CCIE Routing And - Pearsoncmg

Transcription

CCIE Routing andSwitching v5.0 OfficialCert Guide, Volume 2Fifth EditionNarbik Kocharians, CCIE No. 12410Terry Vinson, CCIE No. 35347Cisco Press800 East 96th StreetIndianapolis, Indiana 46240 USA

CCIE Routing and Switching v5.0 Official Cert Guide,Volume 2, Fifth EditionNarbik Kocharians, CCIE No. 12410Terry Vinson, CCIE No. 35347Copyright 2015 Pearson Education, Inc.Published by:Cisco Press800 East 96th StreetIndianapolis, IN 46240 USAAll rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,electronic or mechanical, including photocopying, recording, or by any information storage and retrievalsystem, without written permission from the publisher, except for the inclusion of brief quotations in areview.Printed in the United States of AmericaFirst Printing November 2014Library of Congress Control Number: 2014950779ISBN-13: 978-1-58714-491-2ISBN-10: 1-58714-491-3Warning and DisclaimerThis book is designed to provide information about the Cisco CCIE Routing and Switching WrittenExam. Every effort has been made to make this book as complete and as accurate as possible, but nowarranty or fitness is implied.The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shallhave neither liability nor responsibility to any person or entity with respect to any loss or damagesarising from the information contained in this book or from the use of the discs or programs that mayaccompany it.The opinions expressed in this book belong to the author and are not necessarily those of CiscoSystems, Inc.Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information.Use of a term in this book should not be regarded as affecting the validity of any trademark or servicemark.

iiiSpecial SalesFor information about buying this title in bulk quantities, or for special sales opportunities (which mayinclude electronic versions; custom cover designs; and content particular to your business, training goals,marketing focus, or branding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contact governmentsales@pearsoned.com.For questions about sales outside the U.S., please contact international@pearsoned.com.Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each bookis crafted with care and precision, undergoing rigorous development that involves the unique expertiseof members from the professional technical community.Readers’ feedback is a natural continuation of this process. If you have any comments regarding how wecould improve the quality of this book, or otherwise alter it to better suit your needs, you can contact usthrough email at feedback@ciscopress.com. Please make sure to include the book title and ISBN in yourmessage.We greatly appreciate your assistance.Publisher: Paul BogerCopy Editor: John EdwardsAssociate Publisher: Dave DusthimerTechnical Editor(s): Dave Burns, Sean WilkinsBusiness Operation Manager, Cisco Press: JanCornelssenEditorial Assistant: Vanessa EvansExecutive Editor: Brett BartowManaging Editor: Sandra SchroederSenior Development Editor: ChristopherClevelandSenior Project Editor: Tonya SimpsonCover Designer: Mark ShirarComposition: Tricia BronkellaIndexer: Tim WrightProofreader: Chuck Hutchinson

ivCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2About the AuthorsNarbik Kocharians, CCIE No. 12410 (Routing and Switching, Security, SP), is a TripleCCIE with more than 32 years of experience in the IT industry. He has designed,implemented, and supported numerous enterprise networks. Narbik is the president ofMicronics Training, Inc. (www.Micronicstraining.com), where he teaches CCIE R&S andSP boot camps.Terry Vinson, CCIE No. 35347 (Routing and Switching, Data Center), is a seasonedinstructor with nearly 25 years of experience teaching and writing technical courses andtraining materials. Terry has taught and developed training content, as well as providedtechnical consulting for high-end firms in the north Virginia/Washington, D.C. area.His technical expertise lies in the Cisco arena with a focus on all routing and switchingtechnologies as well as the latest data center technologies, including Nexus switching,unified computing, and storage-area networking (SAN) technologies. Terry currentlyteaches for CCIE R&S and Data Center Bootcamps for Micronics Training, Inc. andenjoys sailing and game design in his “free time.”

vAbout the Technical ReviewersDavid Burns has in-depth knowledge of routing and switching technologies, networksecurity, and mobility. He is currently a senior systems engineering manager for Cisco,leading the engineering team covering cable/MSO and content service providers in theUnited States. In July 2008, Dave joined Cisco as a lead systems engineer in several areas,including Femtocell, Datacenter, MTSO, and security architectures, working for a U.S.based SP Mobility account. He came to Cisco from a large U.S.-based cable company,where he was a senior network and security design engineer. Dave held various rolesbefore joining Cisco during his ten-plus years in the industry, working in SP operations,SP engineering, SP architecture, enterprise IT, and U.S. military intelligence communications engineering. He holds various sales and industry/Cisco technical certifications,including the CISSP, CCSP, CCDP, and two associate-level certifications. Dave recentlypassed the CCIE Security Written exam and is currently preparing for the CCIE SecurityLab. Dave is a big advocate of knowledge transfer and sharing and has a passion for network technologies, especially as they relate to network security. Dave has been a speakerat Cisco Live on topics such as Femtocell (IP mobility) and IPS (security). Dave earnedhis Bachelor of Science degree in telecommunications engineering technology fromSouthern Polytechnic State University, Georgia, where he currently serves as a memberof the Industry Advisory Board for the Computer & Electrical Engineering TechnologySchool. Dave also earned a Master of Business Administration (MBA) degree from theUniversity of Phoenix.Sean Wilkins is an accomplished networking consultant for SR-W Consulting and hasbeen in the field of IT since the mid 1990s, working with companies such as Cisco,Lucent, Verizon, and AT&T as well as several other private companies. Sean currentlyholds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA(A and Network ). He also has a Master of Science degree in information technologywith a focus in network architecture and design, a Master of Science in organizationalmanagement, a Master’s Certificate in network security, a Bachelor of Science in computer networking, and an Associate of Applied Science in computer information systems. In addition to working as a consultant, Sean spends most of his time as a technicalwriter and editor for various companies. Check out his work at his author website,www.infodispersion.com.

vi CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2DedicationsFrom Narbik Kocharians:I would like to dedicate this book to my wife, Janet, for her love, encouragement, andcontinuous support, and to my dad, for his words of wisdom.From Terry Vinson:I would like to dedicate this book to my father, who has taught me many things in lifeand include the one thing I’ve tried to live by: “Never give up on your dreams. Hardwork and diligence will see you through so long as you never give up.” So it is with allmy love, respect, and admiration that I dedicate this to you.

viiAcknowledgmentsFrom Narbik Kocharians:First, I would like to thank God for giving me the opportunity and ability to write,teach, and do what I truly enjoy doing. Also, I would like to thank my family, especiallymy wife of 29 years, Janet, for her constant encouragement and help. She does suchan amazing job of interacting with students and handling all the logistics of organizingclasses as I focus on teaching. I also would like to thank my children, Chris, Patrick,Alexandra, and my little one Daniel, for their patience.A special thanks to Mr. Brett Bartow for his patience with our constantly changing deadlines. It goes without saying that the technical editors and reviewers did a phenomenaljob; thank you very much. Finally, I would like to thank all my students, who inspire meevery day, and you, for reading this book.From Terry Vinson:The opportunity to cooperate on the new edition of this book has been an honor andprivilege beyond words for me. I have to thank Narbik for approaching me with theopportunity and for all his support and mentoring over the years. If it were not for him,I would not be where I am today. Additionally, I would like to thank all the fine peopleat Cisco Press for being so cool and understanding over the last few months. Amongthose people, I want to specifically thank Brett Bartow, whose patience has been almostinfinite (yet I managed to tax it), David Burns, and Sean Wilkins for their incredible suggestions and devotion to making sure that I stayed on track. Last but not least among theCisco Press crew there is Christopher Cleveland, who diligently nudged, kicked, and allout shoved when necessary to see that things got done.Personally, I need to thank my wife, Sheila. She has been the difference I was lookingfor in my life, the impetus to try to do more and to get up each day and try to makemyself a better person, a better engineer, and a better instructor. Without her, I wouldnot have the life I have come to love so much.Finally, I want to thank my students and Micronics Training for giving me the opportunity to do what I enjoy every day. Thanks for all your questions, patience, and unbridledeagerness to learn. You guys are absolutely stellar examples of why this industry is likeno other on the planet.

viiiCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Contents at a GlanceIntroductionxxviiPart IIP BGP RoutingChapter 1Fundamentals of BGP OperationsChapter 2BGP Routing PoliciesPart IIQoSChapter 3Classification and Marking 135Chapter 4Congestion Management and AvoidanceChapter 5Shaping, Policing, and Link FragmentationPart IIIWide-Area NetworksChapter 6Wide-Area NetworksPart IVIP MulticastChapter 7Introduction to IP MulticastingChapter 8IP Multicast RoutingPart VSecurityChapter 9Device and Network SecurityChapter 10Tunneling TechnologiesPart VIMultiprotocol Label Switching (MPLS)Chapter 11Multiprotocol Label SwitchingPart VIIFinal PreparationChapter 12Final Preparation369171207245267317573399483515

ixPart VIIIAppendixesAppendix AAnswers to the “Do I Know This Already?” QuizzesAppendix BCCIE Exam Updates583Index 585CD-OnlyAppendix CDecimal to Binary Conversion TableAppendix DIP Addressing PracticeAppendix EKey Tables for CCIE StudyAppendix FSolutions for Key Tables for CCIE StudyGlossary579

xCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2ContentsIntroductionxxviiPart IIP BGP RoutingChapter 1Fundamentals of BGP Operations“Do I Know This Already?” QuizFoundation Topics338Building BGP Neighbor Relationships9Internal BGP Neighbors 10External BGP Neighbors 13Checks Before Becoming BGP NeighborsBGP Messages and Neighbor StatesBGP Message Types141516Purposefully Resetting BGP Peer ConnectionsBuilding the BGP Table1618Injecting Routes/Prefixes into the BGP TableBGP network Command1818Redistributing from an IGP, Static, or Connected Route21Impact of Auto-Summary on Redistributed Routes and the networkCommand 23Manual Summaries and the AS PATH Path AttributeAdding Default Routes to BGP2529ORIGIN Path Attribute 30Advertising BGP Routes to Neighbors31BGP Update Message 31Determining the Contents of Updates32Example: Impact of the Decision Process and NEXT HOP on BGPUpdates 34Summary of Rules for Routes Advertised in BGP Updates 40Building the IP Routing Table 40Adding eBGP Routes to the IP Routing Table 40Backdoor Routes41Adding iBGP Routes to the IP Routing Table 42Using Sync and Redistributing Routes44Disabling Sync and Using BGP on All Routers in an ASConfederations4746

xiConfiguring ConfederationsRoute Reflectors52Multiprotocol BGP5749Configuration of Multiprotocol BGPFoundation SummaryMemory Builders6366Fill In Key Tables from MemoryDefinitions6667Further ReadingChapter 25867BGP Routing Policies69“Do I Know This Already?” QuizFoundation Topics6975Route Filtering and Route Summarization 75Filtering BGP Updates Based on NLRI 76Route Map Rules for NLRI Filtering 79Soft Reconfiguration 79Comparing BGP Prefix Lists, Distribute Lists, and Route Maps 80Filtering Subnets of a Summary Using the aggregate-addressCommand 81Filtering BGP Updates by Matching the AS PATH PAThe BGP AS PATH and AS PATH Segment TypesUsing Regular Expressions to Match AS PATH828284Example: Matching AS PATHs Using AS PATH FiltersMatching AS SET and AS CONFED SEQBGP Path Attributes and the BGP Decision ProcessGeneric Terms and Characteristics of BGP PAsThe BGP Decision Process8791939395Clarifications of the BGP Decision Process96Three Final Tiebreaker Steps in the BGP Decision ProcessAdding Multiple BGP Routes to the IP Routing TableMnemonics for Memorizing the Decision ProcessConfiguring BGP Policies96979899Background: BGP PAs and Features Used by Routing PoliciesStep 1: NEXT HOP ReachableStep 2: Administrative Weight101101Step 3: Highest Local Preference (LOCAL PREF)10499

xiiCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Step 4: Choose Between Locally Injected Routes Based onORIGIN PA 107Step 5: Shortest AS PATHRemoving Private ASNs107108AS PATH Prepending and Route Aggregation109Step 6: Best ORIGIN PA 112Step 7: Smallest Multi-Exit Discriminator 112Configuring MED: Single Adjacent AS114Configuring MED: Multiple Adjacent Autonomous SystemsThe Scope of MED115115Step 8: Prefer Neighbor Type eBGP over iBGP116Step 9: Smallest IGP Metric to the NEXT HOP116The maximum-paths Command and BGP Decision ProcessTiebreakers 116Step 10: Lowest BGP Router ID of Advertising Router (with OneException) 117Step 11: Lowest Neighbor ID117The BGP maximum-paths CommandBGP Communities118119Matching COMMUNITY with Community ListsRemoving COMMUNITY Values123124Filtering NLRIs Using Special COMMUNITY Values 125Fast Convergence Enhancements 126Fast External Neighbor Loss Detection 127Internal Neighbor Loss Detection 127EBGP Fast Session Deactivation 128Foundation SummaryMemory Builders129132Fill In Key Tables from MemoryDefinitions133133Further Reading133Part IIQoSChapter 3Classification and Marking135“Do I Know This Already?” QuizFoundation Topics135139Fields That Can Be Marked for QoS PurposesIP Precedence and DSCP Compared139139

xiiiDSCP Settings and Terminology140Class Selector PHB and DSCP Values140Assured Forwarding PHB and DSCP Values141Expedited Forwarding PHB and DSCP ValuesNon-IP Header Marking Fields143Ethernet LAN Class of Service143WAN Marking Fields143Locations for Marking and MatchingCisco Modular QoS CLI142144145Mechanics of MQC 145Classification Using Class Maps146Using Multiple match CommandsClassification Using NBAR147149Classification and Marking Tools149Class-Based Marking (CB Marking) ConfigurationCB Marking Example151CB Marking of CoS and DSCP155Network-Based Application Recognition156CB Marking Design Choices 158Marking Using Policers 158QoS Pre-Classification 159Policy Routing for Marking 160AutoQoS160AutoQoS for VoIP 161AutoQoS VoIP on SwitchesAutoQoS VoIP on RoutersVerifying AutoQoS VoIPAutoQoS for the Enterprise161162163163Discovering Traffic for AutoQoS EnterpriseGenerating the AutoQoS ConfigurationVerifying AutoQoS for the EnterpriseFoundation SummaryMemory Builders165167Fill In Key Tables from MemoryDefinitions167Further Reading168167164164163150

xivCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Chapter 4Congestion Management and Avoidance“Do I Know This Already?” QuizFoundation Topics171171175Cisco Router Queuing Concepts175Software Queues and Hardware Queues175Queuing on Interfaces Versus Subinterfaces and Virtual CircuitsComparing Queuing Tools176Queuing Tools: CBWFQ and LLQ177CBWFQ Basic Features and Configuration178Defining and Limiting CBWFQ Bandwidth180Low-Latency Queuing182Defining and Limiting LLQ Bandwidth184LLQ with More Than One Priority QueueMiscellaneous CBWFQ/LLQ TopicsQueuing Summary185186186Weighted Random Early DetectionHow WRED Weights PacketsWRED Configuration187188189Modified Deficit Round-Robin190LAN Switch Congestion Management and AvoidanceCisco Switch Ingress Queuing193Creating a Priority Queue 193Cisco 3560 Congestion Avoidance 195Cisco 3560 Switch Egress Queuing197Resource Reservation Protocol (RSVP)199RSVP Process Overview 200Configuring RSVP201Using RSVP for Voice CallsFoundation SummaryMemory Builders203205205Fill In Key Tables from MemoryDefinitions205Further ReadingChapter 5205205Shaping, Policing, and Link Fragmentation“Do I Know This Already?” QuizFoundation Topics211Traffic-Shaping Concepts211207207193176

xvShaping Terminology211Shaping with an Excess Burst213Underlying Mechanics of ShapingGeneric Traffic ShapingClass-Based Shaping213214216Tuning Shaping for Voice Using LLQ and a Small Tc 218Configuring Shaping by Bandwidth Percent 221CB Shaping to a Peak Rate 222Adaptive Shaping 222Policing Concepts and Configuration 222CB Policing Concepts 222Single-Rate, Two-Color Policing (One Bucket)223Single-Rate, Three-Color Policer (Two Buckets)Two-Rate, Three-Color Policer (Two Buckets)Class-Based Policing Configuration224225227Single-Rate, Three-Color Policing of All TrafficPolicing a Subset of the Traffic228CB Policing Defaults for Bc and BeConfiguring Dual-Rate PolicingMulti-Action Policing227229229229Policing by Percentage230Committed Access Rate231Hierarchical Queuing Framework (HQF)233Flow-Based Fair-Queuing Support in Class-Default235Default Queuing Implementation for Class-Default236Class-Default and Bandwidth236Default Queuing Implementation for Shape ClassPolicy Map and Interface Bandwidth236Per-Flow Queue Limit in Fair Queue236236Oversubscription Support for Multiple Policies on Logical InterfacesShaping on a GRE Tunnel237Nested Policy and Reference Bandwidth for Child-Policy237Handling Traffic Congestion on an Interface Configured with PolicyMap 237QoS Troubleshooting and Commands237Troubleshooting Slow Application Response238Troubleshooting Voice and Video Problems239236

xvi CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Other QoS Troubleshooting Tips240Approaches to Resolving QoS IssuesFoundation SummaryMemory Builders242243Fill In Key Tables from MemoryDefinitions243243Further Reading243Part IIIWide-Area NetworksChapter 6Wide-Area Networks245“Do I Know This Already?” QuizFoundation TopicsLayer 2 ProtocolsHDLC240245247247247Point-to-Point Protocol 249PPP Link Control Protocol250Basic LCP/PPP ConfigurationMultilink PPP251252MLP Link Fragmentation and InterleavingPPP Compression255PPP Layer 2 Payload CompressionHeader CompressionPPPoE256256257Server Configuration258Client Configuration259Authentication260Ethernet WAN 262VPLS262Metro-Ethernet263Foundation SummaryMemory Builders264265Fill In Key Tables from MemoryDefinitionsFurther Reading265265265254

xviiPart IVIP MulticastChapter 7Introduction to IP Multicasting267“Do I Know This Already?” Quiz267Foundation Topics270Why Do You Need Multicasting?270Problems with Unicast and Broadcast Methods270How Multicasting Provides a Scalable and Manageable Solution 273Multicast IP Addresses 276Multicast Address Range and Structure 276Well-Known Multicast Addresses276Multicast Addresses for Permanent Groups277Multicast Addresses for Source-Specific Multicast Applications andProtocols 278Multicast Addresses for GLOP Addressing278Multicast Addresses for Private Multicast DomainsMulticast Addresses for Transient GroupsSummary of Multicast Address Ranges278278279Mapping IP Multicast Addresses to MAC Addresses280Managing Distribution of Multicast Traffic with IGMP281Joining a Group 282Internet Group Management Protocol 282IGMP Version 2 283IGMPv2 Host Membership Query Functions285IGMPv2 Host Membership Report Functions286IGMPv2 Solicited Host Membership Report286IGMPv2 Unsolicited Host Membership Report288IGMPv2 Leave Group and Group-Specific Query MessagesIGMPv2 Querier291IGMPv2 Timers292IGMP Version 3292IGMPv1 and IGMPv2 Interoperability294IGMPv2 Host and IGMPv1 Routers294IGMPv1 Host and IGMPv2 Routers294Comparison of IGMPv1, IGMPv2, and IGMPv3LAN Multicast Optimizations296Cisco Group Management ProtocolIGMP Snooping303296295289

xviiiCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Router-Port Group Management ProtocolIGMP FilteringIGMP Proxy309310Foundation SummaryMemory Builders314314Fill In Key Tables from MemoryDefinitions314315Further Reading315References in This ChapterChapter 8307IP Multicast Routing315317“Do I Know This Already?” QuizFoundation Topics317321Multicast Routing Basics321Overview of Multicast Routing Protocols 322Multicast Forwarding Using Dense ModeReverse Path Forwarding Check323Multicast Forwarding Using Sparse ModeMulticast ScopingTTL Scoping322325327327Administrative Scoping328Dense-Mode Routing Protocols329Operation of Protocol Independent Multicast Dense ModeForming PIM Adjacencies Using PIM Hello MessagesSource-Based Distribution TreesPrune Message330331PIM-DM: Reacting to a Failed LinkRules for Pruning333335Steady-State Operation and the State Refresh MessageGraft Message329329339LAN-Specific Issues with PIM-DM and PIM-SMPrune Override340Assert Message341Designated Router343Summary of PIM-DM Messages 343Distance Vector Multicast Routing ProtocolMulticast Open Shortest Path First344344340337

xixSparse-Mode Routing Protocols345Operation of Protocol Independent Multicast Sparse ModeSimilarities Between PIM-DM and PIM-SM346Sources Sending Packets to the Rendezvous PointJoining the Shared TreeCompletion of the Source Registration ProcessShared Distribution Tree346348350352Steady-State Operation by Continuing to Send JoinsExamining the RP’s Multicast Routing TableShortest-Path Tree Switchover355Pruning from the Shared Tree357354Dynamically Finding RPs and Using Redundant RPsDynamically Finding the RP Using Auto-RP 359Dynamically Finding the RP Using BSR 363Anycast RP with MSDP 365Interdomain Multicast Routing with MSDP 367Summary: Finding the RP 369Bidirectional PIM370Comparison of PIM-DM and PIM-SMSource-Specific Multicast371372Implementing IPv6 Multicast PIM373Designated Priority Manipulation376PIM6 Hello Interval 377IPv6 Sparse-Mode MulticastIPv6 Static RPIPv6 BSR379379381Multicast Listener Discovery (MLD)Embedded RP389Foundation SummaryMemory Builders393397Fill In Key Tables from MemoryDefinitions397Further Reading385397397353358345

xxCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Part VSecurityChapter 9Device and Network Security399“Do I Know This Already?” Quiz399Foundation Topics403Router and Switch Device Security403Simple Password Protection for the CLI403Better Protection of Enable and Username PasswordsUsing Secure Shell Protocol405405User Mode and Privileged Mode AAA AuthenticationUsing a Default Set of Authentication MethodsUsing Multiple Authentication Methods406407408Groups of AAA Servers 410Overriding the Defaults for Login Security 410PPP Security411Layer 2 Security412Switch Security Best Practices for Unused and User PortsPort Security413413Dynamic ARP InspectionDHCP Snooping420IP Source Guard422417802.1X Authentication Using EAPStorm Control423426General Layer 2 Security Recommendations 427Layer 3 Security 429IP Access Control List Review 430ACL Rule SummaryWildcard Masks431433General Layer 3 Security Considerations 433Smurf Attacks, Directed Broadcasts, and RPF ChecksInappropriate IP Addresses433435TCP SYN Flood, the Established Bit, and TCP InterceptClassic Cisco IOS Firewall438TCP Versus UDP with CBAC439Cisco IOS Firewall Protocol SupportCisco IOS Firewall Caveats439440Cisco IOS Firewall Configuration StepsCisco IOS Zone-Based Firewall441440436

xxiControl-Plane Policing446Preparing for CoPP ImplementationImplementing CoPP447448Dynamic Multipoint VPN451Step 1: Basic Configuration of IP Addresses 452Step 2: GRE Multipoint Tunnel Configuration on All Routers (forSpoke-to-Spoke Connectivity) 453Step 3: Configure IPsec to Encrypt mGRE Tunnels 457Step 4: DMVPN Routing Configuration 459IPv6 First Hop Security461First Hop Security for IPv6Link Operations461463End Node Security Enforcement463First Hop Switch Security EnforcementLast Router Security Enforcement464464ICMPv6 and Neighbor Discovery ProtocolSecure Neighbor Discovery (SeND)Securing at the First HopRA Guard464465466467DHCPv6 Guard 468DHCPv6 Guard and the Binding DatabaseIPv6 Device Tracking471IPv6 Neighbor Discovery InspectionIPv6 Source Guard473Port Access Control Lists (PACL)Foundation SummaryMemory Builders476480Tunneling Technologies483“Do I Know This Already?” QuizFoundation TopicsGRE Tunnels480480Further ReadingChapter 10475480Fill In Key Tables from MemoryDefinitions472483486486Dynamic Multipoint VPN TunnelsDMVPN Operation488DMVPN ComponentsDMVPN Operation488489487469

xxiiCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2IPv6 Tunneling and Related TechniquesTunneling Overview496Manually Configured Tunnels497Automatic IPv4-Compatible TunnelsIPv6-over-IPv4 GRE TunnelsAutomatic 6to4 TunnelsISATAP Tunnels499502502NAT ALGNAT64499499501SLAAC and DHCPv6NAT-PT495502502Layer 2 VPNs503Tagged Mode503Raw Mode503Layer 2 Tunneling Protocol (L2TPv3)AToM (Any Transport over MPLS)504504Virtual Private LAN Services (VPLS)505Overlay Transport Virtualization (OTV)GET VPN506506Foundation SummaryMemory BuildersDefinitions512512512Part VIMultiprotocol Label Switching (MPLS)Chapter 11Multiprotocol Label Switching515“Do I Know This Already?” Quiz 515Foundation Topics519MPLS Unicast IP Forwarding519MPLS IP Forwarding: Data PlaneCEF Review520520Overview of MPLS Unicast IP Forwarding521MPLS Forwarding Using the FIB and LFIB522The MPLS Header and Label524The MPLS TTL Field and MPLS TTL PropagationMPLS IP Forwarding: Control PlaneMPLS LDP Basics524526527The MPLS Label Information Base Feeding the FIB and LFIB529

xxiiiExamples of FIB and LFIB Entries532Label Distribution Protocol ReferenceMPLS VPNs534535The Problem: Duplicate Customer Address RangesThe Solution: MPLS VPNs537MPLS VPN Control Plane539Virtual Routing and Forwarding TablesMP-BGP and Route DistinguishersRoute Targets535540541543Overlapping VPNs545MPLS VPN Configuration546Configuring the VRF and Associated InterfacesConfiguring the IGP Between PE and CE548550Configuring Redistribution Between PE-CE IGP and MP-BGPConfiguring MP-BGP Between PEsMPLS VPN Data Plane555558Building the (Inner) VPN Label559Creating LFIB Entries to Forward Packets to the Egress PECreating VRF FIB Entries for the Ingress PEPenultimate Hop PoppingOther MPLS Applications562564565Implement Multi-VRF Customer Edge (VRF Lite)VRF Lite, Without MPLSVRF Lite with MPLSFoundation SummaryMemory Builders569570570Chapter 12570570Further ReadingPart VII566566Fill In Key Tables from MemoryDefinitions570Final PreparationFinal Preparation573Tools for Final Preparation573Pearson Cert Practice Test Engine and Questions on the CDInstall the Software from the CD574Activate and Download the Practice ExamActivating Other ExamsPremium Edition575553575574573560

xxivCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2The Cisco Learning Network 575Memory Tables575Chapter-Ending Review Tools576Suggested Plan for Final Review/StudyUsing the Exam EngineSummary576576577Part VIIIAppendixesAppendix AAnswers to the “Do I Know This Already?” Quizzes 579Appendix BCCIE Exam Updates 583Index 584CD-OnlyAppendix CDecimal to Binary Conversion TableAppendix DIP Addressing PracticeAppendix EKey Tables for CCIE StudyAppendix FSolutions for Key Tables for CCIE StudyGlossary

xxvIcons Used in This BookCommunicationServerPCPC dquartersTerminalFileServerWebServerCisco WorksWorkstationHouse, RegularPrinterGatewayLaptopRouterLabel SwitchRouterIBMMainframeBridgeClusterControllerATM routerHubCiscoMDS witchProcessorLAN2LANSwitchCiscoMDS 9500OpticalServicesRouterEnterpriseFibre Channel diskFibreChannelJBODONS 15540Network CloudLine: EthernetLine: SerialLine: Switched Serial

xxviCCIE Routing and Switching v5.0 Official Cert Guide, Volume 2Command Syntax ConventionsThe conventions used to present command syntax in this book are the same conventionsused in the IOS Command Reference. The Command Reference describes these conventions as follows: Boldface indicates commands and keywords that are entered literally as shown. Inactual configuration examples and output (not general command syntax), boldfaceindicates commands that are manually input by the user (such as a show command). Italic indicates arguments for which you supply actual values. Vertical bars ( ) separate alternative, mutually exclusive elements. Square brackets ([ ]) indicate an optional element. Braces ({ }) indicate a required choice. Braces within brackets ([{ }]) indicate a required choice within an optional element.

Introduction xxviiIntroductionThe Cisco Certified Internetwork Expert (CCIE) certification might be the most challenging and prestigious of all networking certifications. It has received numerous awardsand certainly has built a reputation as one of the most difficult certifications to earn inall of the technology world. Having a CCIE certification opens doors professionally,typically results in higher pay, and looks great on a résumé.Cisco currently offers several CCIE certifications. This book covers the version 5.0 exambluepri

iv CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 About the Authors Narbik Kocharians , CCIE No. 12410 (Routing and Switching, Security, SP), is a Triple CCIE with more than 32 years of experience in the IT industry. He has designed, implemented, and supported