Routing Protocol Deployment
This section first describes why certain protocols are suitable for specific modules in the Enterprise Architecture. After that is a discussion of the following advanced routing features: redistribution, filtering, and summarization.
Routing Protocols in the Enterprise Architecture
Recall from Chapter 3, “Structuring and Modularizing the Network,” that the modules in the Cisco Enterprise Architecture correspond to places in the network. The choice of routing protocols depends on the network design goals. Therefore, the routing protocol decision should be made only after the network goals and topology are determined. Running multiple routing protocols might be necessary in large enterprise networks, for example, when a network upgrade is performed; the old routing protocol usually coexists with the new one during the transition period.
As discussed in previous sections of this chapter, routing protocols differ in many ways. For example, how routing information is exchanged, convergence times, metrics used for optimal route determination, required amount of processing power and memory, and availability of a routing protocol on various platforms can determine whether a routing protocol is more or less suitable for a network or parts of a network. The following sections explain why certain protocols are suitable for specific modules in the Enterprise Architecture, and the advantages and disadvantages of individual protocols.
Routing in the Campus Core
The Campus Core provides high-speed data transmission between Building Distribution devices. The Campus Core is critical for connectivity and, therefore, incorporates a high level of redundancy using redundant links and load sharing between equal-cost paths. In the event of a link failure, it must immediately converge, adapting quickly to change to provide a seamless transport service.
The decision of whether to use EIGRP or OSPF should be based on the underlying physical topology, IP addressing, equipment used, and possible issues related to the routing protocol in a particular situation. Figure 7-14 illustrates routing protocols in the Enterprise Architecture, including those recommended for the Campus Core.
The following are considerations for routing protocol use in the Campus Core:
-
OSPF imposes a strict hierarchical design. OSPF areas should map to the IP addressing plan, which cannot always be achieved.
-
EIGRP restricts vendor selection because it is a Cisco-proprietary protocol. One way to overcome this restriction is to use EIGRP in the Campus Core and other routing protocols in the non-Cisco parts of the network, and redistribute between the protocols.
The following are reasons that other routing protocols are not considered for the Campus Core:
-
Even if routing only IP, IS-IS requires detailed knowledge of the OSI protocol suite for proper configuration, and that knowledge is not widely available.
-
RIP is not recommended as a Campus Core routing protocol because of its periodic transmission of the entire routing table, which results in relatively slow convergence, and because the RIP metric is based on hop count.
-
Using static routing in the Campus Core is not an option because static routing requires administrative intervention for changes and on link failures.
Routing in the Building Distribution Layer
The Building Distribution layer is the intermediate point between the Campus Core and the Building Access layers. In addition to other issues (such as physical media and IP addressing), the choice of routing protocol depends on the routing protocols used in the Campus Core and Building Access.
For example, if EIGRP is the Campus Core routing protocol and RIPv1 is the Building Access layer routing protocol (to support legacy equipment), both routing protocols are used in the Building Distribution devices, with redistribution and filtering.
Routing in the Building Access Layer
The Building Access layer provides local users with access to network resources. The underlying physical topology, IP addressing, and the available processing power and memory in the Building Access layer equipment influence the routing protocol choice. The recommended routing protocols for the Building Access layer are OSPF and EIGRP. Using static routing in the access layer is also a possibility.
Routing in the Enterprise Edge Modules
In the Enterprise Edge modules, the underlying physical topology, IP addressing, and the deployed equipment also drive the choice of routing protocol.
Note | Routing protocols running in the enterprise edge module are referred to as edge routing protocols. |
EIGRP gives an administrator more influence on routing and is suitable for NBMA environments in which there is a split-horizon issue because EIGRP split-horizon can be turned off. When equipment from multiple vendors is part of the overall design, the use of EIGRP is restricted to only where Cisco devices exist.
The limitations of using OSPF as an Enterprise Edge routing protocol are related to its high memory and processing power requirements, which might preclude its use on older routers, and its strict hierarchical design. The high memory and processing power requirements can be reduced using summarization and careful area planning.
OSPF also requires significant configuration expertise. OSPF is appropriate in environments such as LAN, NBMA, and dialup.
The Remote Access and VPN module provides connectivity to corporate networks for remote users via dialup connections and dedicated IPsec VPNs across the Internet. In a dialup environment, static routing is typically used.
Depending on whether multiple exit points exist and on redundancy requirements, either static routes or BGP are used for Internet connectivity. Static routes are used when only one exit point exists; they use less overhead than BGP routing. BGP is used when there are multiple exit points and when multihoming is desired.
Route Redistribution
This section introduces route redistribution and discusses administrative distance and the process used to select the best route. The specifics of route redistribution deployment are described.
Using Route Redistribution
The following are possible reasons why you might need multiple routing protocols running at the same time within your network:
-
You are migrating from an older IGP to a new IGP. Multiple redistribution boundaries might exist until the new protocol has displaced the old protocol completely. Running multiple routing protocols during a migration is effectively the same as a network that has multiple routing protocols running as part of its design.
-
You want to use another protocol but have to keep the old routing protocol because of the host system’s needs. For example, UNIX host-based routers might run only RIP.
-
Some departments might not want to upgrade their routers to support a new routing protocol.
-
If you have a mixed-vendor environment, you can use the Cisco-proprietary EIGRP routing protocol in the Cisco portion of the network and then use a common standards-based routing protocol, such as OSPF, to communicate with non-Cisco devices.
In some cases, the same protocol may be used in multiple different domains or autonomous systems within a network. Multiple instances of the protocol are treated no differently than if they were distinct protocols; redistribution is required to exchange routes between them. Accordingly, redistribution of routes is required when one or both of the following occur:
-
Multiple routing protocols are used in the network—for example, RIPv2, EIGRP, and OSPF.
-
Multiple routing domains are used in the network—for example, two EIGRP routing processes.
Redistribution occurs on the boundaries between routing protocols and between domains. As shown in Figure 7-15, redistribution occurs on a router with interfaces that participate in multiple routing protocols or routing domains.
Administrative Distance
Most routing protocols have metric structures and algorithms that are incompatible with other protocols. It is critical that a network using multiple routing protocols be able to seamlessly exchange route information and be able to select the best path across multiple protocols. Cisco routers use a value called administrative distance to select the best path when they learn of two or more routes to the same destination from different routing protocols.
Administrative distance rates a routing protocol’s believability. Cisco has assigned a default administrative distance value to each routing protocol supported on its routers. Each routing protocol is prioritized in order, from most to least believable.
Table 7-4 lists the default administrative distance of the protocols supported by Cisco routers.
Route Source | Default Distance |
---|---|
Connected interface | 0 |
Static route out an interface | 0 |
Static route to a next-hop address | 1 |
EIGRP summary route | 5 |
External BGP | 20 |
Internal EIGRP | 90 |
IGRP[1] | 100 |
110 | |
Integrated IS-IS | 115 |
RIPv1, RIPv2 | 120 |
EGP | 140 |
On-demand routing | 160 |
External EIGRP | 170 |
Internal BGP | 200 |
Unknown | 255 |
Selecting the Best Route
Cisco routers use the following two parameters to select the best path when they learn two or more routes to the same destination from different routing protocols:
-
Administrative distance: As described in the previous section, the administrative distance is used to rate a routing protocol’s believability. This criterion is the first thing a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination.
-
Routing metric: The routing metric is a value representing the path between the local router and the destination network, according to the routing protocol being used. This metric is used to determine the routing protocol’s “best” path to the destination.
Route Redistribution Direction
Redistribution is often applied between the Campus Core and Enterprise Edge protocols. As shown in Figure 7-16, redistribution is possible in two ways:
-
One-way route redistribution: Routing information is redistributed from one routing protocol or domain to another, but not vice versa. Static or default routes are required in the opposite direction to provide connectivity.
-
Two-way route redistribution: Routing information is redistributed from one routing protocol or domain to another, and vice versa. Static or default routes are not required because all routing information is passed between two entities.
Specific routes can be filtered, and the administrative distance of redistributed routes can be changed in either of these cases to reduce the possibility of routing loops and ensure that traffic is routed optimally.
Route Redistribution Planning
When deciding where and how to use route redistribution, determine the following:
-
The routing protocols and domains that will be used in the network
-
The routing protocol and domain boundaries (the boundary routers)
-
The direction of route redistribution (one-way or two-way)
If route redistribution is not carefully designed, suboptimal routing and routing loops can be introduced into the network when routes are redistributed in a network with redundant paths between dissimilar routing protocols or domains. Route filtering (as described in the “Route Filtering” section of this chapter) helps solve this problem.
Route Redistribution in the Enterprise Architecture
Redistribution is needed in the Building Distribution layer when different routing protocols or domains exist in the Building Access layer and Campus Core. Redistribution might also be needed between the Campus Core and the Enterprise Edge, including to and from WAN module routers, from static or BGP routes in the Internet Connectivity module, and from static routes in the Remote Access and VPN module. Figure 7-17 shows a sample enterprise network with redistribution points throughout.
In this example, some remote sites require connectivity to the Server Farm; therefore, one-way redistribution is performed to inject routes from these remote sites into the Campus Core. Some remote sites require connectivity to the entire network; this is provided by two-way redistribution (otherwise, static routes would have to be configured in the Campus Core). The Building Distribution layer propagates only a default route down to the Building Access layer, whereas the Building Access layer advertises its own subnets to the Building Distribution layer.
Redistribution might also be necessary in the Remote Access and VPN and Internet Connectivity modules. For a Remote Access and VPN module with static routing, static routes are injected into the Campus Core routing protocol. In the opposite direction, default routes provide connectivity for remote users.
In an Internet Connectivity module with only one exit point, that exit point is the default route for traffic destined for the Internet and is propagated through the core routing protocol. If multiple exit points toward multiple ISPs exist, BGP provides Internet connectivity, and redistribution can be used.
Route Filtering
As mentioned, route filtering might be required when redistributing routes. Route filtering prevents the advertisement or acceptance of certain routes through the routing domain. Filtering can be configured as follows:
-
On a routing domain boundary where redistribution occurs
-
Within the routing domain to isolate some parts of the network from other parts
-
To limit routing traffic from untrusted external domains
Filtering is used with route redistribution, primarily to prevent suboptimal routing and routing loops that might occur when routes are redistributed at multiple redistribution points. Route filtering is also used to prevent routes about certain networks, such as a private IP address space, from being sent to or received from remote sites.
Redistributing and Filtering with BGP
An enterprise border router running BGP typically announces only the major network (the prefix assigned to the enterprise network) to the external domains, excluding any details about subnets. This is done using the BGP network router configuration command, which allows BGP to advertise a network that is already part of its IP routing table.
Alternatively, internal networks could be summarized into one major subnet that covers the assigned public address space and redistributed into BGP. However, redistributing from an IGP into BGP is not recommended, because any change in the IGP routes—for example, if a link goes down—can cause a BGP update, which might result in unstable BGP tables.
If IGP routes are redistributed into BGP, make sure that only local routes—those that originate within the AS—are redistributed. For example, routes learned from other autonomous systems (that were learned by redistributing BGP into the IGP) must not be sent out from the IGP again, because routing loops could result, or the AS could inadvertently become a transit AS. Private IP addresses must not be redistributed, so they should also be filtered. Configuring this filtering can be complex.
In the other direction, either a default route or a default route plus a few other specific routes is passed into an enterprise AS. These can then be redistributed into the IGP running in the AS.
Redistributing all BGP routes into an IGP is not advised, because non-BGP participating routers do not require full Internet routing tables, and IGP protocols are unable to process large numbers of advertised routes. Unnecessary routes should be filtered.
Route Summarization
Chapter 6 explains route summarization (which is also called route aggregation or supernetting). In route summarization, a single summary address in the routing table represents a set of routes. Summarization reduces the routing update traffic, the number of routes in the routing table, and the overall router overhead in the router receiving the routes.
The Benefits of Route Summarization
A large flat network is not scalable because routing traffic consumes considerable network resources. When a network change occurs, it is propagated throughout the network, which requires processing time for route recomputation and bandwidth to propagate routing updates.
A network hierarchy can reduce both routing traffic and unnecessary route recomputation. To accomplish this, the network must be divided into areas that enable route summarization. With summarization in place, a route flap (a route that goes down and up continuously) that occurs in one network area does not influence routing in other areas. Instabilities are isolated and convergence is improved, thereby reducing the amount of routing traffic, the size of the routing tables, and the required memory and processing power for routing. Summarization is configured manually, or occurs automatically at the major network boundary in some routing protocols.
Recommended Practice: Summarize at the Distribution Layer
It is a recommended practice to configure summarization in a large network from the distribution layers toward the core, as illustrated in Figure 7-18. The distribution layer should summarize all networks on all interfaces toward the Campus Core. WAN connectivity and remote access points should be summarized toward the core. For example, remote subnets could be summarized into major networks, and only those major networks would be advertised to the core.
Implementing summarization at the distribution layer optimizes the convergence process. For example, if a link to an access layer device goes down, return traffic to that device is dropped at the distribution layer until the routing protocol converges. Summarizing also limits the number of peers that an EIGRP router must query or the number of LSAs that an OSPF router must process, which also reduces the convergence time.
Core routers that receive two routes for a network install the more-specific route in the routing table. Therefore, summary routes for primary links must use a longer subnet mask.
Recommended Practice: Passive Interfaces for IGP at the Access Layer
Another recommended practice is to limit unnecessary peering across the access layer. In Figure 7-19, the distribution multilayer switches are directly connected to each other and are also interconnected with three access layer switches, each having four VLANs. By default, the distribution layer devices send routing updates and attempt to peer with the remote distribution layer devices across the links from the access switches on every VLAN. Having the distribution switches form neighbor relationships over these 12 access layer connections provides no benefit and wastes resources (including CPU processing time and memory). Therefore, the interfaces on the distribution layer devices toward the access layer devices are configured as passive interfaces under the routing protocol configuration. This suppresses the advertisement of routing updates for that routing protocol on those interfaces.
Summary
In this chapter, you learned about selecting routing protocols for enterprise networks. The following topics were explored:
-
Static versus dynamic routing
-
Interior versus exterior gateway routing protocols
-
Distance vector versus link-state versus hybrid routing protocols
-
Routing protocol metrics
-
Routing protocol convergence
-
Flat versus hierarchical protocols
-
EIGRP, a Cisco-proprietary routing protocol that includes a topology table for maintaining all routes received from its neighbors. The best of these routes are put in the routing table.
-
OSPF, an open-standard protocol that was developed to overcome the limitations of RIP
-
Integrated IS-IS, a routing protocol designed for the OSI protocol suite and adapted for IP
-
BGP, an exterior routing protocol primarily used for inter-AS routing
-
Route redistribution use in a network running multiple routing protocols
-
Route filtering to prevent the advertisement of certain routes through the routing domain
-
Route summarization to represent a series of routes by a single summary address
References
For additional information, refer to these resources:
-
Cisco Systems, Inc., Designing Large-Scale IP Internetworks, http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2003.htm.
-
Cisco Systems, Inc., Designing a Campus Network for High Availability, http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/cdccont_0900aecd801a8a2d.pdf.
-
Teare, Diane and Catherine Paquet. Authorized Self-Study Guide: Building Scalable Cisco Internetworks (BSCI), Third Edition. Cisco Press, 2006.
-
Comer, Douglas E. and D. L. Stevens. Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture, Fifth Edition. Englewood Cliffs, New Jersey: Prentice-Hall, 2005.
Case Study: ACMC Hospital Routing Protocol Design
This case study is a continuation of the ACMC Hospital case study introduced in Chapter 2.
In this case study you determine the routing protocol design for the ACMC hospital network. Complete the following steps:
No comments:
Post a Comment