Total 11 Blogs

Created by - Orhan Ergun

IS-IS Routing Ptrotocol

IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS. Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks. IS-IS Routing Protocol in Networking IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol. IS-IS TLV Codes - Specified in RFC 1195   You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs. 1. IPv6 Address Family support (RFC 2308) 2. Multi-Topology support (RFC 5120) 3. MPLS Traffic Engineering (RFC 3316) IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF. IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID. IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS. IS-IS doesn’t require an IP address for the neighborship. ISPs commonly choose addresses as follows: 1. First 8 bits – pick a number (49 used in these examples) 2. Next 16 bits – area ID 3. Next 48 bits – router loopback address (6 bytes, every 4 numbers is 2 bytes) 4. Final 8 bits ( 2 Numbers) is 00 on the routers Let's say NET ID is:  49.0001.1921.6800.1001.00 When we look at each part of it: 49.0001 is the IS-IS Area ID 2.192.168.1.1(Router loopback) in Area1 3.00 is the NSEL OSPF vs IS-IS Terminology Comparison IS-IS       vs                   OSPF End System (ES)                                  Host Intermediate System (IS)                   Router Circuit                                                     Link Protocol Data Unit (PDU)                  Packet Designated IS (DIS)                             Designated Router (DR) N/A (no BDIS is used)                         Backup Designated Router (BDR) Link-State PDU (LSP)                          Link-State Advertisement (LSA) Sub-domain/Level                                Area Level 1 IS-IS Domain                            Non-Backbone Area Level 2 IS-IS Domain                           Backbone Area L1L2 Router                                           Area Border Router (ABR) Any Intermediate System (IS)           Autonomous System Boundary Router (ASBR).   There is no Backup DIS concept within IS-IS, because DIS sends CSNP very often, so routers get the latest info all the time and all routers are neighbors of each other, so they send the LSPs to each other anyway, DIS is like a backup mechanism to ensure receiving LSP. SPF (Dijkstra) runs when the topology has to be calculated (SPF Tree). PRC (Partial Route Calculation) runs when IP Routing information has to be calculated. If a router (IS) receives an LSP where only IP information has changed, it will run PRC only (Less CPU compare to SPF), thus better compare to OSPF. IS-IS Scalability •Scalability can be achieved through IS-IS Multi-level design as well which we will discuss next. IS-IS has two Levels: Level 2 and Level 1 Levels are similar to the Backbone Area and Non-Backbone areas of OSPF. Level 2 IS-IS is similar to OSPF Backbone, Level 1 IS-IS is similar to OSPF Non-Backbone Area. How IS-IS Routing Protocol Works If the Area ID is the same on the 2 routers, they can set up both L1 and L2 adjacency. If Area ID is different they can only set up an L2 IS-IS adjacency. There is no backbone area in IS-IS as in the case of OSPF. There are only contiguous Level2 routers. Level 2 domains have to be contiguous. But still for the new learners, the IS-IS level 2 domain can be considered similar to the OSPF backbone area. There are three types of routers in IS-IS IS-IS Level 1 Router 1. Can only form adjacencies with Level 1 routers within the same area 2. LSDB only carries an IS-IS intra area information 3. Use the closest Level 2 router to exit the area 4. This may result in suboptimal routing IS-IS Level 2 Router 1. Can form adjacencies in multiple areas 2. Exchange information about the whole network IS-IS Level1-2 Router 1. These routers keep separate LSDB for each level, 1 for Level 1database, and 1 for level 2 databases. 2. These routers allow L1 routers to reach other L1 in the different areas via the L2 topology. Level 1 routers look at the ATT- Attached bit in L1 LSP of L1-L2 routers. And use it as a default route to reach the closest Level 1-2 router in the area. This can create suboptimal routing in IS IS network. The L1 domain is similar to OSPF Totally NSSA Area since the L1 domain doesn’t accept anything other than the default route from the Level 2 domain and redistribution is allowed into the L1 domain.

Published - Sun, 17 Apr 2022

Created by - Orhan Ergun

OSPF LSA Types Explained 11 Types of LSA in OSPF!

OSPF LSA Types is the first topic you need to understand if you are trying to understand OSPF routing protocol. There are 11 different types of LSA in OSPF and we will look at each one of them, why do we have many different LSA in OSPF, we will discuss the topologies and the examples to make it more clear for everyone. What is LSA in OSPF? We should start asking the most fundamental question first about OSPF. What is LSA?. LSA stands for Link State Advertisement and it carries, prefix information, interface cost, if advanced technologies such as Traffic Engineering are enabled, can carry link color information, used bandwidth, available bandwidth, and so on. When a router receives an LSA, it is stored in the Link State Database (LSDB) of OSPF. Once the LSDBs between the routers are synchronized, OSPF uses the SPF/Dijkstra algorithm to calculate the best path for each destination network. OSPF LSAs are information about a route that is transported inside OSPF Link State Update (LSU) packets. We can only have scalable, resilient, fast-converged OSPF design when we understand OSPF LSAs and Area types and their restrictions Figure -11 Different LSA Types is OSPF v2   OSPF LSA Type 1 - OSPF Router LSA OSPF Type 1 LSA/Router LSA packets are sent between routers within the same OSPF area and do not leave the area. An OSPF router uses Type 1 LSA to describe its own interfaces but also carries information about its neighbors to adjacent routers in the same area. OSPF Type 1 LSA is created by each and every router in a given OSPF area, as we will see in the other LSA types, some of them are only created by special types of routers. When the OSPF Prefix suppression type of feature is used, infrastructure prefixes are removed from Type 1 LSA, so OSPF scalability can be achieved. OSPF LSA Type 2 - OSPF Network LSA OSPF Type 2 LSA/Network LSA packets are generated by the OSPF Designated Router (DR) to describe all routers connected to its segment directly. Type 2 LSA is flooded between neighbors in the same OSPF area and doesn't cross the area boundary. Type 2 Network LSA is not desired if the OSPF connection is a point-to-point. Because there are only two points, no need for a DR/BDR election and also no need for extra Type 2 LSA. Type 2 LSA will be stored in OSPF LSDB and Routing table and their size will grow unnecessarily if the connection type is a point to point. We want DR/BDR election, thus Network LSA, only if the connection model is Multi-access. This means that in the segment, many OSPF routers are attached. Although it should be the subject of another post, let me just say here that, having DR/BDR election increases network convergence time. So, no Type 2/Network LSA unnecessarily!. OSPF LSA Type 3 - OSPF Summary LSA OSPF Type 3 LSA/Summary LSA packets are generated by the OSPF  Area Border Routers (ABR) to summarize its directly connected OSPF area, and advertise inter-area router information to other areas to the ABR is connected. Type 3 LSA is only seen when there is a hierarchical OSPF network design, meaning an OSPF Multi-area network design. If there is only one OSPF area in the network, we can't have Type 3 LSA. OSPF LSA Type 4 - OSPF ASBR Summary LSA OSPF Type 4 LSA/ASBR Summary LSA is used to advertise the presence of an Autonomous System Border Router - ASBR in other areas. Inside the same area that we have an ASBR, ASBR reachability is achieved with OSPF Type 1 LSA. If there is Type 5 LSA, and if there is Hierarchical OSPF Network design, meaning OSPF Multi-area network design, then we can have OSPF Type 4 LSA. Otherwise, as it is said above, ASBR reachability is achieved via Type 1 LSA in a single area OSPF network design. OSPF LSA Type 5 - OSPF ASBR External LSA OSPF Type 5 LSA/ASBR External LSA in OSPF LSA Types is generated by the ASBR to advertise external redistributed prefixes into the OSPF domain. These external routes/prefixes are redistributed into the OSPF network by the ASBR  and seen as either E1 or E2 entries in the routing tables of the routers. External LSA is domain-wide, meaning if we redistribute prefixes into OSPF, those redistributed prefixes are flooded everywhere, even if there are multiple areas in OSPF, every area receives them. Exceptions are Stub Area and its variations, such as Totally Stub Area, NSSA, and Totally NSSA Area. OSPF LSA Type 6 - OSPF Group Membership LSA OSPF Type 6 LSA was considered for the Multicast purpose, Multicast routing for OSPF but never implemented or deployed. Similar to the DVMRP protocol, it didn't last long and today for IP Multicast routing purpose, PIM - Protocol Independent Multicast is used. Although Type 6 LSA is not used, when we cover OSPF LSA Types, it was necessary to explain it too. OSPF LSA Type 7 - OSPF Not So Stubby Area (NSSA) External LSA OSPF Type 7 LSA/NSSA External LSA is seen in NSSA and Totally NSSA Areas when there is redistribution. Normally Stub Areas don't allow redistribution, but as a Not So Stubby Area (NSSA), redistribution is allowed. But, redistributed prefixes are not seen as Type 5 LSA, they are seen as Type 7 LSA. Type 7 LSA is translated to Type 5 LSA to be sent into the OSPF Area 0/Backbone Area. If there are two NSSA ABRs, they negotiate with each other and the NSSA ABR with the lower Router ID does the translation. OSPF LSA Type 8 - OSPF External Attributes LSA Normally BGP prefixes are redistributed into OSPF or any other routing protocol, and BGP attributes are lost. But, you may need to carry BGP attributes with your Autonomous System between the Routers. Let's say, for the given destination IP prefix, you have two exit points from your network, and for the outbound direction, you want to prefer one of those exit points as Primary. You can use this BGP Local Preference attribute. Two Routers exchange the prefixes with each other, and when they check the BGP Local Preference attribute, which every Router has the higher Local Preference, that router is used as an exit point by both of the routers. But BGP local preference e attributes cannot be carried in OSPF normally. Because of reachability, you need to redistribute from BGP to OSPF, and if you redistribute, attributes are lost. Type 8 LSA in OSPF LSA Types, was considered for this purpose. BGP Attributes would be carried even if we would redistribute. But yet another LSA that we don't use in computer networking. Instead of this LSA, IBGP - Internal BGP is used in the networks. Hope Type 8 LSA as one of the OSPF LSA Types is understood better now. OSPF LSA Type 9, 10, 11 - OSPF Link Scope Opaque LSA Opaque LSAs/LSA Type 9, 10, and 11 are used to extend the capabilities of OSPF. With these LSA Types, OSPF carries many other protocol capabilities. For example, RSVP Traffic Engineering and Segment Routing Traffic Engineering requires topology information, used bandwidth, available bandwidth, reserved bandwidth, link coloring information, delay or other attributes, and so on. BIER - Bit Indexed Explicit Replication, the newest and most scalable Multicast architecture information is conveyed with Opaque LSAs as well. OSPF Graceful Restart/GR and many other use cases we have with Opaque LSAs. Think of it as a helper to the basic OSPF mechanism. In addition to carrying prefixes and cost, much other information can be carried with them.  Type 9 LSA is link scope, Type 19 is Area scope and Type 11 is AS scope Opaque LSAs. What type of OSPF LSA is originated by ASBR routers to advertise external routes? Let's review what we have learned. The answer to this question is Type 5 External LSA. ASBR advertises external routes as Type 5 LSA and this LSA is flooded in every area in the OSPF domain if they are not Stub or NSSA. What information is contained within an OSPF type 4 LSA? Type 4 LSA is used for ASBR reachability as t was explained earlier in the post as well. But, it is seen only if there is a multi-area OSPF network. In a single area OSPF network design, ASBR reachability is achieved with ASBR's Type 1 LSA. OSPF LSA types are in general used for OSPF Scalability. Only with 1 LSA type, all the information could be carried. But when we have multiple areas, for hierarchy, we use different LSAs, as different LSAs have different duties. Understanding their restrictions and which one is allowed in which OSPF Area Types is very important to understand OSPF.

Published - Fri, 08 Apr 2022

Created by - Orhan Ergun

OSPF Load Balancing

OSPF Load Balancing is to place multiple next-hops into the Routing and Forwarding table for a given IP destination prefix. In this post, we will look at OSPF Load Balancing, OSPF Load Sharing, OSPF ECMP, OSPF UCMP, where we should use it, where we shouldn't use it, and what can be dangerous if we have OSPF Load balancing will be explained. OSPF Equal Cost Load Balancing - OSPF ECMP What is OSPF Equal Cost Load Balancing let's have a look at the below topology and let's try to understand? In the above topology, the 192.168.0.0/24 network is connected to Router D. As a link-state routing protocol, OSPF routers in the network would know that the 192.168.0.0/24 subnet is connected to Router D. And they would run SPF/Dijkstra algorithm to calculate the shortest path to this destination. In the above topology, Interface costs are shown. When we look at Router A to 192.168.0.0/24 subnet, we have two paths. A-B-D and A-C-D. Both of the paths' total cost is 10+10 = 20. Thus, Router A can do load balancing for that destination prefix. When OSPF has two paths, we don't need to enter manually any command, it installs the next hops into the routing table automatically. So, in the above topology, Router A installs both Router B and Router C into its routing table as the next hops for the destination subnet 192.168.0.0/24. This is called OSPF ECMP - OSPF Equal Cost Multipath, OSPF Load Balancing, or OSPF Load Sharing, basically all are the same thing. It is called ECMP, because both paths' total cumulative costs are equal, which is 20 in the above topology. OSPF Unequal Cost Multi Path This time, let's have a look at OSPF UCMP, Unequal Cost Multi-Path. OSPF doesn't normally support UCMP. In the IEFT there was a Draft for it but never got implemented. Today, if you have an OSPF network and want to use available paths but their cumulative costs are not the same, you can do PBR - Policy-Based routing, you can deploy RSVP or Segment Routing Traffic Engineering to push the traffic to the non-shortest paths as well. Otherwise, if cumulative costs are not the same, only the shortest path is used.

Published - Wed, 06 Apr 2022

Created by - Orhan Ergun

OSPF Area Types

OSPF Areas are used for OSPF Scalability. In this post, we will have a look at many different topics about OSPF Area Types, their usage, limitations, different router types, and so on. In OSPF, we have in general two different Area Types. OSPF Backbone Area and OSPF Non-Backbone Area. There are many different OSPF Non-Backbone Area types and we will cover each one of them, their use case, limitations, and benefits in this post. OSPF Area 0 - OSPF Backbone Area First of all, Let's start with Area 0. It is known as the Backbone area in OSPF and if there are many different areas, non-backbone areas can communicate with each other through OSPF Area 0. Let's use the below topology for the rest of the OSPF Area Types discussion. Figure - OSPF Area Types In the above topology, OSPF Area 0, which is OSPF Backbone Area, physically connects different OSPF Non-Backbone Areas. OSPF Router Types in OSPF Area 0 are known as Internal Backbone Routers. We don't have OSPF LSA restrictions when it comes to OSPF Area 0, all the LSAs are allowed in this OSPF Area, except Type 4 and Type 7. Type 4 LSA is used for AASBR reachability in Non-Backbone areas in Multi Area OSPF which will be explained in the post later. Before we continue OSPF non-backbone Area Types, let's briefly mention different OSPF Router types. OSPF ABR OSPF Router which connects different types of Areas known as OSPF ABR, OSPF Area Border Router. Based on the Standard OSPF RFC, if a router has an interface in two different OSPF Areas, it is considered an OSPF ABR. Two different OSPF Areas can be even two different OSPF non-backbone Areas. But implementation on vendor routers requires a router to have at least one interface in OSPF Area 0, in order to be considered as an OSPF ABR. OSPF ABR allows summarization between the Areas. Meaning, that if there are many /24 subnets, for example, all of them can be summarized as /18, /16, etc., and sent as less prefix to the other OSPF Area.Sending summary route is good for OSPF Fast convergence, OSPF Troubleshooting, and overall OSPF High Availability. Also, OSPF ABR doesn't allow topology information to be shared between the OSPF Areas.Meaning, that OSPF Cost information of one OSPF Area is not known by other internal OSPF Area routers, because ABR in OSPF doesn't allow this information to be shared. It is also important for the scalability of OSPF networks. In the above topology, R3 and R4 are the OSPF ABR Routers, connecting Area 1 and Area 2 to the Backbone OSPF Area respectively. Area id in OSPF is important in OSPF Design as we will see later in the post, we can create OSPF Hierarchical design by assigning OSPF Area IDs/numbers carefully.OSPF ASBR OSPF ASBR, Autonomous System Boundary Router, is not a special OSPF Router Type actually. ASBR is a generic term that is used in many different architecture and frameworks in Networking. We use this term whenever one routing protocol advertises information in another routing protocol. OSPF redistributes to EIGRP or vice versa, BGP redistributes to IS-IS or vice versa, and any routing protocol redistribution basically is done on the ASBR Router. Basically, a router which is connecting different Administrative domains is known as ASBR.When it is used in OSPF, it is called OSPF ASBR. In the above topology, R2 is the OSPF ASBR, that connects different routing domains to the OSPF network.OSPF Stub Area This is one of the OSPF Non-Backbone Area types. Stub Area doesn't allow OSPF Type 5 LSA. When there is no Type 5 LSA, no Type 4 LSA is generated by the OSPF ABR into the OSPF Stub Area. The overall reason why we use OSPF Stub Area is, that we don't want to allow redistributed prefixes in Stub Area OSPF. But still, Type 3 LSA is allowed in OSPF Stub Area. OSPF Totally Stubby Area Another Non-Backbone area in OSPF is OSPF Totally Stub Area. In the Totally Stub area, in addition to Type 5 and Type 4 LSA, Type 3 LSAs are not allowed either. So, in addition to the redistributed prefixes, Inter-Area OSPF prefixes are not allowed as well. Why we don't allow Inter-Area prefixes in Totally Stub Area in OSPF? The reason is again, scalability. Whenever you restrict more LSA, it is good for overall network scalability. It might create sub-optimal routing but Network design is all about trade-offs. We lose something, we gain another. Let's have a look at the next, Single Area and Multi-Area OSPF. Single Area OSPF We can place all our Routers in a Single Area OSPF. It is also commonly referred to as Flat OSPF Network Design. All routers in OSPF Area 0 or any other OSPF Area. This means, that if you place all your routers in OSPF Area 100, it is still considered a Single Area OSPF. Because, each and every router inside that OSPF Area will share the same OSPF database, same reachability information, basically the same everything about each other!. OSPF Single Area design/Flat Design may not be scalable after some amount of OSPF Routers, and prefixes. Thus, for scalability, we usually consider hierarchy. A common way to deploy hierarchy in OSPF is explained next. Multi Area OSPF OSPF Multi-Area design involves OSPF Area 0, Bachone OSPF Area, as well as Non-Backbone Areas. In this design, topology information is not exchanged. Cost between the routers in OSPF Area 0 is only known by Internal OSPF Area 0 routers. Not by any other type of OSPF Area in the network. Also, usually, Network Admins summarize the prefixes between the OSPF Areas, so less amount of information is exchanged between the areas. Or, they deploy the Non-backbone OSPF Areas as Totally Stub Area or NSSA areas so, they just send the default route into those OSPF Areas. Multi-Area OSPF design is covered here in more detail. OSPF NSSA Area OSPF NSSA Area is also a Stub area but it is called an OSPF Not So Stubby Area. You will understand the reason below. When we don't want to allow Type 5 LSA, which means redistribution from the Backbone Area but still allow the redistribution into the Non-Backbone OSPF Arwa, then we deploy OSPF NSSA Area. NSSA OSPF allows redistribution from the different domains but redistributed prefixes can't come from the Network Backbone/OSPF Area 0. A router that connects OSPF NSSA Area and the OSPF Area 0 is known as OSPF NSSA ABR. Redistributed prefixes in NSSA are marked as Type 7 LSA. OSPF NSSA ABR translates OSPF Type 7 LSA to OSPF Type 5 LSA. If there is more than one OSPF NSSA ABR, the Router with the lower OSPF Router ID translates from Type 7 to Type 5.

Published - Mon, 04 Apr 2022

Created by - Orhan Ergun

Most common IOT Routing Protocol RPL- Orhan Ergun and Pascal Thubert inventor of the protocol

Most common IOT Routing Protocol RPL- Orhan Ergun and Pascal Thubert inventor of the protocol! I discussed RPL - Routing over Low Power Lossy Networks, which is common IOT Routing Protocol with the inventor of the Protocol in detail. If you are a network engineer, you shouldn't only focus on traditional, general purpose routing protocols such as OSPF , IS-IS and BGP. I am usually calling them general purpose, because, you can use them on WAN, LAN and DC environment. In fact we started to see all of them in the Datacenter Networks. There is even guidance of using EBGP in Massively Scale Datacenter in RFC 7938.   But, if environment is constraint/limited to some attributes, then traditional routing protocols are not sufficient. For example, if you need to avoid battery powered links in the network, complex Traffic Engineering methods (RSVP-TE, SR-TE) need to be used together with traditional routing protocols.   RPL is one of those routing protocols which work very well on constrained environment. If you are interested in routing protocols, BELOW video is must to watch!   Some of the discussion points in this video:   1. What is RPL, why we need it,? 2. DAG and DODAG formation? 3. RPL is a distance vector protocol., it considers the energy control as an attribute, Cisco’s EIGRP protocol is distance vector as well, why we don’t use EIGRP instead of RPL? Just because EIGRP is Cisco preparatory? 4. BGP is used for almost every service (L2, L3, Unicast , Multicast, VPNs. Security and so on) Could BGP is used in the environments where RPL is used? 5. What are the other protocols in the network we have to use to have RPL? (Is 6lowpan mandatory for RPL)? 6. What are the use cases for it in real world applications? Smart Grid , Connected vehicles ? 7. Which vendors have an implementation for it? 8. What are the competitor/alternative protocol for it? 9. Are there so many networks in the world using it? 10.Can it be used at any other place than IOT networks? [embed]https://www.youtube.com/watch?v=Q_-dvNZLHzs&t=5s[/embed]

Published - Fri, 07 Aug 2020

Created by - Orhan Ergun

IS-IS Design Considerations on MPLS backbone

IS-IS Design - Using IS-IS with MPLS require some important design considerations. IS-IS as a scalable link state routing protocol has been used in the Service Provider networks for decades. In fact, eight of the largest nine Service Providers use IS-IS routing protocol on their network as of today. If LDP is used to setup an MPLS LSP, important IS-IS design considerations should be carefully understood. As you might know IS-IS routing protocol uses IS-IS levels for hierarchy. Similar to other routing protocol, synchronization is one of the consideration. IGP-LDP synchronization is required when MPLS LSP is setup with the LDP protocol. Otherwise routing black holes occur. One of the important IS-IS design considerations when it is used with MPLS is PE devices loopback IP addresses are not sent into IS-IS Level1 domain in Multi-Level IS-IS design. This problem doesn’t happen in flat IS-IS design since you cannot summarize the prefixes in flat/single level IS-IS deployment. In IS-IS L1 domain, internal routers only receive ATT (Attached) bit from the L1-L2 router. This bit is used for default route purpose. If there is more than one L1-L2 router, still only default route is sent into Level1 subdomain/level. Internal IS-IS Level 1 routers don’t know any Level1 or Level2 information other than their area. In order to have MPLS Layer 3 VPN, PE devices should be able to reach each other, even if they are in the different IS-IS areas. If they can reach each other through the specific routing information, MPLS LDP LSP should be setup end to end. You can think that, they can use a default route (ATT bit) and can still reach other routers in other areas, but they cannot. The reason is, an LSR assigns a label to prefix for which it has an exact match in its RIB. Thanks to the RFC 5283 (LDP Extension for Inter-Area Label Switched Paths) is saying that given the condition that the LSR doesn’t have an exact match for a prefix P1, If the prefix P1 is a subset of a RIB entry p, then, a label should be assigned to P1. Note that it is a label for exact prefix P1 (and not the P) that is installed in the LFIB. The RIB, remains unchanged. RFC 5283 changes the default behaviour of LDP label assignment which is “exact match” to the more flexible “longest match”. Route Leaking vs. RFC 5283 (LDP Extension for Inter-Area Label Switched Paths) So, in an IS-IS network, which method should be preferred? Although it depends on other criteria as well, It is good to have a future proof network from the design point of view, thus RFC 5283 implementation should be selected. It allows possible future flexibility. When you want to summarize even the PE loopbacks, you can do it. Also with RFC 5283, route leaking is still can be configured. PE loopback reachability can be achieved with one more way. If PE loopback is carried in BGP, which is called BGP + Label or BGP LU (Label Unicast) then there is no need for route leaking or RFC 5283. This operation has been explained in the Seamless MPLS article. For more information on this topic, please have a look at my network design course by clicking here. 

Published - Mon, 20 Jan 2020

Created by - Orhan Ergun

IS-IS Suboptimal Routing Design

IS-IS Suboptimal Routing - If you design multi level IS-IS network and if you have more than one exit (L1-L2 routers) from the Level 1 domain, you will likely create a suboptimal routing. Multi-level IS-IS design is for large-scale network. What’s more, most of the real life networks use only flat Level 2 IS-IS as their interior gateway protocol (IGP).In the figure shown above, Router A is in the Level 1 IS-IS domain. While Router B is in the Level 1 IS-IS domain, it is in different area. Router A has two exit point/default gateway (L1-L2 Routers) to reach Router B; however, unlike Router B, Router A operates in different domain.   In IS-IS Level 1-Level 2, routers don’t send anything except default route (with ATT bit in the Level 1 LSP) towards the internal Level 1 Routers. Thus, Router B only trust it’s Level 1-Level 2 router information. In addition, Router A doesn’t know the entire IS-IS topology would be in the flat Level 2 IS-IS topology. Furthermore, both L1-L2 routers advertise the same subnet – towards Router A – for the Router B network. In fact, only the metric of Router B is different. Left L1-L2 gateway sends the route of Router B with metric 5; right L1-L2 sends the route of Router B with metric 10.   Because of that, Router A chooses the Left L1-L2 router as its exit point/default gateway to reach Router B. Obviously, this creates sub-optimal routing since the left L1-L2 router sends the packet to top routers so that more hops packet can travel – an effect that we don’t want in our design.   Sub-optimal routing is appealing if you know the requirements of the application. Some applications can tolerate suboptimal routing since their timeout, delay, and jitter expectation may not be sensitive. In sum, putting the low-end devices into an L1 domain provides fault isolation, which in turn provides scalability.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

OSPF Design Challenge

OSPF Design Challenge - OSPF and MPLS is most commonly used two technologies in an MPLS VPN environment. In this post I will share a mini design scenario with you and ask couple questions about the fictitious company architecture. When you attend to my CCDE class ,we will work on tens of scenarios similar to this. I published last week my first mini design scenario about MPLS VPN and DMVPN, and I am thinking to publish every Thursday a new one.In the topology above Company A has a core ring topology between R1 through R8.   There is a huge direct traffic between R3 and R4 core routers thus network engineers decide to connect them directly and turn the topology to partial mesh.   There is no east-west traffic between R9 – R10 edge routers and almost all traffic is north-south.   Company A sends only default route from the core to the edge routers. They know that this might cause suboptimal traffic pattern but it is not an issue for the applications of Company A.   Company wanted to create a Multiple Area since the edge routes such as R9 and R10 and the other routers which are not included in the topology has a resource (CPU/Memory) concern.   Company A network engineers knows that flapping links , even adding a loopback interface on any router would trigger a full SPF run on the poor edge routers.   For the simplicity other routers which are connected to the ring is not shown.   CompanyA network engineer has some question to orhanergun.net readers.     Question 1 : Is it good idea to separate Core routers in two Areas (Area 0 and Area 10) Update: No. Company already has small amount of core routers, and even if the company had thousand of core routers, you can have them all in one area. Using prefix suppression feature, infrastructure links can be removed from Router LSA, so they only have loopback addresses of each other. Question 2 : Which area should R2-R4 and R3-R4 links should be placed in, Why ? Update : In order to prevent sub optimal routing, enabling OSPF Multi Area Adjaceny is better. Also if you would put both links in non-backbone area, R4 no longer wouldn’t be an ABR. Question 3 : Should I have a direct link between R9 and R10 ? Update: No. In the background information section, we are told that between those routers, there is no traffic,so the traffic pattern is north-south. Although in the topology is not shown,company has many edge routers as it is stated in the background informations, having a direct link would just increase the LSA database of poor routers,it would make troubleshooting harder as well. Network Manager of Company A thanks to you and send an email to you, here it is: Hi, We want to have a BGP free core design. On all our core routers we have BGP running. In this stage, We don’t want to have BGP Route Reflector since we want to have path visibility. Question 4 : What would you suggest for Company A’s BGP solution? I would suggest them to enable MPLS. In this stage in real exam you might be asked whether you need additional information. If company wants to have scalable VPN solution, then having an MPLS provides them to have mpls vpn. If they enable MPLS on the network, Core devices don’t have to run BGP. You can’t use single area/Flat IGP in this network since in the requirements, you are told that edge devices have resource problem,so you need to create boundary and put the edges in different areas to protect them. Question 5 : Would your solution work with the all above requirements ? Update : No. In the background information sections, you are told that Company A sends only default route towards an Edge routers. If you run MPLS, unless you enable RFC 5283 or have Seamless MPLS design, you need to have /32 addresses of loopback interfaces of edge devices in non-backbone area. If you receive only default route, you need to leak loopback addresses from Core to Edge in IGP. To have a great understanding of SP Networks, you can check my new published “Service Provider Networks Design and Perspective” Book. It covers the SP network Technologies with also explaining in detail a factious SP network. Click here

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

IS-IS Overload Bit – Why IS-IS Overload bit is used ? What are the use cases ?

IS-IS Overload Bit – Why IS-IS Overload bit is used ? What are the use cases ? In this post, I will explain the Overload bit which is an important feature of IS-IS routing protocol.   When a router which runs an IS-IS routing protocol have resource issue (CPU, Memory), device shouldn’t receive network traffic. It shouldn’t be a transit router between any two other nodes in the network.   Routing protocols have a capability to signal other routers for this. Router which runs routing protocol, can send a warning to other routers to stop sending transit network traffic through them.   In OSPF, ‘ Max-metric router lsa ‘ feature is used and works in very similar way with IS-IS Overload bit.   When router which runs IS-IS Routing protocol sets Overload bit in it LSP (Link State PDU), routers detect that Overload bit is set thus they don’t not use this router for transit traffic but they use it for packets destined to the overloaded router’s directly connected networks and IP prefixes.   What happens when router has system resource problem doesn’t set IS-IS Overload Bit ?   Other routers would still send the traffic to this router, but since there is a resource issue, there will not be place to incoming LSPs into Link State Database which would create database inconsistency. As you might know, ,in IS-IS , every routers should have exact same database in a particular IS-IS level.   Otherwise, this inconsistency creates routing loops. Thus, when a router runs out of system resources, it is important to alert the other routers with Overload bit.   IS-IS and BGP Interaction to avoid traffic blackholing , How IS-IS Overload bit helps ? Let’s look at below topology.Figure - IS-IS and BGP Interaction – Overload Bit helps to avoid traffic blackholing   In the above topology, Router B will be taken down for a maintenance purpose. Before maintenance window starts, Router B should alert other routers that they shouldn’t send traffic anymore through it.   This is done with the IS-IS Overload bit. But what is BGP and IS-IS Interaction ? How Overload bit will help to avoid traffic blackholing ?   In the above topology, let’s imagine that BGP is running between each and every router (Full Mesh IBGP).   When Router B sets Overload Bit, it doesn’t receive any transit traffic anymore. That’s why everything is normal.   But when Router B comes up after the maintenance, if Overload bit is cleared before the BGP convergence, traffic is blackholed at the Router B.   Let me explain in this way. When BGP destination traffic, comes from Router A to Router B, Router B needs to do IP destination based lookup. Who is the destination ? BGP prefix. Did BGP convergence ? No !   That’s; why, until BGP converge, Router B should stay away from the networking traffic. Overload Bit stay as set until BGP finishes its job, when BGP converge (With End of Rib Marker message or Keepalive it is understood that BGP is converged) IS-IS Overload Bit is cleared and Router B start receiving traffic again.

Published - Tue, 26 Nov 2019