A Path Attribute is a characteristics of an advertised BGP route.

Four Categories of PATH Attributes.

  1. Well-Known Mandatory
  2. Well-Known Discretionary
  3. Optional Transitive
  4. Optional Non-Transitive

Well-Known Attributes – These are those BGP Path attributes which should be recognized by all BGP routers.

  • Well-Known Mandatory – Are those Well-Known attributes that must be included in all BGP Update messages.
  2. AS_PATH
  • Well-Known Discretionary – Are those Well-Known attribute, that may or may not include in a specific Update Messages.

Optional Attributes – There are those BGP attributes which may or not recognized or supported by a BGP router.

  • Optional Transitive – Are those optional attributes in which a BGP process should accept the PATH in which it is included and it should pass the Path in to its peers.
  • Optional Non-Transitive – Are those optional attributes in which if a BGP process doesn’t recognize a attribute, it can just ignore the Update message and not need to pass to its peers.



Specifies the origin of the route. When BGP have multiple route , it uses ORIGIN as one factor to select the preferred route.

 * IGP     * EGP    * Incomplete


It contains a list of ASs, through which the PATH will traverse to reach the destination. New AS number  prepend to the existing list.


It contains the IP address of the Next-Hop router in the path specified.

Selecting Next-Hop :-

a. If the advertising peers are in different AS, NH = IP of the advertising router

b. If the advertising peers are in same AS and adv route is in same its AS, NH = IP address of the Neigbor that advertised.

c. If the advertising peers are in same AS, but adv route is in different AS, NH = IP address of the external Peer from which route is learned.


  • Used to communicate a BGP router’s degree of preference for an advertised route.
  • If an iBGP router receives multiple PATH to a same destionation, decision taking is done using this attribute.
  • Route with higest LOCAL_PREF is selected


  • When LOCAL_PREF can influence only traffic leaving the AS, MED can be used to influence the traffic that comes into AS.
  • One AS says to another AS, that which is its preferred ingress point.


Atomic Aggregate attribute is used by the BGP speaking router when it advertise a aggregated route to its peer to mention that it is a less-specific route. The peers should keep this attribute when sending to its own peers.

Aggregator Attribute is used optionally to mention which the is origin router which aggregation happened and the AS which that router is residing.


Simplifies policy enforcement. If a set of destinations have same properties and policies, we can make it as one Community and can be represented using COMMUNITY attribute.

COMMUNITY Attribute format :  AA:NN (Where AA – AS Number, NN – Community Identifier).

Well-Known Communities

INTERNET –  All routes advertised without any specific community by default belongs to INTERNET. It can be advertised freely without any restrictions.

NO_EXPORT – Routes received using this attributes cannot be advertised to eBGP peers.

NO_ADVERTISE – Cannot be advertised both eBGP and iBGP peers.

LOCAL_AS – Cannot advertise to eBGP peers including peers in other Autonomous System within a Confederation.


ORIGINATOR_ID attribute contains the RID of the originator of that specific route in the Local AS.


Contains a sequence of Router Reflection cluster IDs through which the route have passed.

    Send article as PDF   

BGP – Finite State Machine

IDLE State

  • BGP Always beging with Idle state. All incoming connection in this state will be refused.
  • BGP Process initializes all BGP resources.
  • Start the ConnectRetry Timer
  • Initializes a TCP connection to neighbor
  • Listen for TCP initialization from neighbor.
  •  And changes its state to CONNECT.


  • Waits for TCP connection to complete.
  • If TCP conn successful, it will clear ConnectRetry Timer.
  • Completes Initialization and sends a OPEN Message to neighbor.
  • And changes the state to OPENSENT State.


  • Keep on trying to initialize a  TCP connection to complete neighbor.
  • If TCP conn successful, it will clear ConnectRetry Timer.
  • Completes Initialization and sends a OPEN Message to neighbor.
  • And changes the state to OPENSENT State.


  • Send OPEN Message and Wait for a OPEN Message from neighbor too.
  • Once OPEN received its verifies the fields.
  • If any error, sent NOTIFICATION and change to IDLE state.
  • If no Error, a KEEPALIVE message is sent and keepalive timer is reset.
  • HOLD timer is negotiated by selecting the least value.
  • If negotiated HOLD is zero, keepalive and hold timer are not started.
  • Determines whether eBGP or iBGP.
  • Change the state to OPENCONFIRM.


  • Waits for either a Keepalive or Notification Message.
  • If Keepalive, change the state to ESTABLISHED state
  • If Notification,  or a TCP disconnect, or HOLD timer expires change to IDLE state.


  • BGP peer connection is fully established and BGP routers can exchange their UPDATE/KEEPALIVE/NOTIFICATION messages.
  • If UPDATE or KEEPALIVE Hold Timer is restarted.
  • If NOTIFICATION, changed to IDLE state.    Send article as PDF   

BGP – Points to Remember

  • As all EGP(Exterior Gateway Protocols) , BGP also is used to route between Autonomous Systems (ASs).
  • BGP uses TCP port 179, which makes the peer relationship between BGP Peers reliable.


A list of AS numbers which a route traverse is known as AS_PATH attribute.

An AS_PATH is created by appending each AS number to existing AS_PATH.

AS_PATH helps to find out the lowest Path by counting the number of AS numbers included in the AS_PATH attribute of eac route.

AS_PATH also helps to identify the loop. If a router gets a route with AS_PATH with its own AS number it will know that there exists a loop

BGP Message Types

Before establishing a BGP peer connection, the two neighbors must perform the standard TCP 2-way handshake and open a TCP connection to port 179. All BGP messages are unicast to the one neighbor over the TCP connection.

Four BGP Messages are :

  1. OPEN



Once the TCP connection is established , both the neighbors will send an OPEN Message. Each neighbors use this message for identify and to specify its BGP operations. OPEN Messages contains the following informations.

BGP version number – Specifies whether its contains BGP versions 2,3 or 4.  Unless specified by command neighbor version, it will be BGPv4.

Autonomous System Number – AS number of the Originating router. This decide whether it will be a eBGP or iBGP.

Hold Time –  The max time in secs that can be elapsed without getting any update or keepalives.  The holdtime must be either 0(in which no keepalives are sent) or atleast 3. Cisco default is 180 seconds. If both the neighbors have different holdtime, its negotiated to smaller one.

 BGP Identifier –  This is an IP address which identifies a BGP neighbor.  Cisco uses same process as it select OSPF router-id.

Optional Parameters – This field will be used to advertise support for capabilities such as Authentication, Multiprotocol support and route refresh.


If a router accepts with the options specified in the OPEN message, it will send a KEEPALIVE message. Subsequent keepalive will be send every 60 secs by default in CISCO routers or a period equal to 1/3rd of the holdtime.


Contains feasible routes,  withdrawn routes, or both. Contains following information.

Network Layer Reachability Information(NLRI) – Contains tuples (Length, Prefix). ie if update is having information regarding route, It will contain (19,

PATH Attributes – Contains the attributes for the above NLRI, which helps BGP to choose shortest PATH, detect Routing Loops, and determining Routing Policy.

Withdrawn Routes – Tuples (Length, Prefix) which are unreachable and are being withdrawn from the service.


Send by BGP neighbors when there is any error  occurred during BGP operations. Example, when a BGP  v3 router receives a BGP OPEN Message with BGP v4, it sends back a NOTIFICATION Message and close the connection. Then the BGPv4 router need to establish a new connection sending with a BGP v3 OPEN Message.    Send article as PDF   

RIP Version 2 – Points to Remember

Extensions added from RIPv1

  1. Subnet masks carried with each route entry
  2. Authentication of routing updates
  3. Next-hop addresses carried with each route entry
  4. External route tags
  5. Multicast route updates

Operation of RIPv2

Uses multicast address to send to other  ripv2 routers instead of broadcast.

RIPv2 Message Format
Almost same as of version1 . Only unused bits in version messages will be used for carrying the extensions mentioned.
Thos are

Route Tag provides a field for tagging external routes or routes that have been redistributed into the
RIPv2 process. One suggested use of this 16-bit field is to carry the autonomous system number of routes
that have been imported from an external routing protocol. Although RIP itself does not use this field,
external routing protocols connected to a RIP domain in multiple locations may use the route tag field to
exchange information across the RIP domain. The field may also be used to group certain external routes
for easier control within the RIP domain

Subnet Mask is 32-bit mask that identifies the network and subnet portion of the IP address.

Next Hop identifies a better next-hop address, if one exists, than the address of the advertising router.
That is, it indicates a next-hop address, on the same subnet, that is metrically closer to the destination than
the advertising router is. If the field is set to all zeros (, the address of the advertising router is the
best next-hop address.

Classless Routing Protocols

Classless routing protocols carry the subnet mask also along with the routing update. Classless routing lookup can be acheived by entering the command “ip classless” on global configuration mode.

When a router perform classless routing lookup, instead of checking for match with a major network of the destination IP address, it performs a bit-by-bit match with each of it routing table entry with the dst ip address.

This feature helps to implement VLSM (Variable Lenght Subnet Mask).

To include all-zeros subnet also into valid subnets, use the command “ip subnet-zero”.


RIP authentication is implemented using the first route entry update in the Update Message. This causes reducing the number of total routes that can be included in a single update message from 25 to 24.

If an update message contains authentication, first router entry address-family identifier field will contain OxFFFF.

If the authentication is simple  password,  authentication type field will contain – oxooo2 and the remaining 16 octets carry an alphanumeric password of up to 16 characters.

If the authentication is MD5, authentication type field contains oxooo3.

 Compatibility with RIP v1

The interface-level “compatibility switches” are implemented in Cisco IOS with the commands ip rip send version and ip rip receive version.    Send article as PDF   

RIP – Message Format

  1. Each message contains a command and a version and can containing  upto 25 entries.
  2. Each route entry contains and address-family , IP address reachable by this route  and a metric (Hop count)for that route.
  3. If more than 25 routes are there, need to use multiple RIP messages.
  4. Command – Specifies whether its a “Message  Request” (bit=1) or “Message Response” (bit=2).
  5. Version will be set to one for RIPv1.
  6. Address Family Identifier is set to two for IP. The only exception to this is a request for a router’s (orhost’s) full routing table

Request Message Types

There are two types of Request Messages

  1. Send a request for getting the entire routing table information from the neighbor. In this case, address-family identifier will be set to 0 and IP address will be set to and metric 16.
  2. Send a request to get a specific route or routes information from neighbor. This request message will contain IP address of the host/network/sub-net for which router need the route. The Neighbor on receiving  this will process entries one by one. If the router have a route to a specific entry , corresponding is marked with its metric and if it dont have entry for a route, it will mark metric as 16.    Send article as PDF   

RIP – Points to remember

  1. Rip uses UDP port 520 as both Src and Dst port value
  2. RIP defines two message types: Request messages and Response messages.
  3. The metric used by RIP is hop count (1- directly connected, 16 Unreachable)
  4. If a particular entry in update packet is new, then router will insert it into its routing table along with the advertising router which is the src address of the update packet.
  5. If the route is for a network that is already in the table, the existing entry will be replaced only if the new route has a lower hop count.
  6. If the advertised hop count is higher than the recorded hop count and the update was originated by the recorded next-hop router, the route will be marked as unreachable for a specified holddown period.
  7. If at the end of that time the same neighbor is still advertising the higher hop count, the new metric will be accepted.
  8. RIP v1 can perform equal-cost load balancing.

RIP Timers and Stability Features

Update Timer

  1. Send update packet every 30 secs with complete information of its routing table.
  2. The update is a broadcast and hence the destination IP will be

Holddown Period

If the advertised hop count is higher than the recorded hop count and the update was originated by the recorded next-hop router, the route will be marked as unreachable for a specified (180 sec) holddown period.

Invalid Timer

  1. Amount of time which a route can exist in routing table as Valid , if it didn’t receive any update.
  2. It is 180 secs (6 times update timer)
  3. Even after 180 seconds, no update is heard, it will mark that route as unreachable(hop count 16).

Flush Timer

  1. The router will wait for 240 seconds (60 secs more after invalid timer expire) and still if it didnt get any update, it will flush that entry from routing table.
  2. 180-240 secs, the router will advertise this route to neighbors  as unreachable.
  3. During 180-240 seconds, route will show as in routing table.

The timers can be changed using below command

# timers basic <update> <invalid> <holddown> <flush>

 Silent hosts
Some hosts may employ RIP in a “silent” mode. These so-called silent hosts do not generate RIP updates,
but listen for them and update their internal routing tables accordingly.
Class-full Routing in RIP v1
When a packet enters a RIP-speaking router and a route table lookup is performed, the various choices in
the table are pruned until a single path remains. First, the network portion of the destination address is
read and the routing table is consulted for a match. It is this first step of reading the major class A, B, or C
network number that defines a classful routing table lookup. If there is no match for the major network,
the packet is dropped and an ICMP Destination Unreachable message is sent to the packet’s source. If
there is a match for the network portion, the subnets listed for that network are examined. If a match can
be found, the packet is routed. If a match cannot be made, the packet is dropped and a Destination
Unreachable message is sent.

The RIPv1 route update does not carry subnet mask.
If the major network is directly connected to the router, that interface subnet mask is taken for all the sunets in that major network.
If the major network is not directly connected to any of the router interfaces, it will use a summarized route to major network. Thiis is also know as subnet hiding. This is performed in the boundary router between the two major network.

Summarization in Discontigous link
When subnets of a major network is not contigous, that means, if it resides in two difefrent parts of network, there is chance that the routers between these two subnets will load balance as each of the router in two subnets will send summarized route to the routers between it.
Solution for this is the links between this subnets should be configured using a secondary address and make it logically contigous.

Manupulation of metric.
Example : If the hops between two routers are 2 hops and for redundancy or as a backup link we have a serial connection directly connected between these two routers, since the serial link is 1 hop, it will be always preferred over the 2 hop path. To prevent this and make the 2 hop path whenever its available, we can use “offset-list”.

offset-list command specify a number which need to be added to the route entry and to identify which route entry metric should be manipulated, it uses an access-list.

Ernest_T(config)#access-list 1 permit
Ernest_T(config)#router rip
Ernest_T(config-router)#offset-list 1 in 2 Serial0

Above command says that, Whatever route updates which get through Serial0 and which matches the routes mentioned in access-list 1, add 2 hops to the metric, before installing it into routing table. This will make the total hop count as 3 for these routes and hence route with 2 hops will be preferred and whenever hops with 2 hops go down, routes with 3 hops will be used.    Send article as PDF   

Win 7 cannot access WinXP on LAN but reverse working

SOLUTION (Should be done on Win XP)

1. Go to “My Network Places”

2. Click on “View Network Connections”

3. Select your LAN NIC, Right click and select properties.

4. Click on “Advanced” tab

5. Click on “Settings”

6.  On Windows Firewall window ,  click on “Exceptions” tab

7.  Select “File and Printer Sharing” , “Remote Desktop” &  “Remote Assistance”.

8. Click OK to all windows opened.

Hope this will help.    Send article as PDF   

What is QoS ?

QoS is the ability of the network to provide better or special service to a set of users or applications or both to the detriment of other users or applications or both. The earliest versions of QoS tools protected data against data. For instance, priority queuing made sure packets that matched an access list always had the right of way on an egress interface. Another example is WFQ, which prevents small packets from waiting too long behind large packets on an egress interface outbound queue. When VoIP started to become a serious technology, QoS tools were created to protect voice from data. An example of such a tool is RTP priority queue.

Implementing QoS
Implementing QoS involves three major steps:
Step 1 Identifying traffic types and their requirements
Step 2 Classifying traffic based on the requirements identified
Step 3 Defining policies for each traffic class


Step 1: Identifying Traffic Types and Their Requirements
Identifying traffic types and their requirements, the first step in implementing QoS, is composed of the following elements or substeps:

Perform a network audit—It is often recommended that you perform the audit during thebusy hour (BH) or congestion period, but it is also important that you run the audit at other times. Certain applications are run during slow business hours on purpose. There are scientific
methods for identifying the busy network moments, for example, through statistical sampling and analysis, but the simplest method is to observe CPU and link utilizations and conduct the audit during the general peak periods.
Perform a business audit and determine the importance of each application—The business model and goals dictate the business requirements. From that, you can derive the definition of traffic classes and the requirements for each class. This step considers whether delaying or dropping packets of each application is acceptable. You must determine the relative importance of different applications.
Define the appropriate service levels for each traffic class—For each traffic class, within the framework of business objectives, a specific service level can define tangible resource availability or reservations. Guaranteed minimum bandwidth, maximum bandwidth, guaranteed end-to-end maximum delay, guaranteed end-to-end maximum jitter, and comparative drop preference are among the characteristics that you can define for each service level. The final service level definitions must meet business objectives and satisfy the comfort expectations of the users.

Step 2: Classifying Traffic Based on the Requirements Identified
The definition of traffic classes does not need to be general; it must include the traffic (application) types that were observed during the network audit step. You can classify tens or even hundreds of traffic variations into very few classes. The defined traffic classes must be in line with business objectives. The traffic or application types within the same class must have common requirements and business requirements. The exceptions to this rule are the applications that have not been identified or scavenger-class traffic. Voice traffic has specific requirements, and it is almost always in its own class. With Cisco LLQ, VoIP is assigned to a single class, and that class uses a strict priority queue (a priority queue with
strict maximum bandwidth) on the egress interface of each router. Many case studies have shown the merits of using some or all of the following traffic classes within an enterprise network:

Voice (VoIP) class—Voice traffic has specific bandwidth requirements, and its delay and drops must be eliminated or at least minimized. Therefore, this class is the highest priority class but has limited bandwidth. VoIP packet loss should remain below 1% and the goal for
its end-to-end delay must be 150 ms.

Mission-critical traffic class—Critical business applications are put in one or two classes. You must identify the bandwidth requirements for them.
Signaling traffic class—Signaling traffic, voice call setup and teardown for example, is often put in a separate class. This class has limited bandwidth expectations.
Transactional applications traffic class—These applications, if present, include interactive, database, and similar services that need special attention. You must also identify the bandwidth requirements for them. Enterprise Resource Planning (ERP) applications such as Peoplesoft
and SAP are examples of these types of applications.
Best-effort traffic class—All the undefined traffic types are considered best effort and receive the remainder of bandwidth on an interface.
Scavenger traffic class—This class of applications will be assigned into one class and be given limited bandwidth. This class is considered inferior to the best-effort traffic class. Peerto- peer file sharing applications are put in this class.

Step 3: Defining Policies for Each Traffic Class
After the traffic classes have been formed based on the network audit and business objectives, the final step of implementing QoS in an enterprise is to provide a network-wide definition for the QoS service level that must be assigned to each traffic class. This is called defining a QoS policy, and
it might include having to complete the following tasks:
■ Setting a maximum bandwidth limit for a class
■ Setting a minimum bandwidth guarantee for a class
■ Assigning a relative priority level to a class
■ Applying congestion management, congestion avoidance, and many other advanced QoS
technologies to a class.
To provide an example, based on the traffic classes listed in the previous section, Table 2-2 defines
a practical QoS policy.    Send article as PDF   

QoS – End-to-End Delay

End-to-End Delay
There are different types of delay from source to destination. End-to-end delay is the sum of those
different delay types that affect the packets of a certain flow or application. Four of the important
types of delay that make up end-to-end delay are as follows:
■ Processing delay
■ Queuing delay
■ Serialization delay
■ Propagation delay

Processing delay is the time it takes for a device such as a router or Layer 3 switch to perform all the tasks necessary to move a packet from the input (ingress) interface to the output (egress) interface. The CPU type, CPU utilization, switching mode, router architecture, and configured features on the device affect the processing delay. For example, packets that are distributed-CEF switched on a versatile interface processor (VIP) card cause no CPU interrupts.
Queuing delay is the amount of time that a packet spends in the output queue of a router interface. The busyness of the router, the number of packets waiting in the queue, the queuing discipline, and the interface bandwidth all affect the queuing delay.

Serialization delay is the time it takes to send all the bits of a frame to the physical medium for transmission across the physical layer.

Propagation delay – The time it takes for the bits of that frame to cross the physical link is called the propagation delay. Naturally, the propagation delay across different media can be significantly different. For instance, the propagation delay on a high-speed optical connection such as OC-192 is significantly lower than the propagation delay on a satellite-based link.    Send article as PDF