0% found this document useful (0 votes)

133 views208 pages

MSPRP10SG Vol1

good one

Uploaded by

Mohamed Rishafi Mohamed Jameel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

133 views208 pages

MSPRP10SG Vol1

good one

Uploaded by

Mohamed Rishafi Mohamed Jameel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 208

MSPRP

Maintaining Cisco
Service Provider
Routing Protocols
Volume 1
Version 1.0

Student Guide
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

Student Guide © 2010 Cisco and/or its affiliates. All rights reserved.
Students, this letter describes important
course evaluation access information!

Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,
Cisco Systems is committed to bringing you the highest-quality training in the industry.
Cisco learning products are designed to advance your professional goals and give you
the expertise you need to build and maintain strategic networks.

Cisco relies on customer feedback to guide business decisions; therefore, your valuable
input will help shape future Cisco course curricula, products, and training offerings.
We would appreciate a few minutes of your time to complete a brief Cisco online
course evaluation of your instructor and the course materials in this student kit. On the
final day of class, your instructor will provide you with a URL directing you to a short
post-course evaluation. If there is no Internet access in the classroom, please complete
the evaluation within the next 48 hours or as soon as you can access the web.

On behalf of Cisco, thank you for choosing Cisco Learning Partners for your
Internet technology training.

Sincerely,

Cisco Systems Learning

Table of Contents
Volume 1
Course Introduction 1
Overview 1
Learner Skills and Knowledge 2
Course Goal and Objectives 3
Course Flow 4
Additional References 5
Cisco Glossary of Terms 5
Your Training Curriculum 6
Service Provider Routing Operation Processes 1-1
Overview 1-1
Module Objectives 1-1
Understanding Service Provider Routing Protocols 1-3
Overview 1-3
Objectives 1-3
Overview of Routing Protocols 1-4
Overview of OSPF 1-11
Overview of IS-IS 1-28
Overview of BGP 1-36
Summary 1-58
Lesson Self-Check 1-59
Lesson Self-Check Answer Key 1-60
Using Routing Protocol Tools 1-61
Overview 1-61
Objectives 1-61
Routing Protocol Tools Overview 1-62
Prefix Lists 1-72
AS Path-Based Filtering 1-82
Route Maps 1-93
Routing Policy Language 1-99
Summary 1-143
Using Management and Monitoring Tools 1-145
Overview 1-145
Objectives 1-145
Management and Monitoring Overview 1-146
Event Logging Using Syslog and SNMP 1-153
Availability and Utilization Monitoring Using SNMP 1-155
BGP Looking Glasses 1-157
Provisioning Tools 1-162
Administration 1-167
Summary 1-171
Applying Service Provider Routing Operation Processes Based on ITIL 1-173
Overview 1-173
Objectives 1-173
ITIL Overview 1-174
Change Management 1-182
Performance Management 1-185
Fault Management 1-188
Summary 1-191
Lesson Self-Check 1-192
Lesson Self-Check Answer Key 1-193
Module Summary 1-195
ii Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
MSPRP

Course Introduction
Overview
The Maintaining Cisco Service Provider Routing Protocols (MSPRP) course is a five-day
instructor-led training (ILT) course. It is intended to help prepare individuals to pass the Cisco
Certified Network Professional: Service Provider Operations (CCNP® SP Operations)
certification exams. This course and certification will also prepare and validate learner
proficiency in monitoring and troubleshooting interior gateway protocols (IGPs) and Border
Gateway Protocol (BGP) on the service provider core Cisco IP Next-Generation Network
(NGN) network.
This course is designed to provide learners with the knowledge needed to provide support in a
service-provider environment using an IGP such as Open Shortest Path First (OSPF) or
Intermediate System-to-Intermediate System (IS-IS) and BGP. It also provides learners with an
understanding of advanced routing policies using route maps with Cisco IOS Software and
Routing Policy Language (RPL) with Cisco IOS XR Software. The course also focuses on
monitoring and troubleshooting these technologies in service provider environments. The
course is intended to help prepare students for the CCNP SP Operations certification exam.
Learner Skills and Knowledge
This subtopic lists the skills and knowledge that learners must possess to benefit fully from the
course. The subtopic also includes recommended Cisco learning offerings that learners should
first complete to benefit fully from this course.

Learner Skills and Knowledge

 Describe service provider operations, functions, models, and

processes.
 Demonstrate IP NGN Operations Associate level knowledge.
 Execute basic Cisco IOS and Cisco IOS XR configuration and
monitoring commands.
 Demonstrate service provider change management
procedures.
 Demonstrate service provider configuration management
procedures.
 Demonstrate IP NGN troubleshooting skills within a service
provider core network.
 Appraise and optimize performance in the service provider IP
NGN core and aggregation network components.

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—3

Learner Skills and Knowledge (Cont.)

 Compare and contrast Interior and Exterior Gateway

Protocols.
 Describe the fundamentals and basic operation of OSPF and
IS-IS link-state protocols.
 Describe the fundamentals and basic operation of BGP.
The following training is recommended in preparing for this
course:
 Supporting Cisco Service Provider IP NGN Operations (SSPO)
 Operational Foundations for Cisco Service Provider Core
Networks (OFCN)
The learner will find it beneficial to be familiar with the
fundamentals of OSPF, IS-IS, and BGP before attending the
MSPRP course. Self-study training in these areas may be found
on the Cisco Learning Network website at
https://learningnetwork.cisco.com/index.jspa?ciscoHome=true

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—4

2 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Course Goal and Objectives
This topic describes the course goal and objectives.

Course Goal

“Learn to implement and maintain routing protocols

in service provider environments”

Maintaining Cisco Service Provider Routing Protocols

Upon completing this course, you will be able to meet these objectives:
 Identify the typical routing requirements in service provider networks and list the routing
solutions and describe the change, performance, and fault management procedures
 Change the routing configuration based on designs and implementation templates as well as
Information Technology Infrastructure Library (ITIL®)-based change management
processes and procedures
 Gather and interpret performance statistics for routing protocols using various tools such as
show commands and Simple Network Management Protocol (SNMP)-based monitoring
tools
 Perform fault management for routing protocols using various tools, such as show
commands and monitoring tools

© 2010 Cisco Systems, Inc. Course Introduction 3

Course Flow
This topic presents the suggested flow of the course materials.

Course Flow
Day 1 Day 2 Day 3 Day 4 Day 5

Course
Introduction Module 2 Module 2 Module 3 Module 4
A Change Change Performance Fault
Management for Management for Management for Management for
M Module 1 Routing Protoc ols Routing Protocols Routing Protocols Routing Protocols
Service Provider
Routing Operation
Proc esses

Lunch
Module 4
Fault
Module 1 Module 2 Module 2 Module 3 Management for
P Service Provider Change Change Performance Routing Protoc ols
Routing Operation Management for Management for Management for
M Processes Routing Protocols Routing Protocols Routing Protocols

The schedule reflects the recommended structure for this course. This structure allows enough
time for the instructor to present the course information and for you to work through the lab
activities. The exact timing of the subject materials and labs depends on the pace of your
specific class.

4 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Additional References
This topic presents the Cisco icons and symbols that are used in this course, as well as
information on where to find additional technical references.

Cisco Icons and Symbols

Router Cisco Network

Carrier
Cloud PC Server
Routing
System

Database

End User, Change

CiscoWorks Manager End User

Line: Ethernet

Cisco Glossary of Terms

For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and
Acronyms glossary of terms at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm.

© 2010 Cisco Systems, Inc. Course Introduction 5

Your Training Curriculum
This topic presents the training curriculum for this course.

Cisco Career Certifications:

CCNP Service Provider Operations
Expand Your Professional Options, Advance Your Career

Cisco Certified Network Professional

Service Provider Operations
Expert
CCIE SP Recommended Training Through
Operations Cisco Learning Partners

CCNP SP Professional Maintaining Cisco Service Provider

Operations Quality of Service
Maintaining Service Provider VPN and
CCNA SP MPLS Networks
Operations
Associate
Maintaining Cisco Service Provider
Routing Protocols
Operating Foundations for Cisco
Service Provider Core Networks

www.cisco.com/go/certifications
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—8

You are encouraged to join the Cisco Certification Community, a discussion forum open to
anyone holding a valid Cisco Career Certification (such as Cisco CCIE®, CCNA®, CCDA®,
CCNP, CCDP®, CCIP®, CCVP™, or CCSP™). It provides a gathering place for Cisco certified
professionals to share questions, suggestions, and information about Cisco Career Certification
programs and other certification-related topics. For more information, visit
http://www.cisco.com/go/certifications.

6 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Module 1

Service Provider Routing

Operation Processes
Overview
This module identifies service provider routing requirements, solutions and processes for
change, performance, and fault management. The module covers a broad range of issues
concerning routing protocols that are used in service provider environments. The main function
of interior gateway protocols (IGPs) and Border Gateway Protocol (BGP) in service provider
network will be discussed. The module also presents the mechanisms that are available in
combination with routing protocols to filter routing information or to implement desired routing
policies. As you will see, you also need tools in a service provider environment to successfully
manage and monitor the network devices and services. The end of the module provides a brief
description of the Information Technology Infrastructure Library® (ITIL) standard that is
widely used in enterprise and service provider environments.

Module Objectives
Upon completing this module, you will be able to identify the typical routing requirements in
service provider networks. You will also be able to list the routing solutions and describe the
change, performance, and fault management procedures. This ability includes being able to
meet these objectives:
 Identify the main characteristics of routing protocols that are used in the service provider
environments
 Identify the main Cisco IOS and Cisco IOS XR Software tools that are used in service
provider environments in combination with routing protocols
 Identify the main external tools that are used in service provider environments in
combination with routing protocols
 Use ITIL®-based processes for change, performance, and fault management of routing
protocols in service provider environments
1-2 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Lesson 1

Understanding Service
Provider Routing Protocols
Overview
This lesson provides the main characteristics of routing protocols that are used in service
provider environments. The lesson describes how a service provider ensures IP connectivity
within the Internet—to end customers and to other service providers. The lesson explains the
need for exchanging Internet routing information via Border Gateway Protocol (BGP). On the
other hand, interior gateway protocols (IGPs) are responsible for providing IP connectivity
within each autonomous system (AS). The most commonly used IGP protocols in service
provider networks are Open Shortest Path First (OSPF) and Intermediate System-to-
Intermediate System (IS-IS). Both are briefly described, as is the BGP routing protocol.

Objectives
Upon completing this lesson, you will be able to identify the main characteristics of routing
protocols that are used in service provider environments. This ability includes being able to
meet these objectives:
 Describe the characteristics and requirements for routing protocols in service provider
environments
 Describe the characteristics of OSPF in service provider environments
 Describe the characteristics of IS-IS in service provider environments
 Describe the characteristics of BGP in service provider environments
Overview of Routing Protocols
This topic describes the characteristics and requirements for routing protocols in service
provider environments.

Overview of Routing Protocol

Requirements

 High-level objective:
– Provide connectivity to the Internet for end customers and
subordinate ISPs
– Optionally, provide transit connectivity between service
providers (that are Tier 1 ISPs)
Transit Connectivity
SP in Tier 1 ISPs SP

SP Network
Customer Internet
Access

Customer Customer Customer Customer

The course covers a broad range of issues concerning routing protocols that are used in service
provider environments. Depending on the type of service provider, there are many different
connectivity requirements, which can be summarized as follows:
 Provide Internet connectivity to end customers or subordinate ISPs
 Provide transit connectivity to peering ISPs (Tier 1) and subordinate ISPs (Tier 2)
In addition, you must consider local routing within the service provider network to ensure
reachability for all local addresses.

1-4 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Overview of Routing Protocols

 Interior Gateway Protocol (IGP) to exchange local routing

information
 Border Gateway Protocol (BGP) to exchange external routing
information

BGP
Exchange internal
SP routing information SP
BGP
IGP

Exchange external
routing information
SP Network

BGP

Customer Customer Customer Customer

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-4

An ISP uses BGP to exchange Internet routing information with other ISPs and with those
customers that require it. BGP can be configured:
 Only to propagate a default route (for example, to customers)
 By a portion of the complete Internet routing table (for example, multihomed customers)
 By the entire Internet routing table (for example, multihomed customers, subordinate ISPs)

An IGP is used to provide connectivity within an AS. The most important function of an IGP is
to provide reachability to BGP neighbors and BGP next-hop addresses.

Routing tasks:
 IGP provides reachability for:
– BGP next-hop addresses (typically directly connected edge subnets)
– BGP neighbors
 BGP provides reachability to remote destinations through next-hop
addresses:
– External BGP sessions with customers and other ISPs
– Internal BGP session within an autonomous system (i.e. administrative
domain)

Autonomous System
EBGP IBGP EBGP
IGP IGP IGP

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-5

There are two characteristics of BGP that require the assistance of an IGP:
 BGP next-hop addresses do not change as the BGP routes are propagated through an AS.
 Internal Border Gateway Protocol (IBGP) neighbors can be several hops away from each
other (External Border Gateway Protocol, or EBGP, neighbors are typically reachable
through a directly connected edge subnet).
An IGP is therefore needed to propagate the following:
 Next-hop addresses (IP addresses of EBGP neighbors) throughout the AS
 IP addresses of internal BGP neighbors (typically loopback addresses)
The simplified illustration shows the three components in a service provider routing
environment:
 EBGP sessions with other autonomous systems to exchange the Internet routing
information
 Internal BGP sessions to carry external routing information across the service provider AS
to all routers that require it
 IGP to provide the reachability of next-hop and neighbor addresses

1-6 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Routing Example
Part 1: BGP
1. R1 receives an external BGP update: 209.165.201.0/24; the
next hop is 192.168.200.2.
2. R4 receives an internal BGP update:
– By default, the next-hop address does not change.
– Optionally, BGP on R1 can be configured to change the next-
hop address to its own address (typically a loopback address).
3. R4 forwards the update and changes the next-hop address to
192.168.11.1.

209.165.201.0/24 209.165.201.0/24 209.165.201.0/24

NH = 192.168.11.1 NH = 192.168.200.2 NH = 192.168.200.2
EBGP IBGP EBGP
IGP IGP IGP

R4 R3 R2 R1

192.168.11.1 10.1.1.1 192.168.200.2

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-6

The figure illustrates a sample network in which a route is received from an AS over an EBGP
session. The route is then forwarded to all other internal routers over an Internal Border
Gateway Protocol (IBGP) session. Egress routers will forward the route to other external
neighbors.
To change the behavior, you might, for example, configure router R1 with the neighbor R4
next-hop-self command. Then R1 would change the next-hop attribute to its loopback address,
R4. The loopback address is used as the source address for IBGP sessions.
After R4 sends the update out to an external neighbor, it will change the next-hop address to its
own IP address used for the EBGP session with the external neighbor. This is the default
behavior.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-7
Routing Example
Part 1: BGP
1. R1 receives an external BGP update: 209.165.201.0/24; the
next hop is 192.168.200.2.
2. R4 receives an internal BGP update:
– By default, the next-hop address does not change.
– Optionally, BGP on R1 can be configured to change the next-
hop address to its own address (typically a loopback address).
3. R4 forwards the update and changes the next-hop address to
192.168.11.1.

209.165.201.0/24 209.165.201.0/24 209.165.201.0/24

NH = 192.168.11.1 NH = 192.168.200.2 NH = 192.168.200.2
EBGP IBGP EBGP
IGP IGP IGP

R4 R3 R2 R1

192.168.11.1 10.1.1.1 192.168.200.2

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-6

The second illustration shows the required functionality of an IGP in order to support the BGP
functionality.
The IGP is propagating two important addresses throughout the AS:
 The IP address of the external neighbor, which is also the next-hop address carried within
BGP updates coming from the external neighbor. Note that this part is optional if you use
the alternative method (using the next-hop-self feature).
 The loopback IP address of the ingress BGP router that is used for all IBGP sessions.
If the same service provider network is also used to provide other services, such as
Multiprotocol Label Switching (MPLS)-based virtual private networks (VPNs) or MPLS
Traffic Engineering (MPLS TE), you must not summarize the next-hop IP addresses in the
backbone. Doing so would break MPLS label-switched paths (LSPs).

1-8 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Routing Example (Cont.)
Part 3: Routing Table
End-to-end connectivity is provided thorough recursive
routing table lookups (optimized for Cisco Express
Forwarding):
 BGP for end prefixes
 IGP for BGP next-hop reachability
209.165.201.0/24 209.165.201.0/24 209.165.201.0/24
NH = 192.168.11.1 NH = 192.168.200.2 NH = 192.168.200.2
EBGP 192.168.200.0/30 IBGP
192.168.200.0/30 192.168.200.0/30 EBGP
10.1.1.1/32 10.1.1.1/32 10.1.1.1/32
IGP IGP IGP

R4 R3 R2 R1

192.168.11.1 10.1.1.1 192.168.200.2

BGP: 209.165.201.0/24  192.168.200.2 BGP: 209.165.201.0/24 192.168.200.2

IGP: 192.168.200.0/30  R3 Conn.: 192.168.200.0/30
Conn.: R3  interface x

BGP: 209.165.201.0/24  192.168.200.2 BGP: 209.165.201.0/24  192.168.200.2

IGP: 192.168.200.0/30  R2 IGP: 192.168.200.0/30  R1
Conn.: R2  interface x Conn.: R1  interface x

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-8

The figure illustrates the final result of BGP and IGP routing information propagation as
reflected by the routing table. A recursive set of routes can be observed in the routing tables of
all routers:
 EBGP routes point to BGP next-hop addresses. Router R1 receives multiple external
routes, which all use the same next-hop address that is the address of the EBGP peer.
 BGP next-hop addresses point to these peers:
— Directly connected external peer on ingress edge routers (router R1 in the example)
— Nonadjacent addresses reachable via the IGP (routers R2, R3, and R4 in the
example, which require reachability to the BGP next-hop address via the IGP)
 IGP peers are reachable through an attached link.

Note For performance reasons, routers do not perform recursive lookup when forwarding packets.
Cisco Express Forwarding is used to optimize the forwarding table for performance.

 Scalable routing protocols for ISP backbones:

– Open Shortest Path First (OSPF)
– Intermediate System to Intermediate System (IS-IS)
– Enhanced Interior Gateway Routing Protocol (EIGRP)
 OSPF and IS-IS are the recommended choices:
– Standard protocols
– Support additional features required in MPLS-enabled
networks

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-9

There are, in general, three routing protocols that satisfy the main service provider requirements
for an IGP:
 Scalability
 Performance
There are three commonly used IGPs:
 OSPF
 IS-IS
 EIGRP

Most service providers today use either OSPF or IS-IS for two reasons:
 EIGRP is a Cisco proprietary protocol and may hinder interoperability with devices from
other vendors.
 MPLS TE requires the help of a link-state protocol (EIGRP is a distance-vector protocol).

1-10 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Overview of OSPF
This topic describes the characteristics of OSPF in service provider environments.

Overview of OSPF

 Link-state protocol: routers aware of network topology

 Hierarchical: dual-layer architecture
– Backbone area—Area 0
– Nonbackbone areas interconnected through Area 0
OSPF Domain
Area 0

ABR ABR ABR ABR

Area 1 Area 2 Area 3 Area 4

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-11

The OSPF protocol was developed due to a need in the Internet community to introduce a high-
functionality, nonproprietary IGP for the TCP/IP protocol family. The discussion of the
creation of a common interoperable IGP for the Internet started in 1988 and did not get
formalized until 1991. At that time, the OSPF working group requested that OSPF be
considered for advancement to Draft Internet Standard.
The OSPF protocol is based on link-state technology, which is a departure from the Bellman-
Ford vector-based algorithms that are used in traditional Internet routing protocols such as
Routing Information Protocol (RIP). OSPF has introduced new concepts such as authentication
of routing updates, variable-length subnet masks (VLSMs), and route summarization.
OSPF uses a link-state algorithm in order to build and calculate the shortest path to all known
destinations. The algorithm by itself is quite complicated. The following is a high-level,
simplified way of looking at the various steps of the algorithm:
 Upon initialization or due to any change in routing information, a router will generate a
link-state advertisement. This advertisement will represent the collection of all link states
on that router.
 All routers will exchange link states using flooding. Each router that receives a link-state
update should store a copy in its link-state database and then propagate the update to other
routers.
 After the database of each router is completed, the router will calculate a shortest path tree
to all destinations. The router uses the Dijkstra algorithm to calculate the shortest path tree.
The destinations, the associated costs, and the next hops to reach those destinations will
form the IP routing table.
 If no changes in the OSPF network occur, such as a change to the cost of a link or the
addition or deletion of a network, OSPF should be quiet.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-11
OSPF uses flooding to exchange link-state updates between routers. Any change in routing
information is flooded to all routers in the network. Areas are introduced to put a boundary on
the growth of link-state updates. Flooding and calculation of the Dijkstra algorithm on a router
is limited to links within an area. All routers within an area have the exact link-state database.
Routers that belong to multiple areas, and connect these areas to the backbone area, are called
Area Border Routers (ABRs). ABRs must therefore maintain information describing the
backbone areas and any other attached areas.
ABRs also provide mechanisms for aggregating routes and cutting down on the unnecessary
propagation of subnet information.

1-12 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
OSPF Characteristics

 Each router has topology information for all areas in which it

resides
 Many design choices exist:
– Different types of nonbackbone areas
– Different types of OSPF adjacencies
– Routing information exchanged through different types of
link-state advertisements (LSAs)

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-12

OSPF defines a hierarchy of two levels, in which Area 0 is the top level. Area 0 interconnects
other areas, which can be of different types. Depending on the route origin and area of origin,
different types of link-state advertisements (LSAs) will be generated and different rules will
apply to different LSAs when crossing area borders.
Additionally, OSPF adjacencies have several modes of operation, depending on link types and
configuration.

 Backbone area—Area 0
 Regular nonbackbone area
 Stubby area or totally stubby area
 Not-so-stubby area (NSSAs) or totally NSSA

OSPF Domain
Area 0

ABR ABR ABR ABR

Totally
Regular Stubby NSSA Stubby
Area Area
Area

 Area routes  Summaries  Summaries  Default route only

 Summaries  External routes
 External routes
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-13

In general, there are six different types of areas:

 Backbone area or Area 0, which typically carries all the routing information
 Regular nonbackbone areas
 Stubby areas that do not originate or receive any external routes
 Totally stubby areas that do not originate (redistribution for other protocols) or receive any
external routes or summaries (only the default route)
 Not-so-stubby areas (NSSAs) that can originate external routes (redistribution for other
protocols) but do not receive them from other OSPF areas.
 NSSAs that can originate external routes (redistribution for other protocols), but do not
receive them from other areas or receive summaries (only the default route).

1-14 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
OSPF Adjacencies

 Point-to-point:
– Most commonly used
– Used on point-to-point connections
– Should also be used on point-to-point
Ethernet (must be explicitly enabled)
 Broadcast:
– Used on shared media by default (for
example Ethernet) DR
– Routers elect a designated router (DR) to act
as a proxy
– Routers elect a backup designated router BDR
(BDR)
 Nonbroadcast multiaccess:
– Requires manual configuration of neighbors
 Point-to-multipoint:
– Uses broadcast hellos
– Can also run in nonbroadcast mode
– Establishes multiple point-to-point
adjacencies

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-14

OSPF uses IP multicast addresses 224.0.0.5 and 224.0.0.6 to communicate between OSPF
neighbors. Depending on the type of media and topology, you can select one of the following
adjacency modes:
 Point-to-point adjacency is used for point-to-point links.
 Broadcast mode is used for adjacencies on shared media such as Ethernet. A designated
router (DR) is elected to act as proxy between other routers. A backup designated router
(BDR) is also elected to take over the DR functionality in case the primary DR fails.
 Nonbroadcast multiaccess mode requires manual configuration of neighbors and was
sometimes used on multiaccess media such as point-to-multipoint Frame Relay or ATM
links.
 Point-to-multipoint is also designed for multiaccess media, but automates the finding of
neighbors and establishes a set of point-to-point neighbor relationships.
Most core links in modern service provider networks are point-to-point, even if Ethernet is
used. Use the point-to-point mode on such links to avoid introducing DR election and virtual
nodes into the Shortest Path First (SPF) calculation.
On shared media such as Ethernet, you can retain the default broadcast mode.

 Hello packets with multicast address 224.0.0.5 are used to

find neighbors
 DR and BDR communication uses 224.0.0.6
 Neighbors must agree on the following:
– Area ID
– Authentication method and password
– Hello and dead intervals
– Flags defining a stub area
– IP address and subnet mask
– Interface MTU
 Router IDs are used to uniquely identify a router

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-15

OSPF discovers neighbors using hello packets on multicast address 224.0.0.5, while DR and
BDR routers communicate using multicast address 224.0.0.6. For OSPF to work correctly,
neighbors must agree on the area ID, authentication method and password, hello and dead
intervals, flags defining a stub area, IP address and subnet mask, and interface maximum
transmission unit (MTU). OSPF uses the router ID to uniquely identify a router.

1-16 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Link-State Advertisements

 Type 1: Router LSA

 Type 2: Network LSA
 Type 3: Summary LSA
 Type 4: ASBR Summary LSA
 Type 5: External LSA
 Type 7: NSSA External LSA

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-16

The figure shows only the most commonly used OSPF link-state advertisements (LSAs). There
are other LSAs that are not used or are related to MPLS (that is, opaque LSAs), which are not
discussed in this course.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-17
Link-State Advertisements (Cont.)
Type 1: Router LSA
 Represents a node (router) in the
topology R2

 Includes: R3
Cost = 20 Cost = 10
– Links to other nodes (routers)
– Costs of links
Router
– Leaf networks attached to the Node LSA
node
 Is only propagated within an area Leaf
 Becomes a type 3 Summary LSA Leaf
when crossing an area border Leaf

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-17

An OSPF topology consists of nodes and links between them. The Dijkstra algorithm is then
used to convert the topology into a shortest path tree that is based on the cost of individual
links.
OSPF type 1 LSAs or router LSAs are used to propagate the information about nodes and links
(including costs). A router LSA also contains leaf networks that are attached to the node.

1-18 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Link-State Advertisements (Cont.)
Type 2: Network LSA
 Represents a shared network
in the topology (router)
Network
 Designated router that acts as LSA
R2
virtual node interconnecting all
other nodes
 Only propagated within an DR R1
area
DR
 Becomes a type 3 summary
LSA when crossing an area R3
border

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-18

Type 2 LSAs, or network LSAs, are used to represent shared media for which the DR becomes
a virtual node in the topology. The virtual node is connected to other routers using “virtual”
links. Connecting the node in this way converts a shared topology into a set of point-to-point
links between nodes, thus allowing the SPF algorithm to be used.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-19
Link-State Advertisements (Cont.)
Type 3: Summary LSA
 Area Border Routers (ABRs):
OSPF Domain
– Convert type 1 and type 2 LSAs
into type 3 LSAs Area 0

– Forward them into other areas

 Hierarchical OSPF implementation
ABR ABR
scales better:
– A non-backbone router only
sees the topology of its area

Type 1
Type 2
– ABRs see topologies of all
attached areas
– Other backbone routers only see Area 51
the topology of Area 0

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-19

Type 3 summary LSAs are used to carry routing information from one area into another by
converting type 1 and type 2 LSAs.
This conversion improves the scalability of OSPF; individual areas do not see the topologies of
other areas, thus making SPF calculations more efficient.
ABRs are responsible for creating summary LSAs and injecting them into Area 0 and other
areas.

1-20 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Link-State Advertisements (Cont.)
Other LSAs
 LSA Type 4: ASBR Summary LSA
OSPF Domain
– Provides reachability for ASBRs
Area 0
– Optimizes routing towards
external destinations (type 5 E1)
 LSA Type 5: External LSA
ABR ABR
– Carries external (redistributed)
routing information
– Has two subtypes—E1 and E2

Type 1
Type 2
 LSA Type 7: External LSA
– Is similar to type 5
Area 51
– Is generated in NSSA
– Is converted to type 5 on ABRs

X
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-20

Type 4 LSAs, or Autonomous System Boundary Router (ASBR) summary LSAs, preserve the
cost to an ASBR. This behavior allows distant routers in other areas to choose the appropriate
external path when type 5 external LSAs are used.
Type 5 external LSAs are generated when redistribution from other protocols is used. There are
two subtypes, E1 and E2. E2 is the default for redistributed routes. The main difference
between the two subtypes is that the E2 subtype only carries the external cost (cost determined
at the time of redistribution), while the E1 subtype also includes the internal OSPF cost.
Type 7 external LSAs resemble type 5 LSAs, except that they are generated in an NSSA. They
are converted to type 5 LSAs on ABRs.

 Neighbor wildcarding (for example, network 0.0.0.0

255.255.255.255 area 0):
– Simplifies deployment
– May allow an arbitrary directly connected device to
establish an OSPF adjacency
 Recommended solution:
– Use passive-interface default in Cisco IOS Software
– Cisco IOS XR Software requires OSPF to be explicitly
enabled for each interface
– Use MD5 authentication

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-21

OSPF is prone to bad configurations that allow someone to accidentally or intentionally

establish an adjacency and poison the routing table. The most common mistake is to use the
wildcard configuration that enables the sending of hello packets on all interfaces:
network 0.0.0.0 255.255.255.255 area 0
For security reasons, it is recommended that you only configure networks for interfaces that are
supposed to be used for OSPF. Additionally, you can use the passive-interface default
command to disable the sending of hello packets on all interfaces and specifically enable
interfaces on which you wish to enable OSPF.
Cisco IOS XR Software is designed to improve the default security posture of OSPF—
interfaces must be specifically enabled for OSPF.
Additionally, you should authenticate OSPF sessions using Message Digest 5 (MD5) hashing.
OSPF can use the MD5 one-way hash function in combination with a password to authenticate
an LSA (MD5 is better that cleartext authentication mechanisms, because it does not put
passwords into packets).

1-22 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
OSPF Metric
Reference Bandwidth
Cost =
Interface Bandwidth
 Each link is assigned a cost:
– Default cost is calculated from interface bandwidth.
– Default reference bandwidth is 1 Gb/s.
– You should modify reference bandwidth in 10 Gb/s networks.
– Cost can be statically configured for an interface.
 Ensure consistent configuration of costs:
– Same cost on both sides of a link when manually configuring the
cost
– Same reference bandwidth on all routers in an OSPF domain

Cisco IOS Software Cisco IOS XR Software

interface FastEthernet0/0 router ospf 1
ip ospf cost 10 auto-cost reference-bandwidth 10000
! area 0
interface TenGigE0/1/4/0
router ospf 1 cost 100
auto-cost reference-bandwidth 10000 !
! !
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-22

Each link is assigned a cost that is propagated in type 1 LSAs. Default cost is calculated from
interface bandwidth and the reference bandwidth, which defaults to 1 Gb/s (1000 Mb/s). The
figure illustrates the formula that is used to calculate costs for individual links that are based on
default or configured link bandwidth (not the actual link speed).
The default reference bandwidth is only useful in networks where there are no links faster than
1 Gb/s. In faster environments, different links may be given the same cost. For example, 10-
Gb/s and 1-Gb/s links would both be assigned cost 1.
Alternatively, cost can be statically configured on a per-link basis. Make sure that you
configure costs consistently (the same cost on both routers).
Also make sure that you configure the same reference bandwidth domain-wide.

 Order of preference:
1. Intra-area route
2. Interarea route
3. External type 1
4. External type 2
5. Lowest cost route
 Note: OSPF cost manipulation may fail when comparing
routes of different types.

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-23

When OSPF receives multiple LSAs for the same destination, it must compare the paths to
determine which path to insert into the forwarding table. The figure shows that the cost of the
route is more or less ignored if the two paths are of different types.

1-24 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Typical OSPF Designs

 Single-area design:
– All routers in Area 0
– Simple routing design
– Mostly point-to-point adjacencies
– Optimal routing decisions
– Scalability limited to a few hundred routers in the network
 Multiarea design:
– Regular areas or NSSA typically used
– Scales to thousands of routers in the network
– Mostly point-to-point adjacencies
– More complex routing design
– May result in suboptimal routing (such as dual-attached
areas)
– Less practical in MPLS-enabled networks
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-24

Most modern service provider networks use MPLS with some of the MPLS-based solutions.
When implementing MPLS-based VPNs and traffic engineering, it is important to consider the
interaction between MPLS Label Distribution Protocol (LDP) and an IGP. If summarization is
used for addresses for which LDP is used to generate label-switched paths (LSPs), it will break
those LSPs and consequently break MPLS VPNs.
From a design and implementation perspective, it is preferable to implement OSPF using one
area (Area 0). The limitation of this approach is scalability, which is mostly influenced by the
number of nodes (routers) in an area.
In large service provider environments, you may be forced to use a hierarchical design. The
characteristics and limitations of the hierarchical approach must be considered when designing
MPLS solutions.

Cisco IOS Software Cisco IOS XR Software

interface TenGigabitEthernet3/0/1 router ospf 1
ip ospf authentication message-digest router-id 10.1.1.2
ip ospf message-digest-key 1 md5 sEcReT auto-cost reference-bandwidth 10000
ip ospf network point-to-point area 0
! authentication-key sEcReT
interface GigabitEthernet4/0/1 authentication message-digest
ip ospf authentication message-digest !
ip ospf message-digest-key 1 md5 sEcReT interface Loopback1
ip ospf network point-to-point !
ip ospf cost 5 interface GigabitEthernet0/1/0/1
! cost 5
router ospf 1 network point-to-point
router-id 10.1.1.1 !
log-adjacency-changes interface TenGigE0/1/4/0
auto-cost reference-bandwidth 10000 network point-to-point
area 0 authentication message-digest !
passive-interface default !
no passive-interface TenGigabitEthernet3/0/1 !
no passive-interface GigabitEthernet4/0/1
network 10.0.0.0 0.255.255.255 area 0
!

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-25

The sample configurations in the figure show a simple implementation of OSPF in Cisco IOS
Software and Cisco IOS XR Software. The configurations include the following functionality:
 Manual selection of interfaces on which to run OSPF
 MD5-based authentication of OSPF
 Reference bandwidth to support at least 10-Gb/s links
 Manual configuration of a router ID: OSPF processes use router IDs as unique identifiers
that are used when building shortest path trees using the LSP path calculation (Dijkstra
algorithm). By default, routers will use the highest loopback IP address or the highest IP
address if there is no loopback interface. Routers can also be statically configured with a
router ID to ensure consistency (as shown in the example).
 Usage of point-to-point mode on point-to-point Ethernet links
Subsequent lessons and modules will provide additional information to build more advanced
configurations to improve the performance of OSPF.

1-26 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
OSPF Implementation and
Troubleshooting Concerns

 Ensure proper cost configuration:

– Symmetrical cost on manually configured links
– Consistent reference bandwidth on all routers
 Ensure proper adjacency types:
– Point-to-point where possible
– Symmetrical adjacency types
– Proper DR election on shared media
 Ensure optimal routing:
– Dual-attached areas
– Multiple paths from different LSA types
 Ensure proper handling of interface MTU
 Optimize the performance of OSPF without impacting scalability and
stability:
– Tune timers
– Use Cisco Nonstop Forwarding (Cisco NSF) and nonstop routing with
Stateful Switchover (SSO)
– Use Bidirectional Forwarding Detection to improve link failure detection
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-26

When designing, implementing, monitoring, and troubleshooting OSPF, you should be aware
of the following:
 Set link costs properly to ensure that links between pairs of routers are configured with the
same cost (symmetric cost configuration).
 For automated cost calculation, configure the same reference bandwidth on all routers in an
OSPF domain. It is also important to ensure that all interfaces have a proper default
bandwidth or are configured with appropriate bandwidth.
 Optimize OSPF by using the appropriate adjacency mode. For example, Ethernet links will
default to broadcast mode—convert all point-to-point Ethernet connections to use OSPF in
point-to-point mode. Also make sure that adjacent routers are configured with the same
mode.
 In a hierarchical OSPF design with areas that attach to Area 0 using two or more ABRs,
make sure that you properly manage summary LSAs to ensure optimal forwarding between
areas.
 To prevent suboptimal forwarding, make sure all routes that have multiple paths are of the
same type (that is, the same type of LSA).
 Make sure that adjacent routers are configured with the same maximum transmission unit
(MTU) in order for OSPF to operate properly. Alternatively, you may disable MTU
checking. Also be aware of the difference in MTU configuration between Cisco IOS
Software and Cisco IOS XR Software (in Cisco IOS XR Software, MTU configuration
includes the Layer 2 overhead).
 Optimize the performance of OSPF without impacting scalability and stability using
various software and hardware mechanisms:
— Tune OSPF timers.
— Use Cisco Nonstop Forwarding (Cisco NSF) and nonstop routing with Stateful
Switchover (SSO).
— Use Bidirectional Forwarding Detection to improve link failure detection.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-27
Overview of IS-IS
This topic describes the characteristics of IS-IS in service provider environments.

Overview of IS-IS

 Link-state protocol: routers aware of network topology

 Hierarchical: dual-layer architecture
– Level 1 used within local areas
– Level 2 interconnects areas
IS-IS Domain
Level 2 Area

L2 L2 L2

L1L2 L1L2 L1L2 L1L2

Level 1 Level 1 Level 1 Level 1

Area L1L2
Area L1L2
Area L1L2
Area L1L2

L1 L1 L1 L1

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-28

The figure illustrates a hierarchical IS-IS design with the following characteristics:
 Level 2 area with Level-2-only routers in the core
 Level 2 area edge with Level 1-Level 2 routers to connect to other areas using Level 1
 Level 1 areas with Level-1-Level-2 routers connecting areas to Level 2
 Level 1 areas with routers unique to Level 1
This is a very generic representation of what can be implemented using IS-IS. Like OSPF, IS-
IS can also be implemented in a simpler fashion with fewer areas or simply one area and one
level. Unlike OSPF, all areas do not have to connect to a common backbone area.

1-28 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
IS-IS Characteristics

 Each router has topology information for its area.

 IS-IS is part of OSI and was originally used with CLNS only.
 IS-IS still uses CLNS to maintain adjacencies and build an
SPF tree.
 Integrated IS-IS can also carry IP routing information in its
updates, such as its type, length, and values (TLVs).
 A wide-style metric should be used for a large, high-speed
service provider network (24-bit link metric, 32-bit path
metric).
 Link cost defaults to 10.
 Each router is identified using a unique NSAP address.

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-29

Like OSPF, IS-IS is a link-state protocol using the Dijkstra algorithm, in which each router has
topology information for its area. IS-IS is part of the Open Systems Interconnection (OSI)
standard protocol suite and was originally used with Connectionless Network Service (CLNS).
Each router is identified using a unique network service access point (NSAP) address, which is
part of the CLNS protocol. IS-IS still uses CLNS to maintain adjacencies and build SPF trees.
However, the integrated version of IS-IS can be used for other protocols, such as IP, and can
also have extensions for MPLS TE.
A wide-style metric should be used for a large, high-speed service provider network (24-bit link
metric, 32-bit path metric). Link cost defaults to 10, but can be modified to reflect the desired
cost. The narrow-style metric can only accommodate 64 metric values. This number of values
is typically insufficient in modern networks and may not even be compatible with IS-IS
extensions such as those for MPLS TE.

 Router types:
– Level 1 routers only peer with IS-IS Domain
other Level 1 routers
Level 2
– Level 2 routers only peer with Area L2 L2
other Level 2 routers L2
– Level 1 and level 2 routers can L1 & L2
L1L2 L1L2
peer with any router L2

 Link types:
– Level 1: only for Level 1 L2
adjacencies within the same Level 1
L1
Area L1L2
area
L1
– Level 2: only for Level 2
adjacencies L1

– Level 1 and level 2: for level 1

adjacencies within the same
area and level 2 adjacencies
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-30

The interaction between routers in an IS-IS domain depends on the following characteristics:
 Router type:
— Level 1 router can only maintain Level 1 adjacencies
— Level 2 router can only maintain Level 2 adjacencies
— Level 1 and Level 2 routers can maintain Level 1 and Level 2 adjacencies
 Link type:
— Level 1 links only support Level 1 adjacencies
— Level 2 links only support Level 2 adjacencies
— Level 1 and Level 2 links support Level 1 and Level 2 adjacencies (concurrently)
 Area:
— Level 1 and Level 2 adjacencies can be formed between routers in the same area
— Only Level 2 adjacencies can be formed between routers in different areas

1-30 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
NSAP Address Structure

 Most commonly used NSAP format for IS-IS:

– AFI set to 49 (private address; 1 byte)
– Area ID (2 bytes)
– System ID (6 bytes)
– NSEL (2 bytes) should be 00
 Loopback IP address (pseudo router ID) can be encoded into
the system ID

49 . 0001 . 1921 . 6800 . 1001 . 00

AFI AREA System ID NSEL

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-31

The figure illustrates the most common form of the NSAP address used with IS-IS:
 The authority and format identifier (AFI) is typically set to 49, representing private address
space. The field requires 2 hexadecimal digits (1 byte).
 If private addresses are used, there is no interdomain ID.
 Area ID is encoded using 4 hexadecimal digits (2 bytes).
 System ID is encoded using 12 hexadecimal digits (6 bytes). This portion can be used to
encode an IP-based router ID (for example, a loopback IP address) to help when
troubleshooting, so that NSAP addresses can easily be mapped to IP addresses and vice
versa.
 The NSAP selector (NSEL) is encoded using two hexadecimal digits (one byte) and should
always be set to 00.

Note In reality, Cisco IOS Software regards AFI and Area as a single entry that can be from 1 to
13 bytes long and represents an Area ID.

 Inherently better security than OSPF:

– Uses CLNS instead of IP
– Requires explicit activation on interfaces
 Should still be authenticated using MD5 for additional
protection:
– Authenticate hello packets and LSPs

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-32

Unlike OSPF, IS-IS will, by design, prevent accidental misconfigurations that could result in
reduced security posture:
 Interfaces must be specifically enabled for IS-IS.
 Because CLNS is used, it is slightly less likely that it can be accidentally or even
intentionally misused.
Nevertheless, you should still add another layer of security by using MD5-based authentication
of both hello packets and link-state protocol data units (PDUs), or of link-state packets (LSPs).

1-32 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Typical IS-IS Designs

 Single-level design:
– All routers in the same level 2 and area
– Simple routing design
– Optimal routing decisions
– Scalability limited to several hundred routers in the
network
– Preferred design in MPLS-enabled networks
 Multilevel design:
– Scalability to thousands of routers in the network
– More complex routing design
– Less practical design in MPLS-enabled networks

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-33

Like OSPF, IS-IS can be implemented in two major ways:

 For the same reasons as with OSPF, it is often desirable to implement IS-IS using one area
and level.
 Also as with OSPF, it may be necessary to split IS-IS into multiple levels in order to
improve scalability.

Cisco IOS Software Cisco IOS XR Software

key chain ISISKC router isis L2
key 1 net 49.0002.1720.1601.0002.00
key-string sEcReT is-type level-2-only
! lsp-password hmac-md5 sEcReT
interface TenGigabitEthernet3/0/1 log adjacency changes
isis circuit-type level-2-only !
isis authentication mode md5 address-family ipv4 unicast
isis authentication key-chain ISISKC metric-style wide
isis tag 10 !
isis metric 10 interface TenGigE0/1/4/0
! no hello-padding
interface GigabitEthernet4/0/1 circuit-type level-2-only
isis circuit-type level-2-only hello-password hmac-md5 sEcReT
isis authentication mode md5 address-family ipv4 unicast
isis authentication key-chain ISISKC metric 10
isis tag 20 tag 10
isis metric 20 !
! !
router isis interface GigabitEthernet0/1/0/0
net 49.0001.1720.1601.0001.00 no hello-padding
is-type level-2-only circuit-type level-2-only
authentication mode md5 hello-password hmac-md5 sEcReT
authentication key-chain ISIS address-family ipv4 unicast
log-adjacency-changes metric 100
metric-style wide tag 20
passive-interface Loopback0 !
! !

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-34

The sample configurations in the figure illustrate a simple implementation of IS-IS in Cisco
IOS Software and Cisco IOS XR Software. The configurations include the following
functionality:
 Manual selection of interfaces on which to run IS-IS, for better security (to prevent
accidental adjacencies on interfaces where there are not supposed to be any IS-IS peers)
 MD5-based authentication of IS-IS to further secure IS-IS by only establishing IS-IS
adjacencies with peers that have been configured with the same password
 Optional tagging of routes to support more complex routing policies; IS-IS routes can carry
a tag that can be set or matched by route maps (Cisco IOS Software) or routing policies
(Cisco IOS XR Software)
 Encoding of an IP into the NSAP address to simplify troubleshooting
 Running of a single level (Level 2) to ensure complete visibility and optimize path
calculation (note that running a single level may reduce scalability)
 Inclusion of loopback addresses using the passive-interface command
Subsequent lessons and modules will provide additional information to build more advanced
configurations to improve the performance of IS-IS.

1-34 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
IS-IS Implementation and
Troubleshooting Concerns

 Ensure consistent usage of wide-style metric

 Ensure symmetric and consistent configuration of link costs
 Ensure proper handling of interface MTU and hello padding
 Optimize the performance of IS-IS without impacting scalability and
stability:
– Tune timers (hello and fast hello)
– Use Cisco Nonstop Forwarding (Cisco NSF) and nonstop routing
with Stateful Switchover (SSO)
– Use Bidirectional Forwarding Detection to improve link-failure
detection
 Optionally, use tags to distinguish between different types of routes
(e.g. to simplify troubleshooting, filtering)
 Optionally, encode an IP-based router ID (loopback address) into
the system ID portion of the NSAP address to simplify
troubleshooting

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-35

When designing, implementing, monitoring, and troubleshooting IS-IS, you should be aware of
the following:
 All routers in an IS-IS domain should be configured to support the wide-style metric.
 Link costs must be properly set to ensure that links between a pair of routers are configured
with the same cost (symmetric cost configuration).
 Optimize the performance of IS-IS without impacting scalability and stability using various
software and hardware mechanisms:
— Tune IS-IS timers.
— Use Cisco NSF and nonstop routing with SSO.
— Use Bidirectional Forwarding Detection to improve link failure detection.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-35
Overview of BGP
This topic describes the characteristics of BGP in service provider environments.

BGP Overview

 BGP is designed for routing information exchange between

different administrative domains (autonomous systems)
 Each autonomous system (AS) is identified using a unique
AS number
 BGP is designed with the following major characteristics:
– Scalability: It needs to carry the full Internet routing table
(several hundred thousand routes).
– Stability: The size of the routing table results in higher
chances of constant flapping of routes.
– Security: Advanced filtering options provide protection
from other administrative domains.
– Flexibility: Advanced mechanisms in combination with
many BGP attributes enable the implementation of
complex routing policies.

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-37

BGP is a distance-vector routing protocol that is designed to meet the following criteria:
 Scalability: BGP is intended for distributing Internet routing information that constantly
grows.
 Stability: It is important for BGP to be able to manage constant flapping of routes in an
ever growing Internet, where the likelihood of flapping is also increasing.
 Security: Because it is used between administrative domains and in a public environment,
BGP must also include powerful security mechanisms. These mechanisms protect routers
from intrusions from other administrative domains or the Internet in general.
 Flexibility: Complex topologies and diverse requirements demand that BGP support
advanced mechanisms to implement complex routing policies.

1-36 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Architecture

There are two types of BGP sessions:

 External BGP (EBGP) sessions exchange routing
information.
 Internal BGP (IBGP) sessions exchange routing information
between routers within the same AS.

AS 65002 AS 65001 AS 65003

EBGP
EBGP
IBGP
IBGP IBGP

IBGP
EBGP
EBGP EBGP
EBGP

AS 65004 AS 65005 AS 65006 AS 65007

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-38

The figure illustrates a general architecture of BGP with the following characteristics:
 Each administrative domain is identified using a unique AS number.
 BGP sessions within an AS are called IBGP sessions and differ from EBGP sessions that
are used between different AS.

 16-bit AS number:
– Notation: X (for example “65001”)
– Public range from 1 to 64511 for use on the Internet
– Private range from 64512 to 65535 can be used in
isolated environments
– Depleted
 32-bit AS number:
– Notation: X.Y (for example “65100.65200”)
– Carried in a new attribute
– Compatible with old systems:
 AS 23456 used in old AS path to represent
autonomous systems using new AS
 AS 0.X used to encode old AS numbers in new AS
path attribute

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-39

AS numbers come in two forms:

 16-bit AS numbers have been depleted due to a relatively small number space and the
increased demand for companies to be multihomed (increased availability).
 32-bit AS numbers were introduced to provide a larger number space while maintaining
backward compatibility with 16-bit systems to ease the migration. A 32-bit AS can use two
notations: A single 32-bit number (X) or two 16-bit numbers joined using a dot (for
example, X.Y).
Refer to the following online white paper for a detailed explanation of 32-bit AS numbers and
how they interact with older systems:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_C11
_516823.html

1-38 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Sessions

 BGP uses TCP on port 179 to establish adjacencies

 OPEN messages are used at session setup to negotiate fundamental
session parameters and capabilities:
– AS numbers must match the configuration and determine session type
(EBGP versus IBGP)
– EBGP peers must be reachable through a directly connected link (by
default)
– IBGP sessions are typically established between loopbacks (IGP
ensures reachability of loopback addresses)
– IP addresses must match the configuration
– Hold time (default is 180 seconds)

AS 65001 AS 65002 AS 65001 IBGP

AS 65001
EBGP 10.1.1.1 10.1.1.2

192.168.1.1 192.168.1.2

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-40

BGP sessions are established over TCP using port number 179. Many session parameters and
capabilities are negotiated during session setup by exchanging OPEN messages.
Based on the exchanged AS numbers, both routers will determine if the exchanged numbers
match their configurations and select which type the session is (IBGP or EBGP). For EBGP
sessions, routers will check to see if the neighbor address is in the routing table as a directly
connected address (default requirement). IBGP sessions, on the other hand, can be several hops
away, and loopback addresses are typically used to implement IBGP sessions for consistency
and stability. The source IP address of a neighbor must also match the configured IP address.
Holdtime values are also exchanged and both routers choose the lower value (the keepalive is
one third of the holdtime value).

BGP updates carry:

 Network Layer Reachability Information (NLRI) Attributes
prefix
 Mandatory attributes: Well-Known
– Next-hop address
– AS path: contains the sequence of AS Mandatory
numbers through which the update has
passed Discretionary
– Origin (historic)
 Optional attributes: Optional
– Do not have to be understood by all BGP Transitive
speakers
– Transitive attributes are forwarded Non-Transitive
unchanged if not understood

NLRI Next Hop AS Path Origin Other Attributes

10.0.0.0/8 192.168.1.1 65001 65002 IGP Attr X Attr Y Attr Z
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-41

Each BGP update can carry multiple prefixes in the Network Layer Reachability Information
(NLRI) portion of the update. Each set of updates must contain at least the three mandatory
attributes:
 Origin code: This is more or less a cosmetic attribute, which indicates how the BGP routes
were originated. For example, the code will be “igp” if a route was natively originated by
BGP using network commands, or “unknown” if a route was redistributed into BGP.
 Next-hop address: This is important because a BGP entry, when inserted into a forwarding
table, will take the prefix and point it to the next-hop address.
 AS path: This attribute is primarily used to prevent routing loops. Each border router will
check the AS path attribute for the occurrence of its own AS number in the AS path. If a
router AS number appears in the AS path, it is dropped. The AS path is also used when
selecting the best path for a prefix with two or more paths. The path with the shortest AS
path attribute is regarded to be the best.

BGP will typically also carry a number of other attributes. The figure illustrates the types of
attributes that BGP supports:
 Well-known attributes are defined by standards and must be supported by all
implementations of BGP. Well-known attributes are divided into two categories:
— Mandatory attributes
— Discretionary attributes, which may appear in updates, depending on the
implementation of BGP
 Optional attributes can be defined by standards or be proprietary. Interoperability between
routers should be available even if one of the routers does not support an optional attribute
that the other router wants to use.
— Transitive attributes instruct routers that do not understand them to pass them on to
other BGP speakers without any modification.
— Nontransitive attributes are deleted by routers that do not understand them.

1-40 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
EBGP Sessions

 EBGP sessions can form any topology, subject to

agreements between autonomous systems.
 Received EBGP updates are sent to all other neighbors.
 By default, EBGP neighbors must be directly connected.

AS 65001 AS 65003

AS 65002 AS 65006

AS 65004 AS 65005

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-42

The figure illustrates an arbitrary topology of EBGP sessions between autonomous systems.
EBGP has very simple forwarding rules:
 EBGP updates can be sent to all other neighbors (EBGP and IBGP).
 IBGP updates can be sent to EBGP peers.
AS paths are used to prevent updates from looping.

 By default, IBGP sessions require a full mesh between all

routers within an autonomous system:
– A simple split-horizon mechanism prevents internal
updates from being sent to other internal neighbors
– Does not scale in large autonomous systems
 IBGP neighbors can be multiple hops away

IBGP
EBGP EBGP

AS 65002 AS 65001 AS 65003

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-43

IBGP sessions have different forwarding rules, which include a type of split horizon
mechanism:
 IBGP updates can only be sent to EBGP peers.
 EBGP updates can be sent to all neighbors (IBGP and EBGP).
In order to ensure that all routers receive all updates, you must configure a full mesh of IBGP
sessions between BGP routers in an AS.

1-42 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Attributes

 Next-hop address
 AS path
 Local preference
 Multi-exit discriminator (MED)
 Community
 And others

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-44

The figure shows some of the most commonly used attributes when implementing routing
policies in BGP:
 Next-hop address
 AS path
 Local preference
 Multi-exit discriminator (MED)
 Community

Other common attributes include:

 Extended community
 Originator ID
 Cluster list
 Atomic aggregate
 Aggregator ID
 4-byte AS path

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-43
BGP Attributes (Cont.)
Next-Hop Address
 Purpose:
– Provides reachability information for BGP prefixes
– Typically requires an IGP to provide reachability to the next-hop address
 Processing:
– Unchanged when sent to internal neighbors (IBGP)
– Set to EBGP session’s source address when sent to external neighbors

10.1.1.1 10.2.2.2

NH=10.1.1.1 NH=10.2.2.2
NH=10.1.1.1
EBGP IBGP EBGP
AS 65002 AS 65001 AS 65003

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-45

The figure illustrates the propagation of a routing update and how it affects the next-hop
attribute:
 Routers sending updates to internal neighbors will not modify the next-hop attribute unless
they are configured with the next-hop-self option.
 Routers sending updates to external neighbors will set the next-hop attribute to the source
address of the EBGP session.
An IGP is required in an AS to make sure that next-hop addresses are reachable on all routers
in the AS.

1-44 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Attributes (Cont.)
AS Path
 Purpose:
– Primary: prevents routing loops
– Secondary: selects the best path
 Processing:
– Unchanged when sent to internal neighbors (IBGP)
– AS number prepended to the existing AS path when sent to external
neighbors (EBGP)

ASP=65002 ASP=65001 65002

ASP=65002
EBGP IBGP EBGP
AS 65002 AS 65001 AS 65003

ASP=65003 65001 65002

The figure illustrates the processing of updates based on the AS path attribute:
 Routers sending updates to internal neighbors will not modify the AS path attribute.
 Routers sending updates to external neighbors will prepend their own AS number to the
existing AS path.
A router that receives an update and finds its own AS number anywhere in the AS path will
regard the update as a routing loop and therefore drop the update.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-45
BGP Attributes (Cont.)
Local Preference
 Purpose:
– Selects the preferred path
 Processing:
– Routes with higher local preference (LP) are preferred.
– Local preference is only used within an AS (stripped out in external
updates).
– The default value is LP 100 on received EBGP updates.

Default
No LP LP=100 No LP

LP=200
EBGP IBGP EBGP
AS 65002 AS 65001 AS 65003

No LP

EBGP LP=200
Route map

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-47

The figure illustrates the processing of updates in relation to the local-preference attribute.
 A router receiving an update that does not contain a local preference will add the attribute
and set it to the default value (“100,” unless the default has been modified).
 A route map or a route policy can be used to arbitrarily set local preference values to
individual routes.
 When comparing routes with multiple paths, a router will prefer routes with higher local
preference values.
 When forwarding updates to external neighbors, routers will remove the local preference
attribute.

The figure illustrates how the central AS will prefer the path through the lower link to the left
AS due to the higher local preference of that path.

1-46 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Attributes (Cont.)
Multi-Exit Discriminator (MED)
 Purpose:
– Influences route selection in neighboring autonomous systems for return
traffic
 Processing:
– No default value (assumed to be 0; configurable)
– Evaluated only if coming from the same AS (configurable)
– Lowest MED is preferred
– Routing table metric copied to MED upon redistribution

Route map

MED=100
EBGP IBGP EBGP
AS 65002 AS 65001 AS 65003

Route map MED=100 MED=100

EBGP

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-48

The figure illustrates how an AS can influence the route selection in a neighboring AS by
sending EBGP updates with the MED attached. The receiving AS will prefer the path with the
lower MED value.
The processing of a MED, by default, is only performed for routes coming from the same AS.
The following configuration options modify the default behavior in MED processing:
 bgp always-compare-med causes MED values to be compared even if routes come from
different autonomous systems.
 bgp bestpath med missing-as-worst makes routers RFC-compliant by assuming an
infinite value of MED if the MED attribute is not present in an update. By default, Cisco
routers will assume a value of “0.”
 bgp deterministic-med modifies the algorithm in the comparison of more than two paths
to make it deterministic and not dependent on the order in which they are compared.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-47
BGP Attributes (Cont.)
Community
 Purpose:
– Generic tagging attribute
– Used to implement complex routing policies
 Characteristics:
– 32-bit attribute
– Multiple communities can be attached to a single update
– Notation: AS:value
– Use the ip bgp-community new-format command to use the above
notation in show command output
 Processing:
– No default value
– Not forwarded to any peer by default
– Default processing only for special community values:
 no-export : do not send to external peers
 no-advertise: do not send to any peer

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-49

The BGP community attribute by itself has no special meaning unless some standard
community values are used. In general, it is a tagging (coloring) tool that allows designers to
implement AS-wide routing and filtering policies. These policies depend on the source (for
example, ingress edge or customer router) to properly tag a route upon which another router
will perform an action.
The standard community values will result in a default action:
 no-export allows routes to be propagated throughout an AS, but routers will not forward it
to EBGP neighbors.
 no-advertise will keep routes only within a router and will not send them to any neighbors.

Each route can be tagged with multiple BGP community values. To ensure uniqueness, it is
recommended to put the AS number into the first half of the community attribute and an
arbitrary value into the second half.

1-48 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Route Selection

Order of preference:
1. Highest weight (local parameter; not an attribute)
2. Highest BGP local preference
3. Locally originated routes
4. Shortest AS path (configurable)
5. Lowest origin code
6. Lowest MED (configurable)
7. Installation of multiple paths if the multipath feature is configured
8. Preference for EBGP over IBGP
9. Least-cost metric for the next-hop address
10. Oldest path (most stable)
11. Tie-breaker (lowest originator ID, router ID, or neighbor address)

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-50

The figure shows the order in which routes for the same prefix are compared.
Refer to the following online document for a more complete description of the route selection
algorithm, including the various configuration options that affect it:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml

 Design and implementation of BGP depends on the topology

and requirements:
– Single-homed customers
– Dual-attached customers
– Multihomed customers and subordinate ISPs
– Upstream ISPs
– ISP exchange points
– Transit autonomous systems (Tier 1 ISPs)
 Other considerations:
– Availability (convergence)
– Stability
– Security
– Flexibility

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-51

When designing and implementing BGP, you should identify the route or roles that an AS and
individual routers play. The first list in the figure shows some design choices for customers and
providers (topology).
Additionally, other characteristics need to be identified to properly design and implement high
availability, stability, adequate security, and flexibility.

1-50 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Single-Homed Customers

 Typically do not require BGP:

– Static route for customer’s ISP-assigned address space on edge
router
– Static default route on customer router
 BGP can be used to detect link failures and trigger dial backup:
– ISP originates only the default route
– Customer originates its address space
– Private AS numbers can be assigned to customers by the ISP

Customer 209.165.201.0/24 ISP

AS 65001 0.0.0.0/0 AS 123

PSTN

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-52

Most single-homed customers (customers that are connected to one ISP using one link) only
require static routing. The reason is that there is no alternative path if the primary path fails
(such as a router, link, or ISP failure).
Some single-homed customers may deploy a dial-backup solution in which it is beneficial for
them to receive notification if their primary path has failed. ISPs can use BGP to send them a
default route. If a failure occurs, the BGP session will go down and the customer can initiate a
dial backup connection.

 Mitigate link and device failures

 Two design options:
– Primary and backup
– Load balancing

209.165.201.0/24

Customer 0.0.0.0/0 ISP

AS 65001 209.165.201.0/24 AS 123
0.0.0.0/0

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-53

A dual-attached customer (a customer that is connected to the same ISP over two or more links)
should require that BGP exchange routing information, enable primary and backup routing or
load balancing, and have the ability to detect failed links.
This solution can mitigate router and link failures but it cannot mitigate ISP failures.

1-52 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Multihomed Customers

 Mitigate link, device, and path failures

 Should connect to independent ISPs
 Two design options:
– Primary and backup
– Load balancing

209.165.201.0/24
ISP
AS 123
Customer Full
AS 65001 209.165.201.0/24
ISP
Full
AS 456

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-54

Multihomed customers (that is, customers that are connected to two or more independent ISPs)
have the most resilient setup. The setup can mitigate any single failure of routers, links, or ISPs.
These customers will often require complete Internet routing information from all ISPs to give
them the most flexibility when implementing load balancing.
Multihomed customers have the following requirements:
 Public AS number
 Provider-independent address space

 Mitigates link, device and path failures

 Should connect to independent upstream ISPs
 Two design options:
– Primary and backup
– Load balancing
 ISP receives full Internet routing table
 ISP forwards:
– Summaries for owned address space
– Prefixes from BGP customers using the independent address
space

Customer ISP
Summary
Customer AS 123
ISP Full
AS 100 Summary
Customer
ISP
Full AS 456
Customer

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-55

For ISPs, the network is their business. They always have multiple links to other ISPs:
 Upstream ISPs, which will provide complete Internet routing information
 Peering ISPs over a local exchange point, which provide routing information for their
customers
ISPs forward summaries for their IP supernets and the individual routes of their BGP-based
customers.

1-54 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Transit ISP

 A transit ISP mitigates link, device, and path failures.

 The routing policy depends on agreements with other ISPs.
 A Tier 1 ISP forwards the full Internet routing table.

Tier 1 ISP
Full
AS 123
Tier 1 ISP Full Tier 1 ISP Full
AS 789 Full AS 100 Full

Partial AS 456
Tier 2 ISP

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-56

There are many types of transit ISPs, which can be summarized into two major groups:
 Tier 1 ISPs, which peer with other Tier 1 ISPs to form the backbone of the Internet
 Tier 2 and Tier 3 ISPs, which depend on Tier 1 ISPs to reach the rest of the Internet
Relations between these large ISPs heavily depend on the agreements between them and the
rates they charge each other. The routing policy must be implemented in accordance with the
agreements.
In most cases, Tier 1 ISPs will exchange complete Internet routing tables. In contrast, Tier 2
and Tier 3 ISPs will only forward the routing information for their subordinate ISPs and end
customers.

Cisco IOS Software Cisco IOS XR Software

router bgp 65001 route-policy PermitAll
bgp router-id 10.1.1.1 pass
bgp log-neighbor-changes end-policy
neighbor 209.165.201.1 remote-as 23456 !
neighbor 209.165.201.1 password sEcReT route-policy PermitLocal
! if as-path in (ios-reg '') then
address-family ipv4 pass
redistribute connected endif
redistribute static end-policy
network 209.165.200.224 mask 255.255.255.248 !
neighbor 209.165.201.1 send-comm ext router bgp 23456
neighbor 209.165.201.1 activate address-family ipv4 unicast
no auto-summary network 209.165.201.0/24
no synchronization redistribute connected
exit-address-family redistribute static
! !
! neighbor 209.165.201.1
remote-as 65001
address-family ipv4 unicast
route-policy PermitLocal in
route-policy PermitAll out
!
!
!

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-57

The figure shows a simple implementation of BGP in Cisco IOS Software and Cisco IOS XR
Software. The configurations include the following functionality:
 A single EBGP session
 MD5 authentication of the BGP session
 Static configuration of a router ID
 Redistribution of static and connected routes into BGP (not typically recommended; IGP
should be used for local routes)
 Enabled forwarding of BGP communities
Additionally, a router using Cisco IOS XR Software requires a routing policy to send and
receive updates on an external session.

1-56 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Implementation and
Troubleshooting Concerns

 Ensure proper session establishment and capability negotiation

 Ensure the reachability of next-hop addresses
 Ensure the validity of BGP routes
 Secure BGP sessions and route exchange:
– Session authentication
– Filtering of routing updates
– Route-flap dampening
 Optimize the performance of BGP without impacting scalability and
stability:
– Tune timers
– Use Cisco NSF and nonstop routing with Stateful Switchover
(SSO)
– Use Bidirectional Forwarding Detection to improve link failure
detection

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-58

When designing and implementing BGP, it is important to consider the many characteristics
and features of BGP:
 Ensure proper session establishment and capability negotiation.
 Ensure the reachability of next-hop addresses.
 Ensure the validity of BGP routes.
 Secure BGP sessions and route exchange:
— Session authentication using MD5
— Filtering of routing updates using prefix lists, route maps, or routing policies
— Route-flap dampening to improve the stability of BGP
 Optimize the performance of BGP without impacting scalability and stability:
— Tune BGP timers (for example, the scan timer, advertisement interval, keepalives,
and fast external failover)
— Use Cisco NSF and nonstop routing with SSO
— Use Bidirectional Forwarding Detection to improve link failure detection

Summary

 ISPs provide IP connectivity within the Internet:

– To end customers
– To subordinate ISPs
– To upstream ISPs
– To other ISPs through exchange points or direct peerings
 BGP is used to exchange Internet routing information.
 IGPs are used to provide IP connectivity within autonomous
systems.
 OSPF and IS-IS are the most commonly used IGPs.
 The following characteristics are desirable:
– Scalability
– Performance
– High availability
– Security

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v8.0—1-59

1-58 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1) In a service provider environment, which two are the main purposes of BGP and IGP?
(Choose two.) (Source: Overview of Routing Protocols)
A) BGP is used to provide connectivity within an AS.
B) BGP is used to exchange Internet routing information with other ISPs and
those customers that require it.
C) IGP is used to provide reachability for BGP neighbors and BGP next-hop
addresses.
D) IGP is used to exchange external routing information.
Q2) In OSPF, which area type typically carries all the routing information? (Source:
Overview of OSPF)
A) stubby area
B) totally stubby area
C) regular nonbackbone area
D) backbone Area 0
Q3) Which LSA type carries routing information from one area into another area? (Source:
Overview of OSPF)
A) type 3 summary LSA
B) type 5 external LSA
C) type 1 router LSA
D) type 2 network LSA
Q4) Which is the default value of the BGP hold time? (Source: Overview of BGP)
A) 60 seconds
B) 180 seconds
C) 40 seconds
D) 120 seconds
Q5) Which BGP attribute is used to prevent routing loops? (Source: Overview of BGP)
A) origin code
B) local preference
C) AS path
D) next-hop address

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-59
Lesson Self-Check Answer Key
Q1) B, C
Q2) D
Q3) A
Q4) B
Q5) C

1-60 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Lesson 2

Using Routing Protocol Tools

Overview
The lesson focuses on the mechanisms that are available in combination with routing protocols
to filter routing information or to implement desired routing policies using Cisco IOS and Cisco
IOS XR routers. The lesson describes prefix lists, autonomous system (AS) path access lists,
route maps, and the Routing Policy Language (RPL).

Objectives
Upon completing this lesson, you will be able to identify the main characteristics of routing
protocols that are used in service provider environments. This ability includes being able to
meet these objectives:
 Describe the characteristics and requirements for routing policies in service provider
environments
 Describe the characteristics and usage scenarios for prefix lists
 Describe the characteristics and usage scenarios for AS path-based filtering in service
provider environments
 Describe the characteristics and usage scenarios for route maps in service provider
environments
 Describe the characteristics of RPL
Routing Protocol Tools Overview
Objective: describe the characteristics and requirements for routing policies in service provider
environments.

Routing Protocol Tools Overview

Primary objectives: Secondary high-level

 Exchange internal routing objectives:
information  Filter routing updates
 Exchange external routing  Implement routing policy
information (influence route selection)

Exchange external
SP routing information Exchange i nternal
routing informati on
SP

For ward only local

Accept full Internet
routing SP Network and customer routes

Accept only customer Prepend AS numbers to routes

routes Tag different types of
routes tagged by BGP communities

Customer Customer Customer Customer

The figure illustrates various actions that are performed on routing updates in a typical service
provider environment. The actions can be divided into two main categories:
 Exchanging routing information (the primary objective of routing protocols)
 Implementing a routing policy and filtering of routing information
To exchange routing information, a typical service provider uses two routing protocols:
 An interior gateway protocol (IGP) such as Open Shortest Path First (OSPF) or
Intermediate System-to-Intermediate System (IS-IS) to exchange local routing information.
 Border Gateway Protocol (BGP) to exchange external routing information (that is,
customer routing information and complete Internet routing information from other service
providers).
BGP is always combined with advanced filtering and policy mechanisms for security and
performance reasons. This lesson will discuss various mechanisms that can be used for filtering
and routing policy implementation.

1-62 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Typical Filtering Objectives

Filter: Filter based on:

 Incoming updates  Prefix and prefix length
 Outgoing updates (subnet mask)
 Redistributed routes from  Update parameters
other routing protocols (specific to a routing
protocol)

Incoming updates Outgoing updates

Redistributed routes

Routing information can be filtered in the following locations:

 On incoming updates as they are received from a neighboring router
 On outgoing updates before they are sent to a neighboring router
 On redistribution from another routing protocol including static and connected route
redistribution
Filtering itself can be based on the prefix or based on another parameter available in the routing
protocol or source routing protocol (when doing redistribution).

Filter OSPF based on:

 Prefix and prefix length (subnet mask)
 LSA type (internal, external, NSSA-external)
 Route source

Incoming updates Outgoing updates

OSPF update
Prefix: 10.1.1.0/24
Route source: 10.1.1.1
LSA type: Router LSA (type 1)
Redistributed routes

The figure illustrates an OSPF update that carries information that can be used for filtering
purposes:
 Prefix and prefix length
 Route source (that is, advertising router’s IP address)
 OSPF link-state advertisement (LSA) type
Redistributed routes can be filtered on any router that effectively becomes an Autonomous
System Boundary Router (ASBR). In contrast, regular filtering of OSPF updates can only be
performed on Area Border Routers (ABRs) for routes forwarded from one area into another.

1-64 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Typical BGP Filtering
Objectives

Filter BGP based on:

 Prefix and prefix length (subnet mask)
 Next-hop address
 Route source address
 AS path attribute
 BGP community and BGP extended community attributes
 Local preference attribute

NLRI: 10.1.1.0/24
Next-hop: 192.168.1.1
Origin: igp Incoming updates Outgoing updates

Local preference: 100

AS path: 10 20 30
Community:
23456:30
64111:12
64222:33 Redistributed routes

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-6

The figure illustrates a BGP update, which has a much richer metric (that is, collection of BGP
attributes) that can also be used for filtering purposes.
BGP updates can be filtered based on:
 Prefix and prefix length (subnet mask) found in the BGP Network Layer Reachability
Information (NLRI)
 Next-hop address found in the BGP next-hop attribute
 Route source address (that is, the neighbor’s IP address)
 AS path attribute
 BGP community and BGP extended community attributes
 Local preference attribute

Prefix lists:
 Is used for prefix-based filtering or matching of routes
 Can be used to match the prefix, route source, or next-hop address

AS path access lists:

 Is used in BGP for filtering or route matching based on the BGP AS
path attribute

Route maps:
 Is primarily used to implement complex routing policies
 Can also be used as a powerful filtering tool

Routing policy language:

 Replaces route maps in Cisco IOS XR Software
 Is a feature-rich language for complex routing policies

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-7

The following tools are most commonly used to implement filtering and routing policies in
Cisco IOS and Cisco IOS XR Software:
 Prefix lists can be used to implement filtering or matching of routing updates based on IP
addresses or IP network information such as prefixes, next-hop addresses, or neighbors
addresses. Prefix lists are available in Cisco IOS Software. Prefix lists are also available in
Cisco IOS XR Software, with slight differences.
 AS path access lists can be used with BGP to implement filtering or matching of routing
updates based on the contents of the AS path attribute. A regular expression is used to
process the AS path as a string of characters. AS path access lists are only available in
Cisco IOS Software. Cisco IOS XR Software matches AS path attributes directly in routing
policies.
 Route maps are primarily used to implement routing policies that can also modify routing
protocol parameters as well as perform filtering. Route maps are only available in Cisco
IOS Software.
 Routing policies are more powerful and flexible versions of route maps that are available
in Cisco IOS XR Software.

1-66 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Typical Filtering Objectives in OSPF

ASBR:
 Prefix list OSPF Domain
 Filter redistributed routes:
– Static Area 0
– Connected ABR ABR
– Other OSPF processes
– Other protocols Area X Area Y

ABR:
 Filter interarea routes ASBR

EIGRP
 Route map or routing
policy
 Match on route type
 Match on tag

© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1.0—1-8

The figure illustrates a sample OSPF domain using multiple OSPF areas and a connection to an
external Enhanced Interior Gateway Routing Protocol (EIGRP) AS.
ASBRs can filter redistributed routes using route maps or routing policies from any of these:
 Connected routes
 Static routes
 Other OSPF processes
 IS-IS
 EIGRP
 Routing Information Protocol (RIP)

BGP (not recommended)ABRs exchange routing information between OSPF areas within the
same OSPF domain according to OSPF rules. Prefix lists can be used to control the exchange of
routing information between areas.

L1L2 routers:
 Distribute list
 Filter L1-to-L2 routes  Route map or IS-IS Domain
 Enable conditional L2-to- policy
L1 route leaking Level 2
L2L1 L2L1
Redistributing routers:
 Filter routes from other Level 1 Level 1
protocols

EIGRP
 Route map or policy
 Match on tag
 Match on route type
of originating
protocol

© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1.0—1-9

The figure illustrates a sample IS-IS domain using multiple IS-IS levels and a connection to an
external EIGRP AS.
L2L1 routers (like ABRs) perform routing exchange for both IS-IS levels. Prefix lists, route
maps, or routing policies can be used to filter exchange of routing information between IS-IS
levels. Route leaking can also be used to control the distribution of Level 2 routes into Level 1.
Any IS-IS router can perform redistribution from other routing protocols using a route map or
routing policy to control the redistribution of routes.

1-68 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Typical Filtering Objectives in BGP

Typical inbound filtering Typical outbound filtering

requirements: requirements:
 Permit only customer routes  Permit only the default route
 Permit a specific list of routes  Permit the default route and local
from peering ISPs routes
 Permit all routes

BGP Autonomous
 Prefix list System
 Route map or policy

RR RR

 Route map or policy

 AS path access list
 Prefix list
Client

Customer ISP

The figure illustrates a sample BGP AS using BGP route reflectors (to reduce the full-mesh
Internal Border Gateway Protocol [IBGP] requirements) and edge BGP routers to implement
routing for external destinations.
Inbound filtering can depend on the type of neighboring AS:
 Permit only customer routes for end customers
 Permit a specific list of routes from subordinate ISPs or ISPs peering at an exchange point
 Permit the complete Internet routing information from upstream ISPs
Outbound filtering depends on the type of neighboring AS or on the customer requirements:
 Permit only the default route (for example, for single-homed customers that do not require
more specific information; most single-homed customers do not even require a routing
protocol)
 Permit the default route and local routes (for example, for multihomed customers using a
specific ISP as a backup provider but still accessing local destinations directly)
 Permit all routes (for example, for multihomed customers that require complete Internet
routing information)

 Implementation of complex routing policies using BGP

 Complex routing policies mostly implemented using BGP
– Outgoing traffic
– Incoming traffic
 Routing decision influenced
– Locally
– Remotely (such as by a customer or downstream ISP)

Routing policies are most commonly implemented for external routing information using BGP.
A routing policy can address the outgoing path or the return path. Additionally, you can use
BGP to implement a policy locally within your AS or have a neighboring AS influence the
route selection in your AS. For example, you can use AS path prepending or signal a policy
using BGP communities, which are translated to local preference in your AS.

1-70 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Typical Routing Objectives in BGP

Customer selecting Policy implemented by ISP:

primary or backup ISP:  Setting local preference
 AS path prepending by  Translating BGP community to
customer local preference
 BGP Community sent by
customer

BGP Autonomous
 Route Map or Polic y System

RR RR

 Route Map or Policy

Client
 Route Map

Customer
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-12

A routing policy is always implemented using route maps in Cisco IOS Software or routing
policies in Cisco IOS XR Software. You should implement policies that are consistent across
the entire AS (that is, implement policies on edge routers).
The figure lists some commonly implemented policies in service provider environments:
 Customers often use AS path prepending to artificially lengthen the AS path attribute, thus
making it less desirable (that is, to signal that this ISP is the backup ISP).
 Customers can alternatively signal their ISP preference by using some BGP communities
an ISP offers. The ISP will then translate the BGP communities that it receives from the
customers to another BGP attribute. For example, the ISP might use AS path prepending or
local preference to influence the outbound traffic to the customers.
 ISPs can use the BGP local preference attribute to influence route selection internally
within the ISP AS (for example, select preferred upstream ISPs).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-71
Prefix Lists
Describe the characteristics and usage scenarios for prefix lists.

Prefix List Overview

 Designed for route filtering and matching

 Replaces access-lists that were designed for packet filtering
and matching
 Available in Cisco IOS and Cisco IOS XR Software with slight
differences

Prefix lists are designed to simplify the filtering of routing updates. They are available in Cisco
IOS, Cisco IOS XE (for the ASR router family) and Cisco IOS XR Software (with some slight
differences).

1-72 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Prefix Lists Syntax
Cisco IOS Software
Router(config)#
ip pre fix-l ist name [seq num] {deny|permit} net/length [ge len] [le len]

 Each prefix list is identified using a case-sensitive name.

 Each prefix list can have one or more lines.
 Prefix list entries are edited and ordered using line numbers.
 The net/length pair identifies the bits in prefixes to match.
 The ge and le operators identify the length of prefixes to
match:
– le: “less or equal” matches any prefix that is shorter or
equal in length to the specified value
– ge: “greater or equal” matches any prefix that is longer or
equal in length to the specified value
– ge x le x: “equal” (there is no “eq” operator in Cisco IOS
Software)

Each prefix list is identified using a case-sensitive name (like all other named objects in Cisco
IOS and Cisco IOS XR Software). A prefix list can have multiple lines that are ordered using
line numbers.
The network and length pair identifies the bits in prefixes to match. The ge and le operators
identify the length of prefixes to match. A combination of both operators can be used to match
a range of prefix lengths or a specific length—ge x le x ~ “equal” (there is no “eq” operator in
Cisco IOS Software).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-73
Example: Match Any Host Route
Cisco IOS Software
 Host routes are often filtered out to minimize the size of the
routing table.

ip prefix-list Host_Routes deny 0.0.0.0/0 ge 32

Not interested in any bit in the prefix

Prefix must be of length 32 (e.g. host route)

The sample prefix list shows how to match any host route:
 The 0 in the prefix length indicates that you are not interested in any bit in the prefix itself.
 The ge 32 indicates that the length of the prefix (that is, the subnet mask) must be 32 (that
is, 255.255.255.255), thus matching host routes.

1-74 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Match Default Route
Cisco IOS Software
 Single-homed customers running BGP or multi-homed
customers that do not require full Internet routing should
receive only the default route.

ip prefix-list Default_Route permit 0.0.0.0/0

Not interested in any bit in the prefix

Omitted operator implies “eq match-length” (e.g. eq 0 in

this example)

The sample prefix list shows how to match a default route:

 The 0 in the prefix length indicates that you are not interested in any bit in the prefix itself.
 The omitted operator indicates that the prefix length should be the same as the number of
bits in the prefix you are trying to match (that is, 0, which is the length of the subnet mask
in a default route).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-75
Example: Match All Routes
Cisco IOS Software
 There is no keyword any, as used in access lists.
 Use the following prefix list instead to match any route:

ip prefix-list All_Prefixes permit 0.0.0.0/0 le 32

Not interested in any bit in the prefix

Prefix can be of any length from 0 to 32 (that is, any route)

The sample prefix list shows how to match any route:

 The 0 in the prefix length indicates that you are not interested in any bit in the prefix itself.
 The le 32 operator indicates that the prefix can be of any length from 0 to 32, thus matching
any subnet mask.

1-76 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Match All Routes
Cisco IOS Software
 There is no keyword any, as used in access lists.
 Use the following prefix list instead to match any route:

ip prefix-list All_Prefixes permit 0.0.0.0/0 le 32

Not interested in any bit in the prefix

Prefix can be of any length from 0 to 32 (that is, any route)

The sample prefix list shows how to match any prefix:

 The 0 in the prefix length indicates that you are not interested in any bit in the prefix itself.
 The le 32 operator indicates that the prefix length can be anything from 0 to 32, thus
matching any subnet mask from 0.0.0.0 to 255.255.255.255.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-77
Example: Match Core Loopbacks
Cisco IOS Software
 You may want to match host routes (e.g. lookback
addresses).
 Match the address range used for loopback interfaces.
 Match /32 prefix lengths.

ip prefix-list Core_Loopbacks permit 172.16.1.0/24 ge 32

Interested in the first 24 bits of the prefix

Prefix can be of length 32 only (e.g. host route)

The sample prefix lists matches all host routes in a given range of prefixes (for example,
172.16.1.1/32, 172.16.1.2/32, and so on). This type of prefix list is useful for matching
loopback addresses.

1-78 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Match Private Networks
Cisco IOS Software
 Private networks are always filtered out when sending
updates to other autonomous systems.

ip prefix-list Private_Prefixes permit 10.0.0.0/8 le 32

ip prefix-list Private_Prefixes permit 172.16.0.0/12 le 32
ip prefix-list Private_Prefixes permit 192.168.0.0/16 le 32

Interested in the first 16 bits of the prefix

Prefix can be of any length (such as any subnet)

The sample prefix list matches any network or subnet in the RFC 1918 range of IP addresses
(that is, the private address space). These private networks are typically filtered out on routing
exchange between AS.
The le 32 operator is used whenever you are not interested in the size of the prefix (that is, to
match any subnet).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-79
Prefix Lists Syntax
Cisco IOS XR Software
RP/0/RP0/CPU0:CRS(config)#
ipv4 prefix-list name
[seq num] {deny | permit} network/length [ge len] [le len] [eq len]
…
 Cisco IOS XR Software syntax is similar to Cisco IOS Software
syntax, but modular.
 Each prefix list is identified using a case-sensitive name.
 Prefix list entries are edited and ordered using line numbers.
 The network/length pair identifies the bits in prefixes that must
match.
 The ge, le, and eq operators identify the length of prefixes to match:
– le: “less or equal” matches any prefix that is shorter or equal in
length to the specified value
– ge: “greater or equal” matches any prefix that is longer or equal
in length to the specified value
– eq: “equal” matches any prefix of the exact specified length

Prefix list syntax in Cisco IOS XR Software is different from Cisco IOS Software only in that it
also implements the eq operator to match an exact prefix length.

1-80 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Prefix Lists
Cisco IOS XR Software
ipv4 prefix-list Private_Prefixes
deny 10.0.0.0/8 le 32
deny 172.16.0.0/12 le 32
deny 192.168.0.0/16 le 32
permit 0.0.0.0/0 le 32
!
ipv4 prefix-list Core_Loopbacks
permit 172.16.1.0/24 eq 32
!
ipv4 prefix-list Host_Routes
permit 0.0.0.0/0 eq 32
!
ipv4 prefix-list Default_Route
permit 0.0.0.0/0
!
ipv4 prefix-list All_Prefixes
permit 0.0.0.0/0 le 32
!
ipv4 prefix-list Small_Prefixes
permit 0.0.0.0/0 le 24
!

The Cisco IOS XR Software example lists all of the previous examples for Cisco IOS Software.
The matching of core loopbacks was modified to use the eq operator, although it would also
work with the ge operator.
The sample Private_Prefixes prefix list shows how to filter out all RFC 1918 prefixes. These
types of filters are commonly used on incoming and outgoing updates on External Border
Gateway Protocol (EBGP) sessions.
The sample Core_Loopbacks prefix list illustrates how to match host routes that can be used to
match loopback addresses from a given address range.
The sample Host_Routes prefix list illustrates how to match any host route.
The sample Default_Route prefix list illustrates how to only match the default route.
The sample All_Prefixes prefix list shows how to match any (all) prefixes. The prefix list line is
equivalent to the “any” keyword that is used in access lists to match any network.
The sample Small_Prefixes illustrates how to filter out all prefixes that are longer than 24 bits
(filter to small prefixes).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-81
AS Path-Based Filtering
Describe the characteristics and usage scenarios for AS path-based filtering in service provider
environments.

AS Path-Based Filtering Overview

 BGP uses autonomous systems to identify the origin and path of a prefix.
 Each path is identified using a sequence of AS numbers.
 The AS path attribute is used to carry the AS path in BGP updates.
 Each egress BGP router prepends its own AS number to the AS path
attribute.
 AS path access lists are used to match prefixes based on AS path
characteristics.

AS 1
Prefix X; AS path: “1 3 5” Prefix X; AS path: “3 5”

AS 2 AS 3
Prefix X; AS path: “2 1 3 5” Prefix X; AS path: “5”

AS 4 AS 5
X Prefix X; AS path: “”
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-25

The figure illustrates the automatic prepending that is done by all egress routers when sending
updates to neighboring autonomous systems. It shows that the first number in the AS path is
always the number of the neighboring AS from which the update was received. The last
number in the AS path is the number of the originating AS.
An AS path access list can be used to identify various updates based on the characteristics of
their AS path attribute. Regular expressions are used to process AS path attributes.

1-82 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
AS Path Access List Syntax
Cisco IOS Software
Router(config)#
ip as-path access-list acl-number {permit | deny} regexp
 Each AS path access list is identified using a unique number.
 Regular expressions are used to match prefixes based on the
contents of the AS path attribute.
 The AS path is processed as a string of characters.

Prefix X; AS path: “321 11 11 11”

Twice prepended
Prefix X; AS path: “123 321 11 11 11” Prefix X; AS path: “11 11 11”

AS 22 AS 123 AS 321 AS 11

^ 1 2 3
start
3 2 1 1 1 1 1 1 1 $
end
of space space space space of
stri ng string

Each AS path access list is identified using a unique number in the range from 1 to 500.
Regular expressions are used to match prefixes based on the contents of the AS path attribute
that is converted to a string of characters.
The figure illustrates an AS path attribute as seen in AS 22. The AS path is converted to a
string of characters that starts with the character “1” and also ends with the character “1” in this
AS path example. Regular expressions must be written to take into account that you typically
want to identify AS numbers and not individual characters.

Character Description
^ matches the start of an AS path (e.g. “^20_”)
$ matches the end of an AS path (e.g. “^20$”)
matches any delimiter (start, end, or space; e.g.
_
“_20_”)
. matches any single character
* matches the preceding character any number of times
including zero (e.g. “.*” “^20(_20)*$”)
+ matches preceding character one or more times (e.g.
“^[0-9]+$”)
? matches preceding character zero or one time (e.g.
“^20(_20)?$”)

Regular Expression Special Characters

Character Description

^ (caret sign) Matches the start of the AS path string

$ (dollar sign) Matches the end of the AS path string

Matches any delimiter, space and including a space and the start or end
_ (underscore) of the AS path string

. (dot) Matches any single character

* (asterisk) Matches any single preceding character zero or more times

+ (plus) Matches any single preceding character one or more times

? (question mark) Matches any single preceding character once or not at all

1-84 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Regular Expressions: Special
Characters (Cont.)

Character Description
| logical OR operator (e.g. “_100_|_200_”)
groups characters for precedence or to capture
()
matched values into \n (e.g. “_100_(200|300)_”)
matches a single character from the defined range of
[range]
characters (e.g. “[0-9]”, “[13579]”)
matches again what was found within the n-th pair of
\n
parentheses (e.g. “([0-9]+)(_\1)*”)
removes the special meaning of character X (e.g. “$”
\X
or “$”)

Regular Expression Special Characters (Cont.)

Character Description

| (vertical bar) Used to represent a logical OR operator. This character has the lowest
precedence. It means that the regular expression must either match what
is to the left of the sign, to the right of the sign, or both.

() (parentheses) Used to group characters in a regular expression:

■ in order to affect the precedence of operators (for example,
“_20_30_|_40_50_ vs. _20_(30|40)_50_”)
■ in order to affect the grouping of characters for quantifiers “*” and “+”
and “?,” which normally only apply special meaning to a single
preceding character (for example, “(_20)*”)
■ to store the matched character in a temporary variable that can later
be referenced using the \n expression

[] (square brackets) Used to match a single character from a defined range of characters.

\ (backslash sign) Used followed by a number n to match once more what was matched
within the n-th parentheses in the same expression. The backslash
character can also be used followed by a character to remove the special
meaning from the character.

Regular
Description
Expression
^$ matches locally originated prefixes
^number$ matches prefixes originating in the specified
neighboring AS
_number$ matches prefixes originating in the specified AS
^number_ matches prefixes learned through the specified
neighboring AS
^([0-9]+) matches prefixes originating in any neighboring
(_\1)*$ AS and allowing prepending
.* matches all prefixes (i.e. “any”)
matches nonlocal prefixes (that is, all except an
.
empty AS path)

Commonly Used Regular Expression

Regular Expression Description

^$ Matches all local routes (local routes have an empty AS path attribute).

^10$ Matches any route originating in a neighboring AS 10.

_20$ Matches any route originating in AS 20.

^10_ Matches any route that is received from a neighboring AS 10.

([0-9]+)(_\1)* Matches any AS number, which can optionally repeat any number of times
(that is, prepending). The \1 references whatever is matched in the first
pair of parentheses.

.* Matches any character any number of times. This regular expression is

used to match any prefix.

. Matches any single character.

_20_ Matches any route originating or passing through AS 20.

[0-9]+ Matches any AS number from 0 to 65335 (maximum range in BGP).

[13579]$ Matches routes originating in odd-numbered AS.

[02468]$ Matches routes originating in even-numbered AS.

1-86 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Permit All Routes
Cisco IOS Software
 There is no keyword “any,”
as used in access lists. A

 Use this regular AS 1

expression instead to
match any route.
B C
AS 2 AS 3
 Example:
– The filter matches any
prefix from any
neighbor. A, B, C, E  AS 2 AS 4 D AS 5
E

A, B, C, E  AS 5

ip as-path access-list permit .*

Matches any character (.) any number of times (*)

The sample regular expression ip as-path access-list permit .* matches any character any
number of times. This AS path access list entry is used to permit any route (that is, the
equivalent of the “any” keyword in access lists).
The figure illustrates five autonomous systems, each represented by one prefix that it
advertises. AS 1, for example, advertises the prefix “A,” which can be learned by AS 4 from
AS 2, AS 5, or both.
If you apply the example filter in AS 4 to incoming updates from AS 2 or AS 5, you will accept
all routes.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-87
Example: Permit Local Routes
Cisco IOS Software
 Locally originated routes have an
empty AS path attribute. A

 Customers typically use this AS 1

outbound filter to only announce
their prefixes to their ISPs. B C
AS 2 AS 3
 Example: D  AS 4

– AS 4 only sends its own

prefixes. A, B, C, E  AS 2 D D  AS 4
E
AS 4 AS 5
A, B, C, E  AS 5 (multihomed customer)

ip as-path access-list permit ^$

Matches an empty AS path attribute (i.e. no character from start

to end)
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-31

The sample regular expression ip as-path access-list permit ^$ matches any route that has an
empty AS path attribute (that is, no character from start to end). Only locally originated routes
have an empty AS path attribute, hence this regular expression is used when matching local
routes.
Multihomed customers use this type of filter to only send their address space to their service
providers to prevent them from becoming transit autonomous systems. In the figure, AS 4 only
advertises its own prefix (“D”) to its providers. Other prefixes that are received from one
provider are not forwarded to the other provider.

1-88 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Permit Routes From a
Neighbor
Cisco IOS Software
A
 The first number in the AS path AS 1
is the last prepended number.
 A directly connected B C
neighboring AS is always AS 2 AS 3
found as the first number in the
AS path.
E
 This is typically used AS 4 D
AS 5
for routing policies. A, B, C, E  AS 5
 Example:
– AS 4 matches any prefix
from neighboring AS 5.
ip as-path access-list permit ^5_

Matches routes coming from a specific neighbor

The sample regular expression ip as-path access-list permit ^5_ matches any route that is
received from neighboring AS 5—the first number in the AS path. All prefixes that are
received from AS 5 are accepted. If the same filter is applied to incoming updates from AS 2,
the prefixes will be denied.
This type of filter is typically used when creating routing policies (for example, assigning
different local preference values).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-89
Example: Permit Routes Originating in
a Specific AS
Cisco IOS Software
 The last number in the AS A

path is the first prepended AS 1

number.
 The originating AS is always B C
found as the last number in AS 2 AS 3
the AS path.
 Typically used for routing
policies. A  AS 5 D
E
AS 4 AS 5
 Example: A  AS 2

– AS 4 matches prefixes
originating in AS 1 from any
neighboring AS.

ip as-path access-list permit _1$

Matches routes coming from a specific neighbor

The sample regular expression ip as-path access-list permit _1$ matches any route that is
originated in AS 1—the last number in the AS path. If this filter is applied to incoming updates
from AS 2 or AS 5, it will permit the prefix “A” originating in AS 1. This type of filter is
commonly used to implement routing policies in which you can assign preference for certain
prefixes coming from a preferred ISP.

1-90 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Permit Neighbors’ Local
Routes
Cisco IOS Software
 A single AS number in an AS path
denotes prefixes originating in a A
neighboring autonomous system. AS 1

B C
AS 2 AS 3

E
AS 4 D AS 5
E  AS 5

ip as-path access-list permit ^5$

Matches a single AS number in the AS path (i.e. a prefix

originating in a neighboring AS)
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-34

The sample regular expression ip as-path access-list permit ^5$ matches any route that is
originated in neighboring AS 5—the first number in the AS path. In the example, AS 4 only
accepts the prefix “E” from AS 5, because other prefixes originate in other autonomous
systems.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-91
Example: Allow AS Path Prepending
Cisco IOS Software A
 A customer can AS 1
signal a backup link Prefix X; AS path: “2 5” Prefi x X; AS path: “1 2 5”
using AS path
prepending.
AS 2 AS 3
 Alternatively, a (prima ry I SP) (b ackup ISP)

specific per- Pr efix X; AS path: “5” Prefix X; AS path: “5 5 5 5”

neighbor regular
expression can be AS 4
(m ult ihom ed customer)
used (e.g. X Prefix X; AS path: “”
“(5)(_5)*”).

ip as-path access-list permit ^([0-9]+)(_\1)*$

Matches any single AS number

Matches any repeating of the AS number

The figure illustrates the generic filter ip as-path access-list permit ^([0-9]+)(_\1)*$. This
filter can be used on any neighboring AS where you wish to accept the neighbor’s local
prefixes while still allowing the neighbor to perform AS path prepending.
Enclosed within the first parentheses is a range of digits that can appear multiple times. In
BGP, this filter effectively matches any number from 0 to 65535. Enclosed within the second
pair of parentheses you reference whatever was matched in the first parentheses and allow that
number to repeat zero or more times.
AS 3 can reach prefix X via AS 1 or via AS 5 directly. However, since AS 4 is using AS path
prepending for its updates to AS 3, AS 3 will prefer the seemingly shorter AS path, which is
through AS 1 to reach prefix X.

1-92 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Route Maps
Describe the characteristics and usage scenarios for route maps in service provider
environments.

Route Maps Overview

 Simple language to support complex routing policies in

addition to filtering.
 A route map is uniquely identified by a case-sensitive name.
 Each route map consists of one or more statements.
 Each statement contains zero or more match commands.
 Each statement contains zero or more set commands used
to modify routing updates.
 Route maps are only available in Cisco IOS Software (Cisco
IOS XR Software uses Routing Policy Language).

Route maps are a simple language to support complex routing policies in addition to filtering.
Each route maps is uniquely identified by a case-sensitive name and consists of one or more
statements. Each statement contains zero or more match and set commands. The match
command is used to identify which routes should be processed in a given statement. The set
command specifies which parameters should be modified or added in a routing update.
Route maps are not available in Cisco IOS XR Software. Instead Cisco IOS XR Software uses
RPL.

St atement 10

Update Match? yes Permit Yes Set No Send Update

No Yes
no Drop Set

St atement 20

yes Permit Yes Set No Send

Match?

No Yes
no Drop Set

St atement N

yes Permit Yes Set No Send

Match?

No Yes
no Implicit drop Drop Set

The diagram illustrates the components and processing of a route map:

 A route is processed by route-map statements in the order that is defined by sequence
numbers.
 If a route matches the match conditions, it is processed by that statement.
 If the statement uses the “deny” options, the route is immediately dropped.
 If a route has one or more set commands, the set commands are processed, resulting in
modified or added parameters and attributes.

1-94 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Route Maps Syntax
Cisco IOS Software
Additional route-map options:
 The continue command can be used to jump to another
statement instead of exiting.
 Policy lists can be used to modularize and group match
statements.

In addition to the components shown in the previous diagram, route maps also have the
continue command. This command allows processing to continue in another statement (that is,
jump to the next or specified route-map command).
Complex match options can be grouped in policy lists and then reused in various route maps for
more modularity and reusability.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-95
Route Maps Syntax
Cisco IOS Software (Cont.)
Router(config)#
ro ute- map m ap-tag [permit | de ny] [sequence- numbe r]
m atch cond ition
m atch cond ition
s et p arame ter value
s et p arame ter value

 Each route map is identified using a case-sensitive name.

 Each route map can have one or more ordered statements identified
using the sequence number.
 Each route-map statement can filter updates using permit or deny
options.
 Each statement processes updates matched by the match
command.
 Each statement can modify or set parameters in an update.
 Match conditions of the same type are evaluated using a logical OR
operator.
 Match conditions of different types are evaluated using a logical
AND operator.
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-40

A route-map statement processes routes that match a match condition. For example, any prefix
that is permitted by a prefix list will be matched; any prefix denied by a prefix list will not be
processed by the statement and will instead be evaluated by the next route-map statement. If a
route matches, the route-map statement can then permit or deny it.
If there are multiple match conditions, they are evaluated using the following rules:
 Match conditions of the same type are evaluated using the logical OR operator (that is, the
prefix must match at least one condition).
 Match conditions of different types are evaluated using the logical AND operator (that is,
the prefix must match all conditions).
Routes that are matched and permitted by a statement can be modified using set commands.

1-96 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Route Maps
Cisco IOS Software
 Preferred paths for specific route -map Pol icy1 permit 10
prefixes matc h ip add ress prefix-lis t PL1
set loca l-pr efere nce 200
!
 Backup paths for specific route -map Pol icy1 permit 20
prefixes matc h ip add ress prefix-lis t PL2
set loca l-pr efere nce 50
!
 Preferred paths for prefixes route -map Pol icy1 permit 30
based on AS path matc h as -pat h APA CL1
set loca l-pr efere nce 200
!
 Backup paths for prefixes route -map Pol icy1 permit 40
based on AS path matc h as -pat h APA CL2
set loca l-pr efere nce 50
!
 Explicit permit at the end route -map Pol icy1 permit 100 0

This sample route-map configuration consists of five route-map statements. The first two
process routes that are matched by a prefix list based on the prefix and set appropriate BGP
local preference attributes. The next two statements match routes using AS path access lists and
also set appropriate BGP local preference values. All routes that do not match are passed
unchanged by explicitly permitting them at the end.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-97
Example: Route Maps
Cisco IOS Software (Cont.)
 The first route-map statement processes routes matched by
prefix list PL1 or PL2 and AS path access list APACL1
 These routes are assigned a local preference of 100 and
Multi-Exit Discriminator (MED) of 1000
 All other routes are passed unchanged

rout e-map Policy1 permit 10

mat ch ip address prefix-lis t PL1 PL2
mat ch as -path APA CL1
set local-prefere nce 200
set metric 1000
!
rout e-map Policy1 permit 100 0

This sample configuration illustrates the logical processing of multiple match conditions. The
first condition uses two prefix lists, of which a route must match at least one (logical OR). In
order for this statement to process a route, the route must also match the second match
command, which uses an AS path access list (logical AND).
A single match statement may contain multiple conditions of the same type (prefix lists PL1
and PL2, in the previous example). At least one condition in the match statement must be true
for that match statement to be considered a match (logical OR).
A route-map statement may also contain multiple match statements of different types (prefix
lists and AS path access lists in the previous example). All match statements must be true for
the route-map statement to be considered a match (logical AND).
The previous example can be illustrated as “(PL1 OR PL2) AND APACL1.”

1-98 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Routing Policy Language
Describe the characteristics of RPL.

Routing Policy Language

 Routing Policy Language (RPL) replaces route maps in Cisco

IOS XR Software.
 RPL is a simple, yet powerful, language designed to process
routing updates.
 RPL addresses the deficiencies of route maps in Cisco IOS
Software:
– Better modularity
– Better reusability
– Parameterization
– Nesting of policies and conditions
– Powerful match options
– Reusable value sets

RPL is a newer mechanism that was introduced into Cisco IOS XR Software as a replacement
for and improvement upon the route maps that are used in Cisco IOS Software.
RPL offers a more powerful set of tools to process routes:
 Modularity by allowing policies to reference other objects such as prefix list, value sets,
and other policies (that is, nesting of policies)
 Parameterization for optimization and better reusability of policies

 Each routing policy is identified by a case-sensitive name.

 The entire policy is defined between the route-policy and
end-policy commands.
 The main RPL functions are as follows:
– Filtering of updates (pass and drop commands)
– Modification of attributes (set commands)

Implicitly permit all routes by

Permit all routes setting at least one attribute

route-policy PermitAll route-policy LP100

pass set local-preference 100
end-policy end-policy

Like route maps or many other objects, routing policies are identified using case-sensitive
names. Each routing policy is a single object (no sequence numbers, multiple lines, or
statements).
Like route maps, routing policies are also filtering tools that allow you to permit or deny
routing updates. The explicit commands to permit or deny are pass and drop, respectively.
Like route maps, routing policies can also modify or add parameters or attributes using the set
command. A single set command also implicitly includes the pass command.

1-100 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: RPL Overview
EBGP
 Note: Cisco IOS XR Software does not automatically send
BGP updates to external peers.
 A routing policy is required to forward updates.
Permit all routes to
EBGP peers

route-policy PermitAll
pass
end-policy
!
router bgp 1
neighbor 1.2.3.4
remote-as 64111
address-family ipv4 unicast
route-policy PermitAll out
!
!
!
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-46

The sample configuration shows how to enable the forwarding of routing updates to an external
BGP neighbor. In Cisco IOS XR Software, updates are not forwarded to an external neighbor
unless an outbound policy is attached to the neighbor.
The sample configuration uses a simple policy to permit all routes.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-101
RPL Syntax
Pass and Drop
 Using explicit pass command route-policy DropOrPass1
Drop!
continues the processing of end-policy

route policy route-policy DropOrPass2

 Using explicit drop command pass

end-policy
Pass!
stops processing of route policy
 Default action: drop
route-policy DropOrPass3
drop
Drop!
 If any modification is applied to a end-policy

route (such as set): implicit pass route-policy DropOrPass4

set med 100
end-policy
Pass!

route-policy DropOrPass5
pass
drop
Drop!
pass
end-policy

The sample configurations illustrate the routing policy rules:

 An empty policy implicitly denies all routes.
 An explicit pass without any conditions will forward all routes without any modifications.
 An explicit drop command will do the same thing as an implicit drop (deny all routes).
 A set command will modify the attribute accordingly and forward all routes.
 An explicit drop command will stop the processing of a policy and deny a route.

1-102 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Conditions
 RPL uses various match options for route-policy SetLP
conditional update processing if med eq 10 then
 Condition syntax: set local-preference 200
if attribute operator value then elseif med eq 20 then
set local-preference 150
… do something …
else
elseif attr operator value then set local-preference 50
… do something else … endif
else end-policy

… do something else …
endif

RPL uses conditional statement syntax that is found in many programming languages:
if condition then operation1 else operation2 endif
if condition1 then operation1 elseif condition2 then operation2 else operation3 endif
The sample configuration illustrates how the multi-exit discriminator (MED) attribute can be
used to influence a routing policy by setting a more powerful local preference attribute.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-103
RPL Syntax
Operators
 Comparing attributes against values supports the following
operators:
– eq: attribute numerically equal to specified value
– le: attribute numerically less than or equal to the specified value
– ge: attribute numerically greater than or equal to the specified
value
– is: attribute equal to a specified value
– in: attribute contained in a value set
route-policy SetLP
– Many other attribute-specific if med le 19 then
options set local-preference 200
Simple elseif med eq 20 then
conditions set local-preference 150
elseif med ge 21 then
set local-preference 50
endif
end-policy

RPL conditions can use various operators:

 eq: attribute numerically equal to specified value
 le: attribute numerically less than or equal to the specified value
 ge: attribute numerically greater than or equal to the specified value
 is: attribute equal to a specified value (used for non-numerical values)
 in: attribute contained in a value set
 Many attribute-specific conditions (for example, AS path matching)

1-104 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Boolean Operators
 Multiple match options can be combined using Boolean operators:
– and: both conditions must match
– or: at least one condition must match
– not: negate the following condition

Using composite
conditions

route-policy SetLP
if med eq 10 and not local-preference eq 100 then
set local-preference 200
elseif med eq 20 or local-preference eq 200 then
set local-preference 150
else
set local-preference 150
endif
end-policy

Boolean operators can be used to create complex compound conditions:

 Use the “and” operator if two or more conditions must match.
 Use the “or” operator if at least one of two or more conditions must match.
 Use the “not” operator to negate a condition.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-105
RPL Syntax
Boolean Operator Precedence
 Multiple match options can be combined using Boolean
operators:
– not: highest precedence
– and: higher precedence than “or,” lower than “not”
– or: lowest precedence
 Influence precedence by grouping using parentheses

if med eq 10 and not local-preference eq 100 or med eq 50 then

vs.
if med eq 10 and (not local-preference eq 100 or med eq 50) then
vs.
if med eq 10 and not (local-preference eq 100 or med eq 50) then

Use parentheses to influence the precedence of operators and achieve the desired result. The
operators have the following precedence:
1. “not” is always evaluated first
2. “and” is evaluated second
3. “or” is evaluated last
The first example does not use parentheses. It can be written with parentheses to ensure the
proper understanding of the condition:
if ((med eq 10) and (not (local-preference eq 100))) or (med eq 50) then
The second and third examples will result in different conditions.

1-106 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Nesting
 Two types of nesting are supported:
– If statement within another if statement
– Routing policy within another routing policy
 Multiple levels of nesting are supported
Nested if statements Nested policies

route-policy SetC route-policy SetC

if med eq 10 then if local-preference eq 100 then
if local-preference eq 100 then set community (1:10) additive
set community (1:10) additive endif
endif end-policy
endif
end-policy route-policy MatchMED
if med eq 10 then
apply SetC
endif
end-policy

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-52

Large and complex routing policies should preferably be optimized by using modularization as
much as possible. The left example shows a nested if statement and the right example shows a
nested route-policy. The SetC policy in the right example can be reused in multiple policies to
conditionally assign a BGP community. The apply command is used within a route-policy to
call another route-policy.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-107
RPL Syntax
Setting Attributes and Parameters
 Use the set command to assign values to attributes and
parameters
 Note: All set commands are processed when the processing
of the entire policy is completed (i.e. matching a previously
set attribute is not possible).

route-policy SetLP MED= 10 LP=100 Original update

if med eq 10 then 1 Match
set local-preference 200
endif
if local-preference eq 100 then 2 Match
set weight 100
endif 3 Set
if local-preference eq 200 then No match!
4 MED= 10 LP=200
set weight 200 Modified update
endif
end-policy

The figure illustrates a policy with multiple conditions and modifications based on the same
parameter (BGP local preference). It is important to remember that modifications to an attribute
are only executed when processing of the policy is completed, so conditions cannot be used
based on previously modified values.

1-108 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Setting Attributes and Parameters (Cont.)
 Note: Last set wins when multiple set commands are
evaluated for a unique parameter.

MED= 10 LP=100 Original update

route-policy SetLP
set local-preference 100
set local-preference 200
set local-preference 300
end-policy

MED= 10 LP=300 Modified update

If multiple set commands are processed for the same attribute, the last one will be used when
the processing of the policy is completed.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-109
RPL Syntax
Setting Attributes and Parameters (Cont.)
 Note: All set commands are evaluated in the same order for
non-unique attributes and operations.

Original update Original update

AS Path: 10 20 30 Community: 1:10, 1:20

route-policy Prepend route-policy SetComm

prepend as-path 40 2 set community (1:100) additive
prepend as-path 50 2 set community (1:200) additive
end-policy end-policy

AS Path: 50 50 40 40 10 20 30 Community: 1:10, 1:20, 1:100, 1:200

Modified update Modified update

If a set command is processing an attribute that is a set of values, it may happen that all set
commands will take effect.
The left example shows how the first prepend command modifies the AS path attribute by
prepending 40 twice. The second prepend command then additionally prepends 50 twice.
The right example shows how two set commands add two values to a set of BGP Community
attributes.

1-110 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Setting BGP Attributes and Parameters
 Standard BGP community attribute:
set community (value1 [value2 …]) [additive]
 Extended BGP community attribute:
set extcommunity (value1 [value2 …]) [additive]

 BGP dampening parameters:

set dampening [halflife value] [max-suppres value]
[reuse value] [suppress value]

 Local preference attribute:

set local-preference value

 Multi-exit discriminator (MED) attribute:

set med {[+|-]value | igp-cost | max-reachable}

Setting standard and extended BGP community attributes:

 One or more values can be assigned to the BGP community attribute.
 If the additive keyword is used, the new communities will be added to the existing BGP
communities.
 Omitting the additive keyword will cause existing BGP communities to be overwritten.
BGP Route Flap Dampening can be enabled and tuned using the set dampening command,
where the dampening parameters can be specified to determine the aggressiveness of the
dampening mechanism.
BGP local preference can be set on incoming updates or upon redistribution. The default BGP
local preference is 100 and is set on all updates coming from external peers or being
redistributed.
The BGP MED attribute can be set to a specific value or modified using the “+” or “-“ options.
The MED can also be set to the underlying IGP cost or a maximum value.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-111
Example: Setting BGP Attributes and
Parameters
Route Flap Dampening

2000 Suppress Limit

1000

750 Reuse Limit

Forget Limit

t
Halve
Time

dampened

flap flap flap

BGP Route Flap Dampening is a feature that is designed to make BGP more stable and
consequently scale better by “punishing” routes that flap (disappear and reappear) more often.
The default behavior of dampening results in stopping propagation of routes that consecutively
flap three or more times in a short period, for a certain period.
The default behavior can be summarized:
 Each flap is penalized by adding 1000 penalty points to the penalty.
 If the cumulative penalty exceeds the suppress limit (2000 points by default), the route is
dampened. In other words, it is stored in the BGP table, but is not evaluated in the best-path
selection. Consequently, it is not installed into the routing table or forwarded to any
neighbor. Routers remember the penalty when the route is not reachable by storing it as a
“history” entry.
 The penalty is gradually decreased. The penalty reduction is determined by the halve time,
which is 15 minutes by default.
 When a penalty drops below the reuse limit (750 by default) or when the route has been
dampened for more than the maximum suppress time (one hour by default), the route
becomes valid again.
 When the penalty drops below one-half the reuse limit, all flap history and penalty are
forgotten.

1-112 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Setting BGP Attributes and
Parameters
Conditional BGP Dampening

Conditional BGP dampening for which smaller prefixes are

more aggressively punished then larger prefixes

router bgp 1
address-family ipv4 unicast
bgp dampening route-policy BDamp
!
!
route-policy BDamp
if destination in (0.0.0.0/0 ge 25) then
set dampening max-suppress 30 halflife 10 reuse 750 suppress 1000
elseif destination in (0.0.0.0/0 ge 21) then
set dampening max-suppress 15 halflife 7 reuse 750 suppress 2000
elseif destination in (0.0.0.0/0 ge 17) then
set dampening max-suppress 10 halflife 5 reuse 750 suppress 3000
else
set dampening max-suppress 5 halflife 3 reuse 750 suppress 4000
endif
end-policy

The sample configuration illustrates how graded BGP Route Flap Dampening is configured:
 Small prefixes (/25 to /32) are assumed to be more likely to flap and are hence more
aggressively punished if they flap several times.
 Larger prefixes (/21 to /24) are assumed to be slightly more stable and are less aggressively
punished (allow more flaps before suppression and become unsuppressed faster when they
stabilize).
 Large prefixes (/17 to /20) are even less aggressively punished in case they flap.
 The largest prefixes (/0 to /16) are assumed to be the most stable (large summaries
belonging to service providers). They are suppressed after more than four consecutive flaps
and are unsuppressed within 10 minutes after stabilizing.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-113
RPL Syntax
Other BGP Actions
 Delete standard BGP community attributes:
delete community {all | [not] in community-set}
 Delete standard BGP community attributes:
delete extcommunity rt {all | [not] in extcomm-set}
 Prepend an AS path:
prepend as-path {AS | most-recent} [count]
 Replace a sequence of AS numbers with the local AS number:
replace as-path {private-as | ‘AS1 AS2 …’}
 Suppress route if aggregated:
suppress-route
 Unsuppress route if aggregated:
unsuppress-route

The delete command can be used in combination with standard and extended BGP
Communities to delete some or all of the BGP Community attributes.
The prepend as-path command can be used to prepend an arbitrary number to the AS path a
number of times.
The replace as-path command can be used to replace all occurrences of private AS numbers
with the local AS number or to arbitrarily replace specified AS numbers with the local AS
number.
Policies can be used in combination with summarization (aggregation) in order to set various
parameters to the summary but also to specify which individual routes are suppressed or
unsuppressed.

1-114 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Setting OSPF and IS-IS Parameters
 OSPF metric type:
set metric-type {type-1 | type-2]

 OSPF metric:
set ospf-metric value

 IS-IS metric type:

set metric-type {external | internal}

 IS-IS metric type:

set isis-metric value

 IS-IS level for redistributed routes:

set level {level-1 | level-2 | level-1-2}

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-60

Routing policies can also be used in combination with OSPF and IS-IS to modify the routing
information.

RPL Syntax
Parameterization
RPL supports two types of parameters:
 Global parameters:
– Defined globally using the policy-global command
– Available for use in all routing policies
 Parameters passed to a nested routing policy:
– Defined when creating a routing policy
– Available in match and set statements within a policy or
when calling another nested routing policy.

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-61

In order to make policies modular and reusable, parameters can be used instead of fixed values
when calling nested policies.
A policy can reference global parameters or parameters that are passed to it from a calling
policy.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-115
RPL Syntax
Global Parameters
 Parameters are defined using the policy-global
command and separated by commas
 Values are defined within single quotes
 Parameters are referenced by prepending the $ sign to the
name of the parameter

Defining global variables Using global variables

policy-global route-policy SetMED

# Global variables if as-path originates-from '$AS' then
AS '65001', set med $DefMED
Lo0 '10.1.2.3', endif
EBGP1 '192.168.1.1', end-policy
EBGP2 '192.168.2.1',
DefWeight '0',
DefLP '100',
DefMED '0'
end-global

© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-62

The left example illustrates the usage of the policy-global commands, for which all the global
variables should be defined. These variables can then be referenced by any routing policy.
The right example illustrates a routing policy referencing two global variables.

1-116 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
RPL Syntax
Passed Parameters
 Declare parameters when creating a routing policy
 Nesting policies with parameters allows for greater
modularization and optimization of policies

Policy us ing passed Using a nested policy and

parameters passing parameters to it

route-policy SetMED($med, $as) route-policy ProcessUpdates

if as-path originates-from '$as' then if as-path neighbor-is '100' then
set med $med apply SetMED(50,100)
else elseif as-path neighbor-is '200' then
set med max-reachable apply SetMED(150,200)
endif endif
end-policy end-policy
! !

The sample configuration illustrates a modular approach to creating routing policies. The policy
on the right calls the policy on the left. The left policy applies a MED value based on the AS
from which the route originates. Note that matching based on the AS path is always done using
regular expressions, which must be enclosed within single quotes.
The left routing policy is defined with two variables: “$med” and “$as.” When calling this
policy from within another policy using the apply command, you should supply two
parameters.

 Design a routing policy

 Configure the policy
 Test the policy by using show commands
 Apply the policy, if correct
 Routing policies can be used in many places (attach points):
– Routing updates (e.g. BGP, OSPF, EIGRP, IS-IS, RIP)
– Route origination (e.g. redistribution, network commands)
– Route insertion into routing table
– In show commands to filter output

When building a routing policy, you should clearly define the requirements for the route-policy.
Often a route-policy will be derived from existing routers that use Cisco IOS Software. In this
case the route-policy requires a route map to be “translated” to RPL. You should review the
route-policy and optimize it to simplify maintenance of it.

1-118 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Applying Routing Policies
Attach Points
OSPF Database BGP Table
redistribution
default orig. network
area in neighbor in & out
aggregation
area out default orig.
show bgp
dampening
IS-IS Database
retain RT clear dampening
default orig.
import filter allocate label debug update
EXEC
EIGRP Database
Export tagging table-policy
default in/out table-policy

filter in/out
VRF IPv4 IPv6
filter intf. in/out
routing table routing table
RIP Database
default orig.
filter in/out Static routes

filter intf. in/out Connected routes

The figure illustrates the many attach points for routing policies:
 Redistribution between any pair of routing protocols
 Received or sent updates depending on the limitations of routing protocols (for example,
ABRs in OSPF)
 Origination of routes in BGP by using network statements or summarization
 Injection of routes into the routing table from BGP
 show commands in BGP to filter the output or test the effect of the routing policy

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-119
Applying Routing Policies
Validity Checking
RPL validity checking is done in two phases:
 Syntax checking and value checking are performed during
policy configuration.
RP/0/RP1/CPU0:CRS(config-rpl)#set med 289314790283408912634789
^
% Invalid input detected at '^' marker.

 The applicability of a policy for a given attach point is

checked during configuration commitment.
RP/0/RP1/CPU0:CRS(config-bgp-af)#commit
% Failed to commit one or more configuration items during an atomic operation, no
changes have been made. Please use 'show configuration failed' to view the errors
RP/0/RP1/CPU0:CRS(config)# show config failed
!! CONFIGURATION FAILED DUE TO SEMANTIC ERRORS
router bgp 1
address-family ipv4 unicast
redistribute connected route-policy t9
!!% Could not find entry in list: Policy [t9] uses the 'ospf-metric' attribute.
There is no 'ospf-metric' attribute at the BGP redistribution-dflt attach point.

Cisco IOS XR Software performs validity checks in two phases:

 Basic syntax and value checking are performed when a command is entered. The first
example illustrates the configuration of MED with a value that is out of range. The syntax
checking will reject this command immediately.
 The applicability of a routing policy is verified for a given attach point when the
configuration is committed. The second example illustrates that the configuration of a route
policy was successful, and the policy was successfully applied to redistribution into BGP.
However, when you try to commit the configuration, the router will reject the configuration
because you tried to set OSPF parameters inside BGP.

1-120 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Maintaining Routing Policies

 Trying to edit an existing routing policy using the configuration mode

CLI will result in the policy being rewritten.
RP/0/RP1/CPU0:CRS(config)#route-policy R1
% WARNING: Policy object 'route-policy R1' exists! Reconfiguring it via CLI will
replace current definition. Use 'abort' to cancel.
RP/0/RP1/CPU0:CRS(config-rpl)# abort

 Use the EXEC-mode editor instead.

 Three editors are available:
– GNU Nano
– Emacs
– VIM
 After modifying the policy:
– Save the changes
– Exit the editor
– Commit the changes
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-67

To edit a routing policy, you must use one of three available editors. Using the configuration
mode approach will result in the policy being rewritten.
Cisco IOS XR Software comes with three types of editors that are accessible through EXEC
mode:
 GNU Nano (the default editor since Cisco IOS XR Release 3.6)
 Micro Emacs
 VIM
Upon exiting from the editor, you will be prompted to save and commit the changes.
The example shows the warning that is displayed if you try to go into policy configuration
mode for an already configured policy. Doing so will result in the entire policy being
overwritten by the new configuration.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-121
Maintaining Routing Policies
Using an Editor
 An editor can be used for routing policies and sets:
RP/0/RP1/CPU0:CRS#edit ?
as-path-set edit an as-path-set
community-set edit a community-set
extcommunity-set edit an extended-community-set
policy-global edit policy-global definitions
prefix-set edit a prefix-set
rd-set edit a rd-set
route-policy edit a route-policy

 Invoke the desired editor:

RP/0/RP1/CPU0:CRS#edit route-policy RP1 ?
emacs to use Micro Emacs editor
inline to use command line
nano to use nano editor
vim to use Vim editor
<cr>

Use the edit command in EXEC mode to start editing a configuration object. Select the
preferred editor.
The built-in editors are available for route policies and other objects that are covered later in
this lesson, such as various sets that are used in combination with route policies.
The following list contains some of the most commonly used commands within the Emacs
editor:
 Ctrl-F – move cursor forward (right)
 Ctrl-B – move cursor backward (left)
 Ctrl-N – move cursor to next line (down)
 Ctrl-P – move cursor to previous line (up)
 Ctrl-E – move to the end of the line
 Ctrl-A – move to the start of line
 Backspace – delete character to the left of the cursor
 Ctrl-D – delete character to the right of the cursor
 Ctrl-X followed by Ctrl-S – save changes
 Ctrl-X followed by Ctrl-C – exit and commit saved changes

The following list contains some of the most commonly used commands within the VIM editor:
 ,,, – move cursor left, down, up, right
 h,j,k,l – move cursor left, down, up, right
 i – start editing at the cursor position
 a – start editing after the cursor position

1-122 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
 Esc – stop editing (return to command mode)
 x – delete character at cursor position
 dd – delete line
 u – undo single action
 Esc followed by :w – save changes
 Esc followed by :q – exit and commit saved changes
After exiting the editor, you will be asked to save and commit the changes:
Proceed with commit (yes/no/cancel)? [cancel]: yes
Refer to the Cisco IOS XR Software command reference for a detailed list of all commands and
options for all the available editors.

RPL can match attributes against a set of multiple values:

 Inline sets using parentheses for one-time use
 Named value sets for reusability

Value sets:
 AS path in AS path set
 Standard community in community set
 Extended community in extcommunity set
 Prefix in prefix set Named value set
 Route distinguisher in route distinguisher set
xy- set set-name
Inline value set va lue1,
va lue2
rou te-p olicy RP end -set
i f at tribute in (va lue1, value2, … ) !
the n rou te-policy RP
set local-pre fere nce 2 00 i f attr in set- name then
e ndif set local-pre feren ce 200
end -pol icy e ndif
end -policy
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-69

A value set is another object that is used to modularize routing policies. Various types of sets
exist for different types of parameters and attributes.
Each set can contain multiple values. The in operator can be used for the existence of a value in
the set.
The example on the left illustrates a generic condition in which an inline value set is used. The
example on the right references a preconfigured value set.

1-124 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Value Sets
AS Path Set
 Define an AS-path set using the as-path-set command.
 Use one or more comma-separated ios-regex commands to
define regular expression that define set membership.
 Use the in operator in a routing policy to test for membership
of an AS path in an AS path set.

Use an AS Path set in

a policy to match
Match prefixes originating in prefixes based on AS
defined autonomous systems path attribute

as- path-set Prefe rred Originators route-polic y RP

io s-regex ’_10$’ , if as-pat h in Pref erredOrigi nators then
io s-regex ’_20$’ set loc al-prefer ence 200
io s-regex ’_30$’ endif
io s-regex ’_40$’ end-policy
end -set

An AS path set can contain one or more regular expressions. A condition can be used to check
for an AS path attribute against the set of regular expressions.
The sample configuration uses a policy to set the local preference to 200 for all preferred
originating autonomous systems that are listed in the AS path set.

Predefined matching criteria Description

is-local matches any prefix with an empty AS path
attribute (equals regular expression '^$')
matches based on the first ASN in the AS path
neighbor-is path
attribute (equals regular expression '^path_')
matches based on the last AS number in the AS
originates-from path
path attribute (equals regular expression '_path$')
matches based on the AS number anywhere in
passes-through ASN
the AS path (equals regular expression '_path_')
matches AS paths based on the number of AS
length len
numbers in the path

unique-length len matches AS paths based on number of unique AS

numbers in the path

Instead of using regular expressions, you can perform some of the more common AS path
checks using built-in conditions:
 “is-local” identifies if a prefix is local to the AS; it performs the same function as a regular
expression checking for an empty AS path attribute (“^$”).
 “neighbor-is path” identifies if a prefix was received from a neighboring AS; it is
equivalent to the regular expression “^path_”.
 “originates-from path” identifies if a prefix was originated by a specified AS; it is
equivalent to the regular expression “_path$”.
 “passes-through ASN” identifies if a prefix passed through the specified AS; it is
equivalent to the regular expression “_ASN_”).
 “length len” matches AS paths based on the number of AS numbers in the path.
 “unique-length len” matches AS paths that are based on the number of unique AS numbers
in the path.

1-126 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Value Sets
AS Path Set Examples

Using built-in AS path Using equivalent

matching options regular expressions

rou te-policy RP route -pol icy RP

i f as-path is-l ocal then if as-p ath in (i os-re gex ' ^$')
set local-pre fere nce 200 then
e ndif s et l ocal -pref erenc e 200
i f as-path neig hbor -is '20' th en end if
set local-pre fere nce 190 if as-p ath in (i os-re gex ' ^20_')
e ndif then
i f as-path orig inat es-from '20 ' s et l ocal -pref erenc e 200
the n end if
set local-pre fere nce 180 if as-p ath in (i os-re gex ' _20$')
e ndif then
i f as-path pass es-t hrough '20' s et l ocal -pref erenc e 200
the n end if
set local-pre fere nce 170 if as-p ath in (i os-re gex ' _20_')
e ndif then
end -policy s et l ocal -pref erenc e 200
end if
end-p olic y

The two samples show configurations equivalent in result but using different approaches:
 The left sample uses built-in conditions.
 The right example uses regular expressions.

In this example:
 The regular expression '^$' can be replaced by the built-in operator is-local.
 The regular expression '^20_' can be replaced by the built-in operator neighbor-is.
 The regular expression '_20$' can be replaced by the built-in operator originates-from.
 The regular expression '_20_' can be replaced by the built-in operator passes-through.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-127
Value Sets
Standard Community Set
 Define a standard community set using the community-set
command
 Use one or more comma-separated match options:
– ios-regex commands to define regular expression that
define set membership
– numbered membership matching
– membership matching using well-known standard
communities
 Use the matches-any operator to match routes that have at
least one community in the community set
 Use the matches-every operator in a routing policy to match
routes that have all communities in the community set

Multiple BGP communities can also be grouped into a community set. The following types of
matching can be used with communities:
 Regular expression matching: A regular expression is used against an ordered list of
communities converted into a string of characters.
 Numbered matching: Community attributes are matched against a list of values in a
community set.
 Named matching: Community attributes are matched against a list of communities
including named well-known communities.

Community matching can use modifier that define how the matching is performed:
 The matches-any operator should be used to match routes that have at least one
community in the community set.
 The matches-every operator should be used to match routes that have all communities
listed in the community set.

1-128 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Standard Community Set RegExp
Matching

 Use one or more comma-separated ios-regex commands to

define regular expression that define set membership.

Setting local preference

based on community
matching using regular
expressions

com munit y-se t ImpComms co mmun ity- set Im pCom ms

io s-reg ex ’ 123:10..’, i os-r egex ’123: [12] 0..’,
io s-reg ex ’ 123:20..’ en d-se t
end -set

route- policy Com m2LP

if c ommunity m atch es-any Imp Comms the n
se t local-pr efer ence 200
endi f
end-po licy

The sample configuration illustrates two community sets based on regular expressions.
The left ImpComms community-set uses two regular expressions. The right ImpComms
community-set uses a single regular expression. Either one of them can be used in the
Comm2LP route-policy, so that a route will be assigned a local preference of 200 if it contains
BGP community 123:10XX or 123:20XX.

Use numbered matching:

 AS:num
 AS:[range]
 AS:*
Setting local preference
based on numbered
community matching

communi ty-set Imp Comm s

123:10 10
123:[2 000.. 2099]
999:*
end-set
!
route-p olicy Comm 2LP
if co mmuni ty ma tche s-any ImpC omms then
set local-pre fere nce 200
endif
end-pol icy

The sample configuration illustrates numbered matching of explicit BGP communities.

Additionally, ranges and wildcards can be used in sets:
 “AS:num” is used to match a specific community.
 “AS:[range]” is used to match a range of values.
 “AS:*” is used to match all values for a give AS.
The sample community set tries to match at least one community from a range defined using
different options.

1-130 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Standard Community Set Named
Matching
Use identifiers for well-known communities:
 internet: match all communities
 local-as: keep the tagged prefix in the local AS
 no-advertise: prevent tagged prefixes from being advertised
to any peer
 no-export: prevent tagged prefixes from being announced to
EBGP peers

Prevent the sending of core Delete all communities

subnets to external peers on incoming updates

rout er b gp 1 rou te-policy DeleteAl lComm s

add ress -family ip v4 u nicas t d elete com munity in (int ernet )
re dist ribute con nect ed ro ute-policy end -policy
NoEx port !
! rou ter bgp 1
rout e-po licy NoExp ort neighbor 1. 2.3.4
set com munity no- expo rt a ddress-fa mily ipv4 unic ast
! route-pol icy DeleteAllC omms in
!

The figure illustrates the third matching option for BGP communities, which is based on the
names of well-known communities.
The left example assigns the “no-export” community to all redistributed routes. The right
example matches all communities using the internet keyword and deletes them.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-131
Value Sets
Example 1: Standard Community Set
! ro ute -p ol ic y C om m2 Ac tio nI n rou te r bg p 2 34 56
c omm un it y- se t P ri ma ry if co mm un ity m at ch es- an y Pr im ary t he n ne ig hb or 20 0. 1. 1. 1
23 45 6: 20 0 s et l oc al- pr ef er enc e 20 0 r em ot e- as 64 51 1 1
e nd- se t end if a dd re ss -fa mi ly i pv 4 u ni ca st
! ! ro ut e- pol ic y Co mm 2Ac ti on In in
c omm un it y- se t B ac ku p if co mm un ity m at ch es- an y Ba ck up th en
23 45 6: 50 s et l oc al- pr ef er enc e 50
e nd- se t end if rou te r bg p 2 34 56
! ! ne ig hb or 20 0. 2. 2. 2
c omm un it y- se t 1 Pr ep en d-p ol ic y
23 45 6: 1 !
r em ot e- as 64 12 3 2
a dd re ss -fa mi ly i pv 4 u ni ca st
e nd- se t ro ute -p ol ic y C om m2 Ac tio nO ut ro ut e- pol ic y Co mm 2Ac ti on Ou t o ut
! if co mm un ity m at ch es- an y 1P re p t he n
c omm un it y- se t 2 Pr ep s p re pe nd as -p at h 234 56 1
23 45 6: 2 end if Customer can signal ISP using communities:
e nd- se t !
! if co mm un ity m at ch es- an y 2P re ps th en 23456:200  LP 200
c omm un it y- se t 3 Pr ep s p re pe nd as -p at h 234 56 2
23 45 6: 3 end if
e nd- se t ! 23456:50  LP 50
! if co mm un ity m at ch es- an y 3P re ps th en
p re pe nd as -p at h 234 56 3 23456:1  AS prepended once
end if
en d-p ol ic y 23456:2  AS prepended twice

23456:3  AS prepended three times

The sample configuration illustrates an AS-wide implementation of a policy:

 Allow customers to signal preference using BGP communities, which are translated into
appropriate local preference values.
 Additionally, the egress routers perform prepending on behalf of customers if they have
tagged the routes with appropriate BGP communities.
In the example above, five community sets are used to match BGP community attributes
coming from external neighbors (for example, a customer). A customer can, for example, signal
a desire to use this ISP for its backup connection and may choose to attach two BGP
communities to achieve the desired goal: 23456:50 and 23456:3. The route-policy
Comm2ActionIn, used in the inbound direction on AS edges, will apply an action based on the
matched communities. The second if statement will match the first community and set the local
preference to 50. This will make the first community less desirable compared to other paths
with the default local preference of 100. Comm2ActionOut, used in the outbound direction on
AS edges, will match the second community in the third if statement and prepend the AS path
attribute three times using its own AS number.

1-132 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Value Sets
Example 2: Standard Community Set

Filter routes based on

standard community
attributes using simple
numbered matc hing

communit y-se t Imp Comm s

BGP Update 23456:1 0
end-set
NLRI: 10.1.1.0/24 !
Next-hop: 192.168.1.1
Origin: igp
route-po licy RP1
Pass!
if com muni ty ma tche s-any ImpComms then

pass
AS Path: 10 20 30 endif
Community: end-poli cy
23456:10 !
23456:20
route-po licy RP2
Drop!ty ma tche s-every ImpComms th en
if com muni

23456:30 pass
endif
end-poli cy
!

The sample configuration illustrates the difference between the matches-any and matches-
every options:
 RP1: The route with the three community values will match the community set
ImpComms, because it contains the 23456:10 community.
 RP2: The route with the three community values will not match the community set
ImpComms, because it does not match for two community values (23456:20 and
23456:30).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-133
Value Sets
Example 3: Standard Community Set

Filter routes based on

standard community
attributes using range
matching

community-set ImpComms
BGP Update 23456:999,
23456:[10..30]
NLRI: 10.1.1.0/24 end-set
Next-hop: 192.168.1.1 !


Origin: igp route-policy RP1
if community matches-any ImpComms then
AS Path: 10 20 30 pass Pass!
Community: endif
23456:10 end-policy
!
23456:20 route-policy RP2
23456:30 if community matches-every ImpComms then
pass Pass!

endif
end-policy
!

The second example shows that the route with three community values will match in both
policies. The reason is that all three community values match the modified community set
ImpComms, which now contains range-based matching for 23456:10-23456:30.
The community set in the example uses number-based matching.

Value Sets
Example 4: Standard Community Set
Filter routes based on
standard community
attributes using regular
expressions

community-set ImpComms
BGP Update ios-regex ‘23456:999',
ios-regex '23456:[1-3]0'
NLRI: 10.1.1.0/24 end-set
Next-hop: 192.168.1.1 !


Origin: igp route-policy RP1
if community matches-any ImpComms then
AS Path: 10 20 30 pass Pass!
Community: endif
23456:10 end-policy
!
23456:20

route-policy RP2
23456:30 if community matches-every ImpComms then
pass Pass!
endif
end-policy
!

The third example shows the same result as the previous example, except that it uses matching
based on regular expressions.
The regular expression 23456:[1-3]0 will match 23456:10, 23456:20, 23456:30

1-134 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Value Sets
Example 5: Standard Community Set
 Delete all communities on incoming updates that have no
meaning in AS 23456.

Original BGP Update

NLRI: 10.1.1.0/24
Next-hop: 192.168.1.1 Delete unus ed New BGP Update
Origin: igp extended community NLRI: 10.1.1.0/24
AS Path: 10 20 30 attributes
Next-hop: 192.168.1.1
Community: Origin: igp
23456:10 comm unit y-set AllM yCom munit ies
AS Path: 10 20 30
234 56:*
23456:20 end- set Community:
23456:30 ! 23456:10
64111:12 rout e-po licy RP1
de lete community not in 23456:20
64222:33 AllM yCom munities 23456:30
end- poli cy
!

The configuration shows how to delete communities from incoming updates that are outside the
desired range (only keep communities that have meaning in the local AS).
This is a common filter that an ISP might use to strip the updates of any BGP communities that
have no meaning in its AS. The numbered matching specifies the ISPs AS number 23456 and
matches any community value for this AS using the wildcard symbol (“*”). The route policy
then deletes all but those communities that are in this range.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-135
Value Sets
Example 6: Standard Community Set
 Delete all communities on outgoing updates that have no
meaning in peering AS 64111.

Original BGP Update

NLRI: 10.1.1.0/24
Next-hop: 192.168.1.1 Delete extended New BGP Update
Origin: igp community attributes NLRI: 10.1.1.0/24
AS Path: 10 20 30 not used in peering AS
Next-hop: 192.168.1.1
Community: Origin: igp
23456:10 rout e-po licy RP
delete com munity not in AS Path: 10 20 30
23456:20 (pee ras: *) Community:
23456:30 end-poli cy 64111:12
64111:12 !
64222:33

The configuration shows how to delete communities from outgoing updates that are outside the
desired range (only keep communities that have meaning in the neighboring AS).
Similarly to the previous example, an ISP can strip out any BGP communities that have no
meaning in the neighboring AS. The built-in peeras keyword can be used to automatically
match the neighbor AS number and the wildcard symbol to match any subsequent value.
Instead of using a named community set, the example uses an in-line community set defined
within parentheses.

1-136 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Value Sets
Example 7: Standard Community Set
 Delete all communities except well-known communities (e.g.
no-export, no-advertise, local-as).

Original BGP Update

NLRI: 10.1.1.0/24
Next-hop: 192.168.1.1 New BGP Update
Delete all communities
Origin: igp except well-known NLRI: 10.1.1.0/24
AS Path: 10 20 30 communities Next-hop: 192.168.1.1
Community: Origin: igp
no-export rout e-po licy RP
delete com munity all AS Path: 10 20 30
23456:20 end-poli cy Community:
23456:30 ! no-export
64111:12
64222:33

The configuration shows how to delete all communities using the all keyword in place of the
community set.

Note This command does not remove the well-known communities (for example, no-export),
which have predefined actions and must be explicitly deleted if doing so is required.

As shown in the example, all communities except the well-known community no-export have
been removed from the update.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-137
Value Sets
Prefix Set
 Used to match prefixes in routing protocol updates
Prefix[/length [{le | ge | eq} mask-len]]

Various prefix sets Various prefix sets

prefix-set PrivatePrefixes prefix-set DefaultRoute

10.0.0.0/8 le 32, 0.0.0.0/0
172.16.0.0/12 le 32, end-set
192.168.0.0/16 le 32 !
end-set prefix-set AllPrefixes
! 0.0.0.0/0 le 32
prefix-set CoreLoopbacks end-set
172.16.1.0/24 eq 32 !
end-set prefix-set SmallPrefixes
! 0.0.0.0/0 ge 24
prefix-set HostRoutes end-set
0.0.0.0/0 eq 32 !
end-set prefix-set
SmallPrefixesExceptHostRoutes
0.0.0.0/0 ge 24 le 31
end-set

A prefix set is used to match routes based on prefix-list-like criteria in the prefix set. The same
syntax is used as with prefix lists.

Monitoring Routing Policies

 Use the show rpl route-policy [policy-name]

[detail] commands to display the policies.
 Detailed output also displays all referenced objects (e.g. sets
and nested route policies). Display a policy and all
associated objects

RP/0/RP1/CPU0:CRS# show rpl route-policy MgmtRTExport detail

extcommunity-set rt MgmtRT
23456:100,
23456:200
end-set
!
prefix-set MgmtLoopbacks
10.1.1.0/24 le 32
end-set
!
route-policy MgmtRTExport
if destination in MgmtLoopbacks then
set extcommunity rt MgmtRT
endif
end-policy
!
© 2010 Cisco Systems, Inc. All rights reserved. MSPRP v1.0—1-85

The show rpl command with the detail keyword can be used to display the policy
configuration including all the dependencies.
In this example, the output shows the configurations of the MgmtRTExport route-policy as well
as the configurations of the prefix set and the extended community set referenced within the
route policy.

1-138 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Determining Attach Points

 Use the show rpl route-policy policy-name

attachpoints command to list attach points of the policy.

Display attac h points

for a routing policy

RP /0/R P1/CPU0:CR S# s how r pl route-p olic y Mgm tRTE xport attac hpoi nts

BG P At tachpoint: Exp ort

af i/sa fi vrf n ame

-- ---- ---------- ---
IP v4/u ni VPNA

RP /0/R P1/CPU0:CR S#

The attachpoints option can be used to display all references to the specified policy.
In the example, the show command shows that the specified route policy MgmtRTExport is
attached to VRF VPNA as an export policy.

 Some policies can be tested (e.g. outbound BGP filter).

 Use the show bgp route-policy policy-name command to
list BGP entries permitted by the policy.
 Note: Attributes modified by the policy are not displayed.

Test a new policy to

filter outgoing updates

RP/0/RP1/CPU0:CR S# sh ow bgp rou te-p olicy FilterOut

BGP router ident ifier 0.0.0.0, loca l AS number 1
BGP generic scan inte rval 60 se cs
BGP table state: Acti ve
BGP main routing tabl e version 30
BGP scan interva l 60 secs
Status codes: s suppr essed, d d ampe d, h history, * val id, > best
i - int ernal, S s tale
Origin codes: i - IGP , e - EGP, ? - inco mplete
Network Next Hop Metric LocPr f Wei ght Path
*> 10.4.100.0/30 0.0.0.0 0 20 0 32 768 ?

Processed 1 pref ixes, 1 paths

Policies can be combined with the show bgp command to display only those BGP entries that
are permitted by the policy.
This command can be used to test the performance of a newly configured policy or to limit the
display of a large BGP table for troubleshooting purposes.
In the example, the policy FilterOut only displays one entry (10.4.100.0/30) in the BGP table.

1-140 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Translating Route Maps to Routing
Policies

 When migrating from Cisco IOS Software to Cisco IOS XR

Software use the following guidelines to translate route maps
to policies:
– Each numbered entry is one if statement.
– Each match option is one condition:
 Match conditions of the same type should be joined
using the OR logical operator
 Match conditions of different types should be joined
using the AND logical operator
 Use parentheses to maintain proper precedence

When translating route maps to routing policies it is important to understand the relation
between multiple conditions in a single route-map statement. As discussed earlier, multiple
conditions of the same type are combined using a logical OR. Hence, you should use the OR
operator in the if statement of the routing policy. Multiple conditions of different types are
combined using a logical AND. Hence, you should use the AND operator in the if statement of
the routing policy. Make sure that you use parentheses for proper operator precedence.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-141
Translating Route Maps to Routing
Policies (Cont.)

route-map RM permit 10
match ip address prefix-list PL1 Sample route map
match as-path 10
set local-preference 200
!
route-map RM permit 20
match ip address prefix-list PL2
match as-path 20 30
set local-preference 150
!
Translated routing
policy

route-policy RP
if destination in PS1 and as-path in AS10 then
set local-preference 200
elseif destination in PS2 and (as-path in AS20 or as-path in
AS30) then
set local-preference 150
endif
end-policy
© 2010 Cisco S ys tems , I nc . Al l rights res erv ed. MS PRP v1. 0— 1-89

The two sample configurations show how two complex route-map statements can be translated
into a routing policy.

Note For the second route-map statement, you must use parentheses to group the two AS path
sets (that is, at least one as-path match is required). You must also combine the route-map
statement with a prefix set (PS2) using the AND operator.

Summary

 Use prefix-based filtering for maximum security.

 Use AS path-based filtering for greater flexibility.
 Use route maps or routing policies to implement complex
routing policies.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-143
1-144 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Lesson 3

Using Management and

Monitoring Tools
Overview
This lesson describes the tools that are needed in a service provider environment to successfully
manage and monitor network devices and services. Routing protocol performance and issues
can be monitored using mechanisms such as Simple Network Management Protocol (SNMP),
syslog, and command-line interface (CLI), in combination with various types of central
monitoring and provisioning software.

Objectives
Upon completing this lesson, you will be able to identify the main characteristics of routing
protocols that are used in service provider environments. This ability includes being able to
meet these objectives:
 Describe the characteristics and requirements for management and monitoring tools in
service provider environments.
 Describe the characteristics and requirements for event logging using syslog and SNMP
traps.
 Describe the characteristics and requirements for using SNMP-based monitoring.
 Describe the characteristics and requirements for using looking glasses.
 Describe the characteristics and requirements for provisioning tools.
 Describe the characteristics and requirements for administration.
Management and Monitoring Overview
This topic provides an overview of management and monitoring tools as they relate to routing
protocols.

Management and Monitoring Overview

 Logically, routers can be split into three planes.

 The management plane consists of processes that interact
with administrators and management servers.

Management plane:
 Secure administration of routers
 Provide reliable event notification

Control plane:
 Maintain forwarding information
 Maintain other automated
processes

Data plane:
 Forward packets
 Deliver packets to the data and
management planes

Each network device performs a number of functions, which can be split into three general
categories or planes of operation:
 The data plane is the part of the device that is typically implemented in hardware (for
example, network interface cards) and is responsible for forwarding of packets or frames.
 The control plane is the part where a collection of protocols ensures that the data plane
operates properly. Routing protocols (for example, Open Shortest Path First [OSPF],
Intermediate System-to-Intermediate System [IS-IS], Border Gateway Protocol [BGP]),
Address Resolution Protocol [ARP], and Network Time Protocol [NTP]) are just some
examples of the processes that are typically used on network devices to ensure proper
operation.
 The management plane is the part of the device that allows network administrators to
interface with the network device directly or indirectly through various types of
management servers.

1-146 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Management and Monitoring
Requirements

SP Core

Notify
Operate
Network Management Live
Administrators Servers Monitoring
and
Alerting

Alert

The figure illustrates typical management paths by which network devices interface with
network administrators:
 Network administrators can operate devices directly using a CLI or a web-based GUI.
 Network administrators can operate devices indirectly by using an element management
system running on a dedicated management server that is isolated and protected from the
rest of the network.
 Network devices can notify network administrators and operators of significant events by
sending notifications to a dedicated monitoring server.
 Monitoring servers can present significant information and alerts for important events.

 Operation objectives:
– Provisioning
– Optimization
– Troubleshooting
 Monitoring objectives:
– Security
– Availability
– Performance

In general, the major requirements of network management include the following:

 Operation: managing devices and configuration
 Monitoring: processing notifications
Operation can include various tasks, such as provisioning new routers, core links, customer
connections, and services. Monitoring is primarily performed for security reasons, to track the
availability of resources and help in fault management, or to track the performance of resources
(links, CPUs) and help in capacity planning.

1-148 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Administration of Routing Protocols

 Device administration:
– Telnet
– Secure Shell (SSH)
– HTTP
– SSL (HTTPS)
 Routing protocols are
typically managed through:
– The command-line
interface (CLI) over a
secure session (e.g.
SSH)
– Centralized element
management systems

Routing protocols are just one aspect of router configuration and are typically configured in
combination with other services. Core routing protocols, such as interior gateway protocol
(IGP) and Internal Border Gateway Protocol (IBGP), are often maintained using the CLI. In
contrast, edge routing protocols, such as IGP or External Border Gateway Protocol (EBGP)
with customers, are often managed through a centralized management system.
Some network devices also support HTTP-based management, although this type of
management is not often used in service provider environments. Management systems, on the
other hand, will usually utilize a web-based interface.

Proactive monitoring of routing protocol information:

 Adjacency changes (flaps):
– More reliable than monitoring link status
– May result in BGP route flap dampening
– Sent to a central syslog or SNMP server or both, if
configured
Edge1#
*Aug 18 15:24:20: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down BGP Notification sent
*Aug 18 15:24:20: %BGP-3-NOTIFICATION: sent to neighbor 10.1.1.1 4/0 (hold time expired)
Edge1#

 Traffic pattern changes:

– A flap in BGP can cause traffic to Link 1

shift from one link to another

Monitoring of routing protocols is often required to detect failures that would otherwise not be
visible. The top example illustrates how a BGP failure is detected even if the underlying
physical interface has not failed.
Additionally, link utilization monitoring can be used to detect subtle changes in routing
protocol operation. The example shows link-utilization graphs for two links. A change is
detected, which indicates that a large amount of traffic has moved from one link to the other.
This shift in traffic may be a consequence of a short adjacency flap on Link 1, after which BGP
decided to prefer Link 2, because it appeared to be more stable.
Some other examples of routing-protocol monitoring are as follows:
 Monitor the number of routes in complete Internet routing tables coming from upstream
and peering service providers
 Monitor CPU utilization for routing processes
 Monitor memory utilization for routing processes

1-150 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Management and Monitoring Overview
Requirements

Enable one or both of the following:

 Syslog logging of adjacency changes in all routing protocols
 SNMP traps for routing protocol events
Use a monitoring system that can send alerts for:
 Significant events (e.g. adjacency changes)
 Traffic pattern changes (e.g. thresholds)

threshold crossing
(may be a false positive)

To monitor routing protocols, you use the same two mechanisms as with any other process that
needs monitoring:
 Syslog to forward system messages to a central syslog server or pair of servers
 SNMP traps to forward system messages to a central SNMP server or pair of servers
Historically, syslog was used more for security reasons, so it may include many messages that
are typically not used with SNMP. In contrast, SNMP was designed to track network
performance and utilization.
Today, both protocols can be used to notify a central server of significant network events (for
example, a link state change or an adjacency or neighbor state change). However, syslog is still
primarily used for security monitoring.
NetFlow can also be used to get a more detailed view of the forwarded traffic and may aid in
the monitoring of Internet routing tables. For example, NetFlow supports the mapping of traffic
to BGP autonomous system (AS) numbers.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-151
Common Activities in a Service
Provider Environment

 Sending syslog messages to a

central syslog server to identify
security and availability issues
 Sending SNMP traps to identify
availability issues
 Using SNMP requests to gather
usage and availability statistics
 Using SNMP to manage equipment
 Using the CLI to manage equipment
 Using management (provisioning)
servers to manage equipment
 Using a ticketing system for proper
process management
 Using and providing BGP looking
glass services to ease
troubleshooting

Common activities in a service provider environment are as follows:

 Sending syslog messages to a central syslog server to identify security and availability
issues (for example, using the Cisco Security Monitoring, Analysis, and Response System
(Cisco Security MARS) appliance, as shown in this screenshot)
 Sending SNMP traps to identify availability and performance issues
 Using SNMP requests to gather usage and availability statistics
 Using SNMP to manage equipment
 Using the CLI to manage equipment
 Using management (provisioning) servers to manage equipment
 Using a ticketing system for proper process management (change and fault management)
 Using and providing BGP looking glass services to ease troubleshooting
 Using NetFlow

1-152 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Event Logging Using Syslog and SNMP
This topic describes the usage of syslog and SNMP to aid in monitoring of routing protocols.

Event Logging Using Syslog and SNMP

 Routing protocol events can be sent to a central server using:

– Syslog
– SNMP traps
 Ensure correct time on routers:
– Use Network Time Protocol (NTP) and synchronize with a
reliable NTP server
– Use time stamps to ease troubleshooting and forensic analysis
on routers and servers
 Use an isolated network for management purposes.
 Authenticate control and management processes (such as NTP,
SNMP), if possible (syslog does not support any security).

To enable event logging, you need to decide which protocols you will use (which may depend
on the monitoring systems you use). Cisco Security MARS, for example, is used for security
monitoring and can accept syslog messages, SNMP traps, and NetFlow messages. Tools used
to monitor availability, performance, and resource utilization can only use SNMP. To maintain
accurate logs, it is recommended that you have accurate time on the servers and network
devices. Notifications should be time-stamped at least by the server and optionally also by
network devices. NTP is used to synchronize time on all devices—network devices and servers.
To minimize the threat to the network, all management system control and communications
should be performed through an isolated environment, such as a VLAN, Multiprotocol Label
Switching (MPLS), or a virtual private network (VPN).

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-153
Example: Event Logging Using Syslog
and SNMP

SP Core
Cisco IOS Software Cisco IOS XR Software
service timestamps debug datetime year service timestamps log datetime msec
service timestamps log datetime year service timestamps debug datetime msec
! !
logging host 10.2.2.2 logging host 10.2.2.2
logging trap debugging logging trap debugging
! !
snmp-server enable traps bgp snmp-server traps ospf state-change neighbor-state
snmp-server enable traps ospf snmp-server traps bgp
snmp-server enable traps syslog !
! ntp server 172.16.110.1 prefer
ntp server 172.16.110.1 prefer ntp server 172.16.110.2
ntp server 172.16.110.2 !
! router ospf 1
router ospf 1 log adjacency changes detail
log-adjacency-changes !
! router bgp 23456
router bgp 23456 bgp log neighbor changes
bgp log-neighbor-changes !
!

The two sample configurations show how to configure syslog and SNMP traps for event
notification that is related to routing protocols in Cisco IOS and Cisco IOS XR Software.
The first portion of the configuration ensures that all syslog and locally logged messages are
time-stamped to help in troubleshooting and forensic analysis when timing information may be
required.
The second part of the configuration shows the syslog logging configuration that is configured
to send the maximum amount of information (that is, debugging level).
The third part shows the configuration of SNMP to include BGP and OSPF-related events.
The fourth part shows how routing protocol adjacency changes are logged both for OSPF and
BGP.
Note that these sample configurations only show the relevant partial configuration of syslog
and SNMP.

1-154 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Availability and Utilization Monitoring Using
SNMP
This topic describes the usage of SNMP as it relates to routing protocols.

Availability and Utilization Monitoring

Using SNMP

 SNMP polling can include routing protocol information:

– BGP: BGP4-MIB and CISCO-BGP4-MIB
– OSPF: RFC-1253-MIB
– IS-IS: CISCO-IETF-ISIS-CAPABILITY
 Many other related MIBs can be used to monitor the behavior
and statistics of routing protocols
 Use http://tools.cisco.com/ITDIT/MIBS/servlet/index to
browse and download SNMP MIBs

SNMP can also be used to poll network devices for information. Standard and proprietary
Cisco SNMP MIBs exist that help in gathering statistics. Refer to the link to get up-to-date
information about the available MIBs and support for the MIBs on specific network devices.

 Enable SNMP access to routers from authorized monitoring

servers
 Configure the monitoring tool:
– Import required MIBs
– Configure data sources and graphs
– Configure thresholds and alerts

In order to interconnect network devices (routers) and monitoring servers, you need to enable
SNMP (for example, read community, access list permitting authorized servers access to
routers) on routers. On the monitoring system, you should import the required MIBs, if they are
not already there, and start creating data sources and graphs for the required routing protocol
monitoring. Thresholds, if supported, can be configured on the monitoring system to alert
network operators of any significant events to improve reaction times upon failures in the
network.

1-156 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Looking Glasses
This topic describes the BGP looking glass tools, which are useful in troubleshooting of BGP
route propagation and Internet connectivity.

BGP Looking Glasses

 Troubleshooting IGPs is relatively simple:

– Access to all participating routers is available.
 Troubleshooting BGP can be more challenging:
– No access is available to customer routers (unless they
are managed by the ISP).
– No access is available to the rest of the Internet.

Route Propagation

Customer SP Network Internet

Route Visibility

The figure illustrates an environment in which a customer is advertising its address space via
BGP. The routes are then propagated throughout the Internet. The problem in this situation is
that a service provider can only monitor the route propagation within its administrative
domain—within its AS.
If the customer has a connectivity problem, it will want the ability to check not only the
received Internet routes, but also how these routes are propagated throughout the Internet.

 Many ISPs and exchange points host a looking glass server:

– Web-based GUI
– Limited interface to BGP commands in Cisco IOS
Software
– Provide public access
 There are also some routers directly accessible via Telnet
(less common)
 Typically available options:
– BGP commands
– Ping
– Traceroute

BGP looking glasses are web-based applications that are used to provide public or private
access to some Cisco IOS commands that can be executed on a distant router. These routers are
typically dedicated for looking glass purposes and do not do any packet forwarding, only
peering with other routers via BGP. Looking glasses typically implement a subset of show
commands for BGP as well as ping and traceroute.

1-158 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
BGP Looking Glasses (Cont.)

 Compile a list of useful looking glasses:

– Ask peering providers.
– Check with registries.
– Search the Internet.

Route Propagation

Customer SP Network Internet

Route Visibility

HTTP
Telnet

The figure illustrates a network administrator of an AS. The administrator is accessing a BGP
looking glass server or publically available router to inspect the contents of the BGP table or
perform a ping or traceroute for the investigated prefix.
A number of BGP looking glasses are available throughout the Internet and can be found
simply by searching the web. Internet exchange point (IXP), internet registries, or other
resources can be used to get a list of BGP looking glass servers as well.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-159
Example: Looking Glasses
RIPE
1. Select from a list
of exchange
points.
2. Select the
command.
3. Optionally, enter
an argument.

The screenshot illustrates a looking glass user interface as available from Réseaux IP
Européens (RIPE). It provides access to some major European IXPs. It allows basic BGP
commands, ping, and traceroute.

Example: Looking Glasses

RIPE (Cont.)
 Translates a web
request to a CLI
command
 Executes the
command on a
dedicated router
 Retrieves output
and displays it on a
web page

Router# show ip bgp 198.133.219.0

From the RIPE BGP looking glass web page, you can select an IXP, select a command, and
optionally enter an argument to execute a monitoring command on a distant router. The sample
looking glass operations result in the shown command on a router in an Amsterdam IXP.

1-160 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: Looking Glasses
Oregon Exchange Point
 Connect via
Telnet to a
public router.
 Log in.
 Execute the
required
authorized
command.

The second example shows a publically available router in the Oregon IXP. Like web-based
looking glasses, users of such routers are typically also limited to a small set of commands to
prevent any accidental damage or deliberate attacks on these routers.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-161
Provisioning Tools
This topic describes the characteristics and requirements for provisioning tools.

Provisioning Tools

 Cisco routers can be managed using:

– CLI via Telnet or SSH
– Centralized element management systems
– Cisco IOS XR Software and newer Cisco IOS Software
have rollback capabilities
 CLI has a number of limitations:
– Does not scale
– Lacks any tracking capability
– Cannot roll back configurations (except Cisco IOS XR
Software)
– Does not provide a topological view

Cisco routers, like most other network devices, can be managed using the CLI that is accessible
via Telnet or Secure Shell (SSH). Centralized element management systems are typically used
to manage customer services in large environments. Management systems can greatly simplify
management processes as well as provide configuration tracking, role-based access control, a
topological view of the network, and so on.

1-162 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Provisioning Tools (Cont.)

 Cisco provides several provisioning tools for routers.

 ISP-oriented provisioning tools:
– Cisco IP Solution Center (Cisco ISC)
– Cisco Active Network Abstraction (Cisco ANA)
 There are many third-party provisioning tools that can
manage Cisco routers.
 Most provisioning tools support routing protocol
management.

A number of management tools are available from Cisco and third parties. The ISP-oriented
provisioning tools such as Cisco IP Solution Center (Cisco ISC) and Cisco Active Network
Abstraction (Cisco ANA) are used in large service provider environments to manage customer
connectivity and services for IP and MPLS.

 Is an element management system for IP and MPLS services

 Is used to manage customer access to the SP core
 Can be used to configure routing with customers
 Provides role-based access control:
– Designers design services (one-time task)
– Operators provision services to customers by selecting
the appropriate service and parameters (routers,
interfaces, IP addresses, routing protocol)

Cisco ISC is a family of intelligent network management applications that help reduce
administration, management, and network operational costs:
 Providing automated resource management and rapid profile-based provisioning
capabilities that speed deployment and time-to-market for MPLS and Carrier Ethernet
technologies
 Working with Cisco MPLS Diagnostics Expert to provide automated, workflow-based
troubleshooting and diagnostic capabilities for MPLS VPN networks

Cisco IP Solution Center applications can operate alone or as a suite. Capabilities include the
following:
 Provisioning and troubleshooting for MPLS VPNs; ATM, Frame Relay, and Ethernet over
MPLS VPNs; and Carrier Ethernet VPNs
 Planning and configuration of MPLS Traffic Engineering (MPLS TE)

Cisco IP Solution Center also offers the following:

 Scalable and reliable architecture for large-scale operations
 Single server solution and Web GUI

Open application programming interfaces (APIs) and operations support system (OSS)
interfaces that help:
 Integrate IP VPN services into existing infrastructure
 Integrate Cisco fault-management products with independent software vendor products for
VPN-aware performance reporting

1-164 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Example: IP Solution Center
Configuring Routing
 Part of Layer 3 MPLS VPN service
 Can configure static, BGP, OSPF, EIGRP, or RIP routing

The figure illustrates one step in the workflow-based provisioning of services to end customers
that also includes the configuration of a routing protocol. Cisco ISC supports the configuration
of static and connected routing, Routing Information Protocol (RIP), OSPF, Enhanced Interior
Gateway Routing Protocol (EIGRP) and BGP. A number of routing parameters can be made
available to the operator upon service provisioning, or they may be fixed by the designer at the
time of service creation.
Refer to http://www.cisco.com/go/isc for more information on Cisco ISC.

 Simplified integration of OSS applications

 An extensible common network resource management
infrastructure
 Consistent procedures and interfaces for all network
elements
 An integration SDK for developers
 The ability to manage routing protocols as well:
– Provision
– Troubleshoot BGP

Cisco ANA is a powerful, next-generation network resource management solution. It is

designed with a fully distributed OSS mediation platform, which abstracts the network, its
topology, and its capabilities from physical elements. Because Cisco ANA is virtual, it gives
customers a strong and reliable platform for service activation, service assurance, and network
management.
Cisco ANA also provides a flexible, vendor-neutral resource management system. The system
supports a multiservice network environment and the management capabilities required to
sustain reliable and converged voice, video, and data networks.
A comprehensive developer program is available to help end-user and partner developers
integrate and test the interoperability of existing OSS applications with Cisco ANA. This
program also includes various go-to-market opportunities for partners to promote their
applications to Cisco ANA end users.
Cisco ANA offers advanced features such as:
 Simplified integration of OSS applications with near real-time network information from
one authoritative source
 An extensible common network resource management infrastructure
 Consistent procedures and interfaces for all network elements
 An integration software development kit (SDK) for developers

Refer to http://www.cisco.com/go/ana for more information on Cisco ANA.

1-166 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Administration
This topic summarizes requirements related to management of routing infrastructure in large
service provider environments.

Administration

 Management of large service provider networks is complex:

– Extensive infrastructure
– Many administrators and operators
– Strict security requirements
– Configuration archive, changes, traceability
– Monitoring of many types of events
 Ad-hoc management is not an option

Administration of a service provider environment entails many complex tasks:

 Extensive infrastructure including large numbers of different types of devices using
different connectivity methods
 Large groups of network and system administrators and operators working in different
regions and departments
 Strict security requirements that are implemented using adherence to security policies and
strict implementation of authentication and authorization
 Configuration archives and changes required in order to trace actions
 Monitoring of many types of events for security, availability, and performance reasons

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-167
Information Technology Infrastructure
Library (ITIL)

 Defines processes for IT management

 Service providers can benefit from utilizing ITIL® -based
process management:
– Change management
– Performance management
– Fault management
– Other
 Requires a dedicated tool for process management (ticketing
system)

Information Technology Infrastructure Library® (ITIL) defines processes for IT management. It

originated in the 1980s, when the British government realized that there was a need to
standardize increasingly used IT resources.
In this course, you will focus on change management, performance management, and fault
management.

1-168 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
ITIL for Routing Protocols

 Defines processes to manage routing protocols, among many other

aspects of service provider network management:
– Change management:
 Adding routers (such as core, edge)
 Adding customers (such as single-homed, multihomed)
– Performance management:
 Optimizing availability (such as fault detection, convergence,
backup paths)
– Fault management:
 Responding to issues identified using the monitoring system
(such as adjacency flapping)
 Responding to issues reported by customers and peering
ISPs

ITIL® defines processes to manage routing protocols, among many other aspects of service
provider network management:
Change management for routing protocols can include actions such as these:
 Adding routers to the network core or edge
 Connecting single-homed or multihomed customers (and possibly provisioning a managed
customer router)
Performance management for routing protocols can include actions such as these:
 Optimizing availability by improving fault detection, improving routing protocol
convergence, providing backup paths, and so on
Fault management for routing protocols can include actions such as these:
 Responding to issues that are identified using the monitoring system (for example,
adjacency flapping, lost routes, traffic pattern change)
 Responding to issues that are reported by customers or peering ISPs based on their
monitoring systems or based on user reporting of problems

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-169
Example: ITIL for Routing Protocols
Change Management
 Can be very exact
 Typically ties well into provisioning systems (such as Cisco ISC):
– Defined service templates
– Automated service verification
 Defines information sources (such as IP addresses, AS numbers, NSAP
addresses)

Retrieve proper
Service service template
template

Configlet
SP Core
Create +
configlet
Parameter Apply
database configlet

Retrieve params Verify Document

Update DB connectivity results
t

Open Record Record Record Record Record Cl ose

The figure illustrates a sample change management process in which the process starts when a
sales administrator creates a change-management ticket in the ticketing system. The operator
follows a standardized set of actions to complete the task, such as the following:
1. Identify the type of customer.

2. Identify the service templates that are required to provision a link to the new customer.

3. Identify the required parameters (for example, get a /30 IP subnet for the access link from
the available space in the pool of addresses used for access links).

4. Create a configuration template or simply input the information into the provisioning tool.

5. Apply the configuration to the appropriate network device or devices.

6. Verify the operation of the provisioned service or services.

7. Document the process.

8. Close the ticket.

1-170 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

Summary

 Identify the management systems being used.

 Identify supported routing services.
 Identify management processes and procedures (based on
ITIL®):
– Change management
– Performance management
– Fault management

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-171
1-172 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Lesson 4

Applying Service Provider

Routing Operation Processes
Based on ITIL
Overview
This lesson provides a brief description of the Information Technology Infrastructure Library®
(ITIL) standard that is widely used in enterprise and service provider environments. ITIL® is
used to govern the processes for managing infrastructure and services. The lesson describes
how to apply ITIL® processes to the management of infrastructure for routing operations
services.

Objectives
Upon completing this lesson, you will be able to apply ITIL® processes to the management of
routing operations technologies and services. This ability includes being able to meet these
objectives:
 Identify the main components of ITIL®
 Describe change management procedures
 Describe performance management procedures
 Describe fault management procedures
ITIL Overview
This topic describes the major components of ITIL® and how it applies to routing operations
services.

ITIL Overview

 ITIL ® stands for Information Technology Infrastructure Library.

 ITIL ® was developed and is maintained by the Office of Government
Commerce (OGC) in the UK.
 ITIL ® is a set of concepts and policies for managing information technology
services, development, and operations.
 ITIL ® was built around a process-model-based view of controlling and
managing operations that is often credited to W. Edwards Deming and his
PDCA cycle.
 ITIL ® is published in a series of books, each of which covers an IT
management topic.

ITIL® was originally developed by the predecessors of the Office of Government Commerce
from the United Kingdom. ITIL® was developed in order to standardize the processes for
managing IT infrastructure in governmental institutions.
ITIL® gives a detailed description of a number of important IT practices, along with
comprehensive checklists, tasks, and procedures that any IT organization can tailor to its needs.
ITIL® is published in a series of books, each of which covers a specific management practice
within IT service management.
ITIL® was built around a process-model-based view of controlling and managing operations
that is credited to W. Edwards Deming and his plan-do-check-act (PDCA) cycle. PDCA is an
iterative four-step problem-solving process typically used in business process improvement.

 ITIL® version 2 is widely used and primarily focuses on:

– Service delivery
– Service support
 In 2009, OGC announced that ITIL ® version 2 would be withdrawn.
 ITIL® version 3 is more comprehensive (released in 2007), and is
designed to support all modern IT components:
– Service strategy
– Service design
– Service transition
– Service operation
– Continual improvement

In 2000, ITIL® version 2 consolidated all ITIL® publications into eight books. This
consolidation grouped related guidelines to match different aspects of IT management,
applications and services. The two books that ITIL® version 2 primarily focused on were as
follows:
 Service Delivery: Primarily concerned with proactive services delivered by information
and communication technology (ICT) to provide adequate support to business users
 Service Support: Focused on users of ICT services and is primarily concerned with
ensuring that they have access to the appropriate services to support business functions
Enterprises later adopted ITIL®, and ITIL® was gradually refined to version 3, which included
the following books:
 Service Strategy: Provides guidance on clarification and prioritization of service provider
investments in services. More generally, Service Strategy focuses on helping IT
organizations improve and develop over the long term.
 Service Design: Provides good practice guidance on the design of IT services, processes,
and other aspects of the service management effort.
 Service Transition: Relates to the delivery of services that are required by the business
into operational use.
 Service Operation: Describes best practices for achieving the delivery of agreed levels of
services both to end users and the customers.
 Continual Improvement: Describes how to align and realign IT services to changing
business needs by identifying and implementing improvements to the IT services that
support the business processes.
The latest version is the most comprehensive and includes the processes of managing services
and infrastructure from initial introduction to the IT environment to operation, monitoring, and
improvement. ITIL® can also be used in any IT environment, including service provider
environments.

 Service providers provide a number of routing operations

services to customers:
– Static routing with redistribution into BGP (single-homed
customer) and a default route on the customer edge
router
– Connected routing with redistribution into BGP (single-
homed managed customer)
– BGP routing with the customer (dual-attached and
multihomed customers)

When addressing routing operations services, you can use ITIL® to govern the physical
infrastructure and software, as well as individual components, technologies, and services.
Service providers offer different routing services to customers. These services can include the
following:
 Static routing of customer routes with redistribution into BGP at the provider site and a
default route at the customer site. This scenario applies to single-homed customers.
 Connected routing of customer routes with redistribution into BGP at the provider site. This
scenario applies to managed single-homed customer.
 Border Gateway Protocol (BGP) routing with the customer, which applies to dual-attached
and multihomed customers.

1-176 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
ITIL and Routing Operations (Cont.)

 BGP on the customer edge router can be implemented using

different routing table requirements:
– Default route only
– Partial Internet routing table
– Full Internet routing table
 ITIL® processes can be used to govern the design,
deployment, and support of routing operations services.

BGP on the customer side can be implemented in three different ways, depending on customer
routing table requirements. The customer can receive any of the following:
 Default route only: The customer receives only the default route, which is used to reach all
networks.
 Partial Internet routing table: The customer receives routes specific to the service provider
and the default route to reach all other networks.
 Full Internet routing table: The customer receives the complete Internet routing table.
Routing services depend on basic connectivity and the number of technologies and protocols,
such as BGP and interior routing protocols. All aspects of device configurations are governed
by processes that are defined in ITIL® to ensure the required functionality, performance,
availability, and security.

 In this course, ITIL® processes are grouped into three major

categories for routing operations network services:
– Change management (infrastructure deployment, service
deployment, customer deployment)
– Performance management (SLAs, capacity, availability)
– Fault management (faults, issues, and problems)
 The service desk, with level 2 support staff, is responsible for
change, performance, and fault management.

This course is divided into three major sections, which encompass various components of
ITIL®:
 The change management section describes the processes used for infrastructure
deployment, new service deployment, and deployment of services to individual customers.
 The performance management section describes the methods and processes used to
monitor the operation of the network and services. Monitoring of the network and services
is needed to ensure compliance with service level agreements (SLA), the availability of
adequate capacity (bandwidth, CPU), and the high availability of services (resilience to loss
of resources).
 The fault management section describes the methods and procedures used to identify
faults (physical and logical failures of equipment or software), issues (as reported by
customers), and problems (recurring issues).
A service desk is made up of support personnel that address faults, issues, and problems. This
course focuses on the level 2 support staff the service desk, which is responsible for most
network issues that the first-level support cannot solve.

Level 2 support staff can handle the following tasks

related to routing operations:
 Manage changes in the network
 Monitor and manage performance
 Manage issues:
– Identify issues
– Troubleshoot and solve issues
– Identify problems

A service provider will often design its internal organization in their own way, possibly
following ITIL® or other industry guidelines. The organization also depends on the size of the
service provider. In general, level 2 support staff can handle any of the following tasks related
to routing operations:
 Management of changes in the network: Changes can be anything from minor
modifications with little or no impact on performance to complete redesigns or
deployments of new services networkwide.
 Monitoring and management of performance: Performance monitoring and metering
can include the ability to determine the performance characteristics of control plane
mechanisms, data plane forwarding performance, the performance of individual services,
and compliance with various SLAs.
 Management of issues:
— Identify issues that customers or monitoring servers report. Issues can result from
physical or logical faults, or from misconfigurations.
— Troubleshoot and solve issues using known fixes and workarounds
— Use standard troubleshooting best practices to find solutions for unknown issues.
— Identify problems (recurring issues) and devise generic solutions that can be
suggested to the network engineering department.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-179
ITIL and Routing Operations
Routing-operations-related tasks can be initiated by:
 Customer (service request, reported issue)
 Change manager, change advisory board (CAB), or
emergency committee (EC) initiates major changes (new
service deployment, infrastructure deployment)
 Monitoring server (performance, faults)

Change Manager Change Tic keting Issue End

CAB System User
EC

Monitoring Alert Service

Server Desk

The figure illustrates the users and administrators involved in an ITIL®-based service provider
environment. The service desk, with level 2 support staff, is in the center of the management of
the infrastructure. A ticketing system (process management software) is used to keep track of
individual processes (content, status, resolvers). A “ticket” is used to start a process and keep
track of the process until the process is completed and the ticket is closed. The following are
some examples of processes that can take place in a service provider environment:
 A customer reports an issue using the publically available customer portal of the ticketing
system. The issue is assigned to a support engineer (level 1 or level 2, depending on the
type of customer and issue). The support engineer tries to resolve the issue and close the
ticket. Alternatively, the issue can be escalated to level 3 support personnel or event to
technical assistance of the network device vendor.
 A monitoring server can detect a failure or a monitored value can exceed a threshold,
causing an alert about the issue to be sent to the service desk. The issue can then be
investigated and rated according to its criticality and a solution can be found to mitigate the
issue.
 A change manager can also initiate a task. This might occur when a redesign of a certain
service has been completed and the change must be deployed throughout the network. A
ticket is created, which requires that the service desk implement the changes. Service
providers can have multiple instances of overseers, depending on the criticality of changes
that need to be made. A change advisory board and emergency committee are used to
decide on major changes that may have a high impact on the network and services.

1-180 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Classification of Changes

 Standard change: Standard Change

– Low impact
– Pre-approved (part of design or standard procedures)
 Minor change: Minor Change

– Minimal impact
– May require approval
 Major change: Major Change

– High impact
– Requires approval
 Many tasks in the course will be classified according to their
typical impact on service performance and availability.

Changes that are being implemented can have different importance, scope, and (most
importantly) impact on the network and services.
 Standard changes are typically preapproved and are designed to have a low impact.
 Changes that have a noticeable impact are typically implemented during regularly
scheduled maintenance windows and typically require approval from the change manager
or a higher-level manager.
 Major changes have a high impact. To implement them, you should use one or multiple
maintenance windows.
The course discusses many different types of changes that can result from new deployments or
troubleshooting. These three levels are used to categorize changes according to their impact.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-181
Change Management
This topic describes change management, which is related to routing operations services.

Change Management

 Routing operations services can be divided into two major

components:
– Routing in the service provider core (such as BGP, OSPF,
IS-IS between core routers)
– Routing with customers (such as customer links with static
or BGP routing)
 Change management can include any of the following tasks:
– Adding core and edge routers and integrating them into
existing routing infrastructure
– Changing internal routing policy (IGP)
– Adding customer routers and links and configuring them
to support the required routing services
– Changing customer routing policy (BGP)

Routing operations can be divided into two major components:

 Routing in the service provider core network: Interior gateway protocols (IGPs), such as
Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS)
and internal BGP are used.
 Routing between service provider and customers: Static or external BGP routing is
used.
The major changes that affect these two components are as follows:
 Adding and configuring core and edge service provider routers: To satisfy capacity
requirements, core devices must be added.
 Changing internal routing policy: Path selection inside the service provider network can
be influenced using IGP metric.
 Adding and configuring customer routers and links: Customers must be added when
there is a request.
 Changing customer routing policy: The routing policy for customer reachability to and
from the Internet and other networks can be influenced by changing BGP attributes.

1-182 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Change Management and Routing
Operations

Pure changes are a result of:

 Adding or modifying customer services
 Adding or modifying services (i.e. redesign)
 Adding routers to meet capacity requirements

Autonomous System
EBGP IBGP EBGP
IGP IGP IGP

Edge Core Core Edge

router router router router

Add customer Add edge router Add core router Change internal Change customer
site running BGP running BGP and routing policy routing polic y
and IGP IGP

The figure illustrates a service provider network with all protocols that are required to support
different customer routing requirements:
 IGP inside the service provider core network
 Internal BGP (IBGP) inside the service provider core network
 External BGP (EBGP) between customers and the service provider
To add a new customer, you must configure the edge router, the routing protocol (BGP or static
routing) between the customer and provider edge router, and the customer router. To change a
customer routing policy you must change BGP attributes on the provider edge and customer
routers. To add a new router in the core network to increase the capacity you must do the
following:
 Configure the new router with all the needed protocols (BGP, IGP)
 Integrate the necessary protocols with the existing infrastructure
Changing routing inside service provider core network requires configuration changes on core
routers, where the IGP metric must be changed.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-183
Change Management and Routing
Operations (Cont.)

 Scheduling changes:
– Low-impact or minimal-impact changes can be deployed
at any time
– High-impact changes require a maintenance window
 A detailed deployment plan is required for (at least) high-
impact changes:
– Deployment plan
– Verification procedure
– Rollback plan

Any change can be analyzed to determine its impact on the network and services. Both minor
and major changes may require the use of a scheduled maintenance window during which the
impact on end customers will be minimal, such as at 3 a.m. (0300).
Major changes may be composed of many steps and may take longer to implement. The
detailed deployment plan should be accompanied by a detailed verification plat to ensure that
the service was implemented properly and that it functions as expected. If there is an
implementation failure, a rollback plane must be available to simplify reverting to the original
setup in the shortest possible time.

1-184 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Performance Management
This topic describes the components that are used to monitor and measure the performance of
the network.

Performance Management and Routing

Operations

 Device performance measurement:

– Control plane
– Data plane
 Monitoring of the performance of routing operations:
– SNMP-based monitoring
– Syslog for major events (such as adjacency changes)
– CLI for detailed inspection of performance characteristics
– NetFlow (edge and core) to collect information about
traffic
– IP SLA to measure the performance of the network from
routers

Performance management primarily consists of monitoring network resources. Monitoring of

the control and data planes of monitored devices can be achieved using any of the following
methods:
 Simple Network Management Protocol (SNMP)-based monitoring can be used, in which
case monitoring servers periodically poll routers for the required performance statistics.
Additionally, SNMP traps can be used to inform central servers of significant events in the
network.
 Syslog can be used to send information about significant events to a central syslog server.
 Various CLI commands are available to investigate performance issues once they have
been identified, to determine their causes and possible device actions or plans to improve
performance.
 Cisco routers support NetFlow to collect detailed information about traffic in a central
location. Based on traffic patterns, traffic analysis can then be used to determine
performance characteristics.
 Cisco routers provide the Cisco IOS IP SLA feature, which can be used to measure the
performance of the network and applications from routers. Statistics can be collected via
SNMP or the CLI.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-185
Performance Management and Routing
Operations (Cont.)

 Performance can be measured as:

– Service performance (SLA, link utilization)
– Control plane performance (such as CPU utilization)
– Availability (such as 99.999% uptime; redundancy;
convergence)

Autonomous System
EBGP IBGP EBGP
IGP IGP IGP

Edge Core Core Edge

router router router router

SLA Availability Utilization

The figure illustrates various performance categories:

 Performance of services for individual customers (SLA assurance)
 Control plane performance, such as CPU utilization due to the use of various protocols or
even packet forwarding in the process path
 Data plane performance, such as the utilization of the forwarding capacity of routers,
modules, and links
 Availability, as determined by hardware redundancy, link redundancy, and resilience
mechanisms

1-186 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Performance Management and Routing
Operations (Cont.)

 Performance monitoring can also be used for:

– Capacity planning
– Availability metering
– Service-level assurance
– Help with identifying issues and problems

Performance monitoring and analysis can be used to determine the performance characteristics
of the network and of services, as well as to aid in capacity planning. Additionally,
performance monitoring can be used for SLA assurance and to help identify issues in the
network that may not be otherwise detected.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-187
Fault Management
This topic describes fault management processes related to routing operations services.

Fault Management and Routing

Operations

 Identify issues:
– Reported by customers
– Derived from monitoring systems:
 SNMP traps (such as exceeded thresholds)
 Syslog messages
 Manual (such as unusual changes in graphs)
 Solve issues:
– Known issues with known fixes or workarounds
– New issues with new fixes or workarounds
 Identify problems:
– Recurring issues constitute a problem
– Propose permanent solutions or escalate the problem

Fault management tasks require that the service desk detect faults and issues and provide fixes
or escalation to level 3 support.
Faults and issues can be identified in two ways:
 Customers report issues when their services fail.
 The service desk receives alerts from the monitoring systems indicating a failure or an issue
that needs resolution.
Known issues may already have known fixes that can be deployed quickly. Unknown issues
may require more troubleshooting. Changes that are required to resolve an issue should be
examined for their potential impact on the network and other services.
If the service desk determines that there is a significant number of recurring issues then it
should escalate it to level 3 support. This problem needs detailed analysis and a potential
change to the design. An upgrade of router software or some other action that will ensure that
the problem is resolved may be also needed.

1-188 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Fault Management and Routing
Operations (Cont.)

 Sources of failures:
– Physical failures (link, device)
– Software failures (bug, misconfiguration)

Autonomous System
EBGP IBGP EBGP
IGP IGP IGP

Edge Core Core Edge

Router Router Router Router

Link Failure Device Failure Protocol

Misconfiguration

The figure illustrates hardware and software failures that can result in different levels of service
degradation or service loss. A customer link failure, for example, will result in the loss of
service for a single customer. A core link failure, on the other hand, will result in temporary
loss of service to many customers while the network is converging. A sudden protocol failure is
typically a result of a software bug that only happens after a certain time and may result in
many different issues. Protocol failure can also be a result of a denial of service (DoS) attack if
security is not implemented properly.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-189
Fault Management and Routing
Operations (Cont.)

 Failure criticality:
– Customer service loss (such as routing or link between
customer and service provider goes down)
– Total service loss (such as routing or link in service
provider core goes down)
– Service degradation (such as reduced bandwidth for
services due to lost link in an EtherChannel)
– Reduced level of resilience (such as primary link goes
down)

Failures may have different criticalities:

 Customer service loss, such as occurs when routing or a link goes down, may be regarded
as highly critical for the customer, but not that critical for the service provider.
 Total service loss, such as occurs when routing protocols, devices, or links inside the
provider network go down, may result in total loss of service for many or all customers.
This service loss is a highly critical failure. Such failures would first have to be mitigated to
restore services and then investigated to determine the reasons for the failure. After that,
appropriate actions can be taken to prevent future reoccurrence of the failure.
 Service degradation, such as reduced bandwidth for services due to a lost link in an
EtherChannel will typically not be very critical. In this case, service is not lost, but the
performance may be degraded.
 Reduced level of resilience is also a result of a failed resource when a redundant resource is
available. Failing to mitigate the failure increases the chances of the redundant resource
failing sometime in the future, thus causing a complete failure.

1-190 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

Summary

 Use ITIL® processes to manage services and infrastructure.

 Manage day-to-day routing operations:
– Change management
– Performance management
– Fault management
 Consider impact of changes:
– Standard changes—low impact
– Minor changes—minimal impact
– Major changes—high impact
 Use scheduled maintenance windows for changes to
minimize impact on network and services.

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-191
Lesson Self-Check
Use the questions here to review what you learned in this lesson. The correct answers and
solutions are found in the Lesson Self-Check Answer Key.
Q1) ITIL® is which two of these? (Choose two.) (Source: ITIL Overview)
A) a library of books with IT content
B) a collection of configuration templates for service provider network devices
C) a set of best practices, concepts, and policies for managing IT
D) a registered trademark of the U.K. OGC
Q2) Classify the following changes with severity levels according to their impact on
network services operations. (Source: Change Management)
A) _________ Change IGP inside the service provider network from OSPF to IS-
IS
B) _________ Change the IGP metric to influence path selection inside a service
provider network.
C) _________ Upgrade network devices with more powerful models.
D) _________ Change customer routing policy to influence path selection.

Severity levels:
_____ 1. standard
_____ 2. minor
_____ 3. major
Q3) Which three of these can be used for performance management? (Choose three.)
(Source: Performance Management)
A) SNMP monitoring
B) syslog monitoring
C) SMTP monitoring
D) NetFlow

1-192 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Lesson Self-Check Answer Key
Q1) C, D
Q2) A-3, B-2, C-1, D-3
Q3) A, B, D

© 2010 Cisco Systems, Inc. Service Provider Routing Operation Processes 1-193
1-194 Maintaining Cisco Service Provider Routing Protocols (MSPRP) v1.0 © 2010 Cisco Systems, Inc.
Module Summary
This topic summarizes the key points that were discussed in this module.

Module Summary

 ISPs provide IP connectivity within the Internet:

– To end customers
– To subordinate ISPs
– To upstream ISPs
– To other ISPs through exchange points or direct peerings
 Use prefix-based filtering for security, AS path-based filtering for
flexibility, and route maps or route policies to implement complex
routing policies.
 Identify management processes and procedures based on ITIL ®:
– Change management
– Performance management
– Fault management
 Use ITIL® processes to manage services and infrastructure; also
use scheduled maintenance windows for changes to minimize the
impact on the network and on services.

This module identified service provider routing requirements, solutions, and processes for
change, performance, and fault management. It discussed typical routing requirements in
service provider networks. The module described how an ISP provides IP connectivity within
the Internet to customer and other ISPs. Routing solutions were listed and described based on
typical examples. This module also presented the basics of prefix-based filtering, AS path-
based filtering, and route maps or route policies. The module advised the use of ITIL®
processes to manage services and infrastructure. You should also use scheduled maintenance
windows for changes to minimize the impact on network and services.

HCIP-Datacom-Advanced Routing Switching Technology V1.0 Lab Guide
100% (2)
HCIP-Datacom-Advanced Routing Switching Technology V1.0 Lab Guide
127 pages
Sheet6 ch6
No ratings yet
Sheet6 ch6
7 pages
BGP Security Exam Guide 20-04-2023
No ratings yet
BGP Security Exam Guide 20-04-2023
10 pages
CCNP Encor-Course Content
No ratings yet
CCNP Encor-Course Content
2 pages
Internet Control Message Protocol (Icmp) : Name: Kunal Jangra: Shivam Tripathi Enrolment No.: A2305219630: A2305219629
No ratings yet
Internet Control Message Protocol (Icmp) : Name: Kunal Jangra: Shivam Tripathi Enrolment No.: A2305219630: A2305219629
15 pages
Border Gateway Protocol Second Edition
From Everand
Border Gateway Protocol Second Edition
Gerardus Blokdyk
No ratings yet
HPE4-A52 Exam Valid Dumps
No ratings yet
HPE4-A52 Exam Valid Dumps
12 pages
Config Asvpn
No ratings yet
Config Asvpn
5 pages
Be - Electronics and Telecommunication Engineering - Semester 8 - 2023 - May - Mobile Computing MC 2019 Pattern
No ratings yet
Be - Electronics and Telecommunication Engineering - Semester 8 - 2023 - May - Mobile Computing MC 2019 Pattern
2 pages
BRKENS-2810 SDA Fundamentals
No ratings yet
BRKENS-2810 SDA Fundamentals
81 pages
Mastering Active Directory
From Everand
Mastering Active Directory
VICTOR P HENDERSON
No ratings yet
AirSpan C5x Commissioning Document
94% (16)
AirSpan C5x Commissioning Document
34 pages
BGP
No ratings yet
BGP
64 pages
Network Security Lab
No ratings yet
Network Security Lab
101 pages
Network Behavioral Anomaly Detection (NBAD)
100% (1)
Network Behavioral Anomaly Detection (NBAD)
46 pages
CS 2204 - Written Assignment Unit 4 Final
No ratings yet
CS 2204 - Written Assignment Unit 4 Final
2 pages
Troubleshooting IP Routing Protocols
100% (1)
Troubleshooting IP Routing Protocols
913 pages
H12-221 - V2.5-Enu V8.02
100% (1)
H12-221 - V2.5-Enu V8.02
164 pages
FGSP Configuration Guide
No ratings yet
FGSP Configuration Guide
12 pages
NetBackup Troubleshoot Guide
0% (1)
NetBackup Troubleshoot Guide
608 pages
5.3.2.8 Packet Tracer - Examine The ARP Table (Finish)
100% (11)
5.3.2.8 Packet Tracer - Examine The ARP Table (Finish)
4 pages
Cisco Isr4431-Axv-K9 (Cisco) (Cisco
No ratings yet
Cisco Isr4431-Axv-K9 (Cisco) (Cisco
4 pages
MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417
From Everand
MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417
William Panek
No ratings yet
CCNA RSE Chp3
No ratings yet
CCNA RSE Chp3
36 pages
Windows Server 2008 For Dummies
From Everand
Windows Server 2008 For Dummies
Ed Tittel
No ratings yet
Definitive DNS For Engineers
No ratings yet
Definitive DNS For Engineers
2 pages
drbd9 Iscsi Rhel8
No ratings yet
drbd9 Iscsi Rhel8
19 pages
Symantec Netbackup 7.5 For Unix: Install, Configure, and Deploy (Appendix B)
No ratings yet
Symantec Netbackup 7.5 For Unix: Install, Configure, and Deploy (Appendix B)
338 pages
VLSM Examples2 PDF
No ratings yet
VLSM Examples2 PDF
6 pages
Mikrotik Load Balancing 2 ISP
100% (1)
Mikrotik Load Balancing 2 ISP
5 pages
BRSK V1
No ratings yet
BRSK V1
7 pages
Integration Island: Gede Bhuana Tejasaputra SMK Negeri 3 Singaraja
No ratings yet
Integration Island: Gede Bhuana Tejasaputra SMK Negeri 3 Singaraja
66 pages
Scrip Mikrotik
No ratings yet
Scrip Mikrotik
16 pages
3PAR Remote
No ratings yet
3PAR Remote
119 pages
Computer System Servicing NCII: Marvin B. Broñoso
No ratings yet
Computer System Servicing NCII: Marvin B. Broñoso
17 pages
NAT PAT Overview
No ratings yet
NAT PAT Overview
22 pages
Perl Loops
No ratings yet
Perl Loops
18 pages
CCNP1 Labs All in One
No ratings yet
CCNP1 Labs All in One
216 pages
Android Wi Fi
No ratings yet
Android Wi Fi
21 pages
Ipv6 For PPP Broadband Access: Technical Report
No ratings yet
Ipv6 For PPP Broadband Access: Technical Report
32 pages
Ospfv2 PDF
No ratings yet
Ospfv2 PDF
4 pages
HCIE-Routing & Switching V3.0 Mock Exam
100% (1)
HCIE-Routing & Switching V3.0 Mock Exam
4 pages
DB2 v11.1 - Database Security Guide - Secbook
No ratings yet
DB2 v11.1 - Database Security Guide - Secbook
400 pages
VMW Vcap NV Design Exam Preparation Guide
No ratings yet
VMW Vcap NV Design Exam Preparation Guide
3 pages
ZFS Overview
No ratings yet
ZFS Overview
40 pages
2.2 Storage and Database Services
No ratings yet
2.2 Storage and Database Services
64 pages
IBM Spectum Virtualize 3-Site Replication
No ratings yet
IBM Spectum Virtualize 3-Site Replication
188 pages
IBM TechDoc 1 PDF
No ratings yet
IBM TechDoc 1 PDF
695 pages
TSHOOT Exam Guide v3.2
100% (3)
TSHOOT Exam Guide v3.2
42 pages
VIOS
No ratings yet
VIOS
28 pages
PWX 101 (CDC) GuideForLinux (UNIX) AndWindows en PDF
No ratings yet
PWX 101 (CDC) GuideForLinux (UNIX) AndWindows en PDF
298 pages
Answer Key To Lab Exercises
No ratings yet
Answer Key To Lab Exercises
58 pages
Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
No ratings yet
Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
244 pages
Exchange Server 2010 Administration: Real World Skills for MCITP Certification and Beyond (Exams 70-662 and 70-663)
From Everand
Exchange Server 2010 Administration: Real World Skills for MCITP Certification and Beyond (Exams 70-662 and 70-663)
Joel Stidley
4/5 (1)
G - TM - AIX Basic - R1.0
No ratings yet
G - TM - AIX Basic - R1.0
214 pages
Cisco DCNM Fundamentals Guide, Release 10.4
No ratings yet
Cisco DCNM Fundamentals Guide, Release 10.4
168 pages
EDB116 CG v1.0 SS
No ratings yet
EDB116 CG v1.0 SS
12 pages
Adding Cisco Ios XRV Image To Eve-Ng Lab
No ratings yet
Adding Cisco Ios XRV Image To Eve-Ng Lab
2 pages
DRBD Trouble
No ratings yet
DRBD Trouble
13 pages
PostgreSQL 9.1
No ratings yet
PostgreSQL 9.1
1,957 pages
Hands-On With BTRFS: Course ATT1800 Lecture Manual September 6,2012
No ratings yet
Hands-On With BTRFS: Course ATT1800 Lecture Manual September 6,2012
52 pages
Argos 2015 11 25 - Couchbase Architecture
No ratings yet
Argos 2015 11 25 - Couchbase Architecture
31 pages
Nbu NDMP Backup
No ratings yet
Nbu NDMP Backup
37 pages
PT15510 PDF
No ratings yet
PT15510 PDF
4 pages
B SRV Install Guide Aix PDF
No ratings yet
B SRV Install Guide Aix PDF
216 pages
DB2 10.5 License Files
No ratings yet
DB2 10.5 License Files
4 pages
LDAP Intergration With AIX, Linux and DB2
No ratings yet
LDAP Intergration With AIX, Linux and DB2
17 pages
Sed, A Stream Editor - by Ken Pizzini, Paolo Bonzini PDF
No ratings yet
Sed, A Stream Editor - by Ken Pizzini, Paolo Bonzini PDF
38 pages
DB2 105 FP7SAP Upgrade2
No ratings yet
DB2 105 FP7SAP Upgrade2
57 pages
Network Layer - Routing
No ratings yet
Network Layer - Routing
83 pages
DCUFT50SG Vol1
No ratings yet
DCUFT50SG Vol1
296 pages
VMware Horizon View Essentials
From Everand
VMware Horizon View Essentials
Peter von Oven
No ratings yet
Telemetry Deployment VXLAN EVPN
No ratings yet
Telemetry Deployment VXLAN EVPN
85 pages
Academic Workshop Course Book
No ratings yet
Academic Workshop Course Book
377 pages
How CDC Refresh Works Mar 2010 EXT
No ratings yet
How CDC Refresh Works Mar 2010 EXT
9 pages
Extending Puppet - Second Edition
From Everand
Extending Puppet - Second Edition
Alessandro Franceschi
No ratings yet
Blog Ine Com 2012-10-01 Ccie Rs Ts Lab 1 For Gns3
No ratings yet
Blog Ine Com 2012-10-01 Ccie Rs Ts Lab 1 For Gns3
1 page
Academic Workshop Course Book
No ratings yet
Academic Workshop Course Book
329 pages
IOS XR Routing Policy Language
No ratings yet
IOS XR Routing Policy Language
17 pages
Best Practice For DB2 On AIX 61-Sg247821
No ratings yet
Best Practice For DB2 On AIX 61-Sg247821
426 pages
DB2 Vs Oracle
No ratings yet
DB2 Vs Oracle
61 pages
DB2 Security
No ratings yet
DB2 Security
290 pages
Networker Performance Tuning PDF
No ratings yet
Networker Performance Tuning PDF
49 pages
Db2 Components & Basics 1
No ratings yet
Db2 Components & Basics 1
18 pages
Db2udb To PG
No ratings yet
Db2udb To PG
44 pages
Openvms Cluster
No ratings yet
Openvms Cluster
354 pages
IBM TSAMP Upgrade Procedure
No ratings yet
IBM TSAMP Upgrade Procedure
19 pages
Connect Direct
No ratings yet
Connect Direct
128 pages
Mysql and Zfs
No ratings yet
Mysql and Zfs
20 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.