ISIS Levels


ISIS has a 2 layer hierarchy:
  • Level-2 (the backbone).
  • Level-1 (the areas).

Level of routing:
  • Level 0 : Between an End System (a host or a PC) and IS (a Router).
  • Level 1 : IS to IS in the same area.
  • Level 2 : IS to IS in different areas in the same AS.
  • Level 3 : IS to IS in different AS or routing domain. Like routing through ASBR in OSPF.

An ISIS router can be either:
  • Level-1 (L1) router.
  • Level-2 (L2) router.
  • Level-1-2 (L1/L2) router(default type - Cisco).

Level-1 router:
  • Has neighbors only in the same area.
  • Has a level-1 LSDB with all routing information for the area.

Level-1-2 router:
  • May have neighbors in any area.
  • Has two separate LSDBs: level-1 LSDB & level-2 LSDB.
  • By default, a router becomes L1/L2 router unless specifically changed the role to L1-only or L2-only.

Level-2 router(kind of a backbone area):
  • May have neighbors in the same or other areas.
  • Has a Level-2 LSDB with all routing information about inter-area.

continue reading ISIS Levels

RIP Behavior - Discontigous Networks

In this post, we will discuss RIP protocol behavior for discontiguous networks.


Referring above algorithm, let's take an example of below topology and study the discontiguous network behavior in RIP.


Let's also assume we are running RIP version 1 in above topology. Below outputs/results will be seen.

1. R1 advertises Lo0 to R2. Because it is a host route, and we are using Cisco IOS in above topology, R1 advertises the subnet 172.16.0.1/32 to R2 because Lo0 and source interface F1/0 have a same major network (172.16.0.0) irrespective of the subnet mask configured (i.e. Lo0 has /32 and F1/0 has /30 subnet mask).

2. When R1 tries to advertise Lo1 which has the same major network as F1/0 but different subnet mask, R1 will drop network and will not advertise it.

3. R1 will successfully advertise Lo2 to R2 because Lo2 has the same major network and same subnet mask as F1/0.
4. While R1 will try to advertise Lo10 which has different major network compared to interface F1/0,  R1 will summarize 10.10.10.1/32 to its default Class A boundary and advertises the network 10.10.10.0 to R2.
5. The same behavior will be seen on R3 and while it will advertise it Lo10 to R2, it will also summarize this subnet to default Class A boundary and advertises the network 10.0.0.0/8.
6. R2 will receive the same network 10.0.0.0/8 from 2 routers(directions) with the same metric (hop count 1) and will install both routes in its routing table.

R2#  sh ip route 10.10.10.1
Routing entry for 10.0.0.0/8
  Known via "rip", distance 120, metric 1
  Redistributing via rip
  Last update from 172.16.23.2 on FastEthernet1/1, 00:00:13 ago
  Routing Descriptor Blocks:
  * 172.16.23.2, from 172.16.23.2, 00:00:13 ago, via FastEthernet1/1
      Route metric is 1, traffic share count is 1
    172.16.12.1, from 172.16.12.1, 00:00:16 ago, via FastEthernet1/0
      Route metric is 1, traffic share count is 1

7.  R1 cannot ping Lo10 or R3 and vice versa because R2 will not advertise the network 10.0.0.0/8 back to R1 and R3 which it has received from them only. Hence R1 and R3 cannot reach each other because of incomplete routing.

R1#sh ip route 10.10.10.3
% Subnet not in table

R3#sh ip route 10.10.10.1
% Subnet not in table

Solution :  

Let's enable RIPv2 on all routers and configure disable auto summarization on all.

R1(config)#
R1(config)#Router RIP
R1(config-router)#version 2
R1(config-router)#no auto-summary

Similarly, configure the same on R2 and R3. After the above configuration, the Discontiguous routing behavior will disappear and we will see complete routing end to end.

R1#sh ip route 10.10.10.3
Routing entry for 10.10.10.3/32
  Known via "rip", distance 120, metric 2
  Redistributing via rip
  Last update from 172.16.12.2 on FastEthernet1/0, 00:00:01 ago
  Routing Descriptor Blocks:
  * 172.16.12.2, from 172.16.12.2, 00:00:01 ago, via FastEthernet1/0
      Route metric is 2, traffic share count is 1

R1#ping 10.10.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/60/68 ms

Similarly, R3 will be able to ping Lo10 (10.10.10.1/32) of R1.

Important note:  Besides RIP, IGP protocols like EIGRP (by default) follow the same behavior w.r.t discontiguous networks.  To disable this behavior, for example on EIGRP, disable auto summarization using "no auto-summary" command.


continue reading RIP Behavior - Discontigous Networks

What is SD-WAN. How it works?

To understand the concept of SD-WAN and its working, let's create a base first with an example.

AIM (example): Connecting one or multiple branch offices to head office or Data Center.
An Enterprise generally has multiple branch offices that connect to its Central site/Head Office. The branch offices would generally use a WAN connectivity to connect to their head office.
Each branch office would require the following resources:

  • A dedicated WAN router (Vendor Cisco/Juniper etc) with single or multiple links (if WAN redundancy is required).
  • L1/L2 Leased line circuit from a provider, Or an MPLS circuit from a provider, or an Internet broadband link (with IPsec for protection).
  • 1st time Manual configuration of WAN router/Modem with all the policies that would require dedicated MAN hours.
  • Time to Time Software/HW up-gradation, config changes that would again require dedicated MAN hours.
  • Risk of HW/Software Failure at any time.
SD-WAN would be providing the same WAN connectivity to Enterprise customers but in a more agile, flexible, and intelligent way. SD-WAN uses the concept of SDN technology (separating control plane from data plane) to provide these required services.

Don't forget our ultimate aim of connecting a branch office to the head office or data center.
Using SD-WAN the resources we would require.

A commodity HW based dedicated device, that will be running as a router, switch, Firewall, Load balancer, Traffic optimizer on a single Hardware (x86 server) also called uCPE (universal Customer Premise Equipment). This uCPE will be capable of running multiple VNFs to provide various network functions like routing, switching, security, traffic prioritization, etc.

This uCPE will be connected to its Head office again using an MPLS link (Primary),  Internet Broadband Link (secondary), or any other tertiary link (LTE-4G) to be used in case primary or secondary links fail.

There will be a central server (cloud-hosted over the internet or Hosted by MPLS service provider) that will be centrally controlling and managing the uCPE. This centralized server would again be deployed over commodity HW (x86 servers). There can be one or more components under this centralized server having multiple functions (configuration and management, control, monitor, authentication & accounting). This centrally controlled server will be used for the following purposes:

  • For pushing initial configuration on uCPE with all the routing, switching, security, QoS, etc Policies.
  • Used for monitoring the working of uCPE through the collection of various analytic reports.
  • Pushing any specific config/policy changes in the future.
  • Switching to a secondary link based on agile policies. For example, intermittent packet drops, High RTD/Jitter experience, frequent flaps observed on a primary link, etc. and dynamically switching back to secondary link when the primary link is stable.
  • Benefit on cost-saving (expensive routers/switches/firewalls etc.), decreasing complexity and increasing overall network performance.
Overall, The uCPE will handle the Data plane/Forwarding and the Centralized server will handle the control plane for multiple uCPEs of an enterprise customer).

Conclusion: SD-WAN is providing us the WAN connectivity to our head office using the same WAN technologies (Underlay) but in a more flexible and intelligent way. SD-WAN enables enterprises to dynamically route traffic across a hybrid WAN based on the current network status.

Examples of SD-WAN providers:

SD-WAN providers can be divided into 2 categories. Vendor based and Managed Network Service provider based.

1. Vendor Based Providers:
  • Cisco Systems:  Intelligent WAN
  • Juniper: Contrail
  • Riverbed: Steelconnect
  • Viptela (now a Cisco company), etc.
2. Managed Network Service Provider based : 
  • AT&T
  • Orange Business Services
  • British Telecom
  • Singtel
  • Sprint
  • Telefonica etc.
SD-WAN concept explained as implemented by Vendor Viptela (source Viptela):

Viptela SDWAN Components:


Viptela Control Plane components that will be located at a centralized location (cloud or internet). These are given below:

  • vSmart Controller: vSmart controllers are the brains of the overlay network. They establish secure SSL connections to all other components in the network and run an Overlay Management Protocol (OMP) to exchange routing, security and policy information. The centralized policy engine in vSmart provides policy constructs to manipulate routing information, access control, segmentation, extranets and service chaining.
  • vManage: The vManage is a centralized dashboard that enables automatic configuration, management and monitoring of the Viptela overlay network.  Users login to vManage to centrally manage all aspects of the network life cycle from initial deployment, on-going monitoring, and troubleshooting to change control and software upgrades.
  • vBond Orchestrator: The vBond orchestrator facilitates the initial bring-up by performing initial authentication and authorization of all elements into the network. vBond provides information on how each of the components connects to other components.  It plays an important role in enabling Viptela devices that sit behind the NAT to communicate with the network.

Viptela Data Plane component that will act like a uCPE is given below:

  • vEdge Routers: The vEdge routers are full-featured IP routers that perform standard functions such as BGP, OSPF, ACLs, Qos and various routing policies in addition to the overlay communication. Each vEdge router establishes secure connectivity to all of the control components and also establishes IPSec sessions with other vEdge routers in the WAN network. The routing, switching, security functions will be executed by various VNFs configured on the vEdge routers. Viptela vEdge Routers specifications.
continue reading What is SD-WAN. How it works?

What is a uCPE?

uCPE (Universal Customer Premise Equipment) is one single device capable of handling multiple network functions. For example, Routing, Switching, Firewall, Load Balancer, etc functions hosted in a single device called a uCPE. You can simply say it a software-based CPE. uCPE is mainly used as a replacement of standard CE/WAN/edge device present at customer premises, in the SD-WAN deployment.

Below are the benefits of using a uCPE:

  • A uCPE can be configured using commodity Hardware (x86 Servers) using open-source software. For example, Linux(KVM hypervisor), VM Ware(ESXI), Openstack.
  • You can configure any network service over uCPE using VNF and NFV technologies. For example a Router, a Switch, a Firewall, an IDS or IPS, a Load Balancer, etc.
  • uCPE is a plug and play kind of equipment also referred to as Zero Touch deployment.
  • uCPE can be controlled Centrally from a centralized server (hosted on the internet or a provider's cloud or datacenter) by the service provider. The admin/Service provider can deploy any new VNF, do modifications in network policies, monitor the uCPE statistics and performance remotely. 
  • Configuring uCPE is flexible and scalable. A uCPE configured at a branch office can scale to a head office by dynamic integration of multiple other services on the same uCPE.
continue reading What is a uCPE?