totally NSSA:
- Allow only default route (T3 LSA) and filter everything else (T3, T4, T5, T7 LSA).
An internal router canʼt summarize prefixes in the same area to prevent confusion. ABR
should summarize the routes contained in their individual area to reduce the LSDB for
backbone routers. Ideally, there should be as many T3 LSA in the backbone as the
number of ABR in the network.
However, remember there is a price for the reduced memory, inaccurate routing. This
is especially true when you have multiple ABR between that area and area 0. When this
happens, routes to the same destination have multiple paths with no good indicator
which path should be preferred. Only path with closer ABR is chosen.
When virtual link is configured between ABRs, these routers attempt to form a virtual
adjacency. When established, the network type is unnumbered point-to-point link. The
link is included in backbone T1 LSA.
Note:
- Virtual link must configure through a single area, this means the 2 ABRs must share a
common area, which canʼt be area 0 even though the link is considered a backbone
link
- Cost of the virtual link is not configurable, itʼs always the cost of the intra-area path
between the 2 ABR endpoints
- The common area canʼt be a stub area
- The ABR describes the neighboring ABR at the other end of a virtual link in its
neighbor table by the neighborʼs RID
- ABR then have at least one T1 LSA with V bit on (virtual link)
- T5 LSA are never flooded over virtual links
- Interface MTU in DD packet is always set to 0
- Thereʼs no network address mask, therefore, the field is equal to 0.0.0.0
- Hellos are send in unicast
- Area ID in packets is equal to 0; this is the only situation in which an internal router can
receive a packet of AID other than the area all of its interfaces are in
- LSID in T1 LSA is the RID of neighbor ABR
- Data Link field in T1 LSA is the IP address of the originating routerʼs interface
associated with the virtual link
- ABR gives the virtual link a Link Type 4 in T1 LSA
- OSPF packet over the virtual link are routed within the linkʼs transit area as intra-area
packets. This is the only time OSPF packets are not limited to directly connected
neighbors.
Warning: virtual link is no permanent solution to the network and add complexity to it as
well.
By default, SPF algorithm doesnʼt load balance, itʼs the vendor fixes that create such
feature, whose name is equal-cost multipath (ECMP).
ECMP can occur in a per-packet basis, however, this approach doesn't count in for
delay, link propagation and router latency, buffering, and link MTU. These factors can
affect how TCP works and may cause reduced performance because TCP would requet
re-transmits.
A better approach is per-destination ECMP. It assigns different next-hop for all packets
to different destination, allowing each destination to be routed differently. This differs
from per-packet ECMP, which sets one next hop for each packet randomly or round-
robin-based. The disadvantage in this solution is that if a destination has heavy traffic,
one route can be utilized more often than another.
Per-flow load balancing distribute traffic based on source and destination IP address,
but further features can be examined, such as port number, ToS value, etc.
A peculiar case of multi-path load balancing can occur when 2 nodes are connected
both by PtP links and Broadcast links. One of two things can happen depending on how
SPF select the route:
- Only the PtP link is used, no efficiency
- Both links are used
To favor the latter situation, a simple rule is added to SPF algorithm: If there are
multiple entries in the candidate database with equally low cost, and if at least one link
is to a pseudonode and at least one link is to a router, always select the link to the
pseudonode first rather than randomly selecting among the links.
Incremental SPF is the partial influence of SPF when a topology change occur, such
as that in the stub router or a remote link failure. In these cases, SPF is not run on all
routers, just those that are affected by the change.
Partial route calculation (PRC), prevent running SPF algorithm when an interface
modifies, add or delete an IP address by simply recording the address, this saves
processing power because interface prefixes are of little importance except indicating
the destination.
In OSPF, only T3, 4, 5, and 7 LSA carrying a different destination will trigger PRC, T1
LSA with different destination will trigger full SPF calculation as well as changing the
RID of an OSPF process (you have to do it manually).
Another feature that increased the efficiency of SPF is SPF delay. Itʼs a timer that
indicate the minimum amount of time before the last SPF and the next SPF calculation;
this is known as SPF holddown or SPF throttling.
When large amount of different LSAs are flooded during current calculation, they are
buffered in LSDB until the holddown timer expires and SPF reruns. This increases the
convergence time
Cisco has taken this approach to SPF delays by using an exponential backoff
algorithm. Initial delay, delay increment, and maximum delay periods are configured.
The router waits the initial delay period before first running SPF. After the first run, the
delay is increased by doubling the delay increment every time SPF runs. So for
example, if the initial delay is 100ms and the delay increment is 1000ms, the router
delays the first SPF run by 100ms, the second by 1000ms, the third by 2000ms, the
fourth by 4000ms, and so on. The maximum delay value specifies in seconds the
largest value to which the delay can be incremented—an obvious necessity to prevent
an unstable network from causing the SPF delay to increase so much that SPF does
not run at all. When SPF has not run for twice the time specified by the maximum delay
period, the router switches back to “fast” mode in which the initial delay period is used.
This timer can be configured using ʻ(config-router)#timers throttle spfʼ command.
Delay, pacing, throttling, whichever itʼs called, delays the transmission of LSAs
(whether locally generated, or forwarded) to prevent it from overwhelm a neighbor.
Ciscoʼs default LSA pacing timer is 4 minutes, but it can be changed between 10 - 1800
seconds using ʻ(config-router)#timers pacing lsa-groupʼ command.
This timer also applies to checksumming and aging.
This feature has the greatest affect during LSA flapping, the timer can cause the LSA
to buffer, and when the timer is over, only the latest LSA is used.
OSPF defines 2 constants: new instance of a given LSA canʼt be generated more
frequently than 5 seconds (MinLSInterval) and new instance of a give LSA canʼt be
received more frequently than 1 second (MinLSArrival).
An OSPF router can also control the rate at which it floods neighborʼs LSA using
ʻ(config-router)#timers pacing floodʼ command, default to 33 ms and can be change
between 5 and 100 ms. 33 ms of flooding time means in one second, at most 33 Update
packets can be flooded.
Retransmission is another problem that, if a heavy flow of LSAs are flooded, the router
might not be able to respond within the retransmission timer, causing the LSA to be
retransmitted. Adjusting a bigger retransmission timer can solve the problem by “ip ospf
retransmit-intervalʼ command.
Another possible flooding problem occur in full mesh topology with no DR present,
multiple copies of the same LSA can be received and cause excessive traffic. Itʼs not a
very big problem for OSPF, because you can create different areas to deal with it.
If the memory allocated to LSDB is not enough, the OL bit is set for LSAs, this indicate
that LSDB for a router has been overloaded. The router can still be used to reach other
links, but no longer used as a transit router, essentially turning it into a stub router.
Nowadays, no worry exist over such problem, but OL bit now serves another function:
prevent unintentional blackholing of packets in BGP transit network.
In an AS, edge routers usually form iBGP neighbor adjacencies even though they are
multiple routers away, they need to know: 1) how to reach iBGP peer, 2) how to reach
the external AS connected to the iBGP peer.
Even if the routers find a route to each other, the transit routers of that AS donʼt
understand BGP and therefore drop BGP packets. All these transit routers must be
BGP enabled to be able to transit BGP packets, and full mesh is necessary between
them.
OSPF can create T1 LSA with metric of 0xFFFF (maximum) This metric indicates that
the links are unreachable, so that the router is not included as a transit node on the SPF
tree. Stub links connected to the router are advertised with their normal metrics, so that
they are still reachable when the router is in overload.
When OSPF packets have to pass links with low MTU, one of 3 things can relieve this:
- Fragmentation
- Perform path MTU discovery and adjust transmitted unit sizes; add complexity
- Limit information units used to ensure it canʼt exceed any MTU size; not practical
Demand circuit is the type of connection that can stop transmitting when itʼs not
necessary. An extension of OSPF makes this following modification:
- Hellos are only send initially to bring up the circuit for initial database synchronization.
After LSDB is the same, no Hellos are send
- LSAs are flooded across the demand circuit during synchronization, but not
periodically refreshed. Only changes to LSAs will trigger new LSAs to be flooded.
This means DNA bit (highest bit of Age field) of the (Hello or DD) packet must be set,
to show a router is capable of accepting DNA packets, a router sets the DC bit in its
packets. If one router in the area doesnʼt support DNA packets, all DNA LSAs are
flushed from all LSDB in the area and the originating router has to reissue a new copy
without the DNA bit set and continue to refresh it.
DNA bit in a LSA means the LSA will not reach MaxAge, but it will still get incremented
on its way to the destination, itʼs just not incremented anymore at the destination.
Having no Hello means the link canʼt detect neighbor failure. An extension of OSPF
can detect failure of a neighbor using neighbor probing, which only occur when the link
has already being brought up for other functions.
Running demand circuit in a modern network is not a very good option because a
variety of problems can be created. One use of demand circuit is to limit overall
flooding, using ʻip ospf flood-reductionʼ command.
Here are some practices you can do to secure your network, but most important things
are those that you practice everyday:
- Redundancy in system components: power supply, route process module, cooling
system, router
- Redundancy in network links, and network nodes
- When connecting to a router outside of your administrative control, use either static
route or BGP, never IGP.
- Use unicast reverse path forwarding (uRPF) to ensure source address of incoming
packets with unicast routing table to ensure packet is not spoofed.
- Use packet filtering
- Use rate limiting to keep router from getting bursted
When OSPF receive unknown LSA, itʼs dropped. However, when you want to
implement optional LSAs, you can either make sure that all routers support it, or
carefully design your network so that optional LSAs never need to be flooded through
non-supportive router.
Opaque LSAs are intended to add flexibility to OSPF by creating generalized LSA that
can disseminate undefined data from router to router. Opaque LSAs provide
information, using OSPF as a transport protocol, that is not available at time OSPF was
defined and those features that are relevant to OSPF route calculation.
There are 3 flooding scope for which an Opaque LSA can have:
- Link-local scope is limited to a single link and never forwarded by routers, T9 LSA
- Area-local scope is limited to a single area for which the ABR doesnʼt forward to other
areas, T10 LSA
- AS scope is limited to the AS local router reside in, not permitted in stub area, T11 LSA
Opaque LSA has Type field for which a decimal number denote the feature information
contained in the LSA.
Type Type Description
Value
1 Traffic Engineering LSA Used for MPLS-TE
2 Sycamore Optical Used to communicate details of optical topologies such as switch
Topology Descriptions capabilities and traffic engineering parameters for optical trunk
groups and hybrid mesh-ring optical networks. Not discussed in this
book.
3 Grace LSA Used for OSPF graceful restart
4 Router Information LSA Used for advertising optional capabilities
5–127 Unassigned Can be allocated by the IANA through the OSPF working group for
future Opaque LSA types.
128–255 Reserved Set aside for private and experimental use.
Opaque ID field uses 24 bits to present an unique ID for the specific LSA type.
Opaque LSA is only flooded to neighbors that support it, indicated by O bit in Options
field.
Router Information or RI Opaque LSA has been proposed to replace Opaque LSA
using O bit and TLV added after the message to support for up to 32 capabilities. These
capabilities are indicated in TLVʼs Capabilities field that can be easily expanded
Bit Capability
0–3 Reserved
4 OSPF graceful restart capable
5 OSPF graceful restart helper
6 Stub router support
7 Traffic engineering support
8 OSPF point-to-point over LAN
9 OSPF path computation server discovery
10–31 Future assignments
A virtual circuit here refers to the series of forwarding table entries that switched a
given packet across a path from an ingress point to an egress point. MPLS virtual circuit
is called LSP or label-switched paths.
MPLS is multiprotocol in that it can be used over any type of L2 and/or L3 protocols
because MPLS resides between these layers.
MPLS uses label, a 20-bit address to identify themselves, these labels have local
significance, and are represented in decimal format. When using MPLS with ATM, VPI
and VCI fields are used as label
Routers using MPLS are called label-switching routers (LSR). These routers have
switching tables (depending on implementation, it may be a separate table or part of
RIB) that map incoming labels with outgoing label/interfaces. Label of incoming packets
are changed if the destination is not router itself.
The router originating MPLS packet is known as ingress LSR and PUSH the label onto
an IP packet by encapsulating it in MPLS header. The last router receiving the MPLS
packet is known as egress LSR, which decapsulate, or POP MPLS header and forward
packet inside it as normal packets. Routers that SWAP labels are known as transit LSR.
A router can only be either ingress, egress, or transit LSR for a given unidirectional
LSP. It can take different roles for a different LSP. So for 2 distant routers to
communicate to each other, 2 LSPs are needed, one going to the destination, and one
coming back to the source.
When packets are forwarded in the same way (using the same label meaning going
out the same interface, being in the same queue, have the same policy, etc) are said to
be in the same forwarding equivalence class (FEC).
In MPLS, the label is used to define the outgoing interface. Using the same label
means a set of packets will be forwarded with the same manner, therefore, this label is
bound to a particular FEC describing how the packets should be forwarded.
A signaling protocol is used to establish LSP from ingress LSR to egress LSR. The
ingress LSR first send “path request” to address (usually loopback) of the egress LSR,
which then issue “path setup” messages that are passed from the egress LSR to every
hop on the path back to ingress LSR.
Every transit LSR on the way dynamically assign an available label from its label pool
to set up the incoming and outgoing label for the LSP. Eventually, when the “path setup”
message reaches ingress LSR, the entire LSP should be set up, from the egress LSR to
the ingress LSR.
A tag distribution protocol (TDP) is cisco proprietary used for cisco tag switching. Uses
the same label but different message format than LDP. LDP and TDP can be supported
on the same device.
MPLS header is 4-byte and inserted between network and data link headers. It has:
- Label (20 bits)
- EXP (3 bits), experimental field is used as CoS or ToS field in IPv4 headers
- S (1 bit), stack bit is used for label stacking, encapsulating one MPLS packet within
another. Allow tunneling. If 0, this packet is stacked. If 1, this header is the only MPLS
header
- TTL (8 bits) works like TTL field in IPv4. Copied from IPv4 header when IPv4 packet
enters ingress LSR, the value is updated with the TTL field in IPv4 header when Ipv4
packet leaves egress LSR.
Note: TTL field can be disabled so that it only get decremented only at the ingress
router and again at the egress. This prevents the customers from seeing the cloud hops
Traffic engineering allow more flexible choice of routes between the ingress and
egress LSR. LSP can be manipulated using:
- Maximum bandwidth is the bandwidth of the interface. It can be the actual bandwidth
of configured with ʻbandwidthʼ
- Maximum reservable bandwidth specify the amount of available bandwidth a LSP can
reserve
- Unreserved bandwidth is the amount of remaining bandwidth
- TE metric: same as IGP metric, 24 bit
- Administrative group: maximum 32 groups for which links can belong to. Usually
named after colors, it can set the (constraint) accessibility of a link with the LSP.
MPLS packets have a priority field used to contend bandwidth. There are 8 levels, 0 to
7, with 0 being the highest. If link has being assign more load than it can handle
(oversubscription), and all LSPs would like to use the link, some of them just canʼt.
LSPs with lower priority canʼt win LSPs with higher priority and therefore, must seek an
alternative path to the egress LSR.
OSPF and IS-IS can transport and collect TE parameters and store them on local
database called TED. Best MPLS paths are then worked out using a modified version of
SPF called CSPF, C stand for constrained. This specification is then fed to the signaling
protocol to establish the wanted LSP.
TE parameters are carried using OSPF T10 LSA, which basically performs the same
function as T1 LSA: identify originating router, routerʼs neighbors, and TE parameters.
T10 LSA has area flooding scope, meaning all routers in that area has to accept
Opaque LSA. Itʼs used along with local T2 LSA in CSPF. Opaque Type = 1
The sub-TLVs of the Link TLV, and their types, are as follows:
- Link Type (type 1) carries as its value a 1-byte field that specifies the type of link being
described: point to point (link type 1) or multi-access (link type 2).
- Link ID (type 2) serves the same purpose, and uses the same semantics, as the Link
ID in Router LSAs: It identifies the LSR at the other end of the link. If the link type is 1
(point-to-point link), the link ID is the RID of the neighbor. If the link type is 2 (multi-
access), the Link ID is the interface address of the DR.
- Local Interface IP Address (type 3) specifies the IP address of the originatorʼs
interface to the link. This sub-TLV can carry multiple IP addresses if the interface has
more than one address.
- Remote Interface IP Address (type 4) specifies the IP address or IP addresses of the
neighborʼs interface to the link, if the link is point to point. If the link is multiaccess, the
value of this sub-TLV is 0.0.0.0 or, alternatively, the sub-TLV is not included at all.
- Traffic Engineering Metric (type 5) carries a 4-byte TE metric
- Maximum Bandwidth (type 6) carries the maximum bandwidth. This is a 4-byte value
specifying the bandwidth in bytes (not bits) per second.
- Maximum Reservable Bandwidth (type 7) carries the maximum reservable
bandwidth. This is also a 4-byte value specifying the bandwidth in bytes per second.
- Unreserved Bandwidth (type 8) carries the unreserved bandwidth for each of the
eight setup priority levels 0 through 7, listed in the sub-TLV in order from 0 to 7.
Because each bandwidth size is described by a 4-byte number (again in bytes per
second), the total length of the value field of this sub-TLV is 32 bytes.
- Administrative Group (type 9) specifies the administrative group (link color) or
groups to which the link is assigned. The value is a 32-bit field, with each of the bits
representing one of 32 possible administrative groups. If a bit is set, the link belongs to
the group corresponding to that bit position. The most significant bit corresponds to
administrative group 31, and the least significant bit to group 0. In Figure 11.7, the
value of that linkʼs affinity bit (yet another name for administrative group) is 0x3, so the
link belongs to administrative groups 1 and 0 (and hence to whatever “colors” the
network administrator has associated with those two numbers). In Figure 11.8, this
same TLV value is labeled as “color,” and the value of 0 indicates that the links in the
database do not belong to any administrative groups.
Every Link TLV must have type 1 and 2 sub-TLV, other sub-TLVs are optional.
RFC propose to use obsolete ToS field in LSA presenting the use of MT OSPF.
T1 LSA originated by MT-OSPF router indicate the links that router has and which MT
it belongs to. T3, 4, 5, 7 LSA also indicate the MT the prefix it carries.
The default topology, MT ID 0, consists of all routers and links. Non-MT-OSPF routers
doesnʼt understand MT OSPF interpret MT ID = 0 as ToS = 0, which is the default
behavior, therefore, only use MT OSPF with routers that understand it.
MT ID can range from 1 to 127, and use Link Metric field to display the MT metrics
instead. T1 LSA uses 16 bits metric, T4, T5 and T7 uses 24 bits metric.
An exception can be made so a link can be exempted for SPF calculation in the default
topology. All routers in the area has to support MT OSPF.
This is done by turning on the MT bit in Hello, which is really just the old ToS bit. Then,
this router can only form adjacency with routers that supports MT OSPF and has MT bit
enabled, if not, that Hello is dropped. If disabled, this router can form adjacencies with
any other OSPF router.
Link wishing to be exempted from default topology also have the default Metric field
set to infinity (0xFFFF) to be ignored in default topology.