BGP – Points to Remember

  • As all EGP(Exterior Gateway Protocols) , BGP also is used to route between Autonomous Systems (ASs).
  • BGP uses TCP port 179, which makes the peer relationship between BGP Peers reliable.


A list of AS numbers which a route traverse is known as AS_PATH attribute.

An AS_PATH is created by appending each AS number to existing AS_PATH.

AS_PATH helps to find out the lowest Path by counting the number of AS numbers included in the AS_PATH attribute of eac route.

AS_PATH also helps to identify the loop. If a router gets a route with AS_PATH with its own AS number it will know that there exists a loop

BGP Message Types

Before establishing a BGP peer connection, the two neighbors must perform the standard TCP 2-way handshake and open a TCP connection to port 179. All BGP messages are unicast to the one neighbor over the TCP connection.

Four BGP Messages are :

  1. OPEN



Once the TCP connection is established , both the neighbors will send an OPEN Message. Each neighbors use this message for identify and to specify its BGP operations. OPEN Messages contains the following informations.

BGP version number – Specifies whether its contains BGP versions 2,3 or 4.  Unless specified by command neighbor version, it will be BGPv4.

Autonomous System Number – AS number of the Originating router. This decide whether it will be a eBGP or iBGP.

Hold Time –  The max time in secs that can be elapsed without getting any update or keepalives.  The holdtime must be either 0(in which no keepalives are sent) or atleast 3. Cisco default is 180 seconds. If both the neighbors have different holdtime, its negotiated to smaller one.

 BGP Identifier –  This is an IP address which identifies a BGP neighbor.  Cisco uses same process as it select OSPF router-id.

Optional Parameters – This field will be used to advertise support for capabilities such as Authentication, Multiprotocol support and route refresh.


If a router accepts with the options specified in the OPEN message, it will send a KEEPALIVE message. Subsequent keepalive will be send every 60 secs by default in CISCO routers or a period equal to 1/3rd of the holdtime.


Contains feasible routes,  withdrawn routes, or both. Contains following information.

Network Layer Reachability Information(NLRI) – Contains tuples (Length, Prefix). ie if update is having information regarding route, It will contain (19,

PATH Attributes – Contains the attributes for the above NLRI, which helps BGP to choose shortest PATH, detect Routing Loops, and determining Routing Policy.

Withdrawn Routes – Tuples (Length, Prefix) which are unreachable and are being withdrawn from the service.


Send by BGP neighbors when there is any error  occurred during BGP operations. Example, when a BGP  v3 router receives a BGP OPEN Message with BGP v4, it sends back a NOTIFICATION Message and close the connection. Then the BGPv4 router need to establish a new connection sending with a BGP v3 OPEN Message.    Send article as PDF   

RIP Version 2 – Points to Remember

Extensions added from RIPv1

  1. Subnet masks carried with each route entry
  2. Authentication of routing updates
  3. Next-hop addresses carried with each route entry
  4. External route tags
  5. Multicast route updates

Operation of RIPv2

Uses multicast address to send to other  ripv2 routers instead of broadcast.

RIPv2 Message Format
Almost same as of version1 . Only unused bits in version messages will be used for carrying the extensions mentioned.
Thos are

Route Tag provides a field for tagging external routes or routes that have been redistributed into the
RIPv2 process. One suggested use of this 16-bit field is to carry the autonomous system number of routes
that have been imported from an external routing protocol. Although RIP itself does not use this field,
external routing protocols connected to a RIP domain in multiple locations may use the route tag field to
exchange information across the RIP domain. The field may also be used to group certain external routes
for easier control within the RIP domain

Subnet Mask is 32-bit mask that identifies the network and subnet portion of the IP address.

Next Hop identifies a better next-hop address, if one exists, than the address of the advertising router.
That is, it indicates a next-hop address, on the same subnet, that is metrically closer to the destination than
the advertising router is. If the field is set to all zeros (, the address of the advertising router is the
best next-hop address.

Classless Routing Protocols

Classless routing protocols carry the subnet mask also along with the routing update. Classless routing lookup can be acheived by entering the command “ip classless” on global configuration mode.

When a router perform classless routing lookup, instead of checking for match with a major network of the destination IP address, it performs a bit-by-bit match with each of it routing table entry with the dst ip address.

This feature helps to implement VLSM (Variable Lenght Subnet Mask).

To include all-zeros subnet also into valid subnets, use the command “ip subnet-zero”.


RIP authentication is implemented using the first route entry update in the Update Message. This causes reducing the number of total routes that can be included in a single update message from 25 to 24.

If an update message contains authentication, first router entry address-family identifier field will contain OxFFFF.

If the authentication is simple  password,  authentication type field will contain – oxooo2 and the remaining 16 octets carry an alphanumeric password of up to 16 characters.

If the authentication is MD5, authentication type field contains oxooo3.

 Compatibility with RIP v1

The interface-level “compatibility switches” are implemented in Cisco IOS with the commands ip rip send version and ip rip receive version.    Send article as PDF   

RIP – Message Format

  1. Each message contains a command and a version and can containing  upto 25 entries.
  2. Each route entry contains and address-family , IP address reachable by this route  and a metric (Hop count)for that route.
  3. If more than 25 routes are there, need to use multiple RIP messages.
  4. Command – Specifies whether its a “Message  Request” (bit=1) or “Message Response” (bit=2).
  5. Version will be set to one for RIPv1.
  6. Address Family Identifier is set to two for IP. The only exception to this is a request for a router’s (orhost’s) full routing table

Request Message Types

There are two types of Request Messages

  1. Send a request for getting the entire routing table information from the neighbor. In this case, address-family identifier will be set to 0 and IP address will be set to and metric 16.
  2. Send a request to get a specific route or routes information from neighbor. This request message will contain IP address of the host/network/sub-net for which router need the route. The Neighbor on receiving  this will process entries one by one. If the router have a route to a specific entry , corresponding is marked with its metric and if it dont have entry for a route, it will mark metric as 16.    Send article as PDF   

RIP – Points to remember

  1. Rip uses UDP port 520 as both Src and Dst port value
  2. RIP defines two message types: Request messages and Response messages.
  3. The metric used by RIP is hop count (1- directly connected, 16 Unreachable)
  4. If a particular entry in update packet is new, then router will insert it into its routing table along with the advertising router which is the src address of the update packet.
  5. If the route is for a network that is already in the table, the existing entry will be replaced only if the new route has a lower hop count.
  6. If the advertised hop count is higher than the recorded hop count and the update was originated by the recorded next-hop router, the route will be marked as unreachable for a specified holddown period.
  7. If at the end of that time the same neighbor is still advertising the higher hop count, the new metric will be accepted.
  8. RIP v1 can perform equal-cost load balancing.

RIP Timers and Stability Features

Update Timer

  1. Send update packet every 30 secs with complete information of its routing table.
  2. The update is a broadcast and hence the destination IP will be

Holddown Period

If the advertised hop count is higher than the recorded hop count and the update was originated by the recorded next-hop router, the route will be marked as unreachable for a specified (180 sec) holddown period.

Invalid Timer

  1. Amount of time which a route can exist in routing table as Valid , if it didn’t receive any update.
  2. It is 180 secs (6 times update timer)
  3. Even after 180 seconds, no update is heard, it will mark that route as unreachable(hop count 16).

Flush Timer

  1. The router will wait for 240 seconds (60 secs more after invalid timer expire) and still if it didnt get any update, it will flush that entry from routing table.
  2. 180-240 secs, the router will advertise this route to neighbors  as unreachable.
  3. During 180-240 seconds, route will show as in routing table.

The timers can be changed using below command

# timers basic <update> <invalid> <holddown> <flush>

 Silent hosts
Some hosts may employ RIP in a “silent” mode. These so-called silent hosts do not generate RIP updates,
but listen for them and update their internal routing tables accordingly.
Class-full Routing in RIP v1
When a packet enters a RIP-speaking router and a route table lookup is performed, the various choices in
the table are pruned until a single path remains. First, the network portion of the destination address is
read and the routing table is consulted for a match. It is this first step of reading the major class A, B, or C
network number that defines a classful routing table lookup. If there is no match for the major network,
the packet is dropped and an ICMP Destination Unreachable message is sent to the packet’s source. If
there is a match for the network portion, the subnets listed for that network are examined. If a match can
be found, the packet is routed. If a match cannot be made, the packet is dropped and a Destination
Unreachable message is sent.

The RIPv1 route update does not carry subnet mask.
If the major network is directly connected to the router, that interface subnet mask is taken for all the sunets in that major network.
If the major network is not directly connected to any of the router interfaces, it will use a summarized route to major network. Thiis is also know as subnet hiding. This is performed in the boundary router between the two major network.

Summarization in Discontigous link
When subnets of a major network is not contigous, that means, if it resides in two difefrent parts of network, there is chance that the routers between these two subnets will load balance as each of the router in two subnets will send summarized route to the routers between it.
Solution for this is the links between this subnets should be configured using a secondary address and make it logically contigous.

Manupulation of metric.
Example : If the hops between two routers are 2 hops and for redundancy or as a backup link we have a serial connection directly connected between these two routers, since the serial link is 1 hop, it will be always preferred over the 2 hop path. To prevent this and make the 2 hop path whenever its available, we can use “offset-list”.

offset-list command specify a number which need to be added to the route entry and to identify which route entry metric should be manipulated, it uses an access-list.

Ernest_T(config)#access-list 1 permit
Ernest_T(config)#router rip
Ernest_T(config-router)#offset-list 1 in 2 Serial0

Above command says that, Whatever route updates which get through Serial0 and which matches the routes mentioned in access-list 1, add 2 hops to the metric, before installing it into routing table. This will make the total hop count as 3 for these routes and hence route with 2 hops will be preferred and whenever hops with 2 hops go down, routes with 3 hops will be used.    Send article as PDF   

Win 7 cannot access WinXP on LAN but reverse working

SOLUTION (Should be done on Win XP)

1. Go to “My Network Places”

2. Click on “View Network Connections”

3. Select your LAN NIC, Right click and select properties.

4. Click on “Advanced” tab

5. Click on “Settings”

6.  On Windows Firewall window ,  click on “Exceptions” tab

7.  Select “File and Printer Sharing” , “Remote Desktop” &  “Remote Assistance”.

8. Click OK to all windows opened.

Hope this will help.    Send article as PDF   

What is QoS ?

QoS is the ability of the network to provide better or special service to a set of users or applications or both to the detriment of other users or applications or both. The earliest versions of QoS tools protected data against data. For instance, priority queuing made sure packets that matched an access list always had the right of way on an egress interface. Another example is WFQ, which prevents small packets from waiting too long behind large packets on an egress interface outbound queue. When VoIP started to become a serious technology, QoS tools were created to protect voice from data. An example of such a tool is RTP priority queue.

Implementing QoS
Implementing QoS involves three major steps:
Step 1 Identifying traffic types and their requirements
Step 2 Classifying traffic based on the requirements identified
Step 3 Defining policies for each traffic class


Step 1: Identifying Traffic Types and Their Requirements
Identifying traffic types and their requirements, the first step in implementing QoS, is composed of the following elements or substeps:

Perform a network audit—It is often recommended that you perform the audit during thebusy hour (BH) or congestion period, but it is also important that you run the audit at other times. Certain applications are run during slow business hours on purpose. There are scientific
methods for identifying the busy network moments, for example, through statistical sampling and analysis, but the simplest method is to observe CPU and link utilizations and conduct the audit during the general peak periods.
Perform a business audit and determine the importance of each application—The business model and goals dictate the business requirements. From that, you can derive the definition of traffic classes and the requirements for each class. This step considers whether delaying or dropping packets of each application is acceptable. You must determine the relative importance of different applications.
Define the appropriate service levels for each traffic class—For each traffic class, within the framework of business objectives, a specific service level can define tangible resource availability or reservations. Guaranteed minimum bandwidth, maximum bandwidth, guaranteed end-to-end maximum delay, guaranteed end-to-end maximum jitter, and comparative drop preference are among the characteristics that you can define for each service level. The final service level definitions must meet business objectives and satisfy the comfort expectations of the users.

Step 2: Classifying Traffic Based on the Requirements Identified
The definition of traffic classes does not need to be general; it must include the traffic (application) types that were observed during the network audit step. You can classify tens or even hundreds of traffic variations into very few classes. The defined traffic classes must be in line with business objectives. The traffic or application types within the same class must have common requirements and business requirements. The exceptions to this rule are the applications that have not been identified or scavenger-class traffic. Voice traffic has specific requirements, and it is almost always in its own class. With Cisco LLQ, VoIP is assigned to a single class, and that class uses a strict priority queue (a priority queue with
strict maximum bandwidth) on the egress interface of each router. Many case studies have shown the merits of using some or all of the following traffic classes within an enterprise network:

Voice (VoIP) class—Voice traffic has specific bandwidth requirements, and its delay and drops must be eliminated or at least minimized. Therefore, this class is the highest priority class but has limited bandwidth. VoIP packet loss should remain below 1% and the goal for
its end-to-end delay must be 150 ms.

Mission-critical traffic class—Critical business applications are put in one or two classes. You must identify the bandwidth requirements for them.
Signaling traffic class—Signaling traffic, voice call setup and teardown for example, is often put in a separate class. This class has limited bandwidth expectations.
Transactional applications traffic class—These applications, if present, include interactive, database, and similar services that need special attention. You must also identify the bandwidth requirements for them. Enterprise Resource Planning (ERP) applications such as Peoplesoft
and SAP are examples of these types of applications.
Best-effort traffic class—All the undefined traffic types are considered best effort and receive the remainder of bandwidth on an interface.
Scavenger traffic class—This class of applications will be assigned into one class and be given limited bandwidth. This class is considered inferior to the best-effort traffic class. Peerto- peer file sharing applications are put in this class.

Step 3: Defining Policies for Each Traffic Class
After the traffic classes have been formed based on the network audit and business objectives, the final step of implementing QoS in an enterprise is to provide a network-wide definition for the QoS service level that must be assigned to each traffic class. This is called defining a QoS policy, and
it might include having to complete the following tasks:
■ Setting a maximum bandwidth limit for a class
■ Setting a minimum bandwidth guarantee for a class
■ Assigning a relative priority level to a class
■ Applying congestion management, congestion avoidance, and many other advanced QoS
technologies to a class.
To provide an example, based on the traffic classes listed in the previous section, Table 2-2 defines
a practical QoS policy.    Send article as PDF   

QoS – End-to-End Delay

End-to-End Delay
There are different types of delay from source to destination. End-to-end delay is the sum of those
different delay types that affect the packets of a certain flow or application. Four of the important
types of delay that make up end-to-end delay are as follows:
■ Processing delay
■ Queuing delay
■ Serialization delay
■ Propagation delay

Processing delay is the time it takes for a device such as a router or Layer 3 switch to perform all the tasks necessary to move a packet from the input (ingress) interface to the output (egress) interface. The CPU type, CPU utilization, switching mode, router architecture, and configured features on the device affect the processing delay. For example, packets that are distributed-CEF switched on a versatile interface processor (VIP) card cause no CPU interrupts.
Queuing delay is the amount of time that a packet spends in the output queue of a router interface. The busyness of the router, the number of packets waiting in the queue, the queuing discipline, and the interface bandwidth all affect the queuing delay.

Serialization delay is the time it takes to send all the bits of a frame to the physical medium for transmission across the physical layer.

Propagation delay – The time it takes for the bits of that frame to cross the physical link is called the propagation delay. Naturally, the propagation delay across different media can be significantly different. For instance, the propagation delay on a high-speed optical connection such as OC-192 is significantly lower than the propagation delay on a satellite-based link.    Send article as PDF   

OSPF – Route Table Lookups

When an OSPF router examines the destination address of a packet, it takes the following steps to select the best route:

The lookup procedure described here adheres to RFC 2328. The earlier OSPF RFCs specify creating a set of matching routes first, then choosing the preferred path type, and choosing the longest match last.

1. Select the route or routes with the most specific match to the destination address. For example, if there are route entries for,, and and the destination address is, the last entry will be chosen. The most specific match should
always be the longest match—the route with the longest address mask. The entries may be host, subnet, network, supernet, or default addresses. If no match can be found, an ICMP Destination Unreachable message will be sent to the source address and the packet will be dropped.
2. Prune the set of selected entries by eliminating less-preferred path types. Path types are prioritized in the following order, with 1 being the most-preferred and 4 being the least-preferred:
1. Intra-area paths
2. Inter-area paths
3. E1 external paths
4. E2 external paths    Send article as PDF   

OSPF – Router Types

Internal Routers are routers whose interfaces all belong to the same area. These routers have a single link  state database.

Area Border Routers (ABRs) connect one or more areas to the backbone and act as a gateway for interarea traffic. An ABR always has at least one interface that belongs to the backbone, and must maintain a separate link state database for each of its connected areas. For this reason, ABRs often have more memory and perhaps more powerful processors than internal routers. An ABR will summarize the topological information of its attached areas into the backbone, which will then propagate the summary information to the other areas.

Backbone Routers are routers with at least one interface attached to the backbone. An Internal Router whose interfaces all belong to area 0 is also a Backbone Router.

Autonomous System Boundary Routers (ASBRs) are gateways for external traffic, injecting routes into the OSPF domain that were learned (redistributed) from some other protocol, such as the BGP and EIGRP processes. An ASBR can be located anywhere within the OSPF autonomous
system; it may be an Internal, Backbone , or ABR.    Send article as PDF   

OSPF – Areas

Why Areas ?

OSPF, with its multiple databases and complex algorithms, can put greater demands on the memory and processors of a router than other routing protocols. As an internetwork grows, these demands can become significant or even crippling. And although flooding is more efficient than the periodic, full-table updates of RIP and IGRP, it can still place an unacceptable burden on the data links of a large internetwork.

OSPF uses areas to reduce these adverse effects. In the context of OSPF, an area is a logical grouping of  OSPF routers and links that effectively divide an OSPF domain into sub-domains. Routers within an area will have no detailed knowledge of the topology outside of their area.

  • A router must share an identical link state database only with the other routers in its area, not with the entire internetwork. The reduced size of the database reduces the impact on a router’s memory.
  • The smaller link state databases mean fewer LSAs to process and therefore less impact on the
  • Because the link state database must be maintained only within an area, most flooding is also
    limited to the area.

Three types of traffic may be defined in relation to areas:

  • Intra-area traffic consists of packets that are passed between routers within a single area.
  • Inter-area traffic consists of packets that are passed between routers in different areas.
  • External traffic consists of packets that are passed between a router within the OSPF domain and a
    router within another autonomous system.

Backbone Area :  Area ID 0 (or is reserved for the backbone. The backbone is responsible for summarizing the
topographies of each area to every other area. For this reason, all inter-area traffic must pass through the backbone; non-backbone areas cannot exchange packets directly.

Stub Area

A stub area is an area into which AS External LSAs are not flooded. And if type 5 LSAs are not known inside an area, type 4 LSAs are unnecessary; these LSAs are also blocked. ABRs at the edge of a stub area will use Network Summary LSAs to advertise a single default route (destination into the area. Any destination that the Internal Routers cannot match to an intra- or inter-area route will match the default route. Because the default route is carried in type 3 LSAs, it will not be advertised outside of the area.

Restrictions on stub areas
1. As in any area, all routers in a stub area must have identical link state databases. To ensure this condition, all stub routers will set a flag (the E-bit) in their Hello packets to zero; they will not accept any Hello from a router in which the E-bit is set to one. As a result, adjacencies will not be established with any router that is not configured as a stub router.
2. Virtual links cannot be configured within, or transit, a stub area.
3. No router within a stub area can be an ASBR. This restriction is intuitively understandable because ASBRs produce type 5 LSAs and type 5 LSAs cannot exist within a stub area.
4. A stub area may have more than one ABR, but because of the default route, the Internal Routers cannot determine which router is the optimal gateway to the ASBR.
Totally Stubby Areas

If memory is saved by blocking the propagation of type 5 and type 4 LSAs into an area, wouldn’t more memory be saved by blocking type 3 LSAs? In addressing this question, Cisco carries the concept of stub areas to its logical conclusion with a scheme known as totally stubby areas.
Totally stubby areas use a default route to reach not only destinations external to the autonomous system but also all destinations external to the area. The ABR of a totally stubby area will block not only AS External LSAs but also all Summary LSAs—with the exception of a single type 3 LSA to advertise the default route.

Not-So-Stubby Areas
A router with a few stub networks must be attached to the OSPF internetwork via one of the area 2 routers. The router supports only RIP, so the area 2 router will run RIP and redistribute the networks into OSPF. Unfortunately, this configuration makes the area 2 router an ASBR, and therefore area 2 can no longer be a stub area.

The RIP speaker does not need to learn routes from OSPF—a default route pointing to the area 2 router is all it needs. But all OSPF routers must know about the networks attached to the RIP router to route packets to them.

Not-so-stubby areas(NSSAs)[17] allow external routes to be advertised into the OSPF autonomous system while retaining the characteristics of a stub area to the rest of the autonomous system. To do this, the ASBR in an NSSA will originate type 7 LSAs to advertise the external destinations. These NSSA External LSAs are flooded throughout the NSSA but are blocked at the ABR.

The NSSA External LSA has a flag in its header known as the P-bit. The NSSA ASBR has the option of setting or clearing the P-bit. If the NSSA’s ABR receives a type 7 LSA with the P-bit set to one, it will translate the type 7 LSA into a type 5 LSA and flood it throughout the other areas. If the
P-bit is set to zero, no translation will take place and the destination in the type 7 LSA will not be advertised outside of the NSSA.    Send article as PDF