Tải bản đầy đủ - 0 (trang)
Chapter 4. Interior Gateway Protocols and Migration Strategies

Chapter 4. Interior Gateway Protocols and Migration Strategies

Tải bản đầy đủ - 0trang

designedtoeasesuchatransitionbetweenthetwovendors.



4.1.IGPOverview

Asitsnamewouldimply,theroleofanIGPistoproviderouting

connectivitywithinorinteriortoagivenroutingdomain(RD).

AnRDisdefinedasasetofroutersundercommon

administrativecontrolthatshareacommonroutingprotocol.An

enterprisenetwork,whichcanalsobeconsideredan

autonomoussystem(AS),mayconsistofmultipleRDs,which

mayresultfromthe(historic)needformultiplerouted

protocols,scalinglimitations,acquisitionsandmergers,oreven

asimplelackofcoordinationamongorganizationsmakingup

theenterprise.Routeredistribution,theactofexchanging

routinginformationamongdistinctroutingprotocols,isoften

performedtotietheseRDstogetherwhenconnectivityis

desired.

IGPfunctionstoadvertiseandlearnnetworkprefixes(routes)

fromneighboringrouterstobuildaroutetablethatultimately

containsentriesforallsourcesadvertisingreachabilityfora

givenprefix.Arouteselectionalgorithmisexecutedtoselect

thebest(i.e.,theshortest)pathbetweenthelocalrouterand

eachdestination,andthenexthopassociatedwiththatpathis

pushedintotheforwardingtabletoaffecttheforwardingof

packetsthatlongest-matchagainstthatrouteprefix.TheIGP

wantstoprovidefullconnectivityamongtheroutersmakingup

anRD.Generallyspeaking,IGPsfunctiontopromote,notlimit,

connectivity,whichiswhywedonotseeIGPsusedbetween

ASs—theylacktheadministrativecontrolsneededtolimit

connectivitybasedonroutingpolicy.Thisisalsowhyinter-AS

routingisnormallyaccomplishedusinganExteriorGateway

Protocol(EGP),whichtodaytakestheformofBorderGateway

Protocol(BGP)version4.Wediscussenterpriseapplicationof

BGPinChapter5.

Whennetworkconditionschange,perhapsduetoequipment

failureormanagementactivity,theIGPbothgeneratesand



receivesupdatesandrecalculatesanewbestroutetothe

affecteddestinations.Here,theconceptofa"best"routeis

normallytiedtoaroutemetric,whichisthecriterionusedto

determinetherelativepathofagivenroute.Generally

speaking,aroutemetricissignificantonlytotherouting

protocolit'sassociatedwith,anditismeaningfulonlywithina

givenRD.Insomecases,aroutermaylearnmultiplepathsto

anidenticaldestinationfrommorethanoneroutingprotocol.

GiventhatmetriccomparisonbetweentwodifferentIGPsis

meaningless,theselectionofthebestroutebetweenmultiple

routingsourcesiscontrolledbyaroutepreference.Theconcept

ofroutepreferenceisexploredindetaillaterinthischapterin

"Section4.3.1"andisalsoknownasadministrativedistance

(AD)onCiscoSystemsrouters.

Inadditiontoadvertisinginternalnetworkreachability,IGPsare

oftenusedtoadvertiseroutinginformationthatisexternalto

thatIGP'sRDthroughaprocessknownasrouteredistribution.

Routeredistributionisoftenusedtoexchangerouting

informationbetweenRDstoprovideintra-ASconnectivity.

Routeredistributioncanbetrickybecausemistakescaneasily

leadtolackofconnectivity(blackholes)or,worseyet,routing

loops.Toensureidenticalforwardingpaths,youmayalsoneed

tomapthemetricsusedbyeachroutingprotocoltoensurethat

theyaremeaningfultotheIGPintowhichtheyare

redistributed.Routeredistributionisperformedviarouting

policyinJUNOSsoftware.Weintroduceroutingpolicylaterin

thischapterandcoveritindetailinChapter3.OnCisco

Systemsplatforms,redistributionisoftenperformedthrough

somecombinationoftheredistributecommand,through

distributelists,orthroughroutemapsandtheirassociatedIP

accesslists.Althoughthereisalearningcurve,it'softena

delightforthosefamiliarwiththeIOSwayofperforming

redistributionwhentheyrealizethatJUNOSsoftwarerouting

policyprovidesthesamefunctionalitywithaconsistentsetof

semantics/syntax,forallprotocols,andallinoneplace!

Thereaderofthisbookisassumedtohaveanintermediate



levelunderstandingoftheIPprotocolandthegeneraloperation

andcharacteristicsofIGPsthatsupportIProuting.Thissection

providesareviewofmajorcharacteristics,benefits,and

drawbacksoftheIGPsdiscussedinthischaptertopreparethe

readerfortheconfigurationandmigrationexamplesthatfollow.



4.1.1.RoutingInformationProtocol

RIPisoneoftheoldestIProutingprotocolsstillinproduction

networkuseandisatruecaseof"ifsomethingworks,whyfix

it?"TheoriginalspecificationforRIP(version1)isdefinedin

RFC1058,originallypublishedinJune1988!RIPversion2

(RIPv2)wasoriginallydefinedinRFC1388(1993)andis

currentlyspecifiedinRFC2453(1998).

RIPisclassifiedasaDistanceVector(DV)routingprotocol

becauseitadvertisesreachabilityinformationintheformof

distance/vectorpairs—whichistosaythateachrouteis

representedasacost(distance)toreachagivenprefix(vector)

tuple.DVroutingprotocolstypicallyexchangeentireroute

tablesamongtheirsetofdirectlyconnectedpeers,onaperiodic

basis.Thisbehavior,althoughdirectandeasytounderstand,

leadstomanyofthedisadvantagesassociatedwithDVrouting

protocols.Specifically:

Increasednetworkbandwidthconsumptionstemmingfrom

theperiodicexchangeofpotentiallylargeroutetables,even

duringperiodsofnetworkstability.Thiscanbeasignificant

issuewhenroutersconnectoverlow-speedorusage-based

networkservices.

Slownetworkconvergence,andasaresult,apropensityto

produceroutingloopswhenreconvergingaroundnetwork

failures.Toalleviate(butnoteliminate)thepotentialfor

routingloops,mechanismssuchassplithorizon,poisoned

reverse,routeholddowns,andtriggeredupdatesare

generallyimplemented.Thesestabilityfeaturescomeatthe

costofprolongingconvergence.



DVprotocolsarenormallyassociatedwithcruderoute

metricsthatoftenwillnotyieldoptimalforwardingbetween

destinations.Thetypicalmetric(cost)forDVprotocolsisa

simplehopcount,whichisacrudemeasureofactualpath

cost,tosaytheleast.Forexample,mostusersrealizefar

betterperformancewhencrossingseveralrouters

interconnectedbyGigabitEthernetlinks,asopposedtohalf

asmanyroutersconnectedoverlow-speedserialinterfaces.

Ontheupside,DVprotocolsarerelativelysimpletoimplement,

understand,configure,andtroubleshoot,andtheyhavebeen

aroundforever,allowingmanynetworkengineersachanceto

becomeproficientintheirdeployment.Thememoryand

processingrequirementsforDVprotocolsaregenerallyless

thanthoseofalinkstate(LS)routingprotocol(moreonthat

later).

Tohelpillustratewhatismeantbyslowtoconverge,consider

thattheprotocol'sarchitectsultimatelydefinedahopcount

(thenumberofroutersthatneedtobecrossedtoreacha

destination)of16tobeinfinity!Giventheoriginalperformance

ofinitialimplementations,thedesignersbelievedthatnetworks

over16hopsindimensionwouldnotbeabletoconvergeina

mannerconsideredpracticalforuseinproductionnetworks;

andthosewere1980snetworks,forwhichdemanding

applicationssuchasVoiceoverIPwerebutadistantgleamin

anasyetgrade-school-attendingC-coder'seye.Settinginfinity

toaratherlowvaluewasneededbecauseinsomeconditions,

RIPcanconvergeonlybycyclingthroughaseriesofroute

exchangesbetweenneighbors,witheachsuchiteration

increasingtheroute'scostbyone,untiltheconditioniscleared

bythemetricreachinginfinityandbothendsfinallyagreethat

therouteisnotreachable.Withthedefault30-secondupdate

frequency,thisconditionisaptlynamedaslowcounttoinfinity.



4.1.1.1.Stabilityandperformancetweaks

Holddownsservetoincreasestability,attheexpenseofrapid



convergence,bypreventinginstallationofaroutewitha

reachablemetric,afterthatsameroutewasrecentlymarkedas

unreachable(cost=16)bythelocalrouter.Thisbehaviorhelps

topreventloopsbykeepingthelocalrouterfrominstalling

routeinformationforaroutethatwasoriginallyadvertisedby

thelocalrouter,andwhichisnowbeingreadvertisedbyanother

neighbor.It'sassumedthattheslowcounttoinfinitywill

completebeforetheholddownexpires,afterwhichtherouter

willbeabletoinstalltherouteusingthelowestadvertisedcost.

Splithorizonpreventstheadvertisementofroutinginformation

backovertheinterfacefromwhichitwaslearned,andpoisoned

reversealtersthisruletoallowreadvertisementbackoutthe

learninginterface,aslongasthecostisexplicitlysettoinfinity:

acaseof"Icanreachthisdestination,NOT!"Thishelpstoavoid

loopsbymakingitcleartoanyreceivingroutersthatthey

shouldnotusetheadvertisingrouterasanexthopforthe

prefixinquestion.Thisbehaviorisdesignedtoavoidtheneed

foraslowcounttoinfinitythatmightotherwiseoccurbecause

theexplicitindicationthat"IcannotreachdestinationX"isless

likelytoleadtomisunderstandingswhencomparedtothe

absenceofinformationassociatedwithsplithorizon.Toprevent

unnecessarybandwidthwastethatstemsfrombotheringto

advertiseaprefixthatyoucannotreach,mostRIP

implementationsusesplithorizon,exceptwhenarouteis

markedasunreachable,atwhichpointitisadvertisedwitha

poisonedmetricforsomenumberofupdateintervals(typically

three).

Triggeredupdatesallowaroutertogenerateevent-drivenas

wellasongoingperiodicupdates,servingtoexpeditetherateof

convergenceaschangespropagatequickly.Whencombined

withholddownsandsplithorizon,aRIPnetworkcanbesaidto

receivebadnewsfastwhilegoodnewstravelsslow.



4.1.1.2.RIPandRIPv2

AlthoughtheoriginalRIPversionstillworksandiscurrently



supportedonJuniperNetworksrouters,it'sassumedthat

readersofthisbookwillconsiderdeployingonlyRIPversion2.

Althoughthebasicoperationandconfigurationarethesame,

severalimportantbenefitsareassociatedwithRIPv2andthere

arenorealdrawbacks(consideringthatvirtuallyallmodern

routerssupportbothversionsandthatRIPv2messagescanbe

madebackward-compatiblewithv1routers,albeitwhilelosing

thebenefitsofRIPv2forthoseV1nodes).

RIPv2'ssupportofVariableLengthSubnetMasking/classless

interdomainrouting(VLSM/CIDR),combinedwithitsabilityto

authenticateroutingexchanges,hasresultedinabreathofnew

lifeforouroldfriendRIP(punintended).Table4-1providesa

summarycomparisonofthetwoRIPversions.

Table4-1.Comparingcharacteristicsandcapabilitiesof

RIPandRIPv2

Characteristic



RIP



RIPv2



Metric



Hopcount(16

max)



Hopcount(16max)



Updates/hold

30/120/180

down/routetimeout seconds



30/120/180seconds



Maxprefixesper

message



25



25(24when

authenticationisused)



Authentication



None



PlaintextorMessage

Digest5(MD5)



Broadcast/multicast Broadcasttoall

nodesusingall

1s,RIP-capable

ornot

Supportfor

VLSM/CIDR



MulticastonlytoRIPv2capableroutersusing

224.0.0.9(broadcast

modeisconfigurable)



No,onlyclassful Yes

routingis

supported(no

netmaskin



updates)

Routetagging



No



Yes(usefulfortracking

aroute'ssource;i.e.,

internalversus

external)



4.1.2.OpenShortestPathFirst

TheOSPFroutingprotocolcurrentlyenjoyswidespreadusein

bothenterpriseandserviceprovidernetworks.IfOSPFcan

meettheneedsoftheworld'slargestnetworkoperators,it's

safetosaythatitshouldbemorethansufficientforeventhe

largestenterprisenetwork.OSPFversion2isdefinedinRFC

2328,butnumerousotherRFCsdefineenhancedcapabilitiesfor

OSPF,suchassupportofnot-so-stubbyareas(NSSAs)inRFC

3101,MultiprotocolLabelSwitching(MPLS)TrafficEngineering

Extensions(MPLSTE)inRFC3630,andinRFC3623,which

definesgracefulrestartextensionsthatminimizedataplane

disruptionwhenaneighboringOSPFrouterrestarts.OSPF

supportsvirtuallyallthefeaturesanyenterprisecoulddesire,

includingVLSM,authentication,switchedcircuitsupport

(suppressedhellos),andMPLSTEextensions,amongmany

more.

OSPFisclassifiedasanLSroutingprotocol.Thisisbecause,

unlikeaDVprotocolthatexchangesitsentireroutetable

amongdirectlyconnectedneighbors,OSPFexchangesonly

informationaboutthelocalrouter'slinks,andtheseupdatesare

floodedtoallroutersinthesamearea.Floodingensuresthatall

theroutersintheareareceivethenewupdateatvirtuallythe

sametime.Theresultofthisfloodingisalink-statedatabase

(LSDB)thatisreplicatedamongallroutersthatbelongtoa

givenarea.Databaseconsistencyiscriticalforproperoperation

andtheassuranceofloop-freeforwardingtopologies.OSPF

meetsthisrequirementthroughreliablelink-state

advertisement(LSA)exchangesthatincorporate

acknowledgmentandretransmissionprocedures.Eachrouter



performsaShortestPathFirst(SPF)calculationbasedonthe

Dijkstraalgorithm,usingitselfastherootofthetreeto

computeashortest-pathgraphcontainingnodesrepresenting

eachrouterinthearea,alongwithitsassociatedlinks.The

metricallyshortestpathtoeachdestinationisthencomputed,

andthatrouteisplacedintotheroutetableforconsiderationto

becomeanactiveroutebythepathselectionalgorithm.

OSPFadvertisesandupdatesprefixinformationusingLSA

messages,whicharesentonlyupondetectionofachangein

networkreachability.LSAsarealsorefloodedperiodicallyto

preventtheirbeingagedoutbyotherrouters.Typically,this

occurssomewherebetween30and45minutes,giventhe

default3,600-secondLSAlifetime.Inaddition,ratherthan

sendinganentireroutetableordatabase,theseLSAscarryonly

theessentialsetofinformationneededtodescribetherouter's

newLS.UponsensingachangeintheirlocalLSDBs,other

routersreruntheSPFandactaccordingly.

OSPFdynamicallydiscoversandmaintainsneighborsthrough

generationofperiodichellopackets.Anadjacencyisformed

whentwoneighborsdecidetosynchronizetheirLSDBsto

becomeroutingpeers.Aroutermaychoosetoforman

adjacencywithonlyasubsetoftheneighborsthatitdiscovers

tohelpimproveefficiency,asdescribedinthesubsequent

section,"Section4.1.2.1."

ItshouldbenowonderthatOSPFhasdramaticallyimproved

convergencecharacteristicswhenoneconsidersitsevent-driven

floodingofsmallupdatestoallroutersinanarea.Thisis

especiallytruewhencontrastedtoRIP'speriodexchangeofthe

entireroutetableamongdirectlyconnectedneighbors,who

thenconveythatinformationtotheirneighborsatthenext

scheduledperiodicupdate.

ThedownsidetoallthisincreasedperformanceisthatCPUand

memoryloadareincreasedinroutersascomparedtothesame

routerrunningaDVprotocol.ThisisbecauseanLSrouterhas

tohouseboththeLSDBandtheresultingroutetable,andthe



routermustcomputetheseroutesbyexecutinganSPF

algorithmeachtimetheLSDBchanges.Consideringthatrouter

processingcapabilityandmemorytendtoincrease,whileactual

coststendtodecreaseforthesameunitofprocessingpower,

thesedrawbacksareamore-than-acceptabletrade-offforthe

benefitofongoingreducednetworkloadingandrapid

convergence.AnotherdrawbacktoLSroutingprotocolsistheir

relativecomplexitywhencomparedtoDVprotocols,whichcan

maketheiroperationdifficulttounderstand,whichinturncan

makefaultisolationmoredifficult.

OSPFwasdesignedtosupportTypeofService(ToS)-based

routing,butthiscapabilityhasnotbeendeployedcommercially.

Thismeansthatasingleroutetableismaintained,andthatfor

eachdestination,asinglepathmetriciscomputed.Thismetric

issaidtobedimensionlessinthatitservesonlytoindicatethe

relativegoodnessorbadnessofapath,withsmallernumbers

consideredtobebetter.Exactlywhatisbettercannotbe

determinedfromtheOSPFmetric,LSDB,orresultingroute

table.WhethertheOSPFmetricissettoreflectlinkspeed

(default),hopcount,delay,reliability,orsomecombination

thereofisamatterofadministrativepolicy.



4.1.2.1.Neighborsandadjacencies

Previously,itwasnotedthatOSPFdynamicallydiscovers

neighborsusingaperiodicexchangeofhellopackets.Itshould

alsobenotedthatOSPFcontainssanitychecksthatprevent

neighbordiscovery(andtherefore,adjacencyformation)when

parameterssuchasthehellotime,areatype,maximum

transmissionunit(MTU),orsubnetmaskaremismatched.The

designersoftheprotocolfeltitwasmucheasiertotroubleshoot

amissingadjacencythanthepotentialresultoftryingto

operatewithmismatchedparameters,andhavingdealtwith

morethanafewmisconfiguredOSPFnetworks,theprotocol

architectswereabsolutelyright.



4.1.2.1.1.Thedesignatedrouter



Tomaximizeefficiency,OSPFdoesnotformanadjacencywith

everyneighborthatisdetected,becausethemaintenanceofan

adjacencyrequirescomputecyclesandbecauseonmultiaccess

networkssuchasLANs,afullmeshofadjacenciesislargely

redundant.Onmultiaccessnetworks,anelectionalgorithmis

performedtofirstelectadesignatedrouter(DR),andthena

backupdesignatedrouter(BDR).TheDRfunctionstorepresent

theLANitselfandformsanadjacencywiththeBDRandall

othercompatibleneighbors(DRother)ontheLANsegment.The

DRotherroutersformtwoadjacenciesacrosstheLAN—oneto

theDRandonetotheBDR.TheneighborstateforDRother

neighborsonaDRotherrouteritselfisexpectedtoremainin

the"two-way"state.Thissimplymeansthatthevarious

DRothershavedetectedeachotherasneighbors,butan

adjacencyhasnotbeenformed.

TheDRisresponsibleforfloodingLSAsthatreflectthe

connectivityoftheLAN.Thismeansthatlossofoneneighbor

ona12-nodeLANresultsinasingleLSAthatisfloodedbythe

DR,asopposedtoeachremainingrouterfloodingitsownLSA.

Thereducedfloodingresultsinreducednetworkbandwidth

consumptionandreducedOSPFprocessingoverhead.IftheDR

fails,theBDRwilltakeoverandanewBDRiselected.

OSPFelectsaDRandBDRbasedonaprioritysetting,witha

lowervalueindicatingalesserchanceatwinningtheelection;a

settingof0preventstherouterfromeverbecomingtheDR.In

theeventofatie,therouterwiththehighestrouterID(RID)

takestheprize.TheOSPFDRElectionalgorithmis

nondeterministicandnonrevertive,whichmeansthataddinga

newrouterwithahigher,morepreferredprioritydoesnotresult

intheoverthrowoftheexistingDR.Inotherwords,router

prioritymattersonlyduringactiveDR/BDRelection.This

behaviorminimizesthepotentialfornetworkdisruption/LSA

floodingwhennewroutersareaddedtothenetwork.Thus,the

onlywaytoguaranteethatagivenrouteristheDRistoeither

disableDRcapabilityinallotherrouters(settheirpriorityto0),

orensurethatthedesiredrouterispoweredonfirstandnever



reboots.Wherepossible,themoststableandpowerfulrouter

shouldbemadetheDR/BDR,andaroutershouldideallybethe

DRforonlyonenetworksegment.



4.1.2.2.OSPFroutertypes

OSPFdescribesvariousrouterrolesthatgoverntheiroperation

andimpactthetypesofareasinwhichtheyarepermitted.To

becomeproficientwithOSPFoperationandnetworkdesign,you

musthaveaclearunderstandingofthedifferencesbetween

OSPFareatypesandbetweentheLSAspermittedwithineach

area:



Internalrouter

Anyrouterthathasallitsinterfacescontainedwithina

singleareaisaninternalrouter.Ifattachedtothebackbone

area,therouterisalsoknownasabackbonerouter.



Backbonerouter

Anyrouterwithanattachmenttoarea0(thebackbone

area)isconsideredabackbonerouter.Thisroutermayalso

beaninternalorareaborderrouterdependingonwhether

ithaslinkstoother,nonbackboneareas.



Areaborderrouter(ABR)

ArouterwithlinksintwoormoreareasisanABR.TheABR

isresponsibleforconnectingOSPFareastothebackboneby

conveyingnetworksummaryinformationbetweenthe

backboneandnonbackboneareas.



Antonymoussystemboundaryrouter(ASBR)



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 4. Interior Gateway Protocols and Migration Strategies

Tải bản đầy đủ ngay(0 tr)

×