It’s important that you understand and are able to interpret to results of the show ip bgp command output. It displays the contents of the local BGP topology database- including the attributes assigned to each network. It is perhaps the most important BGP verification and troubleshooting tool!
Because BGP uses many attributes and sources routes in a number of ways, the output of the show ip bgp command can be a bit overwhelming if you don’t know what you are looking for.
R1# show ip bgp BGP table version is 21, local router ID is 10.0.22.24 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.1.0.0 0.0.0.0 0 32768 ? * 10.2.0.0 10.0.22.25 10 0 25 ? *> 0.0.0.0 0 32768 ? * 10.0.0.0 10.0.22.25 10 0 25 ? *> 0.0.0.0 0 32768 ? *>
192.168.0.0/16 10.0.22.25 10 0 25 ? Attributes
Here’s a breakdown of some important fields you should consider remembering:
* – An asterisk in the first column means that the route has a valid next hop.
s (suppressed) – BGP is not advertising the network, usually because it is part of a summarized route.
> – Indicates the best route for a particular destination. These will end up in the routing table.
i (internal) – If the third column has an i in it, it means the network was learned from an iBGP neighbor. If it is blank, it means the network was learned from an external source.
0.0.0.0 – The fifth column shows the next hop address for each route. A 0.0.0.0 indicates the local router originated the route (examples include a network command entered locally or a network an IGP redistributed into BGP on the router)
Metric (MED value) – The column titled Metric represents the configured MED values. Recall that 0 is the default and if another value exists, lower is preferred.
i/?- The last column displays information on how BGP originally learned the route. In the example above, ? is used for each route meaning they were all redistributed routes into BGP from an IGP. The other option is a question mark, which indicates that network commands were used to configure the route.
VPN tunnels and IPSec are two topics covered on the exam, but not in great detail. You’ll need to know enough to verify a sample configuration and answer straightforward questions on both technologies. Let’s start with IPSec.
IPSec Basics
IPSec allows the establishment of a secure connection between two hosts. The IPSec protocol sets up a unidirectional SA (security association between the two endpoints). Because the
association is unidirectional, an SA is created on both ends, resulting in two SAs per IPSec tunnel.
IPSec tunnels are often used as a backup to a WAN link failure. If a point-to-point WAN circuit drops, an IPSec tunnel can be configured to automatically be established over the internet to the remote site. When the primary WAN circuit comes back up, the IPSec tunnel is disconnected.
Floating Static Routes
Configuring an IPSec tunnel to activate when a primary link drops is commonly implemented as a floating static route. The idea is to configure the IPSec VPN as a static route, but with an administrative distance higher than that of the WAN routing protocol’s.
If the primary route is active, the backup link is not placed into the routing table because it has a higher administrative distance. If the primary route goes down, the static route becomes active.
To configure a floating static route, make sure you define a higher administrative distance value at the end of the statement:
R1(conf)# ip route prefix mask address|interface distance_value VPN Tunnels
One major problem with standard IPSec sessions is that they do not support broadcast or multicast traffic. If you want to use an IPSec VPN in an “always on” fashion, then the tunnel needs to allow routing information to pass through. Of course dynamic routing protocols use broadcast or multicast to send hellos and updates, which creates a problem.
To get around this issue, a “tunnel within a tunnel” approach can be used. A generic tunnel can be configured within the IPSec tunnel to allow routing protocol information (along with all the other traffic). There are generally four ways to do this paired with IPSec:
DMVPN and GET VPN
Both allow the creation of secure, “on-demand”, multipoint tunnels.
Virtual Tunnel Interface (VTI)
A secure, “always-on” tunnel that supports multicast traffic. This allows routing protocols to operate within it.
Generic Routing Encapsulation (GRE)
GRE tunnels may be the most common of the bunch – they are also the default tunnel mode on Cisco routers. GRE tunnels support many layer 3 protocols but perhaps most importantly allow
multicast traffic accross the tunnel – permitting dynamic routing protocol traffic. Be aware that GRE tunnels add an additional 20 byte IP header as well as a 4 byte GRE tunnel header.
Branch Office Connectivity
The CCNP ROUTE exam covers several unusual topics related to managing and configuring the connectivity between an HQ site and a branch office. You need to be familiar with some of the underlying technologies used. Cisco ISR routers are often a good choice for branch sites as they support a wide variety of incoming services. In smaller offices, a single ISR may be used for a both remote connectivity and inter-VLAN routing. In that case, know that an Ethernet Switch Module would be required for the ISR router.
DSL
DSL, or Digital Subscriber Line, can be used as a backup WAN connection to a branch office.
DSL uses frequencies not used by TDM phone systems on a phone line – allowing the extra bandwidth to be used for data connectivity. Asymmetrical DSL has higher downstream bandwidth than upstream, while with symmetric DSL they are both the same rate.
There are two primary methods for pushing L2 data across a DSL line:
PPPoE
Point-to-Point Protocol over Ethernet is the most common method and encapsulates PPP traffic into Ethernet frames.
PPoA
Point-to-Point Protocol over ATM is less common and routes PPP traffic over an ATM network between the customer and the DSL service provider. Both options can be configured on a Cisco router to terminate the DSL connectivity. PPPoE is especially helpful because it frees the local office’s computers from running PPPoE
Cable
Broadband cable providers also provide internet connectivity which can be used for WAN backup or provide internet connectivity for telecommuters. The internet signal is carried on the same line that the television is carried, but a cable modem allows the data traffic to be separated.
The international standard for sending data over a cable system is Data Over Cable Service Interface Specification (or DOCSIS). Many different versions of the standard are used
throughout the world. Cable system connections are typically not terminated directly into a Cisco router. Instead, a cable modem demodulates the incoming signal and converts the traffic to Ethernet frames, which a router can process.
IPv6 is an important topic – and not just for the exam. The growth of web-based services and diminishing IPv4 addressing will continue to push organizations towards IPv6, especially on web-facing networks.