Wednesday, 22 April 2020

EIGRP


Enhanced Interior Gateway Routing Protocol (EIGRP) is still a part of CCNP/CCIE curriculum so I am using this post for exam preparation or trouble shooting purposes.  Believe it or not you can still see this protocol being in use in commercial environments but it is not part of the new Cisco CCNA exam.

About EIGRP:
-          EIGRP replaced IGRP in 1993, initially Cisco proprietary now partially open standard 
        described in RFC7868 classless routing protocol
-          Hybrid routing protocol/Advanced distant routing protocol
-          uses DUAL algorithm (Diffusing update algorithm)
-          uses protocol number 88
-          protocol independent, uses multicast address 224.0.0.10 and FF02::A for IPv6
-          Supports unequal load balancing (Advantage over link-state protocols)
-          provides fast convergence (Advantage over link-state protocols)


EIGRP terminology:
-          Successor – next-hop router with the lowest path metric
-          Feasible Successor (FS) – backup route to the destination
-          Reported Distance (RD) – cost between next hop and a destination
-          Feasible distance (FD) – cost to the destination (cost to the next hop + RD)
-          Active route – route for which Query process is being used to find a loop free alternative route (i.e. when the link goes down)
-          Passive route – route that is ready to be used (no longer calculated by DUAL)


EIGRP Tables:
-          Neighbor Table – lists of all neighbors
-          Topology Table – list of all prefixes
-          Routing Table – best routes (Successors)

EIGRP Packet types:
   Uses RTP (Reliable Transport Protocol) to exchange information
-          Hello – forms relationship / keep alive
-          Update – updates can be partial or full routing table (only sent when forming neighbour)
-          Query – i.e. query is send when there is no Feasible Successor (FS)
-          Replay – response to the query
-          Ack – acknowledgment to the update, query or reply messages


EIGRP Metric calculation
-          by default Bandwidth and Delay are being used, K1 and K3 both have the value of 1
-          by default K2, K4 and K5 are set to 0
-          latency is measured in microseconds, reference bandwidth 10Gbps

EIGRP Wide metrics
-          was implemented to help with higher-capacity links(up to 655Tbps), K6 value was added
-          by default K6 is 0 which makes it backward compatible
-          latency is measured in picoseconds

EIGRP troubleshooting (things to remember)
-          by default hello timer is 5 seconds (60sec on older slower links)
-          hold timer is 3x Hello timer
-          to form neighbor relationship EIGRP ASN numbers must match, K values must match, if authentication is used password and keys must match
-          when router detects the loss of Successor, Feasible Successor is being used and the Update is being send and every router that receive it will run DUAL
-          when router detects the loss of Successor and there is no Feasible Successor, route state changes from passive to active and DUAL will send a Query to EIGRP neighbors

Stuck in active (SIA) – this happens when there is no reply within 3 minutes often caused by high CPU and memory usage, packet drop or unidirectional links.

Wednesday, 15 April 2020

Multicast - Part 1


Multicast transmission is communication a method that allows send traffic from the source to the group of receivers simultaneously. Multicast communication relays on Internet Group Management Protocol (IGMP) and Protocol Independent Multicast (PIM).





IP Multicast concept:
-receivers use Internet Group Management Protocol (IGMP) to join multicast groups – Layer 2
-protocol Independent Multicast (PIM) is used to route multicast traffic(Layer 3)
-only members of the group receive data
-once send information to the group address all members receive it
-non members can send information to a group
-source address can never be a Class D multicast group address.




IPv4 address space reserved for Multicast is 224.0.0.0 – 239.255.255.255 (Class D) which includes:
 
1. 224.0.0.0 – 224.0.0.255 – Reserved Link-Local Address ie:
- 224.0.0.5 – used by OSPF all routers
-224.0.0.6 – used by OSPF DRs
-224.0.0.9 – used by RIP
-224.0.0.10 – used by EIGRP
-224.0.0.13 – All PIM routers

2. 224.0.1.0 – 238.255.255.255 – Globally Scoped Addresses 

   a) 224.0.1.0 - 224.0.1.255 - Internetwork Control Block i.e.:
   -224.0.1.1 – NTP Network Rime Protocol
   -224.0.1.32 – Mtrace routers
   -224.0.1.39 – cisco-rp-announce
   -224.0.1.40 - cisco-rp-discovery 

   b) 232.0.0.0 – 232.255.255.255 – Source Specific Multicast (SSM) addresses, default range used by SSM which is a PIM extension (RFC 4607) 

   c)233.0.0.0 – 233.255.255.255 – GLOP Block (The assignment is made, for a domain with a 16bit  Autonomous System Number (ASN))

   d) 239.0.0.0-239.255.255.255-Administratively Scoped IP addresses


More details about IPv4 addresses (IANA):
https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml#multicast-addresses-2



Internet Group Management Protocol (IGMP) is the layer 2 protocol used by receivers to join multicast groups (i.e. between the receiver and its gateway).
 




We have tree versions on IGMP, here is the brief:
-         in IGMPv1 – JOIN message is send to the router, there is a 60s timer on the router that will request an update from the receiver if it still needs to belong to the group
-         in IGMPv2 – Receiver sends JOIN group message as well as the LEAVE group message
-         in IGMPv3 – Receiver sends JOIN group message, LEAVE group message and define SOURCE IP for multicast traffic (if there is more than one source),  two different modes are available: include mode and exclude mode.

IGMP snooping is used by i.e. switch to learn about multicast traffic so it can use the information to be forwarded to receivers, benefits:
-Optimized bandwidth utilization
-Security – prevents denial of service attacks from unknown sources

IGMP filtering can be used to control:
-           specific multicast groups membership
-          number of multicast groups per port/interface
-          version of IGMP allowed

What is Protocol Independent Multicast (PIM)?
-         multicast routing protocol necessary to route multicast traffic used by routers to locate and request multicast streams utilize Distribution Trees that define the path that multicast traffic follows through the network. There are two types of distribution trees: source trees (Shortest Path Trees - SPT) and shared trees (RPT)

PIM control messages:

-          use IP protocol 103
-          unicast or multicast
-          TTL value of 1
-          All PIM router address 224.0.0.13
-          by default “Hello” messages are being send every 30 seconds



Source three – multicast distribution tree often referred as SPT, source is the root of the tree and the branches are all the way through the network to receivers, known by the notation (S, G) where “S” is the source and “G” is the multicast group
Shared trees – multicast distribution tree where the root is the designated router as the rendezvous point (RP) not the source (S) of the multicast traffic. Shared trees are also known as RP trees (RPTs). Traffic is being forwarded to the group address regardless of the source, notation (*,G). Advantage is that RPT require fewer multicast entries (*,G) and (S,G). Downside is that receivers receive traffic from all multicast sources which will cause lots of unwanted traffic, waste of bandwidth and also it opens potential security risk (unwanted packets send to receivers).

PIM operating modes:

-          PIM dense Mode
-          PIM Sparse Mode
-          PIM Sparse Dense Mode
-          PIM Bidirectional Mode
-          PIM Source Specific Multicast Mode




Plumbing... QoS

Rule no 1. QoS does not help in situations where there is no enough bandwidth but helps optimize performance by prioritization of the traffi...