Compare point OSPF

Open standard of IETF，supported by most

standard vendors.

popularity Most popular IGP in the world

algorithm SPF algorithm fast convergence, loop free.

topology Can build a hierarchy and scaleable network.

Supportive of new technology Support OSPF-TE

1 ripv1
classful
does not send subnet mask information in it’s
update
does not support authentication
 EIGRP
Cisco owned private routing protocol，not been
supported by any other vendors；is not as mature
as OSPF.
Only a few networks designed by EIGRP，and is
getting less and less popular.
DUAL algorithm could be in SIA status, query
could spread out the whole network.
Can not build a hierarchy network with this
protocol.
Does not support TE.

rip v2
classless

ripv2 will send the subnet mask in update

Ripv2 will support authentication
Sr.N
o. Technology Remark Date
1 Routing
OSPF
BGP
EIGRP
MPLS
Re-distribution

2 Switching
STP
PVST
MSTP
HSRP
VRRP
GLBP
VLAN Configuration
VTP
Inter-vlan routing
Ehter-channel
Switching Security
HA among MSFC,SUP engines

3 Firewall
ACL
IP Inspection
Policy based inspection
IPS
Firewall failover
NAT, Static NAT
Routing
Preventing N/W attacks (refer asa
configuration guide)

4 VPN
IPSEC router to router vpn
GRE VPN
SSL VPN
WEB VPN
GET VPN

5 Load balancer
RAD
CSS
47XX series

6 Wan Optimizaion
Bluecoat

7 Riverbed Stealhead WAN Accelerator

Sr.
No. Problem

1 Adjacencies not coming up

2 OSPF neighbor stuck in ? State

A OSPF stuck in INIT (one way hello)

B OSPF stuck in 2-WAY

C OSPF stuck in EXSTART/EXCHANGE

D OSPF stuck in LOADING

Information is in the database but not

3
in the routing table

4 SPF is running constantly

5 CPU hogs

6 LSA group pacing

7 Seq # mismatch
 7 Seq # mismatch

8 Neighbor flapping

9 Could not allocate router id

10 OSPF unknown routing protocol

Flags --- ABC

A : Initial B: More C: Master
Flag 0x7--> 111 means I(Initial) = 0, M = 1(More), MS = 1(Master)
Flag 0x6 --> 110 not possible
Flag 0x5 --> 101 not possible
Flag 0x4 --> 100 not possible
Flag 0x3 --> 011 means master has more data to send
Flag 0x2 --> 010 means slave has more data to send
Flag 0x1 --> 001 means master has no more data left to send
Flag 0x0 --> 000 means slave has no more data left to send

OSPF Features
OSPF is a well developed routing protocol. It is suitable for most
of networks, especially enterprise network.
It has features such as:

1)OSPF is a real loop-free routing protocol ：It benefits from the

algorithm itself (Link state and shortest path first algorithm).

2)Fast convergence：Transmitting routing changing information through

whole AS and recalculating routes in very short time.

3)Support equal cost load balancing.

4)OSPF divides the autonomous system into different areas according

to the topology. Thus when the area border router (ABR) transmits
routing information to other areas, it generates the brief LSA with
the unit of segment. It will decrease the LSA number in the
autonomous system and complexity of route calculation. So the route
information will not increase very rapidly with network expanding.

5)Overload is as small as possible：

Hello packet is very short and doesn’t contain routes information.

Packets containing routes information will be sent only in the case
of routes changed.

In broadcast network, OSPF adopt multicast address to send packet,

it reduces interference to other equipments which don’t
run OSPF.

In the various multi-address access networks, if there are two or

more routers, the network should elect a DR (designated router). It
greatly reduce bandwidth overhead in the same network segment by
decreasing times of route changing from O(N*N) to O(N).

Routes out of AS will not be import into stub area.

ABR support routes aggregation, it reduces routing information
transmission between areas.

In point-to-point interface types, OSPF will not send hello packet

on time until network typology has really changed.

6)OSPF adopts restrict four classes of routes to provide more reliable

routes choice.

7)OSPF support two types of packet authentication modes. One is the

common clear text authentication mode; the other is the cipher text
authentication mode with MD5 algorithm.

8)OSPF is suitable for any size network ，and in can support thousands
routers at most.

9)OSPF can expand to support Traffic engineering because of link-state

awareness.

1. Difference between RIPv1 and RIPv2?

2. How many number of routes carried by RIP packet?
3. Is OSPF link state or distance vector or path vector protocol?
4. What is the difference between OSPF and IS-IS and which one is preferred?

5. Can we use BGP instead of any IGP?

6. How many network types available in OSPF?
7. Different type of Link State Advertisements aka LSA?
8. LSA 3 and LSA 4 are generated by which router?
9. When to use Stub and Not So Stubby Area?

10. How to get the external routes without making area Not So Stubby?

11. What is the different type of route summarization available in OSPF?

12. What is the requirement of doing summarization?

13. A major network is advertised as summary in one area and few of the routes from that
network is configured in another area. What will happen in that case?
14. If any of the OSPF area is not stabilized, does it impact another area?
15. What is the use of forwarding address in LSA 5 and LSA 7?
16. External routes are available in OSPF database but not installing in routing table?
17. If loopback is not configured, what will be the router-id selected by OSPF process?
 18. Can we run multiple OSPF process in single router and what is the advantage of using it?

19. What are timers of OSPF?

20. Multicast address of used by OSPF.

21. OSPF works on which layer?

22. What is backbone area in OSPF?

23. Can we use OSPF without backbone area?
24. Is it required that OSPF router-id must reachable in IGP cloud?

25. After configuring new router-id, automatically it will be used or do we need to use some type
of command to get it operational.
26. Why the secondary ip address of interface is not advertising in IGP cloud?
27. OSPF neighbourship is not coming up. Please tell the various steps to troubleshoot it.
28. One side MTU is 1500 and another side MTU is 1600. Does it affect neighbourship?

29. Provide process of DR and BDR election.

30. If DR is down and no BDR is configured what will happen?
31. What is the difference between a neighbor and adjacent neighbor?
32. My OSPF neighbourship is showing 2-way, what does it mean?
33. Define different type of OSPF neighbor states?
34. OSPF external routes are not redistributing?
35 . When they select master/ slave router what is use Master/Slave
Command to look for

show ip ospf neighbor

show ip ospf interface
debug ip ospf adjacency

show ip ospf neighbor

debug ip ospf adjacency

Router B that is receiving hello packet does not find itself listed in the neighbor
list of the hello pkt sent by Router A. This could be due to problems in sending
hellos from this router B.

show ip ospf database <x>

‘x’ can be router, network, summary,summary-asbr, external, nssa

sh ip ospf stat, Seq #, LS Age

Debug ip ospf monitor
show ip ospf database database-sum

debug ip ospf adjacency

debug ip ospf adjacency

debug ip ospf adjacency

ospf log-adjacency-change
show ip ospf neighbors det
show interface
Refer comparision sub-sheet
25
link state

IBGP can be used instead of IGP, if AS is to be used as transit AS

B2B , Nmba, P2p , P2Mp
11 (LSA's 1-5,7 used)
ABR
To reduce RT size, use stub area.

By having ASBR in regular area where the external LSA's will be received as
LSA Type 5

By ABR, Type 3 & 4 LSA; By ASBR Type 5 LSA can be summarized

Localizing LSA's to regular area and send summaries of LSA into backbone to
reduce RT size & restricting LSU, LSR query range.

Distribut list filters routes while popoulating RT

Highest active ip address on router in ospf process
sUPPOSE 2 company want merge is network, Say your Core router is C1 and
you already have OSPF 100 running on it and the neigbhourhip is formed
between multiple location routers L1, L2, L3 etc...

After the merger... you get a link connected from C1 to the new company...
and you start running a new OSPF process say OSPF 200 and add only the
new link inside this process... When you do that the routes that you get in
OSPF 100 is your existing company routes and the routes in OSPF 200 will
the routes from the new company... So now you have two different routing
tables...

hello & dead interval timer

224.0.0.5 Hello pkt & 224.0.0.6 used by DROTHER to notify DR,BDR upon
TCN
Layer 3

Area that interconnects all areas like regular,stub,totally stub,NSSA

No. Backbone area is needed.

clear ip ospf process

Hello pkts are sent from primary interface
Refer pt.1 Adjacencies not coming up
Yes. Adjacencies will stuck in Exstart/Excahnge state

Higest OSPF priority. If same OSPF priority then RID is used for tiebreaker
New DR and BDR election process will resume.

Adjacency between DROTHERS

7 Adjacency states
ACL filters should be checked
Higher sequence number by generate master for reliable for TCP windowing
Reasons/Symptoms

Layer 2 is down
OSPF not enabled on the interface
Interface is defines as passive
Mismatched subnet mask
Mismatched hello/dead interval
Mismatched Authentication key
Mismatched area ID
Mismatched Transit/Stub area

1. One side is blocking the hello packet with ACL,distribute lists.

2. One side is translating (NAT) ospf hello
3. One side multicast capabilities is broken, no ping to 224.0.0.5.
4. Must be a Layer 2 problem (unidirectional link)
5. Dialer map or frame-relay map is missing ‘broadcast’

1.This is normal on broadcast network types.This is to reduce the amount of flooding on

the wire as DROTHERS establish only2-way state among themselves.
2.Problems can happen if Layer 2 is broken.
3. Ospf priority Configure 0 both p2p b'coz of that neighbor ship is not coming up

1.Neighbor router is from diff vendor, adjust the mtu on the other vendor router.
2. Mismatch MTU.
3. Neighbor RID is same as ours.
4. Unicast is broken
a. wrong VC/DLCi mapping in frame/ATM environment in highly
redundant network
b. mtu problem, can’t ping across with more than certain length packet
c. access-list blocking unicast. After 2-way OSPF send unicast packet
except p2p links
d. NAT is translating unicast packet
5. Between PRI and BRI/dialer and network type is p2p
1. LS request is being made and neighbor is sending bad packet or mem
corrupt.
2. LS request is being made and neighbor is ignoring the request
3. MTU mismatch problem.
Distribute-list in is configured
OSPF is enabled on secondary but not on primary
Backbone area became discontigous

Check for LSA's having low LSAge, frequently changing seq nos.

Too many inter area or external routes --- same should be summarized
1.All LSA refresh every 30 min (bad!)
2.Timers of each LSA get sync (worse!)
3.With group pacing only LSAs that reach max-age get refreshed periodically
4.interval is configurable
1. LSA should one of 5 LSAs
2. If LSA is type 5 and the neighbor is associated with a stub area
3. If one of the options change
4. If the state of MS bit is inconsistent with master slave connection
5. If the I-bit is set
6. If the master receives a DBD packet after a dead interval
7. If the requested LSA is not found,then something has gone wrong with the database
exchange
If the media is Frame Relay look for broadcast queue drops
Must be a Layer 2 problem

If no interface up/up with valid ip address

if no ip addresses assigned
OSPF is not supported on low end platform
For 1000 and 1600 routers download plus version
800 routes are not supported to run ospf

Disadvantages of OSPF
1)complexity of configuration：because of the complexity of
network attribute and dividing areas when running OSPF,
the network administrators need to possess solid knowledge
of data communication and computer networks in order to
make OSPF working well, with OSPF getting more and more
popular, this is not considered a big problem.

2)can not support unequal load balance：OSPF creates the metric

of a link based on the bandwidth of the link by default,
OSPF only picks path with the smallest metric towards the same
destination (OSPF supports equal metric load balance). OSPF
does not support unequal load balance. This is not like EIGRP,
which supports unequal path load balance by configuration.

Difference between OSPF Neighbor & Adjancency.

Neighbors are routers who are in the same area who
exchange hello packets, but not LSA information.
Such as, between two DROther routers. Adjacent
routers are routers who have fully exchanged their
LSA information and are stable.
 LSA Type Name

1 Router
show ip ospf interface 2 Network
3 Summary
4 ASBR-Summary
5 External
debug ip ospf adj

show ip ospf request-list <neighbor RID> <interface>

show ip ospf (database database-sum); show ip ospf

Link ID (Router that
originated the
LSA/the link
connecting to the
other end) Link Count
2:- Serial link; 1:-
Originating Router ID other/ethernet links
DR IP address
Network No.
ASBR RID
External Network No.
Sr.No. Problem Command to look for

eigrp log-neighbor-changes
1 Neighbor stability debug eigrp packet hello

A Physical link up/down

B Hold timer expiration

C Retry limit exceeded

D Manual changes (sort of)

2 Stuck-in-active routes
show process cpu
3 High CPU
Show ip eigrp events

EIGRP has features as below:

1)Accurately routing load calculating and heterogeneous

network protocols supporting. EIGRP inherits advantages
of IGRP. EIGRP calculates routes according to information
such as network bandwidth, total delay, path reliability,
path loading, so the routes table is more accurate.
EIGRP also support IPX，CLNP。

2)Low usage of network resource. During normal operation,

usage of network resource is very low; only hello packets
are transmitted on a stable network. When a change occurs,
only routing table changes are propagated, not entire
routing table; this reduces the load the routing protocol
itself places on the network. EIGRP also can control the
packets transmission and reduce the usage of interface
bandwidth, so it can avoid influence to normal services
data packets.

3)Loop-free and fast convergence. EIGRP uses DUAL , only

routing table changes are propagated; and to one route ,
only relative routers will recalculates。

4)The cipher text authentication mode with MD5 algorithm

is supported.

5)Variable Length Subnet Mask routes aggregation. EIGRP

support Variable Length Subnet Mask routes aggregation by
configuration, is reduces transmission of routing information
and save bandwidth.

6)Support load-balance over equal cost or unequal cost .

EIGRP can send traffic in proportion over several unequal
cost paths, this promotes the utility rate of network resource;
but is also increase workload of routers, so this way is
not commended even by Cisco.

7)Configuration is simple. There’s no complicated area setting

and it need not adopt different configuration to different
network interface. It only needs to start EIGRP process on
routers, and uses network command to configure interface.

Disadvantages of EIGRP
1)there is no area in EIGRP，so it is not good at dealing
with big hierarchy network. When running OSPF on a big
network, we can make the network hierarchy by dividing
the network into some areas. Obviously, EIGRP is not a
good choice for a big network. This is also a restriction
of distance-vector routing protocol (like RIP, RIPII).
If EIGRP be a routing protocol for a big network, we can
separate the network into different EIGRP domain, then
import routing table to each other, but it is not a optimal
network design, and very few network has been designed
like this.

2)does not support DoD：EIGRP maintains the adjacency

relationship by sending HELLO message to each other
periodically, even though running on dial up link.
However, the HELLO message may bring the dial link up,
this is not what we want on a dial up link, and especially
the dial up link is a backup link. When we run EIGRP on a
dial up link, in order to prevent this from happening,
we usual put a Dialer list and Dialer group on the interface
so as not to let the HELLO message bring the dial link up.
By doing this way, we sacrifice the router resource. OSPF
takes advantage at this point by supporting DoD, Dial on Demand.

3)The fast convergence and loop free characteristics are based

on the EIGRP DUAL algorithm. Basically, the DUAL algorithm is
working by sending query to its neighbor about the active routes
(uncertainty routes), then convergence upon receiving the reply.
If the routes are uncertainty routes for its neighbors too,
the neighbors send out query to their neighbors, the process
will be going on and on until get the reply or after a certain
time, the routes will be considered not available and get purged
from the routing table. Thus in some cases, the active routes will
be put into “stack in active” status for quit a long time, this
affect the fast convergence seriously. OSPF does not have this
problem. Although EIGRP is also fast convergence routing protocol,
when working on some special topology, EIGRP is fairly slow. for
instance, in a long and narrow network, if something has changed,
it would take EIGRP a long time to send the message from one side
to the other side.

4)In a broadcast network, EIGRP sets up a full mesh adjacency

relationship with each other, the routers exchange information
with other. This would waste a lot of bandwidth. OSPF does not work
like this. OSPF elects DR and BDR instead. The DR other routers
only need to set up adjacency with DR, and exchange link state
advertisement with DR in the network. That will save a lot of bandwidth.

5)EIGRP is a protocol come up with by Cisco, it is a private protocol,

not a open standard, Cisco is the only company who has the right to
use it and make change of it, Cisco has the right to make any change
of the protocol as they want without having to inform any customers
and other vendors, this would be a big security concern for customers.
Besides, If customers choose to run EIGRP on their network, they are
no way to choose other vendors products when they upgrade their network
afterwards. This is unfair both for customers and other vendors.
On the contrary, OSPF is a open standard routing protocol, come up with
by IETF. Most the mainstream vendors in this industry support it,
so the compatibility among different vendors is guaranteed. Under the
support of many vendors, the protocol will be getting better and better.
Reasons/Symptoms
Unidirectional links
Mismatched masks
Mismatch of primary/secondary addresses
Could be layer 2 issue. EIGRP takes down the
neighbors through this interface.

Multicast Hellos are missed, Typically caused by

congestion or physical errors

Reliable packet was not acknowledged

Actual timeout is 16 retransmits or hold time,
whichever is longer.
Check if MTU changed,Summary changed or
Route filter changed
Bad or congested links Decrease query scope by:
Query range is too long 1. Summarization (manual or auto)
Excessive redundancy 2. Distribute-lists particularly on dual-homed remotes
Router memory shortage 3. Stub routers (future)
Software defects (very seldom) 4. Removing Excessive Redundancy
Find what activity is taking CPU and resolve it
Route(s) flapping?
Routing loop?
1. BGP is IGP or EGP?
2. BGP is link state or distance vector protocol?
3. BGP uses which port?
4. When to use BGP?
5. Can I use BGP instead of any IGP?
6. Can I run two BGP process on single router?
7. What is Autonomous System?
8. Types of BGP routing table?

9. What is the BGP path selection criteria?

10. Define various BGP path attributes.
11. Why weight doesn’t fall under path attribute category?
12. What is confederation?

13. What is route reflector and why it is required?

14. What is no-synchronization rule?

15. Default BGP timers.
16. When does BGP use 0.0.0.0 router id?
17. Does route reflector come in actual path during traffic forwarding?
18. What is Site of origin aka SOO?
19. What is the cost of external and internal BGP routes?
20. Can we use local preference outside the autonomous system?
21. Does it require that BGP router-id should reachable in cloud?
22. What is recursive lookup in BGP and how it works?

23. What is the meaning of update source loopback?

24. If a static route is advertised in BGP without using update source what will be the
next hop address in update?
25. Define various types of communities and why they are used?
26. If BGP neighbor state is showing idle what does it mean?
27. In Multihoming scenario if primary link gets fail, after how long traffic will be shifted to
secondary link.

28. I am having two routes for remote destination but only single route is installing in
routing table, what’s the reason for this?
29. How many links can be assigned for load balancing or sharing?

30. In eBGP I am establishing my neighbourship with loopback address but it’s not
coming up. Please specify different reasons for not coming up.

31. Can we redistribute BGP in IGP? Please explain your answers.

32. What is cluster id?

33. I am receiving updates from eBGP peer, will the next hop change or not?

34. I am receiving updates from iBGP peer, will the next hop change or not?
35. A router is receiving same route from two different eBGP peers. The AS path
information contains in peer 1 is {65500, 65550, 65555} and in peer 2 is {65501, 65501}.
But I want to make peer 1 preferred.
36. What is the difference between next-hop-self and update source loopback?
37. Define loop prevention mechanism in BGP.
38. What will happen if route reflector is not getting proper updates?

39. What will happen if route reflectors does not synchronize?

40. What is the advantage of using BGP AS Prepend?

41. Can we use BGP as backdoor link for customers instead of OSPF? If yes, please let us know what could the issues BGP create?
42. What is BGP PIC?

43. Use BGP as Link Protection in case of Dual PoP?

44. How to achieve Inter-AS Communication-MP-eBGP?

47. BGP Graceful Restart, NSR and NSF
50. BGP Redistribution Vs MPLS, which one you will select?

51. Best practices to define BGP Communities as per RFC 1998.

52. What is BGP RFC 3107 or What is BGP Label Update in IPv4?
EGP
path vector protocol
TCP 179
Between inter or intra AS for advertising n/w prefixes.
IBGP can be used instead of IGP, if AS is to be used as transit AS
Yes, but it will be memory intensive.
Group of routers under single techanical admin.
Adj-rib-in, Adj-rib-out, local-rib
Highest Weight, Highest local preference, routes originating from the same router i.e. next
hop is 0.0.0.0, Shortest AS path,Origin codes, lowest metric, EBGP over IBGP paths, oldest
EBGP path, closest IGP neighbor, lowest router id, lowest neighbor ip.
Well-known mandatory, well-known transitive, optinal-transitive, optional non-transitive.
B'coz it's cisco properietary Protocol attributes local to router only.
Break Ibgp network into small sub-AS Bgp network.
A router running IBGP should be full meshed to other IBGP routers in an AS as an IBGP
neighbor doesn't advertise IBGP routes learnt by it from IBGP peer to another router if it is
not having IBGP peer relationship with it. Here RR can configure other IBGP speakers as
RR client and advertise routes recieved by it from it's clients and peering routers to it's client
and peers.
Do not advertise routes received from EBGP to other EBGP peers if the same are not
available in IGP.
Hello 60 sec & Holdtime 180 sec
when neighbor relationship in active state
Yes

EBGP path - 20; IBGP path -200

No, it is well-known transitive attribute.
Yes
Recursive lookup in bgp with the help Igp route trace the destination prefix
BGP routers form BGP neighbors based on command neighbor <neighbor ip address>
remote-as <AS path no>. Here the peering routers expect updates to be coming from
neighbor ip address otherwise the peering is not established.

To be checked by scenarios.
No export, no advertise, local as , internet
That router is not having routing path to the configured neighbor ip address

Instantenously. Need to manually check

BGP by default will install a single path to remote destination in routing table though it has
multiple paths to remote destination with the same attributes.Can be configured to use both
paths with command maximum-paths 2.
upto 6 six link
The routing path to loopback address needs to be checked then check if neighbor
<neighbor ip loopback address> ebgp-multihop <ebgp value> is configured.Check if update
source command is configured on both routers.
Yes however based on the type of BGP routes received i.e. default, partial or full the routing
table of IGP running internal routers will increase.
Route Reflector and conferdation
By default, next hop ip address for received routes will be that of peer from whom routes are
received.
By default, next hop ip address for received routes will be that of peer from whom routes are
received.

Configure highest weight, highest local preferrence for routes coming from peer 1.
By default, next hop ip address for received routes will be that of peer from whom routes are
received. With Next-hop-self router will instead send his own ip address as next hop when it
is advertising the route in IBGP or EBGP.update source loopback is used to force router to
send updates to its peering router with it's loopback ip address as source address.
Different path attributes are used while selecting path as valid path.

Cisco commands which can be used for checking the vpnv4 route is cited below
Show ip bgp vpnv4 all summary
Show ip bgp vpnv4 rd x:y neighbor routes
Show ip bgp vpnv4 rd x:y neighbor advertise routes
On both RRs you can check the installed routes.

Workaround:-
This is nothing but the cisco bug. In this case you need to check IOS. A part from this you
can clear the full bgp neighbourship or reload the router. After that it receives the full routes.
So if you see your traffic behaving abnormally then check your route reflectors updates first.
The reason for writing this post because I faced the same problem and it is not a test lab
scenario.

Introduction
Route reflectors are used for breaking full mesh iBGP rule. In this post I am evaluating how
to synchronize both the route reflectors especially in case of MPLSVPN network. In my
previous post I have described the problems can come if proper route updates are missing.
Most of the service providers are using peer-group in BGP. If you are using peer-group then
might face the cisco ios bug which is CSCsj09838. According to the bug
BGP sending incomplete updates when using update-groups
BGP fails to send complete update to peers who are part of an update group with more than
one member. Soft clear of peer in question will fix the issue.
I have seen the problem which is coming in 12.4.11T4 as well as with 12.4 15T1.

Introduction
Route reflectors are used for breaking full mesh iBGP rule. In this post I am evaluating how
to synchronize both the route reflectors especially in case of MPLSVPN network. In my
previous post I have described the problems can come if proper route updates are missing.
Most of the service providers are using peer-group in BGP. If you are using peer-group then
might face the cisco ios bug which is CSCsj09838. According to the bug
BGP sending incomplete updates when using update-groups
BGP fails to send complete update to peers who are part of an update group with more than
one member. Soft clear of peer in question will fix the issue.
I have seen the problem which is coming in 12.4.11T4 as well as with 12.4 15T1.

Introduction
Route reflectors are used for breaking full mesh iBGP rule. In this post I am evaluating how
to synchronize both the route reflectors especially in case of MPLSVPN network. In my
previous post I have described the problems can come if proper route updates are missing.
Most of the service providers are using peer-group in BGP. If you are using peer-group then
might face the cisco ios bug which is CSCsj09838. According to the bug
BGP sending incomplete updates when using update-groups
BGP fails to send complete update to peers who are part of an update group with more than
one member. Soft clear of peer in question will fix the issue.
I have seen the problem which is coming in 12.4.11T4 as well as with 12.4 15T1.
Introduction
Route reflectors are used for breaking full mesh iBGP rule. In this post I am evaluating how
to synchronize both the route reflectors especially in case of MPLSVPN network. In my
previous post I have described the problems can come if proper route updates are missing.
Most of the service providers are using peer-group in BGP. If you are using peer-group then
might face the cisco ios bug which is CSCsj09838. According to the bug
BGP sending incomplete updates when using update-groups
BGP fails to send complete update to peers who are part of an update group with more than
one member. Soft clear of peer in question will fix the issue.
I have seen the problem which is coming in 12.4.11T4 as well as with 12.4 15T1.

Introduction
Route reflectors are used for breaking full mesh iBGP rule. In this post I am evaluating how
to synchronize both the route reflectors especially in case of MPLSVPN network. In my
previous post I have described the problems can come if proper route updates are missing.
Most of the service providers are using peer-group in BGP. If you are using peer-group then
might face the cisco ios bug which is CSCsj09838. According to the bug
BGP sending incomplete updates when using update-groups
BGP fails to send complete update to peers who are part of an update group with more than
one member. Soft clear of peer in question will fix the issue.
I have seen the problem which is coming in 12.4.11T4 as well as with 12.4 15T1.

As we have already seen that(OSPF High Availability with SSO,NSF and NSR) there are
two different mechanism to prevent routing protocol re-convergence during a processor
switch-over. One is Graceful Restart(Non Stop Forwarding) and another is Non Stop
Routing(NSR). Graceful Restart and Non Stop Routing allows for the forwarding of data
packets to continue along known routes. By using Graceful Restart routing protocol
information is being restored while using Non Stop Routing, routing protocol information is
being refreshed.

BGP Graceful Restart for NSF

• BGP Graceful Restart is described in RFC 4724
• BGP has been enhanced with NSF-capability and awareness
• Routers running these protocols can detect a switchover and take the necessary actions to
continue forwarding network traffic and to recover route information from the peer devices
• NSF Aware
– A router is NSF-aware if it is running NSF-compatible software.
• NSF Capable
– A router is NSF-capable if it has been configured to support NSF; therefore, it would
rebuild routing information from NSF-aware or NSF-capable neighbors.
• BGP support for NSF requires that neighbor routers are NSF-aware or NSF-capable
• A router that is NSF-aware functions like a router that is NSF-capable with one exception:
an NSF-aware router is incapable of performing an SSO operation
• A router that is NSF-aware is capable of maintaining a peering relationship with a NSF-
capable neighbor during a NSF SSO operation, as well as holding routes for this neighbor
during the SSO operation
• NSF awareness for BGP is not enabled by default as BGP uses TCP connection. It can be
enabled by using bgp graceful-restart under BGP process.
The BGP community attribute is a very powerful tool for assisting and scaling BGP at any
level.

Most of the ISPs make extensive use of BGP communities while defining internal policies,
Inter-provider relationships and Customer traffic engineering. There is no such standard
defined for these communities but still RFC 1998 has community values which defined to
have particular meaning:-

• ASx:100 :- This community says set local preference to 100 and make this path as
preferred path.
• ASx:90:- This community says set local preference to 90 and make this path as backup if
dual homed to ASx.
• ASx:80:- This community says set local preference to 80. This link is to another ISP with
same AS path length.
• ASx:70:- This community says set local preference to 70. This link is to another ISP.
These communities are defined by the upstream ISP. All the customers which are homing
to ISP, they can attach these communities while advertising the routes.

For Example:-
If upstream ISP is AS 200; To declare a particular path as a backup path, their customer
would announce the prefix with community 100:70 to AS200. ISP with AS200 would receive
the prefix with the community 100:70 tag, and then set local preference to 70.

Customer Configuration Template

router bgp 65000
neighbor x.x.x.x remote-as 200
neighbor x.x.x.x description Backup ISP
neighbor x.x.x.x route-map as200-out out
neighbor x.x.x.x send-community
!
ip as-path access-list 20 permit ^$
!
route-map as100-out permit 10
match as-path 20
set community 100:70
!
Sample ISP Router Configuration

router bgp 200

neighbor y.y.y.y remote-as 65000
neighbor y.y.y.y route-map customer-policy-in in
BGP Label Update allows you to set up a Virtual Private Network (VPN) network so that the
autonomous system boundary routers (ASBRs) exchange IPv4 routes with Multiprotocol
Label Switching (MPLS) labels of the provider edge (PE) routers. In this scenario, Route
reflectors (RRs) exchange VPNv4 routes and ASBR get relaxed to store those routes.

This results in improved scalability and simplifies the configuration. By using this feature,
you can use non MPLS network as transit network, this helps you to transport all the IPv4
routes with labels over non MPLS network.

When you issue the neighbor send-label command under BGP configuration, the routers
advertise to each other that they can then send MPLS labels with the routes. If the routers
successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all
outgoing BGP updates. This eliminates the need for using any label distribution protocol
between the LSRs.(IS LDP Required For VPNv4 Labels)

In the above scenario, route reflector can reflect the IPv4 routes and MPLS labels learned
from the ASBR to the PE routers in the VPN. This is accomplished by enabling the ASBR to
exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also
reflects the VPNv4 routes to the PE routers in the VPN. ASBRs exchange IPv4 routes and
MPLS labels for the PE routers by using EBGP.

MPLS labels are included in the update messages. Routers exchange the following types of
BGP messages:
1. Open Messages
2. Update Messages
3. Keepalive Messages
4. Notification Messages

Out of four, Update Messages contains the Network Layer Reachability Information (NLRI),
which has IP addresses of the usable routes. The update message also includes path
attributes and the lengths of both the usable and unusable paths. Labels for VPNv4 routes
are encoded in the update message as specified in RFC 2858. The labels for the IPv4
routes are encoded in the update message as specified in RFC 3107.
1. Difference between hub, bridge and switch?
2. What is mac address and why it is required?
3. In layer 2 domain do we need ip address for communication?
4. What is arp and why it is required?

5. What is Spanning Tree Protocol aka STP?

6. What is the difference between STP, MSTP, PVST and RSTP?

7. Can we use the two same paths for same vlan?

8. What is the difference between broadcast and collision domain?

9. Define type of lan traffic.

10. What is destination address of broadcast frame?
11. Can we connect a switch to switch with straight cable?

12. Define functions of switch.

13. What is arp timeout?
14. What is aging process?

15. What is BPDU?

16. What is path cost?

17. Define selection criteria of STP root bridge.

18. How do non bridge s/w decide which port will elect as root port?
19. If a nonroot bridge has two redundant ports with the same root path cost, how does the
bridge choose which port will be the root port?
20. Port states of spanning tree protocol.
21. If the users face delay during initial login, what you will suggest to implement?

22. Why spanning tree BPDU filter is used?

23. Can I use BPDU filter on trunk ports?

24. What is port security?

25. I want to learn only a single mac from the port, what need to be configured?

26. Can we use spanning port-fast on trunk ports?

27. If management ip address is changed, will user’s traffic will be dropped?

28. Difference between trunk and access port?

29. What is UDLD and why it is required?

30. What is interface vlan on switch?

Hub operates at L1;Bridge and switch at L2; Bridge does not use STP,
Switch uses STP to automatically move redundant ports to blocking mode
and have only one path active.
To send L2 frames on lan segment
No
Resolving IP address to MAC address
Switch uses STP to automatically move redundant ports to blocking mode
and have only one path active.
STP - Common root bridge for all vlans, 5 states of
Blocking,listening,learning,forwarding & disabled. PVST - Cisco
proprietary, individual root bridge for each vlan. RSTP - 3 states of
Disable,learning & forwarding.
In context of load balancing traffic with gateways, MHSRP can be used to
load balance traffic on single vlan.

unicast traffic when dest mac add is in CAM table; unicast mac address
flooding when dest mac add is not in CAM table.
All f's
No, a cross-over cable is needed.
Each port of switch have individual collision domain i.e. can operate in full
duplex mode; multi-port router if L3 switch.

BPDU's are exchanged between switches running STP first to elect root
switch and then using root switch as reference to select forwarding and
blocked ports in redudant n/w topology
How far a switch is away from root switch is calculated by path cost which
is based on link Bandwidth.
All Switches initially will sent BID and RID with their mac address. When a
switch rx superior BPDU with lower RID then the switch will further sent
BPDU with received RID. This process repeats throughout the switched
n/w topology where all switches have identical RID, then that s/w is elected
as root bridge.
Non-root bridge decides on the lowest path cost to the root bridge or lowest
BID or lowest port ID whle electing root port

Based on the port ID

Blocking,listening,learning,forwarding and disabled.

spanning-tree portfast bpduguard default and spanning-tree portfast

bpdufilter default globally enabled commands;spanning-tree portfast
bpduguard and spanning-tree bpdufilter enable enabled locally on the
interface.
No, trunk links will not be formed.
Restricting access to a port based on mac-address and actions to be taken
on violation like shutdown, notification to NMS etc.
switchport port-security mac-address <mac-address of PC>
Ideally spanning port-fast should be used on host or servers connections to
switch port. Enabling spanning-tree portfast will move the port to
forwarding state without STP checking if there are any spanning tree loops,
it may create spanning tree loops.
No
Trunk link is used to interconnect switches so that traffic from multiple
vlans can be sent over to other switches, access port is used to connect to
end host stations or servers only.
To identify one way flow of traffic in network since it may create spanning
tree loops.
Management ip address asigned to L2 switch and on L2 switch it is used
for inter-vlan routing.
 Advantages of MPLS

1. What is the difference between VPN and MPLS?

2. What is MPLS and why it is being so popular in short time?

3. What is the protocol used by MPLS?

4. MPLS works on which layer?

5. What is the difference between P and PE router?

6. Can I make my PE router as P?

7. Two routers are having 4 equal cost links, how many ldp sessions will be established?
8. My LDP router id, OSPF router id and BGP router id is different, will it work to forward the traffic of
customers or not?

9. What is Penultimate Hop Popping and why it is required? Which router performs the PHP function?

10. I am receiving aggregate label, what does it mean?

11. What are the different types of labels?

12. How to make customer route unique?
13. What is the difference between RD and RT?
14. Can I assign a same RD to two different customers?

15. Is RD travels in route update?

16. My customer is having three branches and all are attached to three different PEs, In this case can
I use the different vrf names?
17. What is downstream on demand?

18. How to filter MPLS labels?

19. What is the default range of MPLS labels in Cisco routers? How to extend that range?

20. Without route reflector can I implement MPLS?

21. What is the difference between VPNv4 and IPv4 address family?

22. What is MP-iBGP? Can we use normal BGP in lieu of MP-iBGP?

23. What is LIB, LFIB?
24. What is CEF and without enabling CEF, can we make MPLS work?
25. I am receiving end to end customer routes on various PE but not able to ping those routes, what’s
could be the problem?
26. What is explicit null and implicit null?

27. Default timers of LDP?

28. Does LDP require OSPF, IS-IS or BGP?

29. In neighbor discovery command, I am receiving only xmit, what does it mean?
30. What is transport address?
31. What is the RFC of MPLS?
32. Why MPLS is called multi protocol?
33. What is the difference between MPLS, SSL and IPSec?
34. I am using different vendor products and want to implement TDP, what type of challenges will you
face?
35. Does MPLS support IPv6?
36. Can I use the existing IPv4 MPLS backbone for IPv6?
37. Define various troubleshooting commands in MPLS?
38. What is forward equivalence class aka FEC?
39. What is adjacency table?
40. Difference between MPLS IP and MPLS Label Protocol LDP command?
41. If MPLS get disable, will it harm my IGP or IPv4 traffic?

42. What is MPLS-TP?

43. What is downstream and upstream router in MPLS?

44.Difference Between T-MPLS and MPLS-TP

45. How Does LDP Initializes?
46. What is Cell Mode MPLS Over ATM?
47. Difference Between VC Based Multiplexing And Logical Link Control Encapsulation in ATM?
48. Basics of ATM?
49. ATM is packet or circuit switching?
50. Is LDP Required for VPNv4 Labels?
51. What will happen if you see your PE loopback in vpnv4 table?
52. What is Bidirectional Forwarding Detection?
53. Different types of PseudoWire?

54. Modes of EoMPLS (Ethernet over MPLS)

55. What is L2VPN Over Metro Ethernet?
56. What is E-VPN(Ethernet VPN)?
57. what is FEC in traditional IP routing and MPLS?
58. How does CEF understand overlapping of ip addresses ?
59. What is the difference between Optimum, Fast and CEF Switching?
60. Advantages of MPLS.
61. Define CEF FIB table entries.
62. MPLS traffic engineering

63. Mpls & Routing

64. How MPLS Traffic Engineering Works

VRF-Lite
1. No propagation of routes in the core of service provider.
2. In legacy GRE customer is responsible for the management but in case of MPLS SP is responsible.
3. Customers can use the same ip address which is not possible in case of GRE.
4. MPLS saves cost as compared to ATM or frame relay network.
5. MPLS increase the response time.
6. Customers can have the QOS according to their requirements.
7. Fast reroute features by using traffic engineering.
8. MVPN support which saves lot of bandwidth.
VPN is generally Virtual Private Network which could be configured by using GRE tunnels. In that if you want a full mesh than
administrator need to setup n*n-1 tunnels. But in case of MPLS VPN, by default CPE works in full mesh form because of route
target.
MPLS is multi protocol label switching mechanism which uses the label to forward the traffic to the next hop address. It is
popular because it must be used for CPN (Converge Packet Network).

MPLS uses TDP or LDP.

It works between layer 2 and layer 3.
P router doesn’t have Customer network routes where in PE router is having customer network routes. Another reason is P
router doesn’t require MP-iBGP but for PE it is must.

To make your PE router as P, you need to remove the BGP configurations and after that it will not participate with customer
network.

One session
LDP router id and BGP router-id should be same if SP is using labels only for loopbacks. If labels are generated for each and
every route then no problem at all.

Second last router performs the Penultimate Hop Popping function to remove the top most label.
See Aggregate Labels for this answer (IP Routing Lookup)

By adding route distinguisher

RD is not an extended community where as RT is an extended community.

RD is unique and local to router.

No

Yes
Downstream router is the one which is responsible to advertise the label first to upstream router in case of downstream on
demand method is selected.
By using acl

16 – 100000 is default range

Yes, need to develop full mesh BGP

we always accept and forward ip packets to customers, for this we need to use ipv4 address-family. When the customers
packets are being received by PE they become labeled one and to forward labeled packets to different PE/RR; address-family
vpnv4 is required. In short we can say that ipv4 address-family is being used for customers and vpnv4 address-family is used
by SP core.
No, MP-iBGP is used because of the support of multi protocol which normal BGP doesn’t support
Label information Base & Label Forwarding Information based
CEF is mandatory in Cisco routers for MPLS.

LDP is not configured in the path

Both implicit and explicit null labels are generated by last hop router to its neighbors.
By default, Cisco routers advertise implicit NULL with LDP
1) Implicit Nullhe last hop of the MPLS network performs QoS actions based on the IP packet (the top label of the stack has
already been removed). 2)
Explicit Null which means penultimate hop router does not pop the label. It sends with label value of 0 but with other fileds
including EXP bits intact. This way QoS treatment is preserved between penultimate router and last hop router. Explicit null
should be configured manually in last hop router. Cmd is mpls ldp explicit-null

hello 5 sec Holdtime 15 sec

IGP is required for IP Reachability

At another end MPLS IP is not configured.

Route id is transport address

3031
Because it supports almost each and every protocol.

B'coz TDP is cisco properietary protocol

Yes it supports
Yes we can use

Mac table information and port kept in adjacency table

mpls ip start mpls process but mpls ldp cmd start ldp protocol for ldp
No, IGP will work as it is but MPLS customer traffic forwarding will stop

I have been hearing about MPLS-TP since long but now the time has come to implement MPLS-TP to the access network. The
question arises why only in the access network not in the core? The reason for this is that most of the service providers has
already built up the MPLS core and not it's time to move towards the access network with MPLS capabilities. But what does
fascinate service providers to adopt MPLS-TP? Legacy SDH network is used to built as transport network. Being costly
solution, all the service providers are looking an alternate solution; must be same as of SDH but have the capacity of Ethernet.
MPLS-TP (Transport Profile) is set of protocols which doesn't use any control plane and is defined under IETF. But G-MPLS
could be used for the dynamic allocation of labels. MPLS-TP doesn't offer Penultimate Hop Popping and ECMP.
But what does fascinate service providers to adopt MPLS-TP? Legacy SDH network is used to built as transport network. Being
costly solution, all the service providers are looking an alternate solution; must be same as of SDH but have the capacity of
Ethernet.
MPLS-TP (Transport Profile) is set of protocols which doesn't use any control plane and is defined under IETF. But G-MPLS
could be used for the dynamic allocation of labels. MPLS-TP doesn't offer Penultimate Hop Popping and ECMP.
Pseudowire emulation aka PWE3 that emulates the attributes of service over packet switched network (PSN). Pseudo means
no physical existence only virtual. By using pseudowire, service provider can emulate any circuit end to end. E.g. if customer is
looking for TDM bandwidth end to end, but SP is having a packet core network but no TDM backhaul, in that case pseudowire
help SP to deliver end to end circuit which uses packet core network and provide TDM drop to customers. This is the case
where in both termination points are having same output but in case of different output like one side Ethernet and another side
frame-relay or atm, the best is to provision inter network circuit.
Types of Pseudowire
1. CESoPSN:- Circuit Emulation over Packer Switched Network supports framed and channelized TDM services over packet
switched network.
2. SAToP:- Structure Agnostic TDM over Packet, is a TDM Pseudowire technology which treats the TDM traffic as data traffic
and ignore the framing bits. It supports unframed TDM services.

Advantages of SAToP:-
1. Flexible packet size.
2. Lowest end to end delay.
3. Low overhead.

Advantages of CESoPSN:-
1. Lower packetization delay

MPLS traffic engineering backbone travels on a single LSP that connects the ingress point to the egress point.

A label represents a forwarding equivalence class, but it does not represent a particular path through the network. In general,
the path through the network continues to be chosen by the existing Layer 3 routing algorithms such as OSPF, Enhanced
IGRP, and BGP. That is, at each hop when a label is looked up, the next hop chosen is determined by the dynamic routing
algorithm.
LSP uses is determined by the LSP resource requirements and network resources, such as bandwidth.

Available resources are flooded by means of extensions to a link-state-based Interior Gateway Protocol (IGP).

Traffic engineering tunnels are calculated at the LSP head based on a fit between required and available resources (constraint-
based routing). The IGP automatically routes the traffic onto these LSPs. Typically, a packet crossing the MPLS traffic
engineering backbone travels on a single LSP that connects the ingress point to the egress point.

MPLS traffic engineering is built on the following Cisco IOS mechanisms:

•IP tunnel interfaces—From a Layer 2 standpoint, an MPLS tunnel interface represents the head of an LSP. It is configured with
a set of resource requirements, such as bandwidth and media requirements, and priority.

From a Layer 3 standpoint, an LSP tunnel interface is the head-end of a unidirectional virtual link to the tunnel destination.

•MPLS traffic engineering path calculation module—This calculation module operates at the LSP head. The module determines
a path to use for an LSP. The path calculation uses a link-state database containing flooded topology and resource information.

•RSVP with traffic engineering extensions—RSVP operates at each LSP hop and is used to signal and maintain LSPs based on
the calculated path.

•MPLS traffic engineering link management module—This module operates at each LSP hop, does link call admission on the
RSVP signalling messages, and does bookkeeping of topology and resource information to be flooded.

•Link-state IGP (Intermediate System-to-Intermediate System (IS-IS) or OSPF—each with traffic engineering extensions)—
These IGPs are used to globally flood topology and resource information from the link management module.

•Enhancements to the SPF calculation used by the link-state IGP (IS-IS or OSPF)—The IGP automatically routes traffic onto
the appropriate LSP tunnel based on tunnel destination. Static routes can also be used to direct traffic onto LSP tunnels.

•Label switching forwarding—This forwarding mechanism provides routers with a Layer 2-like ability to direct traffic across
multiple hops of the LSP established by RSVP signalling.

One approach to engineering a backbone is to define a mesh of tunnels from every ingress device to every egress device. The
MPLS traffic engineering path calculation and signalling modules determine the path taken by the LSPs for these tunnels,
subject to resource availability and the dynamic state of the network. The IGP, operating at an ingress device, determines which
traffic should go to which egress device, and steers that traffic into the tunnel from ingress to egress.

A flow from an ingress device to an egress device might be so large that it cannot fit over a single link, so it cannot be carried by
a single tunnel. In this case, multiple tunnels between a given ingress and egress can be configured, and the flow is load-
shared among them.
VRF-lite feature, the multiple VPN routing/forwarding instances in customer edge devices. (VRF-lite is also termed multi-VRF CE, or multi-VR
multi-VRF CE, or multi-VRF Customer Edge Device). VRF-lite allows a service provider to support two or more VPNs with overlapping IP addresses using o
pping IP addresses using one interface.
What is a firewall?
Describe, genrally, how to manage a firewall
What is a Denial of Service attack?
What is a “spoofed” packet?
What is a SYN Flood?
What do you do if you are a victim of a DoS?
What is GPG/PGP?
What is SSH?
What is SSL? How do you create certificates?
What would you do if you discovered a UNIX or Network device on your
network has been compromised?
What would you do if you discovered a Windows system on your network has
been comrpromised?
What is DNS Hijacking?
What is a log host?
What is IDS or IDP, and can you give me an example of one?
Why are proxy servers useful?
What is web-caching?
1. What is QOS and why it is required?
2. What is layer2 qos and layer3 qos?
3. What is tail drop?
4. Describe methods of QOS?
5. What is hardware QOS and Software QOS?
6. Difference between a policer and a shaper?
7. What is token bucket algorithm?
8. Where to define the markings?
9. Does QOS increase the load of the equipment?
10. What is TOS and IP DSCP?
11. what are the different classes available?
12. How to calculate the decimal value of classess?
13. What is the difference between priority and bandwidth command?
14. What is low latecy queueing?
15. what is class based weighted fair queuing?
16. What is first in first out queue (FIFO)?
17. What is fair queue?
18. If I give teh ip precendence five to data traffic, what will happen?
1. Why multicast is required in MPLS SP cloud?
2. Does MPLS understand multicast?
3. What is Assert message in multicast and when these are required?
4. What is the difference between dense mode, sparse mode and sparse dense mode?
5. Can we use dense mode by using sparse mode? If yes, then what is the use of sparse dense mode?
6. What is the difference between (*,G) and (S,G) entry?
7. In sparse dense mode if we don’t use RP what will be the effect?
8. In SSM( Source Specific Multicast) how to advertise RP?
9. Which type of entries created in Auto RP, BSR, MSDP and SSM mode?
10. What is the difference between ip igmp join group and ip igmp static join group?
11. SSM requires IGMPv3 but in MPLS SP cloud why we don’t use IGMPv3?
12. What is the advantage of using SSM in MPLS SP cloud?
13. How to maintain S,G entry for a long time?
14. How to select Multicast Group? Is there any type of overlapping happens, if yes then what’s its advantage and disadvantage?
15. In MPLS cloud, if we define two loopbacks in multicast for creating hierarchical cloud, what will happen?
16. I am receiving RPF failure message at PE end and don’t have access of CE router, how to solve the problem without having CE access?
17. Difference between Shortest path tree and shared path tree?
18. Difference between data and default mdt?
19. Does default mdt works without data mdt and vice versa?
20. Can MPLS SP cloud have SSM and MSDP at same time? If yes, then what’s the reason for specifying two protocols?
21. What is difference between address-family ipv4, vpnv4 and mdt?
22. If SP cloud doesn’t use address-family mdt what will happen?
23. If you ask to design a MPLS based multicast network, what will you suggest?
24. What is MDT tunnel?
25. Can we modify MDT tunnel?
26. What is the multicast source address and group address in MPLS SP cloud?