1 / 111

CIS 185 CCNP ROUTE Ch. 5 Implementing Path Control

CIS 185 CCNP ROUTE Ch. 5 Implementing Path Control. Rick Graziani Cabrillo College graziani@cabrillo.edu Last Updated: Fall 2011. Materials. Book: Implementing Cisco IP Routing (ROUTE) Foundation Learning Guide: Foundation learning for the ROUTE 642-902 Exam By Diane Teare Book

zada
Download Presentation

CIS 185 CCNP ROUTE Ch. 5 Implementing Path Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 185 CCNP ROUTECh. 5 Implementing Path Control Rick Graziani Cabrillo College graziani@cabrillo.edu Last Updated: Fall 2011

  2. Materials • Book: • Implementing Cisco IP Routing (ROUTE) Foundation Learning Guide: Foundation learning for the ROUTE 642-902 Exam • By Diane Teare • Book • ISBN-10: 1-58705-882-0 • ISBN-13: 978-1-58705-882-0 • eBook • ISBN-10: 0-13-255033-4 • ISBN-13: 978-0-13-255033-8

  3. Topics • Concepts of Path Control • Path Control with Offset Lists • Path Control with Cisco IOS IP SLAs • Path Control with Policy Based Routing

  4. Concepts of Path Control • Path Control is controlling the path that traffic takes through a network when there are: • Redundant paths • Asymmetric paths (form of redundancy) • Three tools for path control are detailed: • Offset lists • Cisco IOS IP service level agreements (SLAs) • Policy Based Routing (PBR)

  5. When a network includes redundancy, other considerations include the following: • Resiliency: The ability to maintain an acceptable level of service when faults occur. • Redundancy does not guarantee resiliency. • Redundant links does not automatically result in the backup link being used if the primary link fails. • Availability: The time required for a routing protocol to learn about a backup path when a primary link fails is the convergence time. • Fast-converging routing protocol and tuning parameters. • Adaptability: The ability of the network to adapt to changing conditions. • Example: A redundant path could be activated when the primary path becomes congested, not only when it fails. • Performance: Improve network performance by tuning routers to load share across multiple links, making more efficient use of the bandwidth. • Support for network and application services: More advanced path control solutions involve adjusting routing for specific services, such as security, optimization, and quality of service (QoS).

  6. Asymmetric Traffic • Predictability: Need to have the path control solution be deterministic and predictable . • Traffic is bidirectional by nature • Consider both upstream and downstream traffic • Asymmetric traffic: Traffic that flows one on path in one direction and on a different path in the opposite direction. • Not a negative trait • Most routing protocols, there are no specific tools to control traffic direction • Border Gateway Protocol (BGP) includes a good set of tools to control traffic in both directions

  7. Path Control Tools • A good addressing design: • Summarizable address blocks • Classless interdomain routing (CIDR) aggregation that align with the physical topology • 10.0.0.0/8 summary is advertised from both routers • More specific route for 10.1.80.0/24 is advertised from the right-hand router, providing direct access to those subnets. • Resulting traffic flows are: • Deterministic (you have determined the paths) • More resilient (if one path fails the other path will automatically be used)

  8. Redistribution and other routing protocol characteristics: The capabilities of the routing protocol used can help implement a path control strategy more effectively

  9. Passive interfaces: As we learned previously passive interfaces prevent a routing protocol’s routing updates from being sent through the specified router interface. • Other tools include the following: • Distribute lists • Prefix lists • Administrative distance • Route maps • Route tagging • Offset lists • Cisco IOS IP SLAs • PBR

  10. Using Offset Lists to Control Path Selection Router(config-router)# offset-list {access-list-number | access-list-name} {in | out} offset [interface-type interface-number] • Router configuration command • Used to increase incoming or outgoing metrics • Offset Lists are only used with distance vector routing protocols • Optionally can be implemented using an access list or per interface

  11. Router(config-router)# offset-list {access-list-number | access-list-name} {in | out} offset [interface-type interface-number] • The offset value is added to the routing metric. • An offset list that specifies an interface is considered to be an extended list and takes precedence over an offset list that is not extended.

  12. s0/0 • An organization is using RIP and is connected to the Internet service providers (ISP) via edge routers R4 and R5. • The metric between routers R2 and R5 is smaller than the metric between routers R2 and R4 • Want R2 to prefer the path toward the edge router R4 for a specific set of destinations • An offset list can be used to accomplish this.

  13. s0/0 +2 172.16.0.0/16 subnets R2(config)# router rip R2(config-router)# offset-list 21 in 2 serial 0/0 R2(config)# access-list 21 permit 172.16.0.0 0.0.255.255 • Adds an offset of 2 to the metric of routes learned from interface serial 0/0 that are permitted by access list 21. • Access list 21 would permit a specific set of routes (172.16.0.0/16 subnets) being learned from R5. • Other routes would be learned but this offset would not be applied.

  14. Verifying Path Control Using Offset Lists • show ip route • show ip eigrp topology • debug ip rip • debug ip eigrp • traceroute

  15. Cisco IOS SLAs

  16. Using Cisco IOS IP SLAs to Control Path Selection • Cisco IOS IP SLAs send simulated data across the network and measures performance between multiple network locations or across multiple network paths. • The information collected includes data about: • response time • one-way latency • jitter (interpacket delay variance) • packet loss • voice quality scoring • network resource availability • application performance • server response time

  17. Cisco IP SLA • IP SLA, feature of Cisco IOS software allows you to configure a router to send synthetic traffic to: • A host computer • Router that has been configured to respond (Responder)

  18. Router(config)# ip route 0.0.0.0 0.0.0.0 ser0/0 Router(config)# ip route 0.0.0.0 0.0.0.0 ser0/1 • Edge router: • Connected to two ISPs • Running NAT and load balancing • Using two static default routes • If there is a direct failure on the link to one ISP, the other link can still be used • However, if the infrastructure within of one of the ISPs fails and the link to that ISP remains up, the edge router would continue to use that link; the static default route would still be valid.

  19. BGP Router(config)# ip route 0.0.0.0 0.0.0.0 ser0/0 Router(config)# ip route 0.0.0.0 0.0.0.0 ser0/1 • There are multiple solutions to this issue. • Run a dynamic routing protocol with the ISPs: • Impractical for smaller branch offices • Requires additional interaction and integration with the ISPs • May be the best solution for critical branch offices or those with large traffic volumes.

  20. X DNS DNS Router(config)# ip route 0.0.0.0 0.0.0.0 ser0/0 Router(config)# ip route 0.0.0.0 0.0.0.0 ser0/1 • Use static routes or PBR: • Make them subject to reachability tests toward critical destinations, such as the DNS server within the ISP. • If the DNS servers in one of the ISPs go down or are unreachable, the static default toward that ISP would be removed. • These reachability tests can be performed with Cisco IOS IP SLAs: • Frequently probe the DNS servers • Static routes attached to the success of these probes

  21. In its simplest form, IP SLAs verifies whether a network element is active and responsive for example: • IP address on a router interface • Open TCP port on a host • Cisco IOS IP SLAs are also accessible using Simple Network Management Protocol (SNMP) • Can be used by performance monitoring applications such as CiscoWorks Internetwork Performance Monitor (IPM). • Allows the router to receive alerts when performance drops below a specified level and when problems are corrected. • These thresholds can trigger additional events and actions.

  22. For more information on SNMP… • http://www.cisco.com/en/US/docs/internetworking/technology/handbook/SNMP.html

  23. IP SLA Operation • IOS IP SLAs measurements perform active monitoring by generating and analyzing traffic to measure performance: • Between Cisco IOS Software devices • Between a Cisco IOS device and a host • Each of these is a different type of IP SLA operation • With the IP SLAs feature enabled, a router sends synthetic traffic to the other device

  24. IP SLAs Operations Generated ICMP traffic to measure network response IP SLAs Source DNS Server R1 R2 There are two types of IP SLAs operations: • Those in which the target device is not running the IP SLAs responder component (such as a web server or IP host). • Mostly ICMP generated traffic. • Those in which the target device is running the IP SLAs responder component (such as a Cisco router). • Measurement accuracy is improved when the target is a responder. • Additional statistics can be gathered. Generated traffic to measure the network IP SLAs Responder IP SLAs Source R1 R2 MIB data retrieved via SNMP

  25. IP SLAs responder is a component embedded in the destination Cisco device that allows the system to anticipate and respond to IP SLAs request packets. • The responder provides accurate measurements without the need for dedicated probes. • Only a Cisco IOS device can be a source for a destination IP SLAs Responder • All SLA probes are configured on the SLA Source • CLI • SNMP • Source sends probe packets to the target

  26. IP SLAs Operation with Responder • The following sequence of events occurs for each IP SLAs operation that requires a responder on the target…

  27. IP SLA Source IP SLA Responder Control Message: Ask Receiver to Open UDP Port 2020 1 IP SLAs-Control UDP Port 1967 Control Phase Step 1 • At the start of the control phase… • IP SLAs source sends a control message with the configured IP SLAs information to Responder’s control port UDP 1967 • Control message includes the protocol, port number, and duration of the operation. • UDP port 2020 is used for the IP SLAs test packets. • MD5 authentication can be used

  28. IP SLA Source IP SLA Responder Control Message: Ask Receiver to Open UDP Port 2020 1 IP SLAs-Control UDP Port 1967 Control Phase 2 Responder says OK Step 2 • After the responder processes the control message… • Sends an OK message back to the source • Listens on the port specified in the control message (2020) for a specific duration. • If the responder cannot process the control message, it returns an error. • If the IP SLAs source does not receive a response from the responder, it tries to retransmit the control message and will eventually time out if it does not receive a response.

  29. IP SLA Source IP SLA Responder Control Message: Ask Receiver to Open UDP Port 2020 1 IP SLAs-Control UDP Port 1967 Control Phase 2 Responder says OK Start Listening on UDP Port 2020 3 Sending Test Packets… IP SLAs-Test Probing Phase Step 3 • If an OK message is returned… • Source IP SLAs operation moves to the probing phase • Sends one or more test packets to the responder to compute response times. • The test messages are sent on control port 2020. UDP Port 2020

  30. IP SLA Source IP SLA Responder Control Message: Ask Receiver to Open UDP Port 2020 1 IP SLAs-Control UDP Port 1967 Control Phase 2 Responder says OK Start Listening on UDP Port 2020 3 Sending Test Packets… IP SLAs-Test Probing Phase Step 4 • The responder accepts the test packets and responds with time-stamp information. • See section in book on “SLAs with Responder Time Stamps” • The responder disables the user-specified port after it responds to the IP SLAs measurements packet or when the specified time expires. UDP Port 2020 4 Done: Stop Listening

  31. Configuring Path Control using IOS IP SLAs Router(config)# ip sla operation-number The following steps are required to configure Cisco IOS IP SLA functionality: Step 1 Define one or more probes Step 2 Define one or more tracking objects Step 3 Define the action on tracking object Note: Effective with Cisco IOS Release 12.4(4)T, 12.2(33)SB, and 12.2(33)SXI, the ip sla monitor command is replaced by the ip sla command.

  32. Router(config)# ip sla monitor operation-number Router(config-rtr)# icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}| source-interface interface-name] or Router(config-rtr)# type echo protocol ipIcmpEcho{destination-ip-address | destination-hostname} [source-ipaddr {ip-address | hostname} | source-interface interface-name] R1(config)# ip sla 1 R1(config-ip-sla)# ? IP SLAs entry configuration commands: dhcp DHCP Operation dns DNS Query Operation exit Exit Operation Configuration frame-relay Frame-relay Operation ftp FTP Operation http HTTP Operation icmp-echo ICMP Echo Operation icmp-jitter ICMP Jitter Operation path-echo Path Discovered ICMP Echo Operation path-jitter Path Discovered ICMP Jitter Operation slm SLM Operation tcp-connect TCP Connect Operation udp-echo UDP Echo Operation udp-jitter UDP Jitter Operation voip Voice Over IP Operation R1(config-ip-sla)# • Effective with Cisco IOS Release 12.4(4)T, 12.2(33)SB, and 12.2(33)SXI, the • type echo protocol ipIcmpEcho command is replaced by the • icmp-echocommand. Step 1 Define one or more probes • There are several SLA probes that can be used. • We will focus on using the ICMP Echo operation.

  33. icmp-echo Command Example R1(config-ip-sla)# icmp-echo 209.165.201.30 R1(config-ip-sla-echo)# ? IP SLAs echo Configuration Commands: default Set a command to its defaults exit Exit operation configuration frequency Frequency of an operation history History and Distribution Data no Negate a command or set its defaults owner Owner of Entry request-data-size Request data size tag User defined tag threshold Operation threshold in milliseconds timeout Timeout of an operation tos Type Of Service verify-data Verify data vrf Configure IP SLAs for a VPN Routing/Forwarding in-stance R1(config-ip-sla-echo)# • Although many command options exist, the focus of this section will be on frequency and timeout commands.

  34. icmp-echo Sub-Commands Router(config-ip-sla-echo)# frequency seconds • Set the rate at which a specified IP SLAs operation repeats. • The seconds parameter is the number of seconds between the IP SLAs operations with the default being 60 seconds. Router(config-ip-sla-echo)# timeout milliseconds • Set the amount of time a Cisco IOS IP SLAs operation waits for a response from its request packet. • The milliseconds parameter is the number of milliseconds (ms) the operation waits to receive a response from its request packet.

  35. Router(config)# ip sla monitor operation-number Router(config-rtr)# icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}| source-interface interface-name] Router(config-rtr)# frequency seconds Router(config-rtr)# timeout millisecond

  36. Schedule an IP SLA Operation • Schedule an IP SLA operation. Router(config)# ip sla schedule operation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [month day | day month] | pending | now | after hh:mm:ss}] [ageout seconds] [recurring]] • Note: • Effective with Cisco IOS Release 12.4(4)T, 12.2(33)SB, and 12.2(33)SXI, the ip sla monitor schedule command is replaced by the ip sla schedule command.

  37. The ip sla schedule Command Parameters

  38. Router(config)# ip sla monitor operation-number Router(config-rtr)# icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}| source-interface interface-name] Router(config-rtr)# frequency seconds Router(config-rtr)# timeout millisecond Router(config)# ip sla scheduleoperation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [monthday | daymonth] | pending | now | afterhh:mm:ss}] [ageoutseconds] [recurring] • Configures the scheduling parameters for a single Cisco IOS IP SLAs probes.

  39. Step 2: Configure IP SLA Object Tracking • Define tracking objects, to track the state of IP SLAs operations such as is the device reachable. Router(config)# track object-number ip sla operation-number {state | reachability} • Note: • Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE and Cisco IOS XE Release 2.4, the track rtr command is replaced by the track ip sla command.

  40. Router(config)# ip sla monitor operation-number Router(config-rtr)# icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}| source-interface interface-name] Router(config-rtr)# frequency seconds Router(config-rtr)# timeout millisecond Router(config)# ip sla scheduleoperation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [monthday | daymonth] | pending | now | afterhh:mm:ss}] [ageoutseconds] [recurring] Router(config)# trackobject-numberip sla operation-number {state | reachability} or Router(config)# trackobject-numberrtroperation-number {state | reachability} Step 2 Define one or more tracking objects • Tracks the state of an IOS IP SLAs operation such as is the device reachable

  41. track Command Example R1(config)# track 1 ip sla 1 reachability R1(config-track)# ? Tracking instance configuration commands: default Set a command to its defaults delay Tracking delay exit Exit from tracking configuration mode no Negate a command or set its defaults R1(config-track)#

  42. Configure Tracking Delay • Specify a period of time to delay communicating state changes of a tracked object. • The delay can help alleviate the affect of flapping objects. Router(config-track)# delay {up seconds[down seconds] | [up seconds] down seconds}

  43. Router(config)# ip sla monitor operation-number Router(config-rtr)# icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}| source-interface interface-name] Router(config-rtr)# frequency seconds Router(config-rtr)# timeout millisecond Router(config)# ip sla scheduleoperation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [monthday | daymonth] | pending | now | afterhh:mm:ss}] [ageoutseconds] [recurring] Router(config)# trackobject-numberrtroperation-number {state | reachability} Router(config-track)# delay {upseconds [downseconds]|[upseconds] downseconds} • Delay - Specifies a period of time to delay communicating state changes of a tracked object. • The delay can help alleviate the affect of flapping objects.

  44. Router(config)# ip sla monitor operation-number Router(config-rtr)# icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}| source-interface interface-name] Router(config-rtr)# frequency seconds Router(config-rtr)# timeout millisecond Router(config)# ip sla scheduleoperation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [monthday | daymonth] | pending | now | afterhh:mm:ss}] [ageoutseconds] [recurring] Router(config)# trackobject-numberrtroperation-number {state | reachability} Router(config-track)# delay {upseconds [downseconds]|[upseconds] downseconds} Router(config)# ip route prefix mask {ip-address | interface-typeinterface-number [ip-address]} [dhcp] [distance] [name next-hop-name] [permanent | track number] [tag tag] Step 3 Define the action on tracking object • The static route is used to track the object. • Examples coming soon!

  45. Verifying IP SLAs • These commands will be explained during the examples.

  46. show ip sla configuration Example R1# show ip sla configuration 1 IP SLAs, Infrastructure Engine-II. Entry number: 1 Owner: Tag: Type of operation to perform: icmp-echo Target address/Source address: 209.165.201.30/0.0.0.0 Type Of Service parameter: 0x0 Request size (ARR data portion): 28 Operation timeout (milliseconds): 5000 Verify data: No Vrf Name: Schedule: Operation frequency (seconds): 10 (not considered if randomly scheduled) Next Scheduled Start Time: Start Time already passed Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): Forever <output omitted> Note: • Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE and Cisco IOS XE Release 2.4, the show ip sla monitor configuration command is replaced by the show ip sla configuration command.

  47. show ip sla statistics Example R1# show ip sla statistics IPSLAs Latest Operation Statistics IPSLA operation id: 1 Latest operation start time: *21:22:29.707 UTC Fri Apr 2 2010 Latest operation return code: OK Number of successes: 5 Number of failures: 0 Operation time to live: Forever <output omitted> Note: • Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE and Cisco IOS XE Release 2.4, the show ip sla monitor statisitcs command is replaced by the show ip sla statistics command.

  48. Tracking Reachability to Two ISPs Example ISP 1 10.1.3.3 Customer A Primary Path R2 10.1.1.0 .1 Internet ISP 2 R1 172.16.1.0 172.16.3.3 .1 Backup Path R3 • In this scenario, Customer A is multihoming to two ISPs using R1 which is configured with two default floating static routes. • The static route to R2 (ISP-1) has been given an administrative distance of 2 making it preferred and therefore the primary default route. • The static route to R3 (ISP-2) has been given an administrative distance of 3 making it the backup default route.

  49. Tracking Reachability to Two ISPs Example ISP 1 10.1.3.3 Customer A Primary Path R2 10.1.1.0 .1 Internet ISP 2 R1 172.16.1.0 172.16.3.3 .1 Backup Path R3 • What would happen if a link within the ISP 1 provider infrastructure were to fail? • The link from R1 to R2 would still remain up and the R1 would continue to use that link because the default static route would still be valid. • The solution to this issue is the Cisco IOS IP SLAs feature. • Configuring IP SLAs to continuously check the reachability of a specific destination (such as the ISP’s DNS server, or any other specific destination) and conditionally announce the default route only if the connectivity is verified.

  50. ISP 1 • The first step in this configuration defines the probe. • Probe 11 is defined by the ipsla 11 command. • The test defined with the icmp-echo 10.1.3.1 command specifies that the ICMP echoes are sent to destination 10.1.3.3 (DNS Server) to check connectivity. • The frequency 10 command schedules the connectivity test to repeat every 10 seconds. • The ipsla schedule 11 life forever start-time now command defines the start and end time of the connectivity test for probe 11; the start time is now and it will continue forever. 10.1.3.3 Customer A Primary Path R2 10.1.1.0 .1 Internet ISP 2 R1 172.16.1.0 172.16.3.3 .1 Backup Path R3 R1(config)# ipsla 11 R1(config-ip-sla)# icmp-echo 10.1.3.3 R1(config-ip-sla-echo)# frequency 10 R1(config-ip-sla-echo)# exit R1(config)# ipsla schedule 11 life forever start-time now R1(config)# track 1 ipsla 11 reachability R1(config-track)# delay down 10 up 1 R1(config-track)# exit R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.1 2 track 1 R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3 Probe

More Related