CCIE Routing And Switching V5.1 Foundations

Transcription

CCIE Routing andSwitching v5.1FoundationsBridging the Gap BetweenCCNP and CCIENarbik Kocharians, CCIE No. 12410 (R&S, Security, SP)Cisco Press800 East 96th StreetIndianapolis, Indiana 46240 USAA00 Kocharians FM pi-xxx.indd i02/05/17 7:43 PM

iiCCIE Routing and Switching v5.1 FoundationsCCIE Routing and Switching v5.1 FoundationsNarbik KochariansCopyright 2017 Pearson Education, IncPublished by:Cisco Press800 East 96th StreetIndianapolis, IN 46240 USAAll rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,electronic or mechanical, including photocopying, recording, or by any information storage and retrievalsystem, without written permission from the publisher, except for the inclusion of brief quotations in areview.Printed in the United States of AmericaFirst Printing May 2017Library of Congress Control Number: 2017935919ISBN-13: 978-1-58714-472-1ISBN-10: 1-58714-472-7Warning and DisclaimerThis book is designed to provide information about the skills necessary to bridge the skills gap betweenthe CCNP Routing and Switching Exams and the CCIE Routing and Switching Exam. Every effort hasbeen made to make this book as complete and as accurate as possible, but no warranty or fitness isimplied.The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc., shallhave neither liability nor responsibility to any person or entity with respect to any loss or damagesarising from the information contained in this book or from the use of the discs or programs that mayaccompany it.The opinions expressed in this book belong to the author and are not necessarily those ofCisco Systems, Inc.Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or service marks have beenappropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of thisinformation. Use of a term in this book should not be regarded as affecting the validity of any trademarkor service mark.A00 Kocharians FM pi-xxx.indd ii02/05/17 7:43 PM

iiiSpecial SalesFor information about buying this title in bulk quantities, or for special sales opportunities (which mayinclude electronic versions; custom cover designs; and content particular to your business, training goals,marketing focus, or branding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contact governmentsales@pearsoned.com.For questions about sales outside the U.S., please contact intlcs@pearson.com.Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each bookis crafted with care and precision, undergoing rigorous development that involves the unique expertise ofmembers from the professional technical community.Readers’ feedback is a natural continuation of this process. If you have any comments regarding how wecould improve the quality of this book, or otherwise alter it to better suit your needs, you can contact usthrough email at feedback@ciscopress.com. Please make sure to include the book title and ISBN in yourmessage.We greatly appreciate your assistance.Editor-in-Chief: Mark TaubTechnical Editors: Terry Vinson, Jeff DentonProduct Line Manager: Brett BartowEditorial Assistant: Vanessa EvansBusiness Operation Manager,Cisco Press: Ronald FliggeCover Designer: Chuti PrasertsithComposition: codeMantraManaging Editor: Sandra SchroederDevelopment Editor: Eleanor BruIndexer: Erika MillenProofreader: Larry SulkyProject Editor: Mandie FrankCopy Editor: Bart ReedAmericas HeadquartersCisco Systems, Inc.San Jose, CAAsia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.SingaporeEurope HeadquartersCisco Systems International BV Amsterdam,The NetherlandsCisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks,go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner doesnot imply a partnership relationship between Cisco and any other company. (1110R)A00 Kocharians FM pi-xxx.indd iii02/05/17 7:43 PM

ivCCIE Routing and Switching v5.1 FoundationsAbout the AuthorNarbik Kocharians, CCIE No. 12410 (Routing and Switching, Service Provider, andSecurity) is a triple CCIE with more than 40 years of experience in this industry. He hasdesigned, implemented, and supported numerous enterprise networks.Narbik is the president of Micronics Networking and Training, Inc.(www.micronicstraining.com), where almost all Cisco authorized and custom courses areconducted, including CCIE-DC, CCIE-SP, CCIE-RS, CCIE-Security, and CCDE classes.A00 Kocharians FM pi-xxx.indd iv02/05/17 7:43 PM

vAbout the Technical ReviewersTerry Vinson, CCIE No. 35347 (Routing and Switching, Data Center), is a seasonedinstructor with nearly 25 years of experience teaching and writing technical courses andtraining materials. Terry has taught and developed training content as well as providedtechnical consulting for high-end firms in the Northern Virginia/Washington, D.C. area.His technical expertise lies in the Cisco arena, with a focus on all routing and switchingtechnologies as well as the latest data center technologies, including Nexus switching,unified computing, and storage-area networking (SAN) technologies. Terry currentlyteaches CCIE R&S and Data Center Bootcamps for Micronics Training, Inc., and enjoyssailing and game design in his “free time.”Jeffrey A. Denton is a network engineer leading the protection of secure enterprisenetwork systems. Offering more than 12 years of experience designing, deploying, andsupporting comprehensive networks for classified, defense-related systems integral tonational security, he is an expert at leading complex projects and managing all phases ofnetwork installation, administration, and monitoring. Jeff is currently the network teamlead for General Dynamics in Kabul, Afghanistan.A00 Kocharians FM pi-xxx.indd v02/05/17 7:43 PM

viCCIE Routing and Switching v5.1 FoundationsDedicationI like to dedicate this book to my wife Janet, my children (Christopher, Patrick,Alexandra, and Daniel), and my students, colleagues, and friends.A00 Kocharians FM pi-xxx.indd vi02/05/17 7:43 PM

viiAcknowledgmentsI am thankful to God for giving me the opportunity to teach and write labs, which I trulylove. I’d like to thank Janet, my wife of 31 years, for her encouragement and hard workin dealing with the day-to-day management of our training and consulting company.I’d like to thank both Terry Vinson and Jeff Denton for tech-editing this book in sucha meticulous manner—thank you for an excellent job. Finally, I’d like to thank BrettBartow and Eleanor Bru for their patience and constant changing of the deadline.A00 Kocharians FM pi-xxx.indd vii02/05/17 7:43 PM

viiiCCIE Routing and Switching v5.1 FoundationsContents at a GlanceIntroduction xxviiChapter 1Physical Topology 1Chapter 2Physical and Logical TopologiesChapter 3Spanning Tree Protocol35Chapter 4Point-to-Point Protocol169Chapter 5DMVPNChapter 6IP Prefix-ListChapter 7EIGRPChapter 8OSPFChapter 9RedistributionChapter 10Border Gateway ProtocolChapter 11IPv6Chapter 12Quality of ServiceChapter 13IPSec VPNChapter 14MulticastChapter 15MPLS and L3VPNs72192672873815676357378399119591025Index 1155Online element: Appendix A Configuration FilesA00 Kocharians FM pi-xxx.indd viii02/05/17 7:43 PM

ixContentsIntroductionChapter 1xxviiPhysical Topology 1Physical Layout of Switching Devices 1Serial Interconnections Between Routers 3Lab Options 5SummaryChapter 25Physical and Logical Topologies 7Topology Types 7Lab 2-1: Introductory Lab 8Lab 2-2: Physical-to-Logical Topology 18Task 1 20Task 2 20Task 3 20SummaryChapter 333Spanning Tree Protocol 35Lab 3-1: Basic Spanning Tree Protocol (802.1D) 35Task 1 36Task 2 41Task 3 43Task 4 46Task 5 48Lab 3-2: Advanced Spanning Tree Protocol (802.1D) 50Task 1 51Task 2 52Task 3 53Task 4 54Task 5 55Task 6 56Task 7 59Task 8 65Task 9 67Task 10 70A00 Kocharians FM pi-xxx.indd ix02/05/17 7:43 PM

xCCIE Routing and Switching v5.1 FoundationsLab 3-3: Rapid Spanning Tree Protocol (802.1w)802.1w Port States7374802.1w Port Roles 74Operational Enhancements of 802.1w74802.1w Rapid Convergence MechanismsLab SetupTask 176Task 278Task 380Task 483Task 585Task 6897575Lab 3-4: Multiple Spanning Tree Protocol (802.1s)MST Regions9394MST Region Components94MST Spanning Tree Instances 95Internal Spanning Tree (IST)IST Master95Hop Count9595Multiple-Instance Spanning Tree Protocol (MSTP)Task 196Task 296Task 397Task 497Task 599Lab 3-5: Spanning Tree PortFastTask 1106Task 2108Task 3110Task 4112Task 5114Lab 3-6: UplinkFastTask 1115Task 2118Lab 3-7: BPDU GuardA00 Kocharians FM pi-xxx.indd xTask 1129Task 21299610611512802/05/17 7:43 PM

ContentsTask 3132Task 4133Lab 3-8: BPDU FilterTask 1136Task 2139Task 3142Task 4146135Lab 3-9: Spanning Tree Backbone FastTask 1148Task 2151Lab 3-10: Spanning Tree Root GuardTask 1155Task 2155Lab 3-11: Spanning Tree Loop GuardChapter 4Task 1163Task 2164Point-to-Point ProtocolIntroduction to PPPxi148154162169169PPP Frame Format170PPP Control Plane171Link Control Protocol and Basic PPP Session EstablishmentAuthentication Phase and Authentication Mechanisms171175Network Control Protocols and Network Layer Protocol PhaseAdvanced PPP Features177179Compression 179Multilink PPP180PPP over EthernetLab 4-1: PPPA00 Kocharians FM pi-xxx.indd xi180182Task 1182Task 2185Task 3186Task 4187Task 5191Task 6195Task 7199Task 8200Task 920302/05/17 7:43 PM

xiiCCIE Routing and Switching v5.1 FoundationsTask 10209Task 11211Task 12214Task 13216SummaryChapter 5218DMVPN 219Lab 5-1: DMVPN Phase 1 Using Static Mapping 219Task 1 220Task 2 223Lab 5-2: DMVPN Phase 1 Using Dynamic Mapping 229Task 1 229Task 2 232Lab 5-3: DMVPN Phase 2 Using Static Mapping 236Task 1 237Task 2 240Lab 5-4: DMVPN Phase 2 Using Dynamic Mapping 244Task 1 245Task 2 247Lab 5-5: DMVPN Phase 3 251Task 1 253Task 2 255Chapter 6IP Prefix-List 267Lab 6-1: Configuring Prefix Lists 267Task 1 267Task 2 269Task 3 272Task 4 275Task 5 277Task 6 278Task 7 281Task 8 282Task 9 283Task 10 285Task 11 286A00 Kocharians FM pi-xxx.indd xii02/05/17 7:43 PM

ContentsChapter 7EIGRPxiii287Lab 7-1: EIGRP 287Task 1287Task 2289Task 3293Task 4298Task 5301Task 6304Lab 7-2: EIGRP Named Mode 311Task 1311Task 2316Task 3317Task 4318Task 5319Task 6320Task 7323Task 8324Task 9325Task 10327Task 11329Task 12331Lab 7-3: EIGRP Metrics (Classic and Wide) 333Task 1334Task 2335Task 3337Task 4338Task 5339Task 6341Task 7342Lab 7-4: EIGRP Summarization 349A00 Kocharians FM pi-xxx.indd xiiiTask 1349Task 2350Task 3351Task 4351Task 5353Task 635502/05/17 7:43 PM

xivCCIE Routing and Switching v5.1 FoundationsTask 7356Task 8357Task 9358Lab 7-5: EIGRP AuthenticationTask 1359Task 2360Task 3361Task 4362Lab 7-6: Default Route InjectionTask 1363Task 2364Option #1364Option #2365Option #3366Option #4367359363Lab 7-7: EIGRP Stub 368Task 1368Task 2370Task 3370Task 4372Task 5373Task 6375Task 7375Task 8376Task 9377Task 10Chapter 8OSPF378381Lab 8-1: Advertising NetworksTask 1381Task 2385Task 3387Task 4388Task 5389Task 6391381Lab 8-2: OSPF Broadcast NetworksA00 Kocharians FM pi-xxx.indd xivTask 1397Task 240039702/05/17 7:43 PM

ContentsLab 8-3: Non-Broadcast NetworksTask 1411411Lab 8-4: OSPF Point-to-Point NetworksTask 1xv421421Lab 8-5: OSPF Point-to-Multipoint and Point-to-Multipoint Non-BroadcastNetworks 425Task 1425Task 2429Lab 8-6: OSPF AuthenticationTask 1431Task 2433Task 3438Task 4440Task 5443Task 6444Task 7448Task 8450Task 9451Task 10455Lab 8-7: OSPF SummarizationTask 1463Task 2463Task 3464Task 4465Task 5467Task 6468Task 7470Task 8471Task 9472Lab 8-8: OSPF FilteringA00 Kocharians FM pi-xxx.indd xv431Task 1476Task 2478Task 3480Task 4481Task 5482Task 6484Task 748646247602/05/17 7:43 PM

xviCCIE Routing and Switching v5.1 FoundationsTask 8488Task 9490Task 10493Task 11494Task 12495Task 13496Task 14497Task 15501Task 16502Lab 8-9: Virtual Links and GRE TunnelsTask 1506Task 2509Task 3513504Lab 8-10: OSPF Stub, Totally Stubby, and NSSA AreasTask 1518Task 2518Task 3519Task 4521Task 5523Task 6523Task 7526Task 8528Task 9532Task 10533Task 11534Task 12535Lab 8-11: How Is This Possible?Task 1536537Lab 8-12: LSA Type 4 and Suppress FATask 1539539Lab 8-13: Can OSPF Take a Suboptimal Path?Task 1549Task 2550Lab 8-14: RFC 3101 and RFC 1587A00 Kocharians FM pi-xxx.indd xvi517Task 1556Task 256054955602/05/17 7:43 PM

ContentsChapter 9xviiRedistribution 567Lab 9-1: Basic Redistribution 1 567Task 1 567Task 2 569Option #1570Option #2570Task 3571Task 4575Task 5578Task 6580Task 7583Lab 9-2: Basic Redistribution 2Task 1587Task 2589Task 3591Task 4592Task 5593Task 6595Task 7595Task 8596Task 9597Task 10599Task 11602586Lab 9-3: Redistribute RIPv2 and EIGRPTask 1605Task 2606Task 3607Task 4607Task 5608Solution #1615Solution #2617Solution #3619Solution #4622Lab 9-4: Redistribute RIPv2 and OSPFA00 Kocharians FM pi-xxx.indd xviiTask 1626Task 262660462502/05/17 7:43 PM

xviiiCCIE Routing and Switching v5.1 FoundationsChapter 10Task 3628Task 4629Step #1:632Step #2:632Step #3:632Step #4:633Border Gateway Protocol 635Lab 10-1: Establishing Neighbor Adjacencies 635Task 1 635Task 2 638Lab 10-2: Router Reflectors 642Task 1 643Task 2 646Lab 10-3: Conditional Advertisement and BGP Backdoor 650Task 1 650Task 2 651Task 3 651Task 4 653Task 5 654Task 6 658Task 7 659Task 8 662Task 9 663Lab 10-4: Community Attribute 667Task 1668Task 2672Task 3674Task 4675Task 5677Lab 10-5: The AS-path Attribute 679Task 1680Task 2682Task 3685Lab 10-6: The Weight Attribute 686A00 Kocharians FM pi-xxx.indd xviiiTask 1687Task 268902/05/17 7:43 PM

ContentsTask 3691Task 4692xixLab 10-7: Multi-Exit Discriminator Attribute 695Task 1696Task 2699Task 3700Task 4701Lab 10-8: Filtering Using Access Lists and Prefix ListsTask 1704Task 2708Task 3709Task 4711Task 5712Task 6713Lab 10-9: Regular ExpressionsTask 1715Task 2717Task 3719Task 4719Task 5720Task 6721Task 7722Task 8723Task 9724Task 10725Task 11726Task 12727Task 13728Task 14728714Lab 10-10: BGP ConfederationTask 1Chapter 11IPv6731733737Lab 11-1: Acquiring an IPv6 AddressModified EUI-64 AddressingUsing EUI-64 Addressing737737738Implement IPv6 Neighbor DiscoveryA00 Kocharians FM pi-xxx.indd xix70473902/05/17 7:43 PM

xxCCIE Routing and Switching v5.1 FoundationsTask 1743Task 2746Task 3751Task 4754Task 5755Lab 11-2: Configuring OSPFv3Task 1763763Lab 11-3: Summarization of Internal and External NetworksTask 1771Task 2778Task 3782Task 4783Task 5786Lab 11-4: LSAs in OSPFv3Task 1790Task 2800Task 3809Task 4813Lab 11-5: EIGRPv6Chapter 12Task 1818Task 2819Task 3821Task 4824Task 5825Task 6826Task 7830Task 8830Task 9831Task 10833Task 11834Task 12835Quality of Service771790817839Lab 12-1: MLS QOS 840A00 Kocharians FM pi-xxx.indd xxTask 1840Task 2842Task 384402/05/17 7:43 PM

ContentsLab 12-2: Differential Service Code Point-MutationTask 1851Task 2853Step 1853Step 2854Step 3855Step 4857Lab 12-3: DSCP-COS MappingTask 1861Task 2862Task 3862Lab 12-4: COS-DSCP MappingTask 1866Task 2866Task 3866851860865Lab 12-5: IP-Precedence-DSCP MappingTask 1870870Lab 12-6: Match Input-Interface and Match NOTTask 1873Task 2877873Lab 12-7: Match Destination and Source Address MACTask 1881Task 2882Task 3884Lab 12-8: Match IP DSCP/Precedence vs. Match DSCPTask 1885Task 2890Task 3890Lab 12-9: Match Protocol HTTP URL, MIME, and HostTask 1893Task 2894Task 3895Task 4896Task 5897Lab 12-10: Class-Based PolicingA00 Kocharians FM pi-xxx.indd xxixxiTask 1899Task 290388188589389802/05/17 7:43 PM

xxiiCCIE Routing and Switching v5.1 FoundationsTask 3904Task 4906Lab 12-11: Class-Based ShapingTask 1Chapter 13907907IPSec VPN911Lab 13-1: Basic Site-to-Site IPSec VPNTask 1911912IKE Phase 1 (Main Mode) Message 1 917IKE Phase 1 (Main Mode) Message 2 918IKE Phase 1 (Main Mode) Message 3 919IKE Phase 1 (Main Mode) Message 4 919IKE Phase 1 (Main Mode) Message 5 920IKE Phase 1 (Main Mode) Message 6 920IKE Phase 2 (Quick Mode) Message 1 921Task 2925Lab 13-2: Basic Site-to-Site IPSec VPN and NATTask 1925Task 2926Task 3927925Lab 13-3: Configuring GRE/IPSec Tunnel Mode, Transport Mode, andS-VTI 930Task 1930Task 2937Task 3940Task 4942Lab 13-4: Protecting DMVPN TunnelsChapter 14Task 1946Task 2947Task 3949Task 4952Multicast959Lab 14-1: IGMPA00 Kocharians FM pi-xxx.indd xxii946Task 1959Task 2963Task 3964Task 496595902/05/17 7:43 PM

ContentsTask 5965Task 6967Task 7969Task 8971Task 9974Task 10976Lab 14-2: Static RPTask 1977Task 2981Task 3983Task 4986Task 5991977Lab 14-3: Dynamic Rendezvous Point Learning and Auto-RPTask 1994Task 2994Task 3997Task 41004Task 51005Task 61006Task 71008Task 81010Lab 14-4: Bootstrap Router (BSR)Chapter 15Task 11013Task 21014Task 31017Task 41022MPLS and L3VPNsTask 11026Task 21029Task 31033Task 41042Task 51044Task 61044Task 71048Task 8105199310131025Lab 15-1: Label Distribution ProtocolA00 Kocharians FM pi-xxx.indd xxiiixxiii102602/05/17 7:43 PM

xxivCCIE Routing and Switching v5.1 FoundationsTask 91055Task 101058Task 111064Task 121065Task 131067Task 141068Task 151072Task 161073Lab 15-2: RIPv2 Routing in a VPNTask 11079Task 21081Task 31084Task 41088Task 51091Task 610961078Lab 15-3: EIGRP Routing in a VPNTask 611071108Lab 15-4: OSPF Routing in a VPNTask 611131113Lab 15-5: Backdoor Links and OSPFTask 11123Task 21126Task 31128Task 41132Task 51134Task 61136Task 71141Lab 15-6: BGP Routing in a VPNTask 6112311481148Index 1155Online element: Appendix A Configuration FilesA00 Kocharians FM pi-xxx.indd xxiv02/05/17 7:43 PM

xxvReader ServicesRegister your copy at www.ciscopress.com/title/9781587144721 for convenientaccess to downloads, updates, and corrections as they become available. To startthe registration process, go to www.ciscopress.com/register and log in or create anaccount*. Enter the product ISBN 9781587144721 and click Submit. Once the process iscomplete, you will find any available bonus content under Registered Products.*Be sure to check the box that you would like to hear from us to receive exclusivediscounts on future editions of this product.A00 Kocharians FM pi-xxx.indd xxv02/05/17 7:43 PM

xxviCCIE Routing and Switching v5.1 FoundationsIcons Used in This BookRouterSwitchCloudFile/Application ServerCommand Syntax ConventionsThe conventions used to present command syntax in this book are the same conventionsused in the IOS Command Reference. The Command Reference describes these conventions as follows: Boldface indicates commands and keywords that are entered literally as shown. Inactual configuration examples and output (not general command syntax), boldfaceindicates commands that are manually input by the user (such as a show command). Italic indicates arguments for which you supply actual values. Vertical bars ( ) separate alternative, mutually exclusive elements. Square brackets ([ ]) indicate an optional element. Braces ({ }) indicate a required choice. Braces within brackets ([{ }]) indicate a required choice within an optional element.A00 Kocharians FM pi-xxx.indd xxvi02/05/17 7:43 PM

xxviiIntroductionThis book is designed to bridge the knowledge gap for those who are functional andwell prepared in CCNP-level technologies. One of the biggest issues in preparing forthe CCIE Routing and Switching exam is the significant gap between being a functional,well-trained network professional and the level of knowledge and experience neededto be a well-prepared CCIE candidate. This book is intended to provide significanthands-on exercises in all the critical domains of knowledge needed to prepare forthe extensive demands of the CCIE examination. Industry leaders were consulted fortechnical accuracy throughout this book.Who Should Read This Book?This book is designed for those Routing and Switching Engineers and technologistswho want to prepare for the CCIE Routing and Switching exam, or those looking forthe equivalent knowledge. The reader is expected to have a network professional-levelcertification or the equivalent field experience.How to Access the Lab Configuration FilesThis book comes complete with the lab configuration files, which we have madeavailable to you online. To access these files, simply register this book (ISBN:9781587144721) at www.ciscopress.com/register. You will be asked to answer asecurity question based on the content of the book to verify your purchase. Once youhave registered your book, you can access the lab files by going to your account page,clicking on the Registered Products tab, and then clicking the Access Bonus Content linkunder your registered book.How This Book Is OrganizedChapter 1, “Physical Topology”: In this chapter, we explore the topology that will beused in subsequent chapters. The hope is to provide a clear and detailed explanationof the physical interconnection between devices that will be used to explore thetechnologies and features contained in this book.Chapter 2, “Physical and Logical Topologies”: After decades of working with CCIECandidates I have learned that there are some fundamental levels of knowledge that moststudents are missing. Among them is the ability to differentiate between physical andlogical topologies. A well-prepared candidate should have an absolute mastery of the syntax and processes needed to discover the physical topology for any network deployment.Chapter 2 of this book focuses on that specific skill set.Chapter 3, “Spanning Tree Protocol”: We explore all things Layer 2 in this chapter.In the Routing and Switching exam, the key focus seems to be on the Layer 3components of routing; however, without a seamless Layer 2 infrastructure, routingA00 Kocharians FM pi-xxx.indd xxvii02/05/17 7:43 PM

xxviiiCCIE Routing and Switching v5.1 Foundationsprotocols will not work. In fact, not even the most basic of IP communications can takeplace. We will focus on this very critical network element that prevents the formation ofbridging loops.Chapter 4, “Point-to-Point Protocol”: PPP in all its various flavors has been a long-time“go-to” technology to support wide area networking (WAN) infrastructures. However,in recent years, with the advent of Ethernet-based WAN deployments, we have foundourselves needing the traditional serial-based functionality in the context of Ethernetinterconnectivity. This makes understanding how to deploy Point-to-Point Protocol overEthernet a very important skill. This chapter explores its deployment, optimization, andcapabilities.Chapter 5, “DMVPN”: Dynamic Multipoint Virtual Private Networks are the replacement for Frame Relay technologies in the context of the CCIE Routing and Switchingexam. I personally feel that knowledge of DMVPN is a critical skill for anyone workingin a modern network enterprise, but I have also observed that it is one of least understood domains in the CCIE exam. As a direct result of this observation, I first deal withthe fundamental technologies that enable DMVPN and its operation. Once these havebeen highlighted, I provide very clear delineations between the DMVPN operationalphases and behaviors, recognizing that there absolutely has to be a concrete understanding of these elements before you can even hope to understand how a routing protocolbehaves when running on top of a DMVPN.Chapter 6, “IP Prefix-List”: IP Prefix-List has applications in almost every aspect ofprefix filtering and packet filtering. IP prefix lists offer capabilities to match traffic basedon variable ranges of networks and mask lengths. This tool, unlike other pattern-matchingtools such as access lists, allows us to match multiple aspects of a network simultaneously. This chapter explores all aspects of prefix lists as independent tools.Chapter 7, “EIGRP”: Enhanced Interior Gateway Protocol figures significantly into themakeup of the CCIE RS Lab exam. This demands a concrete understanding of both classical and named operations. This book looks at the operation of both these modes froma command-line perspective as well as covers how the two modes can and do interoperatebetween enabled devices. But whether you are running named or classic mode, as a candidate you need to master how to manipulate the protocol. This chapter covers both basicand advanced EIGRP operations. EIGRP is the first protocol that provides granular trafficengineering and prefix filtering, as well as various methods for injecting default routes.All these capabilities are covered in the hands-on labs in this chapter.Chapter 8, “OSPF”: Single handedly, OSPF is responsible for more failed CCIE attemptsthan any other protocol (including BGP). I have observed that most candidates do nothave a firm understanding of what actually takes place behind the scenes with OSPF.OSPF has many varying modes and enhancements that make it difficult to master. Routefiltering, LSA operation, various stub configurations, and update filtering are just a handful of the protocol’s operational aspects that need to be managed. The labs in this chapterillustrate the function and configuration of each of these topics. We focus on how OSPFoperates in single- and multi-area configurations as well as on how to manipulate itsbehavior in every way possible.A00 Kocharians FM pi-xxx.indd xxviii02/05/17 7:43 PM

IntroductionxxixChapter 9, “Redistribution”: When you talk to students that are preparing for the CCIELab Exam, most will tell you that they are terrified of redistribution. This is a directresult of Grey Market Trainers flooding the Internet with horrendously complex anderror-fraught redistribution labs. The average student sees this and is immediately intimidated by what should be a straightforward routing mechanism. What are missing are thefoundational basics associated with how to perform redistribution, and what happenswhen you do. My approach to the topic is to discuss the methodology and situationswhere redistribution can be problematic. Again this will be illustrated in labs that focuson the types of loops that can be generated, how to mitigate loops that have occurred,and procedures that will insure they never occur.Chapter 10, “Border Gateway Protocol”: Border Gateway Protocol introducescomplexity based on its overall scope and capability to “tune” or engineer control planeexchange based on attributes. These attributes far exceed the capabilities of protocolssuch as RIPv2, EIGRP, and even OSPF. This brings with it an ordered approach to how toconduct configuration and some interesting configuration syntax based on the desiredmanner of deployment. First, this chapter focuses on a concrete understanding of BGP’scomplex Adjacency State Machine capabilities. After the introduction of both theinternal and external peering mechanisms employed by the protocol, we explore howand what next-hop information is exchanged, plus we explore how to manipulate thesebasic operations. From there, we explore how to manipulate attributes or decisions basedon attributes via ACLs, prefix lists, route maps, and regular expressions. Lastly, we focuson mechanisms designed to simplify BGP configuration by providing reduced commandsets, behavior optimizations, and streamlined configuration syntax.Chapter 11, “IPv6”: Gone are the days of being able to focus just on IPv4 addressing androuting protocols. IPv6 figures significantly into the CCIE Routing and Switching examin that the exam requires a full understanding of the variants of protocols that supportIPv6. Additionally, this chapter explores the operation of IPv6 in non-broadcast multiaccess (NBMA) topologies such as DMVPN.Chapter 12, “Quality of Service”: Given that the majority of QOS mechanisms thatinvolve hardware-optimized operation have been removed from the exam, it is importantto focus intently on what remains. This chapter explores the key fundamentals of QOS inthe IOS-driven enterprise. This includes all aspects of marking and classification of trafficvia enhanced and traditional mechanisms. Lastly, the chapter deals with the manipulationsof such traffic after it has been marked. Emphasis is given to both policing and shaping oftraffic. This focuses on both classical serial WAN connections and high-speed EthernetWAN connections.Chapter 13, “IPSec VPN”: The focus of the CCIE Routing and Switching Lab hasexpanded significantly in its last iterations. This expansion has included the incorporation of site-to-site solutions such as GRE/IPSec Tunnel mode as well as multisite VPNtechnologies and their protection/encryption. This chapter covers the application ofencryption on these tunnels and VPNs from a command-line level. At this point, youshould be able to apply encryption to DMVPNs. By waiting until this point in the labexploration, you are able to better separate the DMVPN configuration task requirementsfrom the necessary encryption and security configurations.A00 Kocharians FM pi-xxx.indd xxix02/05/17 7:43 PM

xxxCCIE Routing and Switching v5.1 FoundationsChapter 14, “Multicast”: This chapter explores solutions that require end-to-end IPv4and IPv6 transport between all devices. This includes protocol-independent routingoptimizations such as policy-based routing, First Hop Redundancy Protocols andnetwork address translation.Chapter 15, “MPLS and L3VPNs”: MPLS and L3VPNs are tested heavily in theCCIE Routing and Switching Lab exam. This chapter takes a step-by-step approach todemonstrating the operational capabilities and deployment concerns involved in VPNv4tunnels. Specific focus is given to the protocols running between the customer edge andpremises edge equipment.A00 Kocharians FM pi-xxx.indd xxx02/05/17 7:43 PM

Chapter 13IPSec VPNVPN tunnels are used to connect physically isolated networks that are more often thannot separated

iv CCIE Routing and Switching v5.1 Foundations About the Author Narbik Kocharians, CCIE No. 12410 (Routing and Switching, Service Provider, and Security) is a triple CCIE with more than 40 years of experience in this industry. He has designed,