You are on page 1of 190

Alcatel-Lucent Scalable IP Networks Module 0 Introduction to Scalable IP Networks Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

e Scalable IP Networks v2.01 Module 0 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 2 All rights reserved 2008 Alcatel-Lucent The Alcatel-Lucent Service Routing Certification Program Four Certifications ALCATEL-LUCENT NETWORK ROUTING SPECIALIST I 4 DAYS / 1 COURSE / 1 WRITTEN EXAM ALCATEL-LUCENT TRIPLE PLAY ROUTING PROFESSIONAL 34 DAYS / 8 COURSES / 8 WRITTEN EXAMS / 1 PRACTICAL LAB EXAM ALCATEL-LUCENT SERVICE ROUTING ARCHITECT 47 DAYS / 11 COURSES / 11 WRITTEN EXAMS / 2 PRACTICAL LAB EXAMS ALCATEL-LUCENT NETWORK ROUTING SPECIALIST II 17 DAYS / 4 COURSES / 4 WRITTEN EXAMS / 1 PRACTICAL LAB EXAM The Alcatel-Lucent Service Routing Certification (SRC) program gives you the tra ining required to design, operate and troubleshoot todays IP/MPLS based multi-service networks, allowing yo ur corporation to get the most from its investment in IP service routing. The Alcatel-Lucent SRC program is specifically designed to arm network engineers , as well as operations and strategic planning staff, with the skills necessary to meet new operational chal lenges and to align network changes with their companies business goals. Adding video to the service mix crea tes an entirely new set of networking architectural challenges. Our program is unique in its ability to pre pare you to address these challenges, both now and in the future. The NRSI is our introductory certification and the SRA is our highest level cert ification. As you move from the introductory certification to the SRA you will gain more knowledge associate d with the ALU approach to Services such as VPLS,VPRNS, and solutions such as Triple Play. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 3 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 3 All rights reserved 2008 Alcatel-Lucent SRC Program - Courses and Exams Common Courses and Exams Across Certification Tracks SRA Specific Course and Exam Lab Exam RECERTIFICATION Certification is valid for three years. You must complete additi onal exams to keep your certification active. Recommended Courses 1 Alcatel-Lucent Scalable IP Networks 2 Alcatel-Lucent Interior Routing Protocols and High Availability 3 Alcatel-Lucent Border Gateway Protocol 4 Alcatel-Lucent Multiprotocol Label Switching 5 Alcatel-Lucent Services Architecture 6 Alcatel-Lucent Virtual Private LAN Services 7 Alcatel-Lucent Virtual Private Routed Networks 8 Alcatel-Lucent Quality of Service

9 Alcatel-Lucent Multicast Protocols 10 Alcatel-Lucent Triple Play Services 11 Alcatel-Lucent Advanced Troubleshooting Practical Lab Exams Alcatel-Lucent Network Routing Specialist II Lab Exam Alcatel-Lucent Service Routing Architect Lab Exam The break out of the components for each Alcatel-Lucent SRC Certification is out lined above. Based on their experience and expertise, students may choose which courses to fo llow. Courses have suggested prerequisites. However, a certification can be awarded only to those w ho pass the written and lab exams required for their chosen certification. All exams identified per certific ation are mandatory. For more information, please see the course outlines and exam overviews at www.alcatel-lu cent.com/src SRC courses range from 3 to 5 days in length. Each course offers extensive lab a ctivities which range from 30 to 80% of the course time. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 4 All rights reserved 2008 Alcatel-Lucent SRC Program Exam Profile 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, NRSII4A0 Alcatel-Lucent Service Routing ASRA4A0 Architect Lab Exam Alcatel-Lucent Network Routing NRSII4A0 100, 101, 103, 104 Specialist II Lab Exam Alcatel-Lucent Advanced 4A0-110 NA Troubleshooting Alcatel-Lucent Triple Play Services 4A0-109 NA Alcatel-Lucent Multicast Protocols 4A0-108 NA Alcatel-Lucent Quality of Service 4A0-107 NA Alcatel-Lucent Virtual Private Routed 4A0-106 NA Networks Alcatel-Lucent Virtual Private LAN 4A0-105 NA Services Alcatel-Lucent Services Architecture 4A0-104 NA Alcatel-Lucent Multiprotocol Label 4A0-103 NA Switching Alcatel-Lucent Border Gateway Protocol 4A0-102 NA Alcatel-Lucent Interior Routing 4A0-101 NA Protocols and High Availability Alcatel-Lucent Scalable IP Networks 4A0-100 NA Exam Prerequisites (4A0-XXX) Exam Exam Name Number Written Exams Delivered by Prometric Global provider of testing services 5000+ test sites worldwide Register at: www.prometric.com/alcatel-lucent Lab Exams Written at Alcatel-Lucent sites NRS II Certification

Half-day lab exam SRA Certification Full-day lab exam Alcatel-Lucent Confidential for internal use only -Scalable IP Networks v2.01 Module 0 - 5 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | Alcatel-Lucent Credit for Other IP Certifications Cisco or Juniper certified? You can receive exemptions from some of the SRC exams if you hold any one of the Cisco or Juniper certifications identified Certifications must be valid to receive exemptions Submit your request for exemptions at: http://www.alcatel-lucent.com/srcexemptions 4A0-100 Juniper Networks Certified Internet Professional (JNCIP-E) Juniper Certifications SRC Exam Exemption E- Series Juniper Networks Certified 4A0-100/4A0-101/4A0-102 Internet Expert (JNCIE-M) 4A0-100 Juniper Networks Certified Internet Professional (JNCIP-M) Juniper Certifications SRC Exam Exemption M- Series 4A0-100/4A0-101/4A0-102 Cisco Certified Internetwork Expert (CCIE) Routing and Switching and Service Provider Cisco Certified Internetwork 4A0-100 Professional (CCIP) Cisco Certifications SRC Exam Exemption Alcatel-Lucent Confidential for internal use only -Scalable IP Networks v2.01 Module 0 - 6 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | Alcatel-Lucent Alcatel-Lucent SRC Program Global Reach Delivered from nine Alcatel-Lucent locations globally: APAC Shanghai, China Sydney, Australia Melbourne, Australia Europe Antwerp, Belgium Newport, UK Paris, France North America Plano, USA Ottawa, Canada Mexico City, Mexico Class schedules posted @ www.alcatel-lucent.com/src

Do Not Distribute 5 All rights reserved 2008

Do Not Distribute 6 All rights reserved 2008

Registration online @ www.alcatel-lucent.com/srcreg Customer on-site classes also available Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 7 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 7 All rights reserved 2008 Alcatel-Lucent Module Overview Course timeline Course objectives Course prerequisites Course introduction Alcatel-Lucent Scalable IP Networks This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Pr ogram. For more information on the SRC program, see www.alcatel-lucent.com/src To locate additional information relating to the topics presented in this manual , refer to the following: Technical Practices for the specific product Internet Standards documentation such as protocol standards bodies, RFCs, and IE TF drafts Technical support pages of the Alcatel website located at: http://www.alcatel-lu cent.com/support Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 8 All rights reserved 2008 Alcatel-Lucent Alcatel-Lucent Scalable IP Networks Timeline Day 1 Module 0 Introduction Module 1 The Evolution of the Internet Module 2 Alcatel-Lucent 7750 SR Platforms Day 2 Module 3 Introduction to Layer 2 Alcatel-Lucent Confidential for internal use on ly -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 9 All rights reserved 2008 Alcatel-Lucent Alcatel-Lucent Scalable IP Networks Timeline Day 3 Module 4 Layer 3 and IP Services Module 5 IP Routing Protocol Basics Day 4 Module 6 Transport Layer Protocols Module 7 Tunneling and Services Alcatel-Lucent Confidential for internal use onl y -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 10 All rights reserved 2008 Alcatel-Lucent Alcatel-Lucent Scalable IP Networks Objectives After the successful completion of this course, you should be familiar with: OSI protocol suite Key functions of the Ethernet protocol Key functions of an IP network IP address classes, IP subnet masking, and IP supernetting Configuration of IP addresses and subnet masks on router interfaces Static and dynamic routing IGP and EGP and the differences between the routing protocols

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 11 All rights reserved 2008 Alcatel-Lucent Alcatel-Lucent Scalable IP Networks Objectives (continued) After the successful completion of this course, you should understand: The basic operation and configuration of OSPF The basic operation of BGPv4 TCP and UDP as transport protocols The purpose and benefits of MPLS How MPLS tunnels are used to support VPN services The various services offered on the 7750 SR including VPWS, VPLS, and VPRN services Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 12 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 12 All rights reserved 2008 Alcatel-Lucent Alcatel-Lucent Scalable IP Networks Goal Provide the participants with the basic knowledge of IP networking, its application, and its implementation in an AlcatelLucent environment. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 13 All rights reserved 2008 Alcatel-Lucent Prerequisites and Follow-On Courses Suggested prerequisites There is no prerequisite for this course, however, familiarity with binary arithmetic is an asset Suggested follow-on courses Based on the material covered in this course, it is recommended that, after the successful completion of this course that you enrol in the Alcatel-Lucent Interior Routing Protocols & High Availability course Certification exam To ensure full comprehension of the material covered in this course, it is recommended that the student register for and take the Alcatel-Lucent Scalable IP Networks exam following completion of this course Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 14 All rights reserved 2008 Alcatel-Lucent Alcatel-Lucent Scalable IP Networks Overview IP technology has experienced phenomenal growth over the last decade. This technology has become a part of every facet of our lives. This 4-day course introduces the Layer 2 and Layer 3 technologies that are used in the networking world. Alcatel-Lucent Confi dential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 15 All rights reserved 2008 Alcatel-Lucent Graphical Symbols and Icons DA SA Type IP Data 10.1.1.1 Generic router Table Packet (showing detail)

Network Cloud System or loopback Interface Data plane (dotted blue) Control plane (dashed red) Physical link (solid black) Provider Edge Customer site 1 Switch Server Customer site 2 Workstation User Flow or lookup 1 These typical graphical symbols and icons are used throughout this course. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 0 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 0 | 16 All rights reserved 2008 Alcatel-Lucent Administration Registration Facility information Restrooms Communications (Set cell phones and pagers to silent mode.) Materials Schedule Introductions Name and company Experience Expectations Questions Alcatel-Lucent Confidential for internal use only -- Do Not Distribute www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 1 Alcatel-Lucent Scalable IP Networks Module 1 The Evolution of the Internet Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 2 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 2 All rights reserved 2008 Alcatel-Lucent Module Overview How the Internet Began Components of the Internet How the Internet Works TCP/IP Layering Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 3 The Evolution of the Internet Section 1 How the Internet Began Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 4 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 4 All rights reserved 2008 Alcatel-Lucent How the Internet Began The Development of the Internet ARPANET

TCP/IP Traffic on the Internet today Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 5 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 5 All rights reserved 2008 Alcatel-Lucent The Development of the Internet Before the Internet Early computing devices consisted of large systems for data processing Proprietary networking architectures and protocols were used Network infrastructure was extended with similar components General interest in cross-platform connectivity was non-existent Interworking between research organizations Driven by Advanced Research Projects Agency (ARPA) Department of Defense (DoD) Need of users in different organizations to share information Reliability required for typical network component failure Advanced Research Projects Agency Network (ARPANET) Before the Internet In the early days of commercial computing, the late 1960s, most companies purcha sed one large computer system for all of their data processing needs. These systems used propr ietary networking architectures and protocols, consisting primarily of plugging dumb terminals or line printers into an intelligent communications controller. Each of these devices used proprietary ne tworking protocols to communicate with the central host. These computer systems used proprietary design, products, protocols, and service s to interconnect. Companies expanded their existing networks by purchasing more of the same type o f equipment. Cross-platform connectivity did not exist and was not expected. Interworking between organizations Interworking between vendors first occurred when the US Military realized that d ifferent sites around the country could not connect with each other because they all ran proprietary s ystems and protocols. Without cross-platform support, effective communication or resource sharing betw een sites was not possible. This could become critical in the event of a national disaster, or mor e commonly, equipment failure where the inability to transfer resources or to backup information could leave that information unprotected. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 6 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 6 All rights reserved 2008 Alcatel-Lucent Significance of ARPANET Initial ARPANET consisted of: Interface message processors (IMP) Host computers connected to IMP via serial line Host-to-host protocol called Network Control Protocol (NCP) Another network called ALOHANET funded by ARPA

Other packet switched networks developed in Europe In 1972, INWG decided to connect all of these networks Cross-organizational communications The project to enable cross-organizational communications was initiated by ARPA of the DoD. The priority for this project was vendor-independent networking. As a result, the wo rlds first packet switched network, ARPANET, was conceived. ARPANET was initially deployed between four sites (Stanford University, Universi ty of California at Santa Barbara, University of California at Los Angeles, and University of Utah). It was designed with reliability in mind and consisted of redundant packet switches, links, and a dyn amic routing protocol. In 1969, ARPA funded an experimental packet radio network at the University of H awaii. This network, ALOHANET was directed by Professor Norman Abramson, and connected sites that wer e spread throughout the Hawaiian islands to a central time-sharing computer on the Univer sity of Hawaii campus. ALOHANET users could connect to the ARPANET. However, this access through the te rminal interface processor (TIP) meant that, from the ARPANET perspective, ALOHANET was just a te rminal connection. Dr. Robert Kahn, one of the BBN IMP researchers who was instrumental in developi ng the IMP-to-host protocol, architecting the ARPANET, and improving its reliability, organized an event to demonstrate ARPANET. During this event, a new working group called the International Network Working Group (INWG), was organized. One of the tasks that INWG undertook was to connect ARPAN ET and ALOHANET to some of the new packet switching European networks to create a Giant Global n etwork. Kahn began a lengthy series of discussions with Vint Cerf, the INWG chairman, to find a sol ution. Their model was an internetworking of the ARPANET with a packet radio network an d a satellite network (SATNET)each of which used different protocols and different interfaces, and were optimized for each particular network s needs. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 7 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 7 All rights reserved 2008 Alcatel-Lucent The Challenge of ARPANET Challenges ARPANET was designed for a very high degree of reliability, and NCP depended upon this level of reliability Addressing Each network had its own maximum packet sizes Solution Kahn developed a new host-to-host protocol with global addressing In 1973, TCP was developed as a protocol to connect these networks Challenges Packet radio and satellite links could not guarantee the same kind of reliabilit

y that was designed into ARPANET. NCP only supported local addressing to the next hop node. It did not provide the addressing plan that was required for a global network such as the Internet. Each network supported its own maximum packet size. When a packet traveled from one network to the next it may have needed to be broken into a number of smaller packets to tra verse the next network. Solution The development of a new host-to-host protocol that supported global addressing, the ability to recover lost packets, perform fragmentation and reassembly, calculate end-to-end checksu ms, and provide host-to-host flow control. The first version of this new protocol was presented by Kahn and Cerf at a meeti ng of the INWG at Sussex University in the United Kingdom in September 1973. It was called the Tra nsmission Control Protocol (TCP). In 1978, TCP evolved to become TCP/IP. TCP/IP The introduction and wide-scale deployment of TCP/IP represented a major shift i n computer networking. Prior to TCP/IP, most network topologies required hardware-based network nodes t o send traffic to a central host for processing with the central host delivering the data to the destination node on behalf of the sender. With the introduction of TCP/IP, each network device was treated as a fully func tional, self-aware network endpoint, capable of communicating with any other device directly without using a central host. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 8 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 8 All rights reserved 2008 Alcatel-Lucent The Birth of the Internet From military to research-based network TCP/IP grew in popularity after it was offered with the UNIX OS ARPANET was replaced by NSFNET In 1990, commercial agencies and other general purpose companies required networking, giving rise to Internet service providers (ISPs) From research to commercial-based network NFSNET was replaced by commercial ISPs in the mid-1990s Protocols associated with the Internet and TCP/IP were developed through the RFC process INWG evolved into IETF as the standards organization for Internet-related protocols In 1980, the U.S. military adopted TCP/IP as a networking standard. A "flag day" transition from NCP to TCP/IP that took place on January 1, 1983, marks the beginning of the Internet a nd the beginning of the end for the ARPANET. By 1985, the ARPANET was heavily utilized and burdened with congestion. In respo nse, the National Science Foundation initiated phase 1 for the development of the National Science Foundation network (NSFNET).

The NSFNET used a hierarchical network architecture from its inception in 1986 a nd was more distributed than the ARPANET. The bottom tier consisted of University campuses a nd research institutions. These were connected to the middle tier (the regional networks). T he regional networks were then connected into the main backbone network (the highest tier), consistin g of links between six nationally funded supercomputers. As late as the early 1990s, the NSFNET was still reserved for research and educa tion applications, and government agency backbones were reserved for mission-oriented purposes. These n etworks and other emerging networks were feeling new pressures as different agencies needed to int erconnect with one another. There was increasing commercial and general interest in obtaining network access and interconnectivity which gave rise to an entire industry of network service providers, also known a s internet service providers. Networks outside the U.S. developed with international connections be tween them. As the various new and existing entities pursued their goals, the complexity of connect ions and infrastructure grew. (.continued on slide 9) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 9 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 9 All rights reserved 2008 Alcatel-Lucent The Birth of the Internet From military to research-based network TCP/IP grew in popularity after it was offered with the UNIX OS ARPANET was replaced by NSFNET In 1990, commercial agencies and other general purpose companies required networking, giving rise to Internet service providers (ISPs) From research to commercial-based network NFSNET was replaced by commercial ISPs in the mid-1990s Protocols associated with the Internet and TCP/IP were developed through the RFC process INWG evolved into IETF as the standards organization for Internet-related protocols (.continued from slide 8) The INWG managed the development of Internet and TCP/IP related protocols. From its very beginning, anyone was allowed to participate in the process merely by generating ideas for protocols to use on these emerging networks. These original documents were known then, as they are t oday, as Requests For Comments (RFCs). While today s RFCs are more formal and build on a rich and storied tradition of previous RFCs, they are still the major driving force for innovation of new prot ocols and features. The INWG evolved over the years into the IETF which is now the standards body fo r IP and related protocols. The IETF does not and has never had an official charter. It still ope rates as an open organization where anyone representing research or commercial interests can cont ribute and improve

the existing internet protocols. IETF working groups enable individual contribut ors to meet, present, and review their work with every one else through the RFC process. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 10 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 10 All rights reserved 2008 Alcatel-Lucent Traffic on the Internet Today Credit: Donna Cox and Robert Patterson, courtesy of the National Center for Supe rcomputing Applications (NCSA) and the Board of Trustees of the University of Illinois NSFNET traffic in the early 90s The modern Internet today The modern Internet evolved from the NSF-based Internet where, instead of resear ch and government institutions providing a common backbone, any commercial enterprise or industry participates in generating or propagating traffic that is generated by other enterprises. The common goal is t o provide access to the Internet hosts, and provide an abundance of information housed by various organi zations. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 11 The Evolution of the Internet Section 2 - Components of the Internet Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 12 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 12 All rights reserved 2008 Alcatel-Lucent Components of the Internet The Internet Defined Roles and Functions Service Provider Tiers Connections Modern ISP Services ISP with POPs IP Addressing TCP/IP Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 13 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 13 All rights reserved 2008 Alcatel-Lucent The Internet Defined Simple Definition The Internet is built with computers that are connected by wires. Each wire serves as a way to exchange information between the two computers that are connected. Practical Definition The Internet consists of many distributed network architectures that are operated by many commercial organizations (ISPs) connected via major network exchange points as well as direct network interconnections [Internet Routing Architectures, 2nd Edition, Sam Halibi], all using the IP. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 14 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 14 All rights reserved 2008 Alcatel-Lucent Roles and Functions Content Provider

An organization or individual that creates information, that is, educational or entertainment content for the Internet Service Provider An organization that provides Internet service and access to various content providers Peering Peering is the arrangement of traffic exchange between ISPs The terms content provider and service provider can be applied to a broader scop e than the Internet. However, in this course, content provider and service provider are referred to i n the context of the Internet. Service Provider vs Content Provider Anyone that offers Internet connectivity can claim to be an Internet provider or service provider. The term service provider covers everything from a provider with a multimillion-doll ar backbone and infrastructure to a provider with one router and an access server in their garag e. A content provider provides only the information that is requested by the home u ser or small corporation. This information typically resides on data servers. Access to these data servers occurs by using application protocols, a concept which will be discussed later. The most common example of an application protocol that is used to access inform ation is Hypertext transfer protocol (HTTP), which is the fundamental protocol of the world wide we b (WWW). By using HTTP, users can access information from the server that contains the pa rticular information (the website) sought by the user. For example, when the user types www.google.com on their web browser, the browse r uses HTTP to obtain information from the website or the data server that hosts www.google.com . It is quite typical for an Internet user to obtain content from servers outside of their vicinity. The Internet gives any user access to content on servers located anywhere in the wor ld. For example, the user is in Ottawa, Canada obtaining services from a local ISP (ISP A) and the da ta server hosting Google is in Palo Alto, USA connected to its content provider. ISP A and the content pr ovider must either be able to connect directly to each other or must be able to use the service of ano ther ISP that provides transit services to both ISP A and the content provider. Only then will the loca l user send and receive traffic from the Google server. This type of arrangement between the ISPs and th e content provider is referred to as a peer arrangement or peering. Peering is a mutual agreement between two or more ISPs to enable the exchange of information between each others customers by direct or indirect interconnections. The indirec t interconnection is through an Internet Exchange Point (IXP). Apart from web access, ISPs can also p rovide e-mail access with multiple e-mail accounts, data storage, and very recently broadcast televis ion services. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 15 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 15 All rights reserved 2008

Alcatel-Lucent Service Provider Tiers Tier 1 service providers serve primarily as transit providers For example AT &T, Global Crossing, Level 3 Tier 2 service providers provide transit for some networks and receive transit service from Tier 1 service providers to connect to other parts of the Internet For example - Bell Canada, Sprint Tier 3 service providers can provide reselling services for various Tier 2 services to their customers IXPs enable Tier 1, 2, and 3 service providers to exchange Internet data Tier 1 Service Providers In this context of Tier 1, service provider and network are interchangeable. By definition, a Tier 1 network does not purchase information transit from any o ther network to reach any other portion of the Internet. Therefore, in order to be a Tier 1 network, a network must peer with every other Tier 1 network. A new network cannot become a Tier 1 network without the explicit approval of ev ery other Tier 1 network, because any network s refusal to peer with it prevents the new network from being considered a Tier 1 network. Tier 2 Service Providers Tier 2 service providers purchase transit services from one or more Tier 1 servi ce providers. Tier 3 Service Providers Tier 3 service providers are smaller than Tier 2 services providers and require a Tier 2 or Tier 1 service provider for transiting to parts of the Internet. Internet Exchange Points IXPs enable information exchange at local points, which avoids needing to traver se or backhaul traffic through major points in order to reach the Internet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 16 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 16 All rights reserved 2008 Alcatel-Lucent Home to Local ISP Connections The slide shows a typical scenario where small home users are connected to the I nternet. The home user connects to the local service provider, which can be a Tier 2 or Tier 3 service provider depending on the size of their local ISP. The Tier 2 service provider houses local content that is imm ediately delivered to the home user and also peers with another Tier 1 or Tier 2 service provider for home-to-h ome connectivity. This is the case where two homes are connected to two independent ISPs and are using a netwo rk application such as Microsoft Messenger or other Internet chat services. The Tier 1 ISP may also peer directly with a content provider or through a Tier 2 ISP. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 17 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 17 All rights reserved 2008 Alcatel-Lucent Enterprise-to-enterprise Connections Enterprises can connect between their regional offices through the Tier 2 and Ti er 1 ISPs. For example, an

enterprise in one region can connect to a local Tier 2 ISP, or one office can co nnect to a Tier 2 ISP in another region. Using the same Internet backbone as shown in the previous slide, enterprise comp anies in two different locations that are connected to two different local ISPs can communicate with ea ch other. Enterprise services can include, for example, video conferencing, electronic whiteboard presentation s. Often, ISP A is connected to both residential (home) subscribers and enterprise organizations. One major difference between enterprise and residential subcribers is their reso urce requirements. The needs of an enterprise are typically more resource intensive than those of a residenti al home subscriber. Therefore, local ISPs typically reserve more bandwidth for their enterprise customers depen ding upon their service level agreements. Another major difference between the enterprises and residential subscribers is the addressing plan. Enterprises can have their own publically allocated addressing space whereas res idential subscribers typically borrow addressing from their local ISP. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 18 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 18 All rights reserved 2008 Alcatel-Lucent Modern ISP Services ISP Services Residential and enterprise Service Level Agreements Contractual obligation to ensure traffic guarantees Demarcation Points Provides a clear separation between the customer network and the service provider network Separation of the service provider and customer responsibilities ISP Services Traditionally ISPs provided dial-up Internet access using phone lines (28.8 to 5 6 kb/s). This was upgraded to high-speed Internet access which provided 2 to 3 or 5 to 7 Mb/s. Alo ng with Internet access, modern ISPs can also be content providers or can peer with several conte nt providers to provide their users with a variety of services, mainly voice, video, and data applicatio ns. To compete with the traditional cable and satellite providers and Telecom providers, modern ISPs bun dle the major services (voice, data, and video) into what is referred to as a triple play package. In c ontrast, some of the cable providers and satellite providers now offer Internet services to compete with th e Telecom providers and other ISPs. Cost reduction is one major motivation for bundling services that were tradition ally offered as individual services. Another motivation is to offer customized services with var ying price points. For example, an ISP may offer end users three packages - a basic service, a premium service, and an elite service. The package with higher service utilization costs more than the package

that offers a basic service. The basic package may offer a 10 Mb/s combined voice, Internet, and bas ic video services; the premium package may offer 20 Mb/s voice service and Internet and basic video ser vices; and the elite package may offer 40 Mb/s voice, very high speed Internet, and high definition v ideo services. (continued on slide 19) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 19 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 19 All rights reserved 2008 Alcatel-Lucent Modern ISP Services ISP Services Residential and enterprise Service Level Agreements Contractual obligation to ensure traffic guarantees Demarcation Points Clear separation between the customer network and service provider network Separation of the service provider and customer responsibilities (continued from slide 18) Service Level Agreements A service level agreement is a contractual agreement between an ISP and its cust omers that defines traffic flow guarantees and may include penalties when traffic is not delivered in compliance with the service level agreement. In addition to residential customer traffic needs, ISPs typically provide the bu siness traffic needs for enterprises. A medium to large enterprise that requires the ISPs geographical pre sence to connect to its offices or to other enterprise organizations will have traffic requirements for bandwidth and timely delivery that are well beyond that of the home user. The enterprise may require additional services from an ISP such as web hosting, and services for intersite connectivity. Typica lly, the traffic that travels through the ISPs network is critical to the daily operations of the enter prise. The delivery of this type of traffic is usually guaranteed by the ISP with a service level agree ment. Demarcation Points Demarcation points provide separation between the service provider and the custo mer. The demarcation point is the point where the service provider s responsibility ends and the customer s responsibility begins. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 20 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 20 All rights reserved 2008 Alcatel-Lucent ISP with POPs in Different Cities Todays Internet backbone is quite complex. The backbone is a collection of servic e providers with connection points over multiple regions. These connection points are called points of prese nce (POPs). The collection of POPs and the interconnections between them form the provider networks. Customers who purchase Internet

service from these service providers are connected through access or hosting fac ilities located in the service providers POP. The service providers may have direct or indirect access to the co ntent providers. The customers are the end hosts that receive Internet service from their service pro vider. In this slide, the ISP B in Montreal is not connected directly to the content pr ovider. Instead ISP B must send its traffic to Toronto which is connected. Similarly, the ISP A POP in Ottawa must s end its traffic through Toronto or Montreal to reach the content provider. Service providers with POPs throughout the country are commonly referred to as n ational providers. Service providers that cover specific regions are referred to as regional providers. To enable customers of one provider to reach customers connected to another provider, traffic is exchanged at public IXPs or through direct interconnections. The term ISP is commonly used to refer to any entity that prov ides Internet connectivity service directly to the end user or to other service providers. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 21 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 21 All rights reserved 2008 Alcatel-Lucent ISP with POPs and IXPs With an IXP at the city level, traffic between various ISPs and content provider s can be handled within the same city. For example, in the slide, ISP A POP and ISP B POP in Ottawa can comm unicate with each other locally through Ottawas IXP. If a content provider is connected to the IXP in a local city, the traffic betwe en the ISP POPs and the content provider is localized. Without the local IXP, the traffic between ISPs may need to be carried to another city with an IXP before the traffic arrives at the destination ISP in the original ci ty. For example, if there is no local IXP in Ottawa, traffic from ISP A in Ottawa may travel to Toronto before r eturning to communicate with ISP B in Ottawa. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 22 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 22 All rights reserved 2008 Alcatel-Lucent IP Addressing Some of the IP address allocations managed by RIR (Regional Internet Registry) ARIN 96/8 to 99/8, 204/8 to 209/8 APNIC 114/8 to 126/8 AfriNIC 41/8, 196/8 RIPE NCC

77/8 to 95/8 LACNIC 186/8, 187/8, 189/8, 190/8 For the Internet to operate, the components need a common method of communicatio n and common addressing of all of the physical components. Internet protocol (IP) provides th is common method of communication and common addressing. Every device that connects to the Internet, or that communicates with another co mputer on the Internet has a unique IP address. An example of an IP address is 138.120.105.45. These addresses are distributed a nd controlled by the Internet Assigned Numbers Authority (IANA). Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 23 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 23 All rights reserved 2008 Alcatel-Lucent TCP/IP A network protocol is a standardized method of communicating between computers; for example: TCP TCP is a layered protocol with distinct functions A layer in a protocol stack receives services from the lower layers and provides services to the upper layers The advantages of standard layering are: Simplifies complex procedures into a structure that is easier to understand Modularizes protocol functionality and hides changes in the lower layers from the upper layers Layering of information can be compared with the regular postal service where th ere are several distinct functions: Creating the letter Placing the letter in an envelope, and writing the senders and recipients address Choosing the type of delivery for the letter (same day service, same week and so on) Placing the appropriate stamp on the letter to pay for the service Physically sending the letter via carriers; for example, by truck or airplane After the sender writes the letter, all of the functions listed above are releva nt to transporting the letter to the appropriate destination. At the destination, the letter is received by the r ecipient, and depending upon the transport service, an acknowledgement may be sent to the sender confirming t he receipt of the letter. The letter can then be removed from the envelope and its contents read. The layering of information on the Internet occurs in a similar fashion. The obj ective of this data transfer is to inter-network with different computer systems. The applications need to send dat a to and receive data from other applications on different hosts/systems. In doing so, the application comp oses the data and requests a layering stack to transport the information. Each layer of the protocol stack adds the pertinent information for that layer t o the existing data. As the data is sent from the sender to the receiver, the data passes through sev eral other systems. These systems only check the information that is relevant to the layers in which they have an interest. The systems use this information to assist in transmitting the data to the appropriate desti

nation. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 24 The Evolution of the Internet Section 3 - How the Internet Works TCP/IP Layering Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 25 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 25 All rights reserved 2008 Alcatel-Lucent How the Internet Works - TCP/IP Layering TCP/IP Layers - Overview TCP/IP Layers - Characteristics Encapsulation End-to-end Frame transfer OSI Model Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 26 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 26 All rights reserved 2008 Alcatel-Lucent TCP/IP Layers - Overview The network protocol suite defines the protocols and technologies that support t he interconnection of a diverse array of hardware and systems to support the operation of a wide range o f applications over the network. Anyone who has used an Internet application, such as a web browser or e -mail can appreciate the complexity of the systems that are required to support these applications. The layering of protocols simplifies this complex problem by dividing the protoc ol into a number of simpler functions. Each layer performs a specific function that contributes to the overa ll functioning of the network. The TCP/IP suite, also known as the Internet protocol suite, contains four layer s of technology. The application services layer provides all of the services that are available t o users of the Internet. The two intermediate layers (transport and Internet protocol) provide a common s et of services that are available to all of the Internet applications and operate on the Internet ha rdware infrastructure. The network interfaces layer includes all of the hardware that comprises the phy sical infrastructure of the Internet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 27 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 27 All rights reserved 2008 Alcatel-Lucent TCP/IP Layers - Characteristics User interface to the network User applications E-mail, Telnet, FTP, WWW Application interface to IP Layer Reliable/unreliable transfers Unique network addressing scheme to identify hosts Routing protocols for path determination End-to-end forwarding of datagrams Physical transfer of data ATM, Ethernet, frame relay The application services layer is where the user interfaces with the network. Th is layer applies only to

network applications, such as e-mail, Telnet, FTP, and WWW. Without network conn ectivity, these applications would be useless. Applications such as word processors and database programs are not considered network applications because they do not require network connectivity. The transport layer is the applications interface to the network. The transport p rotocol provides a mechanism for an application to communicate with another application that reside s on another device in the network. In the TCP/IP suite, there are two transport protocols: TCP and user da tagram protocol (UDP). TCP is a connection-oriented protocol that provides an ordered and reliable transfer of data over the network. UDP is a connectionless protocol that supports the transfer of a single datagram across the network with no delivery guarantee. UDP is simpler than TCP and operates with less overhead than TCP. Mos t Internet applications, such as HTTP (web-browsing), e-mail, Telnet, and file transfer protocol (FTP), use TC P for data transfer because it provides a reliable transfer service. Some applications, such as domain name sys tem (DNS) and simple network management protocol (SNMP), use UDP because they only require a simple datagram transfer. Other applications, such as reliable transfer protocol (RTP), use UDP to avoid the ove rhead of TCP and because there is no benefit in the retransmission of lost packets for the applications that us e RTP. The Internet protocol layer provides a common addressing plan for all of the hos ts on the Internet as well as a simple, unreliable datagram transfer service between these hosts. IP is the comm on glue that defines the Internet. IP also defines the way a datagram (or packet) is routed to its final destination. In an IP network, packet forwarding across the network is handled by routers. IP routers examine t he destination address of a datagram and determine which router is the next hop that will provide the best r oute to the destination (known as hop-by-hop routing). Routers communicate with each other using dynamic routing protocols to exchange information about the networks to which they are connected. The protoco ls allow routers to make forwarding decisions for the datagrams that they receive. The network interface layer comprises the hardware that supports the physical in terconnection of all of the network devices. The technologies of the network interface layer are often defin ed as multiple layers. The common trait of all technologies of this layer is that they can forward IP datag rams. There are many different technologies that operate at this layer, some of which are very complex. Some of the protocols commonly used at this layer include ATM, frame relay, point-to-point protocol (PPP), and Ether net. However, many other protocols are used; some of the protocols are open standards and some are propri etary. The diversity of the network interfaces layer demonstrates one of the benefits of protocol layering. As new transmission technologies are developed, it is not necessary to change the upper layers in or der to incorporate these technologies in the network. The only requirement is that the new technology be able to support the

forwarding of IP datagrams. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 28 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 28 All rights reserved 2008 Alcatel-Lucent Encapsulation Encapsulation is the inclusion of one data format in another data format in order to hide the former data format In the context of TCP/IP, encapsulation is the mechanism by which the TCP/IP stack adds layered information to the application-generated data TCP/IP includes four types of encapsulation Application encapsulation Transport encapsulation IP encapsulation Data link encapsulation The application generates the data, which is handed to the transport layer. The transport layer (TCP or UDP layer) adds its overhead to the data, thereby hiding the original data. The data now is part of the transport layer and identified by the transport header. Similarly, once the transport data is received by the lower IP layer, the IP layer adds its overhead. At this point, the packet is referred to as an IP packet, thereby hiding the transport layer overhead and the application data. Finally, the IP layer nee ds the data link layer to perform the physical transmission of the IP packet. The data link layer adds its own overhead to the IP packet and then transmits the data to the next hop in the network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 29 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 29 All rights reserved 2008 Alcatel-Lucent Application Encapsulation When a network application needs to communicate with another application across the network, the application must first prepare its data in the specific format defined by the pr otocol to be used by the receiving application. A specific protocol is used so that the receiving applica tion will know how to interpret the received data. For an e-mail message, there are two parts: the message header and the body. The message header contains the senders and receivers addresses, as well as other information such as the urge ncy of the message and the nature of the message body. The format of the header and the nature of the addre sses is defined by the application protocol. An e-mail message protocol is Simple Message Transfer Prot ocol (SMTP). In addition to defining the format of the message, the protocol also specifies h ow the applications are expected to interact with each other, including the exchange of commands and the expected responses. The application uses the services of the transport layer to transfer the applica tions data. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 30 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 30 All rights reserved 2008 Alcatel-Lucent Transport Encapsulation

The transport layer provides a service to transfer data between applications acr oss a network. Two transport protocols are used on the Internet: TCP and UDP. To exchange e-mail across the I nternet, an e-mail application uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service to ensure that all of the data is properly transferred. UDP provides a simple, unre liable datagram delivery service, which is similar to IP. TCP treats all application data as a simple byte stream, including both the mess age header and the message body. TCP accepts the applications data and breaks the data into segments for tra nsmission across the network as required. To accomplish this reliable transfer, TCP packages the appl ication data with a TCP header. On the receiving end of the connection, TCP removes the TCP header and r econstructs the application data stream exactly as the data was received from the application on the senders side of the network. The TCP and UDP headers carry source and destination addresses that identify the sending and recipient applications because a single host system may support multiple applications. The se addresses are known as port numbers. The TCP units of data are known as segments; UDP data is called a datagram. To transmit its segments of data across the network, TCP uses the services of th e IP layer. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 31 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 31 All rights reserved 2008 Alcatel-Lucent IP Encapsulation The IP layer provides a common addressing scheme across the network as well as a simple, unreliable datagram forwarding service between nodes in the network. Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travels independently across the network. The intermediate routers forward the datagram on a hop-by-hop basis based on the destination address. Each datagram contains source and destination addresses that identify the end no des in the network. Every node in an IP network is expected to have a unique IP address. IP uses the services of the underlying network interfaces to perform the physica l transfer of data. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 32 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 32 All rights reserved 2008 Alcatel-Lucent Data Link Encapsulation The data link layer is the term for the network interfaces that are used by IP t o physically transmit the data across the network. The units of data transmitted at the data link layer are usu ally known as frames. IP datagrams must always be encapsulated in some type of data link frame for transm ission. A typical data link frame contains a header, usually with an address. The frame may also contain a trailer with a checksum to verify the integrity of the transmitted data. There are many types of technologies used as

network interfaces by IP. Each type of technology has its own specific format an d rules of operation. The common characteristic is that all of these technologies can carry IP datagrams. Most protocols at this layer also use some form of addressing. The address is sp ecific to the data link protocol and identifies the endpoints of the data exchange. For example, the slide shows the address of an Ethernet frame. Some point-to-point protocols such as PPP may not use addresses when ther e is only one possible destination for the data. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 33 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 33 All rights reserved 2008 Alcatel-Lucent End-to-end Frame Transfer This slide shows how data is transferred from a source PC to a destination serve r across the Internet. An application running on the source PC generates the data to be transmitted to the server. The application does not need to be concerned with the details of the transmission and only pass es the data to the TCP layer of the TCP/IP protocol stack included in the PC operating system. The TCP layer encapsulates the application data within a TCP header and passes t he data to the IP layer. TCP is also not concerned about the details of the transmission and relies on the IP layer to handle the end-to-end routing of the data across the network. However, TCP does make sure that the dat a is transmitted reliably across the network. The IP layer encapsulates the data within an IP header and makes a decision abou t where the data should be transmitted to reach the destination server. Since IP uses hop-by-hop routing, i t is only concerned with finding the next hop towards the destination. In an IP network, the hops are between IP routers and from the source PC, the next hop is usually the default gateway. The source PC transmits the dat a to the default gateway which then decides which router is the next hop towards the destination and then transmits the data to that router. The IP datagram travels from router to router across the Internet, until it reaches the destination server. However, the IP layer does not physically handle the transmission of the data. T he transmission of data between routers is performed by the network interface or by the data link layer. IP passes its data (including the IP header) to the data link layer, which then encapsulates it in a data link frame for transmission to the next router. The data link from the source PC may be an Ethernet network; theref ore, the IP datagram travels to the next router in an Ethernet frame. The physical connection between that ro uter and the next router may be an ATM network; therefore, the IP datagram will travel in an ATM frame to the next IP router. If the next hop is a different data link technology from the technology of the previous hop, the IP datagram will travel in the appropriate frame used by that technology. This continues hop by hop until t he IP packet reaches the destination server. Because IP provides end-to-end forwarding across the network, the IP datagram is

created at the source PC, including the IP header, the TCP header, and the application header. The IP data gram then travels intact across the IP network, although it is encapsulated in a different data link fram e at each hop (each IP router). When the IP datagram reaches the destination system, the data is extracted by th e TCP/IP protocol stack on that system and the data is provided to the application. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 34 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 34 All rights reserved 2008 Alcatel-Lucent OSI Model Overview The open systems interconnection (OSI) reference model represents an alternative method to TCP/IP for organizing how networks communicate with each other so that all hardware and sof tware vendors have an agreed-upon framework to develop networking technologies. With this model, the I nternational Organization for Standardization (ISO) intended to: Simplify complex procedures by separating them into simpler, discrete layers Allow network equipment from different vendors to interoperate Support a modular plug-and-play functionality Provide an alternative method to TCP/IP to organize The OSI model is represented by the seven layers, as shown in the slide. These l ayers may be grouped into two main areas: upper and lower layers. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 35 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 35 All rights reserved 2008 Alcatel-Lucent Development of the OSI Model Early 1970s Canepa and Bachman at Honeywell Information Systems worked to develop a mechanism to distribute databases March 1978 7-layer model created by Bachman and Canepa was the only model submitted to the ISO Late 1970s Specific standards developed by ISO and CCITT 1983 The ISO and CCITT documents merged into the Basic Reference Model for Open Systems Interconnection 1984 The merged document was published by both ISO and CCITT, with CCITT being renamed ITU-T (ISO 7498 and ITU-T X.200) Early 1990s - Some OSI protocols (for example, X.500 and CLNS) competed with TCP/IP, but growth of the Internet caused IP to be adopted. The OSI reference model was developed at the end of the 1970s, but the developme nt of actual protocols to support the reference model was slow. By the early 1990s, a number of OSI protoc ols (for example, TP0-4, CLNS, CONS, X.400, and X.500) had been specified and commercial implementations were attempted. However, the success of TCP/IP and the weaknesses of the OSI led to the adoption of TCP/IP for internetworking. The OSI was designed as an open standard to replace the strictly proprietary net working technologies that were in use in the 1970s (IBMs SNA was dominant, but many others were also in use ). However, TCP/IP applications and implementations grew much more rapidly than the OSI, and by 200 0, OSI was essentially replaced by TCP/IP.

The OSI reference model is widely used to describe the layering of network proto cols, and much networking terminology derives from the OSI protocol suite. A few remnants of OSI are still in use; for example, LDAP, which is a derivation and simplification of X.500, and IS-IS, which was designed as an OSI routing protocol and was adapted to TCP/IP networks. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 36 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 36 All rights reserved 2008 Alcatel-Lucent OSI vs TCP/IP Suite The TCP/IP suite differs from the OSI model in that the TCP/IP suite uses four p rotocol layers and the OSI model uses seven layers. The slide shows the protocol layer relationship between the two models. Network interfaces This layer defines the actual interface between network nodes and contains the functionality of both the physical and data link layers of the OSI model. Protoc ols such as Ethernet describe both the framing of data (Layer 2) and the physical transmission of the frame ov er the media (Layer 1). This layer is often referred to as Layer 2 because it provides OSI Layer 2-type servi ces to the IP layer. Internet protocol The IP layer provides a universal and consistent forwarding se rvice across a TCP/IP network. IP provides services that are comparable to the OSI network layer and i s sometimes referred to as a Layer 3 (also known as L3) protocol. The OSI network protocol, CLNP corresponds most closely to IP. Transport The transport layer comprises two main protocols: TCP and UDP. These t ransport protocols provide services that are similar to the OSI transport protocols. TCP is very si milar to the OSI transport protocol, TP4. TCP and UDP may be referred to as Layer 4 protocols. Application services The application services provide end-user access to the Int ernet. Any of the services of the upper three OSI protocols that are required are incorporated into the applic ation protocols. There are a number of Internet protocols that provide services similar to these OSI layers, although they do not follow the layering or service definitions of the OSI. For example, TLS provides session-li ke services to Internet applications and MIME provides presentation-like services to SMTP and HTTP. Appl ication layer protocols are sometimes referred to as Layer 7 protocols. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 37 The Evolution of the Internet Section 4 - Module Summary and Learning Assessment Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 38 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 38 All rights reserved 2008 Alcatel-Lucent Module Summary After the successful completion of this module, you should be able to: Describe the evolution of the Internet Describe the components of the Internet Describe how the Internet works

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 39 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 39 All rights reserved 2008 Alcatel-Lucent Learning Assessment The Evolution of the Internet Outline the events that led to the development of the Internet Describe the significance of ARPANET List the problems with having different protocols Describe the solution to the problem of different protocols Describe how the Internet evolved from a military-based network to a research-based network Describe how the Internet evolved from a research-based network to a commercial-based network Describe the importance of the IETF Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 40 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 40 All rights reserved 2008 Alcatel-Lucent Learning Assessment - The Components of the Internet Provide a practical definition of the Internet Describe the differences between an Internet service provider and a content provider Describe the differences between older and modern ISP services Identify the basic components required for the Internet to work List the advantages of protocol layering Alcatel-Lucent Confidential for interna l use only -- Do Not Distribute Scalable IP Networks v2.01 Module 1 - 41 Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 41 All rights reserved 2008 Alcatel-Lucent Learning Assessment - How the Internet Works List and describe the characteristics of the TCP/IP layers Describe how the TCP/IP layers work together Describe the OSI Model Discuss the development of the OSI Model Discuss the similarities between the TCI/IP and OSI models of protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 42 All rights reserved 2008 Alcatel-Lucent www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks Module 2 7750 SR and 7450 ESS Components and CLI Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 2 All rights reserved 2008 Alcatel-Lucent Module Overview 7750 SR and 7450 ESS Products 7750 SR Components Boot Process CLI Commands Basic Router Configuration Alcatel-Lucent Confidential for internal use only -- Do Not Distribute 7750 SR and 7450 ESS Components and CLI Section 1 7750 SR and 7450 ESS Products

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 4 All rights reserved 2008 Alcatel-Lucent 7750 SR and 7450 ESS Products Overview 7750 SR Family 7750 SR Features 7450 ESS Family 7450 ESS Features Comparison Between 7450 ESS and 7750 SR 7450 ESS and 7750 SR Control Plane vs Data Plane Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 5 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 5 All rights reserved 2008 Alcatel-Lucent 7750 SR Family Three chassis options 1, 7, and 12 slots Carrier-class reliability combined with high density in a small footprint System capacities scalable from 20 Gb/s to 200 Gb/s Modular design for the SR-7 and SR-12 removable IOM, SF/CPM, and MDAs Common operating system Slot MDA SR-12 1 2 1 2 3 4 5 A B 6 7 8 910 SR-7 MDA Slot 1 2 3 4 5 A B 1 2 MDA A1 SR-1 1 2 The 7750 SR-12 is the largest 7750 SR and has 12 front-access card slots. Two ca rd slots are dedicated for redundant common equipment. Each slot holds one Switch Fabric/Control Processor Module (SF/CPM). Only one SF/CPM is required for operation. A second SF/CPM provides complete redundan cy of the fabric and the control processors. There are two switch fabric options: 200 Gb/s and 400 Gb/s f ull-duplex throughput. When two 7750 SR SF/CPMs are installed, the traffic load is shared across the sw itch fabrics. Two 200 Gb/s/400 Gb/s fabrics provide 400 Gb/s/800Gb/s of non-redundant full-dup lex throughout or 200 Gb/s/400 Gb/s of fully redundant, full-duplex throughput. The remaining 10 s lots are used for Input/Output Module (IOM) base boards. The backplane supports 40 Gb/s full-duple x throughput to each IOM slot. The 7750 SR-7 chassis is a fully redundant system and has seven front-access slo ts. Two card slots are

dedicated for redundant common equipment, each of which holds one SF/CPM. The re maining five slots are used for IOM base boards. The 7750 SR-1 has the management, switch fabric and one IOM base board integrate d into the chassis. The 7750 SR-1 has an integrated switching system with 20 Gb/s full-duplex throughput and can accommodate two Media Dependent Adapters (MDAs) for physical interfaces. The 7750 SR-1 is a small form factor switch for installations that need the many 7750 SR service capabilities but with less interface and protocol scaling requirements. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 6 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 6 All rights reserved 2008 Alcatel-Lucent 7750 SR Features Supports all industry-standard routing protocols OSPF, IS-IS, BGP, RIP, VPRN, Multicast OSPF v2 and v3 with multiple instances are supported in Release 5.0 or later BGP support with address families (IPv4, IPv6, VPN-IPv4, Multicast) IPv6 Supports MPLS and LDP with services capability VLL VPLS VPRN Supports high availability NSF, NSR GR Helper Mode Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 7 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 7 All rights reserved 2008 Alcatel-Lucent 7450 ESS Family Integrated switch fabric/control, IOM, and power 20 Gb/s full-duplex system capacity Two 10 Gb/s MDAs Over-subscription of some MDAs available Power redundancy 7 slots (5 IOM, 2 SF/CPM) 100 Gb/s full-duplex system capacity 200 Gb/s switch fabric/control Fabric/control redundancy Five 20 Gb/s IOMs Ten 10 Gb/s MDAs Over-subscription of some MDAs available Power redundancy MDA Slot 1 2 3 4 5 A B ESS-1 ESS-7 1 2 The 7450 ESS-1 has the management, switch fabric and one IOM base board integrat ed into the chassis. The

7450 ESS-1 has an integrated switching system with 20 Gb/s full-duplex throughpu t and can accommodate two MDAs for physical interfaces. The 7450 ESS-7 chassis is a fully redundant system and has seven front-access sl ots. Two card slots are dedicated for redundant common equipment, each of which holds one SF/CPM. The re maining five slots are used for IOM base boards. The total switching capacity for the 7450 ESS-7 of 100 Gb/s is limited by the IOM capacity despite the switching fabric supporting up to 200 Gb/s. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 8 All rights reserved 2008 Alcatel-Lucent 7450 ESS Family (continued) 6 slots (4 IOM, 2 SF/CPM) 80 Gb/s full-duplex system capacity 80 Gb/s switch fabric/control Fabric/control redundancy Four 10 or 20 Gb/s IOMs Over-subscription of some MDAs available Power redundancy 12 slots (10 IOM, 2 SF/CPM) 400 Gb/s full-duplex system capacity 400 Gb/s switch fabric/control Fabric/control redundancy Ten 20 or 40 Gb/s IOMs Over-subscription of some MDAs available Power redundancy ESS-6 ESS-12 The 7450 ESS-6 is a fully redundant system with a lower switching capacity than the 7450 ESS-7 making it available at a lower cost. Functionally it supports all of the features of the 7 450 ESS-7. The 7450 ESS-12 is the largest 7450 ESS and has 12 front-access card slots. Two card slots are dedicated for redundant common equipment. Each slot holds one SF/CPM. Only one SF/CPM is requi red for operation. A second SF/CPM provides complete redundancy of the fabric and the control process ors. There are two switch fabric options: 200 Gb/s and 400 Gb/s full-duplex throughput. When two 7450 ESS SF/CPMs are installed, the traffic load is shared across the s witch fabrics. Two 200 Gb/s/400 Gb/s fabrics provide 400 Gb/s/800 Gb/s of non-redundant full-duplex throughput or 200 Gb/s/400 Gb/s of fully redundant, full-duplex throughput. The remaining 10 s lots are used for IOM base boards. The backplane supports 40 Gb/s full-duplex throughput to each IOM slot. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 9 All rights reserved 2008 Alcatel-Lucent 7450 ESS Features Supports industry-standard routing protocols OSPF, IS-IS, RIP IPV6 Supports MPLS and LDP with service capabilities VLL VPLS Carrier grade with high availability

NSR, NSF, GR Helper Designed for Ethernet aggregation in metro Alcatel-Lucent Confidential for inter nal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 10 All rights reserved 2008 Alcatel-Lucent Comparison Between 7450 ESS and 7750 SR MDA Redundancy Pwr/Control Platforms Purpose Type Ethernet, ATM, POS, and DS3/OC3 are channelized Ethernet and POS ESS-6, ESS-7, and ESS-12 SR-7 and SR-12 ESS-1, ESS-6, ESS-7, and ESS-12 SR-1, SR-7, and SR-12 Supports Ethernet, ATM, frame relay, and VPRN services Primarily designed to support Ethernet aggregation services 7450 ESS 7750 SR The 7750 SR and 7450 ESS share the same robust service management, troubleshooti ng, and billing features. The 7450 ESS is based on the same technology foundation as the 7750 SR, but ther e are some key differences between the two products, as summarized in the slide. The MDAs, IOMs, and fabric modules are not interchangeable between the two produ cts. They have different chassis, modules, MDAs, part numbers and list prices; and distinct roa dmaps. The 7450 ESS has a separate software load from the 7750 SR. The 7450 ESS capabil ities are focused on enabling the delivery of metro Ethernet services only. The 7450 ESS does not sup port Layer 3 services such as MPLS/BGP VPNs. The 7450 ESS does not contain key functionality and scalabilit y attributes that are required in an edge router, for example BGP-4. The 7450 ESS does not have an upgrade path to the 7750 SR or to a PE router. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 11 All rights reserved 2008 Alcatel-Lucent 7450 ESS and 7750 SR Control Plane vs Data Plane Data plane operation The data plane operation occurs after the control plane has built the forwarding information and stored the data in the IOM. 1. Data from the remote network/customer site ingresses through the MDAs, where the data is formatted (internal format). 2. The data is then processed in the I/O module where the decision to switch occ urs (Layer 2/Layer 3 forwarding information lookup) 3. The data packets are sent to the switch fabric. 4. The switch fabric then forwards the data to the appropriate IOM. 5. The IOM sends the data to the appropriate MDA. Control plane operation

Control messages ingress the 7750 SR and 7450 ESS in a way that is similar to th e data packets, except that the control messages are processed further by the control plane. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute 7750 SR and 7450 ESS Components and CLI Section 2 7750 SR Components Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 13 All rights reserved 2008 Alcatel-Lucent 7750 SR Components 7750 SR SF/CPM Cards 7750 SR IOMs, MDAs, and SFPs Ingressing the Router Egressing the Router Compact Flash Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 14 All rights reserved 2008 Alcatel-Lucent 7750 SR SF/CPM Cards Redundant SF/CPMs supported on SR-7 and SR-12 The SF/CPM module is an integrated module that functions as a switching fabric a nd as a system controller. Like the IOMs, the SF/CPM is built using common functionality blocks. The switch ing planes contain switching elements that are composed of fast ASICs, and the system controller co ntains two flexible fastpath complexes. The ASICs are responsible for the systems control plane processing and for running the various routing and signaling protocols. The system controller also manages the shared input/output resources, which includes management Ethernet ports, serial ports, status LEDs, compact flash sockets capable of accepting compact flash or disk modules, system clocks, temperature m onitors, fan controls, and so on. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 15 All rights reserved 2008 Alcatel-Lucent 7750 SR IOMs, MDAs, and SFPs SFP optics IOMs and MDAs are hot-swappable 2 MDAs per IOM 10 IOMs per SR-12 5 IOMs per SR-7 IOMs IOMs are hot-swappable modules that connect to standard physical interfaces. IOM s contain two 10 Gb/s traffic-processing programmable fast path complexes. Each complex supports a plu ggable MDA that allows a common programmable fast path to support all of the possible interface types. Ea ch IOM also contains a CPU section to manage the forwarding hardware in each flexible fast path. The term hot-swappable refers to the ability to remove and replace an IOM from a live system without the

need to shut down. MDAs MDAs provide one or more physical interfaces, such as Ethernet, ATM, or SONET/SD H. MDAs pass incoming frames to the IOM for processing, and transmit outgoing frames to the appropriat e physical interface in the correct format. SFP interfaces SFPs transceivers are small optical modules that are available in a variety of f ormats. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 16 All rights reserved 2008 Alcatel-Lucent Ingressing the Router Data that enters the router (ingressing) goes through the MDA. The MDA converts the received physical format of the data into an internal format and provides minimal buffering. The data is then sent to the flexible fast path complex (one for each MDA) where the following occurs: Quality of service is applied to classify and treat packets differently includin g buffering. Access control lists are applied in real time to discard packets that are not ne eded. Forwarding destination is determined, (that is, the destination IOM/MDA/port). If the data received is a user data packet, the data is forwarded to the switch fabric. If the data received is a protocol control data, the control data is forwarded t o the control plane. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 17 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 17 All rights reserved 2008 Alcatel-Lucent Egressing the Router Data is sent to the IOM from the switch fabric (for a user data packet), or to t he control card (for a controlgenerated packet). The packet is sent to the flexible fast path complex responsible for th e respective egress MDA. Similar to the ingress, the IOM will: Provide QoS classification and buffer management for egressing data Apply access control lists in real time to discard packets that are not needed The data is then reframed in the MDA and sent through the appropriate port. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 18 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 18 All rights reserved 2008 Alcatel-Lucent Compact Flash Each control/switch processor on a 7750 SR or 7450 ESS can have 3 compact flashes, CF1:, CF2:, CF3: Flash size can be 256 Mb, 512 Mb, 1 Gb and 2 Gb By default, the system startup checks for the boot.ldr file in CF3 CF3 can store the runtime image, that is, the running configuration Requires a shutdown of the compact flash before you remove the compact flash Compact flash 1 and 2 can be used to store debug and accounting logs Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

7x50 SR/ESS Components and CLI Section 3 Boot Process Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 20 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 20 All rights reserved 2008 Alcatel-Lucent Boot Process Overview Basic Boot Components Software Release Media System Initialization Boot Options File Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 21 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 21 All rights reserved 2008 Alcatel-Lucent Basic Boot Components Uses a BOF to configure the system BOF is stored in the compact flash CF3 Other components required for startup Boot loader BOF configuration file TiMOS-m.n.Y.Z software image file Default config file Basic operating system The 7750 SR and 7450 ESS use a Boot Option File (BOF) to configure the system. E ach new system is shipped with a Compact Flash (CF) card that contains the files required to start the sys tem. The system files that are required to initialize the system are stored on CF3. The CF3 card contains the following directories and files located from the root directory: boot.ldr - This file contains the system bootstrap image. bof.cfg - This file is user configurable and contains information such as: Management port IP address Location of the image files (that is, primary, secondary, and tertiary) Location of the configuration files (that is, primary, secondary, and tertiary) TiMOS-m.n.Y.Z - This directory is named according to the major and minor softwar e release, type of release and version. For example, if the software release is Version 1.2 of a re leased software version, the directory name would be: TiMOS 1.2.R.0. On a 7750 SR-7 or SR-12, this directory contains two files, cpm.tim and iom.tim, for the SF/CPM and IOM cards respectively. Because the SR-1 has an integrated fabric/control and I/O, t here is only one file, both.tim. config.cfg - This default configuration file is very basic and provides just eno ugh information to make the system operational. You can create other configuration files and point the syste m to them using the bof.cfg file. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 22 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 22 All rights reserved 2008 Alcatel-Lucent Software Release Media The image file is the software that is used to run on the 7750 SR and the 7450 E SS. This software is developed by the development team and is tagged with a release number. The softw are contains all of the

features that are required to configure and run protocols on the 7750 SR and the 7450 ESS. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 23 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 23 All rights reserved 2008 Alcatel-Lucent System Initialization The configuration file includes the chassis, IOM, MDA, port, system, routing, an d service configurations. Persistence You can configure the BOF to turn persistence On or Off (default is Off). Persis tence is required when the either the 7750 SR or the 7450 ESS is managed by the 5620 SAM. When persistence is on, the 7750 SR or the 7450 ESS creates an index file with the same file prefix name as the current con figuration file. The index file contains variable index information (that is, interface indexes, LSP IDs, p ath IDs, and so on). The index file is built dynamically by the 7750 SR or the 7450 ESS operating system and do es not contain the configuration information that is entered by the users. The index file is saved whenever the system configuration file is saved. The index file ensures that the 5620 SAM has the same index data as the 7750 SR or the 7450 ESS node after a system reboot. If a 7750 SR or the 7450 ESS reboots and the indexes stored on the 5620 SAM do not match the node indexes, a complete resynchronization between the node and the 5620 SAM occurs automatically. This can be a very time consuming and processor-intensive operation. If a node reboots with persistence turned on, it must locate the persistence ind ex file and successfully process it before processing the system configuration file. If the index file cannot be processed, the system performs an SNMP shutdown (Get and Set functionality is disabled), however, traps continue to be generated. The system generates traps, log messages, and console messages to advise the user about the problem. The system does not require a shu tdown of the SNMP to reactivate full SNMP functionality. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 24 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 24 All rights reserved 2008 Alcatel-Lucent Boot Options File For the 7750 SR and the 7450 ESS Stores parameters that specify the location of the image filename that the router will try to boot from and the configuration file that the router uses to configure the applications and interfaces The most basic BOF configuration should contain the following: Primary address Primary image location Primary configuration location Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 25 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 25 All rights reserved 2008 Alcatel-Lucent Show BOF

A:sr1a# show bof ========================================================================== BOF (Memory) ========================================================================== primary-image cf3:\4.0.R9 primary-config cf3:\test\test_sr1a.cfg address 138.120.199.60/24 active autonegotiate duplex full speed 100 wait 3 persist on console-speed 115200 ========================================================================== A:sr1a# show bof ========================================================================== BOF (Memory) ========================================================================== primary-image cf3:\4.0.R9 primary-config cf3:\test\test_sr1a.cfg address 138.120.199.60/24 active autonegotiate duplex full speed 100 wait 3 persist on console-speed 115200 ========================================================================== The slide shows the information that is contained in the boot options file. The primary image location is one of the most important items in the BOF. If the router cannot find an image, router will remain in the boot cycle indefinitely. In this slide, the primary configuration is located in CF3. Therefore, when the router reboots, the router goes to CF3, gets the configuration that is specified in the BOF, and loads the configuration on the router. In addition, after the primary configuration location has been defined, when the operator enters the admin save command, the current configuration is saved to the primary configuration fi le. The address in the slide is the address of the management port on the CPM. The c onsole speed is the default speed of the RS-232 port on the CPM. This speed can be changed in the BO F. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute 7750 SR and 7450 ESS Components and CLI Section 4 CLI Commands Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 27 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 27 All rights reserved 2008 Alcatel-Lucent CLI Commands Overview CLI Overview CLI File System CLI Prompts Command Completion CLI Context CLI Tree Structure CLI Navigation

CLI Commands Finding Help Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 28 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 28 All rights reserved 2008 Alcatel-Lucent CLI Overview The 7750 SR Command Line Interface (CLI) is a command-driven interface that is accessible through the console, Telnet, and SSH The CLI is used to configure and manage 7750 SR The CLI command structure is a hierarchical inverted tree The highest level is root Navigation down the hierarchy tree is performed by typing the names of submenus Global commands can be used anywhere in the hierarchy See the 7750 SR OS System Guide for detailed information about the CLI commands and navigation. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 29 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 29 All rights reserved 2008 Alcatel-Lucent CLI File System DOS-based Used to store software images, configuration files, and event logs File commands can be used to create, copy, move, delete files and directories Root file attrib cd copy delete dir md move rd scp type version NOTE: All of the commands are case-sensitive. delete Deletes the specified file. The optional wildcard (*) can be used to dele te multiple files that share a common partial prefix and/or partial suffix. move Moves a local file, system file, or a directory. If the target exists, the command fails and an error message displays. scp Copies a file from the local files system to a remote host on the network. T he command uses SSH for the data transfer, and uses the same authentication and provides the sam e security as SSH. type Displays the contents of a text file version Displays the version of a 7750 SR OS cpm.tim or iom.tim file Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 30 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 30 All rights reserved 2008 Alcatel-Lucent CLI Prompt Examples

To configure OSPF To create a router interface Host name SR1 Context separator At the end of the prompt, there is either a pound symbol (#) or a dollar symbol ($). A # symbol indicates that the context is an existing context. A $ symbol indicates that the context is newly created. SR1>config>router>ospf# SR1>config# router interface Toronto SR1>config>router>if$ address 131.131.131.1/30 Alcatel-Lucent Confidential for i nternal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 31 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 31 All rights reserved 2008 Alcatel-Lucent Command Completion Command completion can be performed by one of the following: Abbreviation, if the keystrokes entered are unique SR1>config>router>os [ENTER] SR1>config>router>ospf# Tab key or space key to automatically complete the command SR1>config>router>os [TAB] SR1>config>router>ospf SR1>config>router>os [SPACEBAR] SR1>config>router>ospf If a match is not unique, the CLI displays possible matches SR1>config# ro [TAB] router router-ipv6 SR1>config# router The system maintains a history of previously entered commands. The history comma nd displays the last 30 commands that were entered. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 32 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 32 All rights reserved 2008 Alcatel-Lucent CLI Context Sometimes the context can be specified in a specific context with a single keyword, such as: SR>config# router SR>config>router# Sometimes a keyword and a user-supplied identifier are required: SR>config>router# interface system SR>config>router>if# Use the info or info detail commands to display information about the current context level. info Displays non-default information info detail Displays all of the configuration information, including defaults Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 33 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 33 All rights reserved 2008 Alcatel-Lucent CLI Tree Structure tree Displays available commands from context: SR1>config>router>ospf# tree ospf | +---area | | | +---area-range | |

| +---blackhole-aggregate | | | +---interface | | | | | +---advertise-subnet | | | Use the tree or tree detail commands to display the hierarchical CLI command structure below your current position Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 34 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 34 All rights reserved 2008 Alcatel-Lucent CLI Navigation When you enter a CLI command, you move from one command level to another command level When you start a CLI session, you start in the root context Navigate to another level by entering the name of successively lower contexts. For example, enter the configure or show commands at the root level to navigate to the config or show context, respectively Other navigation methods include: Move down the hierarchy by entering the level; for example, config Move up one level in the hierarchy by entering back at the command prompt Move several levels down in the hierarchy by entering multiple contexts separated by spaces; for example: #config router ospf To move up in the hierarchy, enter the command node name; sometimes a parameter must be provided. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 35 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 35 All rights reserved 2008 Alcatel-Lucent Console Control Commands <Ctrl-c> Terminates the pending command <Ctrl-z> Terminates the pending command line and returns to the root context. Th is is a special keyboard sequence that is the same as pressing the Enter key and entering exit a ll to return the user to the root context back Navigates the user to the parent context echo Echoes the text that is typed; primarily to display messages within an exec file exec Executes the contents of a text file as if they were CLI commands entered a t the console exit Returns the user to the previous higher context exit all Moves the user to the root context help Displays a brief description of the help system ? Lists all commands in the current context history Displays a list of the most recently entered commands, which is similar to history in UNIX shell environments info Displays the running configuration for a configuration context Console control commands are used to navigate in a CLI session and to display in formation about a console session. Many of these commands, such as back, exit, info, and tree, are global commands which means that the commands can be executed at any level of the CLI hierarchy. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 36

Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 36 All rights reserved 2008 Alcatel-Lucent CLI Configuration Maintenance Commands The shutdown command can be used to disable protocols and interfaces The no form of any command may have one of the following results: The removal of the object from the configuration (that is, no ospf) Reset to default settings (that is, config>ospf>area>interface>no hello-interval) The shutdown command does not change, reset, or remove any configuration setting s or statistics. Many objects must be shut down before they can be deleted. A shutdown is saved i n the configuration file. All ports are shut down, by default, when the system is firs t powered on. To restore the settings after a no command, you must reconfigure the router and reboot from a configuration file that has the correct configuration, or perform an exec comman d on a configuration file that contains the correct settings. You can use an exec comma nd to process a configuration file and restore the configuration that is stored in the file. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 37 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 37 All rights reserved 2008 Alcatel-Lucent CLI Global Commands info Displays information about on the configuration logout Terminates the CLI session oam Displays information about the OAM test suite (see service OAM in the 7750 S R OS Services Guide) password Changes the user CLI login password NOTE: This is not a global command. The password must be entered at the root lev el ping Verifies the reachability of a remote host pwc Displays the present or previous working context of the CLI session sleep Pauses the console session operation for 1 second or for the specified num ber of seconds; the primary use is to introduce a pause during the execution of an exec file ssh Opens a secure shell connection on a host telnet Telnet to a host traceroute Determines the route to a destination address tree Displays a list of all commands at the current level and all sublevels write Sends a console message to a specific user or to all users with active con sole sessions Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 38 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 38 All rights reserved 2008 Alcatel-Lucent CLI Environment Commands alias Allows the substitution of a command line by an alias create Allows the create parameter check more Configures whether CLI output should be displayed one screen at a time, waiting for user input to continue reduced-prompt Configures the number of higher-level CLI context levels to display in the CLI prompt

terminal Configures the number of lines to display for the current CLI session. The default is 24 lines time-display Specifies whether time should be displayed in local or UTC format CLI environment commands are used to customize session preferences for a CLI ses sion. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 39 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 39 All rights reserved 2008 Alcatel-Lucent Finding Help Help Displays a brief description of the help system ? Lists all commands in the current context string ? Lists all commands available in the current context that start with str ing command ? Displays the commands syntax and associated keywords command keyword ? Lists the associated arguments for keyword in command string <Tab> string <Space> Completes a partial command name (auto-completion) or lists avail able commands that match string Help Edit Displays help about editing (editing keystrokes) Lists the available editing keystrokes Help Globals Displays help about global commands Lists the available global commands The tree and tree detail system commands are help commands that are useful when you search for a command in a lower-level context. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute 7750 SR and 7450 ESS Components and CLI Section 5 Basic Router Configuration Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 41 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 41 All rights reserved 2008 Alcatel-Lucent Basic Router Configuration Overview Physical Access Provisioning Cards, MDAs, and Ports Initial System Setup Basic System Management Configuration BOF Parameters Show Card Show MDA Logs Configuring Logs Displaying Configuration Information Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 42 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 42 All rights reserved 2008 Alcatel-Lucent Physical Access In-band customer-facing access ports and network ports are located in MDAs OOB-CPM Management Ethernet Port CPM Console Port SF/CPM (Switch Fabric/Control Processor Module) card common to the 7750 SR-7 and SR-12 The 7750 SR can be accessed in three ways:

In-band ports Access ports and network ports on MDAs Console port A DB-9 serial port, which is enabled by default. The default settin gs are: Baud Rate: 115 200 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None CPM Ethernet port A 10/100 Ethernet management port Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 43 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 43 All rights reserved 2008 Alcatel-Lucent Provisioning Cards, MDAs, and Ports Slot MDA 7750 SR-12 1 2 1 2 3 4 5 A B 6 7 8 910 7750 SR-7 MDA Slot 1 2 3 4 5 A B 1 2 MDA A1 7750 SR-1 1 2 The 7750 SR allows you to provision slots, IOMs, MDAs, and ports before or after they are physically installed. You can also optionally specify the line cards that can be installed in a slot a nd the MDAs that can be installed in an IOM. A line card or MDA will not initialize unless the installed type matches the allowed type. Provision the 7750 SR hardware in the following sequence: 1. Choose a chassis slot and provision the IOM type for the slot. 2. Choose an MDA slot and specify the MDA type for the slot. 3. Choose a port and configure the port. IOMs, MDAs, and ports must be enabled with a no shutdown command. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 44 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 44 All rights reserved 2008 Alcatel-Lucent Initial System Setup The following steps are typically used to configure a system from startup: Log in to the 7750 SR or 7450 ESS using console input Configure the system name and change the admin user password Configure the CPM Ethernet management IP address Configure additional BOF parameters Configure IOM cards Configure MDA cards View alarms Configure the system address

Configure logs if required View the entire running configuration Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 45 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 45 All rights reserved 2008 Alcatel-Lucent Basic System Management Configuration Some basic configuration on the 7750 SR is usually required before you place the router in service: System name Admin password CPM Ethernet management port IP address IOMs, MDAs, and ports System Name - Any ASCII printable string up to 32 characters. The system name is configured in the config CLI context. If the name contains spaces, the name must be enclosed in quotation marks to delimit the start and end of the name. The system name becomes part of the CLI prompt. Passwords - The default login and password is admin. This password should be cha nged before your router is placed in service. The system automatically creates at least one admin user (the default) and must retain at least one admin user unless you are using an external protocol, such as RADIUS or TACACS+, to pr ovide authentication. You can configure the following password parameters: Aging The maximum number of days (1 to 500) that a password remains valid before the user must change the password. The default is no aging enforced. Attempts The number of unsuccessful login attempts that are allowed in a specifi ed time period. If the configured threshold is exceeded, the user is locked out for a specified time. I n the following example, a user is locked out for 10 minutes if 4 unsuccessful login attempts occur in a 10 -minute period. Count: 4 Time (minutes): 10 Lockout (minutes): 10 Authentication Order You can configure the sequence in which password authentica tion is attempted for the RADIUS, TACACS +, and local methods. Complexity You can specify whether passwords must contain uppercase and lowercas e characters, special characters, and numerical values. Minimum Length You can specify the minimum number of characters (1 to 8) require d for a password. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 46 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 46 All rights reserved 2008 Alcatel-Lucent BOF Parameters Boot Option File Boot Option File 7750 SR uses the BOF to perform the following tasks: 1) Set up the CPM Ethernet port (speed, duplex, auto) 2) Create an IP address for the CPM Ethernet port

3) Create a static route for the CPM Ethernet port 4) Configure the console port speed 5) Configure the DNS domain name 6) Configure the primary, secondary, tertiary configuration source 7) Configure the primary, secondary, tertiary image source 8) Configure the persistence requirements Always be sure to save the BOF! The slide contains the parameters that you can configure in the BOF. The configu ration of the BOF is performed in the BOF CLI context. Sample BOF commands are: SR-1# bof Change or create a BOF SR-1>bof# address 10.10.10.2/24 primary Change or create a CPM port IP address f rom the console) SR-1>bof# speed 100 Configure the CPM Ethernet port speed to 100 Mb/s SR-1>bof# primary-image cf3:/TIMOS.1.0.R0 Configure the primary image directory SR-1>bof# primary-config cf3:/test.cfg Configure the primary configuration file to test.cfg SR-1>bof# save Save the BOF Show commands SR-1>show bof Display the in-memory BOF that was last used NOTE: Changes made to the bof.cfg file are not kept unless they are explicitly s aved using the "bof save" command. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 47 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 47 All rights reserved 2008 Alcatel-Lucent Show Card A:sr1a# show card 1 ========================================================================== Card 1 ========================================================================== Slot Provisioned Equipped Admin Operational Card-type Card-type State State -------------------------------------------------------------------------1 iom-20g-b iom-20g-b up up ========================================================================== A:sr1a# show card 1 ========================================================================== Card 1 ========================================================================== Slot Provisioned Equipped Admin Operational Card-type Card-type State State -------------------------------------------------------------------------1 iom-20g-b iom-20g-b up up ========================================================================== This slide shows the output of a show card command. The output indicates that th e card slot is configured to support all IOMs. The columns list the card that the slot is configured to ac cept and the card that is installed in the slot. The two entries must match. Also, the administrative and operational states should both be up. IOM configuration example: SR1# configure card 1 SR1>config>card# card-type iom-20g

SR1>config>card# no shutdown Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 48 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 48 All rights reserved 2008 Alcatel-Lucent Show MDA A:sr1a# show mda ========================================================================== MDA Summary ========================================================================== Slot Mda Provisioned Equipped Admin Operational Mda-type Mda-type State State -------------------------------------------------------------------------1 1 m5-1gb-sfp-b m5-1gb-sfp-b up up 2 m16-oc3-sfp m16-oc3-sfp up up ========================================================================== A:sr1a# show mda ========================================================================== MDA Summary ========================================================================== Slot Mda Provisioned Equipped Admin Operational Mda-type Mda-type State State -------------------------------------------------------------------------1 1 m5-1gb-sfp-b m5-1gb-sfp-b up up 2 m16-oc3-sfp m16-oc3-sfp up up ========================================================================== This slide shows the output of a show mda command. The output lists the card slo t that is referenced, in this case card 1, and the MDAs that are supported by the IOM in card slot 1. In this case, all MDAs are supported. The next column lists the IOM slot that is configured to accept the MDA, the MDA that is installed in the IOM MDA slot, and the status of the MDA. MDA configuration example: SR1>config>card# mda 1 SR1>config>card>mda# mda-type m60-10/100eth-tx SR1>config>card>mda# no shutdown Port configuration example: SR1# configure port 1/1/1 SR1>config>port# no shutdown Note The port default is shutdown Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 49 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 49 All rights reserved 2008 Alcatel-Lucent Logs Record events, alarms, and faults that result from actions performed on the 7750 SR and the 7450 ESS Can be used to record debug messages for troubleshooting Log sources Main - most normal logs not specifically directed to any other event stream Security - any attempt to breach system security such as failed login attempts Debug - events generated when debug tracing is on Change - any events that change the configuration or operation of the node Log destinations Console, session Memory, file

SYSLOG server SNMP trap group Logs The 7450 ESS and 7750 SR keep very extensive logs of events, alarms, traps, and debug/trace messages. The logs are used to monitor events and troubleshoot faults in the 7450 ESS or the 7 750 SR. You can configure the type of logging information that is captured and where to send the captured logging information. Log sources Applications and processes in the 7450 ESS or the 7750 SR generate event logs. T he logs are divided into four streams main, security, debug trace, and change. Forwarded events are place d into an event log. Each event log has a log identification (log-id) number and can contain events f rom more than one event stream. Log destinations You can configure the destination for the contents of a log-id. A log-id can be directed to one of the following destinations: Console the physical 9-pin console port of the 7450 ESS or the 7750 SR Session a console or Telnet session. Sessions are temporary log destinations tha t are valid only for the duration of the session. Memory a circular buffer where the oldest entry is overwritten when the buffer i s full File event logs and accounting policy information can be directed to a file Syslog event log information can be sent to a syslog server SNMP trap group event log information can be sent to an SNMP trap group. All eve nts and traps are time-stamped and numbered per destination. Traps are numbered sequentially per d estination and stored in memory. If the network management system (NMS) is offline, the system may not receive some trap notifications. When the NMS is back online, the system will automatica lly recognize whether some trap notifications were missed because the last sequence number wil l not match the sequence number in the 7450 ESS or the 7750 SR. The NMS will then update its rec ords with the missing traps. If the in-memory notification log is full and some records are ov erwritten, the NMS will resynchronize with the 7450 ESS or the 7750 SR. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 50 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 50 All rights reserved 2008 Alcatel-Lucent Configuring Logs This slide shows the capture of events and the subsequent logging of the events. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 51 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 51 All rights reserved 2008 Alcatel-Lucent CLI for Configuring Logs A:PE1>config# log filter - filter <filter-id> - no filter <filter-id> <filter-id> : [1..1001] [no] default-action - Specify the default action for the event filter

[no] description - Description string for the event filter [no] entry + Configure an event filter entry A:PE1>config# log filter 14 A:PE1>config>log>filter$ description critical filter" A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ entry 1 A:PE1>config>log>filter>entry$ action forward A:PE1>config>log>filter>entry# match severity eq critical A:PE1>config>log>filter>entry# exit all A:PE1>config# log filter - filter <filter-id> - no filter <filter-id> <filter-id> : [1..1001] [no] default-action - Specify the default action for the event filter [no] description - Description string for the event filter [no] entry + Configure an event filter entry A:PE1>config# log filter 14 A:PE1>config>log>filter$ description critical filter" A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ entry 1 A:PE1>config>log>filter>entry$ action forward A:PE1>config>log>filter>entry# match severity eq critical A:PE1>config>log>filter>entry# exit all Steps to configure a log 1. Configure a log ID with a number from 1 to 98. 2. Identify the source. 3. Specify an optional filter to filter events if required. 4. Identify the destination. 5. Examine the logs to view the events. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 52 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 52 All rights reserved 2008 Alcatel-Lucent CLI for Configuring Logs (continued) A:PE1>config>log# log-id 14 A:PE1>config>log>log-id# from main A:PE1>config>log>log-id# to session A:PE1>config>log>log-id# filter 14 A:PE1>config>log>log-id# info detail ---------------------------------------------no description filter 14 time-format utc from main to session no shutdown ---------------------------------------------A:PE1>config>log>log-id# A:PE1>config>log# log-id 14 A:PE1>config>log>log-id# from main A:PE1>config>log>log-id# to session A:PE1>config>log>log-id# filter 14 A:PE1>config>log>log-id# info detail ---------------------------------------------no description filter 14 time-format utc from main to session no shutdown

---------------------------------------------A:PE1>config>log>log-id# General log commands: show log applications show log event-control show log file-id show log filter-id show log log-collector show log log-id show log snmp-trap-group show log syslog Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 53 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 53 All rights reserved 2008 Alcatel-Lucent Default Alarm Logs There are two default and one special use log. Log 99 All severity levels of alarms Log 100 Only critical errors Log 98 (special use) Created by SAM managed nodes To view the logs, use the following commands: show log log-id 99 show log log-id 100 More granular information in the two log files can be displayed by using: show log log-id 99 subject 1/1/1 port specific show log log-id 99 application chassis chassis-related alarms Additional commands exist for displaying alarm information Only store about 500 of the latest entries. If more entries are required, specific alarm logs need to be created Showing Layer 1 and Layer 2 alarms The 7750 SR and the 7450 ESS have two default memory logs (log-id 99 and log-id 100) that contain all of the events from the main application. All severity levels of alarms are recorded in log-id 99; log-id 100 only contains serious errors. There are several ways to view the alarms of a specific subject, such as alarms related to a particular port. One method is to create a log that only monitors the specific subject. Although Log 98 is not reserved or in use by default, it should be noted that th e 5620 SAM network management software will try to use this log-id by default. Generally it is reco mmended not to use log-id 98. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 54 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 54 All rights reserved 2008 Alcatel-Lucent Default Logs Alarm Monitoring Example The show log command A:PE1>config>log>log-id# show log log-id 99 =================================================================== Event Log 99 =================================================================== Description : Default System Log Memory Log contents [size=500 next event=25 (not wrapped)] 24 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2006 - CHASSIS "tmnxMDATable: Slot 1, MDA 2 configuration modified" 23 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2007 - PORT "Pool on Port 1/2/b.net-sap Modified managed object created

. 5 2006/08/17 15:30:55.29 UTC MINOR: CHASSIS #2004 - Mda 1/2 "Class MDA Module : wrong type inserted" A:PE1>config>log>log-id# show log log-id 99 =================================================================== Event Log 99 =================================================================== Description : Default System Log Memory Log contents [size=500 next event=25 (not wrapped)] 24 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2006 - CHASSIS "tmnxMDATable: Slot 1, MDA 2 configuration modified" 23 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2007 - PORT "Pool on Port 1/2/b.net-sap Modified managed object created . 5 2006/08/17 15:30:55.29 UTC MINOR: CHASSIS #2004 - Mda 1/2 "Class MDA Module : wrong type inserted" The show log log-id 99 application chassis command displays all alarms that are logged in the router. In the slide, the detailed information only displays minor alarms from the individual m odules that are inserted in the chassis. From the time that appears in the slide, it appears that these entr ies are from when the router first booted. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 55 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 55 All rights reserved 2008 Alcatel-Lucent Displaying Configuration Information The info command provides an informational display during configuration without the need to use the show config command A:Training1>config>router# interface Toronto A:Training1>config>router>if# info ---------------------------------------------address 131.131.131.1/30 port 1/1/1 ---------------------------------------------You can view more details by using the detailed version of the info command: info detail Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 56 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 56 All rights reserved 2008 Alcatel-Lucent Admin display-config A:acie_sr1a# admin display-config # TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 Alcatel-Lucen t. # All rights reserved. All use subject to applicable license agreements. # Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main # Generated FRI DEC 22 16:00:41 2006 UTC exit all configure #-------------------------------------------------echo "System Configuration" #-------------------------------------------------system name "acie_sr1a" snmp shutdown exit

login-control Press any key to continue (Q o quit) A:acie_sr1a# admin display-config # TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 Alcatel-Lucen t. # All rights reserved. All use subject to applicable license agreements. # Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main # Generated FRI DEC 22 16:00:41 2006 UTC exit all configure #-------------------------------------------------echo "System Configuration" #-------------------------------------------------system name "acie_sr1a" snmp shutdown exit login-control Press any key to continue (Q o quit) This slide shows a partial output of the admin display-config command. The first portion of the output displays the current version of the operating system that is running on the rout er. The router then outputs the entire configuration of the router, down to the port level. This command can display a large number of pages on a fully configured router. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 57 7750 SR and 7450 ESS Components and CLI Section 6 Module Summary and Learning Assessment Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 58 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 58 All rights reserved 2008 Alcatel-Lucent Module Summary After successful completion of this module, you should be able to: Describe the 7750 SR and 7450 ESS Describe the 7750 SR Components Understand the boot process Use the CLI commands Configure a basic router using the CLI Configure alarm logs Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 59 Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 59 All rights reserved 2008 Alcatel-Lucent Learning Assessment What information does the BOF contain? What steps are typically performed to configure a system from startup? List the steps required to configure the BOF. What is the CLI context in which interfaces are configured? What command can be used to view the status of the MDAs? List the possible log sources. How many default logs are there, and what information do they provide? Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 2 - 60

Alcatel-Lucent Scalable IP Networks v2.01 Module 2 | 60 All rights reserved 2008 Alcatel-Lucent Lab 1 Exercise Hardware Configuration Lab 1.1 System Identification Lab 1.2 System Configuration Lab 1.3 Hardware Lab 1.4 - Logs Alcatel-Lucent Confidential for internal use only -- Do Not Distribute www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 1 Module 3 Data Link Overview Alcatel-Lucent Scalable IP Networks Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 2 All rights reserved 2008 Alcatel-Lucent Module Overview Layer 2 OSI and Ethernet Defined Ethernet Ethernet Addressing and Operation Ethernet Physical Cabling Ethernet Devices and Switching Ethernet Redundancy Virtual LAN SONET/SDH and Packet over SONET/SDH Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 3 Data Link Overview Section 1 Layer 2 OSI and Ethernet Defined Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 4 All rights reserved 2008 Alcatel-Lucent Layer 2 OSI and Ethernet Overview Layer 2 Overview Scope of Data Link Layer Point-to-Point Data Links Point-to-Point Protocol Circuit-Switched Data Links ATM Protocol Time Division Multiplexing Data Link Types Broadcast/Shared Access Sonet and SDH and framing types Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 5 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 5 All rights reserved 2008 Alcatel-Lucent Layer 2 Overview Why do we need Layer 2? Required for higher-layer data transfer between directly/indirectly connected components of a network based on the characteristics of the physical medium Characteristics of Layer 2 Scope of Data Link layer is the local network Data Link headers are stripped and added as frames move from one network to another point-to-point, circuit-based, or shared network Addressing/Identification MTU

Error Checking Examples of Layer 2 Protocols Ethernet, ATM, Frame Relay, X.25, TDM The application packages the data into a Transport Layer segment that is to be t ransmitted to the remote station. The Network Layer (OSI) or Internet Protocol Layer constructs a packet with an IP address that uniquely identifies the source and destination network device in the internetwor k. The packet may then have to be transmitted over several different networks (same/different physical media ) before it reaches its destination. In any one particular network, the Data Link Layer is responsible f or encapsulating the packet into a frame for Layer 2 forwarding. The frame is stamped with a Data Link heade r, which contains Data Link source and destination addresses. When Ethernet is used, these Data Link address es are called media access control (MAC) addresses. After adding the Data Link addresses to the frame, the Data Link Layer passes th e frame to the physical layer for transmission over the physical medium. The receiving network device must be able to recognize that the frame is destined for itself and verify that the packet is intact. Because the e ntire packet is transmitted over the physical medium, noise and other signal disturbances could corrupt or change the packet, rendering it meaningless to the higher-layer application. Layer 2/Data Link networks can be classified broadly into point-to-point network s, circuit-based networks, and shared networks. Point-to-point network protocols do not usually require a sourc e and destination addresses since they are established between two networking devices only. The Layer 2 framing usually consists of: a circuit identifier in the case of circuit-based networks an address that directs the packet to the required destination, usually on share d media a fixed-length maximum size, maximum transmission unit (MTU) established between the source and receiving component; data from higher-layers is broken into fixed-length frames (covered later) an error check that is inserted by the source component and verified by the rece iving component to maintain data integrity Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 6 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 6 All rights reserved 2008 Alcatel-Lucent Scope of Data Link Layer L2 frames are transmitted only to devices and hosts within the same network L2 protocols are dependent on physical medium connecting the network components L2 networks are separated by routers Within a network, L2 frames are switched; the data link headers are not modified unless a network is crossed via a router or the frame reaches its destination The scope of a Data Link frame is the local network. For example, in a typical s cenario of IP/Ethernet, each IP subnet is considered to be one network. The Data Link frame remains intact while it traverses the Layer 2

devices in a particular IP subnet. If the IP packet needs to be routed to anothe r subnet via an IP router, the original Data Link frame is stripped after it ingresses the IP router. When forwarding the IP packet out from the appropriate port, the IP router const ructs a new Data Link frame with correct headers and Data Link addresses. This new Data Link header is used as the frame traverses to the next subnet. This process continues until the destination host is reached. The application data sent between two host stations can traverse several physica lly different networks. Each network has a different Data Link header and may even use different Data Link pr otocols that depend upon the physical wire; for example Ethernet, point-to-point protocol (PPP), ATM, Frame R elay. In this slide, the end hosts on the Layer 2 network communicate with each other, or by way of Layer 2 devices, using the specific Layer 2 protocol. The PCs on the left side of the Ethernet ne twork do not require anything other than Ethernet L2 framing to communicate with each other. The PCs on the ri ght side of the network similarly require only ATM L2 framing to communicate with each other. The L2 net works are separated by routers, which are Layer 3 OSI devices. The PCs on the Ethernet network can only communicate with the PCs on the ATM network using Layer 3 addresses. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 7 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 7 All rights reserved 2008 Alcatel-Lucent Point-to-Point Data Links Dedicated physical connection between two devices Leased Lines between CPE equipments (local and remote) Layer 2 protocol that can provide authentication and error checking For example: SLIP, PPP Point-to-point data link In earlier times of the Internet, point-to-point data links allowed hosts to com municate with each other through the telephone network. Older protocols such as SLIP (serial line IP) pro vided a simple mechanism for framing higher-layer applications for transmission along serial lines. SLIP, in accordance with RFC 1055, sent the datagram across the serial line as a series of bytes, and it used special ch aracters to mark when a series of bytes should be grouped together as a datagram. SLIP was simple enough but could not control the characteristics of the connection. Today, the protocol of choice is PPP, which provides advantages such as link con trol to negotiate the link characteristics, network control to transfer multiple Layer 3 protocols, and pro vides authentication used by remote computers to dial into their Internet service. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 8 All rights reserved 2008 Alcatel-Lucent Point-to-Point Protocol Frame Data Flag Packing Frame Check Sequence 0x7E Padding

Protocol Second byte Protocol First byte Control 0x03 Address 0xFF Flag 0x7E PPP is a point-to-point data link layer protocol that was initially designed to transport IP packets. Flag: The first flag field indicates the start of a PPP frame. It always has the value 01111110 binary (0x7E hexadecimal, or 126 decimal). The last flag field indicates the end of a PPP frame. It always has the value 01111110 binary (0x7E hexadecimal, or 126 decimal). Address: In HDLC, the address of the destination of the frame. However, in PPP w e have a direct link between two devices, so this field has no meaning. Therefore, it is always set to 11111111 (0x FF hexadecimal, or 255 decimal), which is equivalent to a broadcast (it means all stations). Control: This field is used in HDLC for various control purposes, but in PPP it is set to 00000011 (0003 hexadecimal, or 3 decimal). Data: Zero or more bytes of payload that contains either data or control informa tion, depending on the frame type. For regular PPP data frames, the network-layer datagram is encapsulated here. For co ntrol frames, the control information fields are placed here instead. Padding: In some cases, additional dummy bytes may be added to pad out the size of the PPP frame. (for example, FCS2 or FCS4) Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against errors in transmission. This checksum is a CRC code similar to the one used for other laye r two protocol error protection schemes, such as the one used in Ethernet. FCS can be either 16 bits or 32 bits (default is 16 bits). The FCS is calculated over the Address, Control, Protocol, Data, and Padding fields. Protocol: Identifies the protocol of the datagram encapsulated in the Data field of the frame. See below for more information about the Protocol field. Value (in hex) Protocol Name Reference 0001 Padding Protocol 0003 ROHC small-CID [RFC3095] 0005 ROHC large-CID [RFC3095] 0007 to 001f reserved (transparency inefficient) 0021 Internet Protocol version 4 0023 OSI Network Layer 0025 Xerox NS IDP 0027 DECnetPhase IV 0029 Appletalk 002b Novell IPX Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 9 All rights reserved 2008 Alcatel-Lucent Point-to-Point Protocol Operation Physical Can operate across any physical media

Link Control Protocol (LCP) to build data link connections Network Control Protocol (NCP) - to allow multiple network protocols to be used over point-to-point links Supports authentication, compression, error detection, multi-link as part of the LCP protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 10 All rights reserved 2008 Alcatel-Lucent Circuit-Switched Data Links Many logical connections transferred over one physical connection Virtual circuits based For example: ATM, Frame Relay Circuit-switched protocols allow the transfer of user information as a unique se t of packets identified by virtual circuits. In the slide, the switch on the left accepts traffic from each host PC into a vi rtual circuit and switches to another virtual circuit when going to the router. The virtual circuit number is the same between the host PC and the switch, and between the switch and the router. Traffic from each PC is u niquely identified by a virtual circuit at every hop. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 11 All rights reserved 2008 Alcatel-Lucent Asynchronous Transfer Mode Protocol 0 Bits 7 VCI PT CLP HEC VPI VCI VCI GFC VPI Application packets are broken into 53-byte fixed-sized cells including a 5-byte header also referred to as an ATM packet ATM circuit is identified by a VPI/VCI value Enhanced QoS support with 5 service classes Ideal for multiple services on the same line The ATM header consists of the following fields: GFC4 bits of generic flow control that are used to provide local functions, such as identifying multiple stations that share one ATM interface. The GFC field is typically not used and i s set to a default value. VPI8 bits of virtual path identifier that is used, in conjunction with the VCI, t o identify the next destination of a cell as it passes through a series of switch routers on its way to its final destination. VCI16 bits of virtual channel identifier that is used, in conjunction with the VP I, to identify the next destination of a cell as it passes through a series of switch routers on its way to its final destination. PT3 bits of payload type. The first bit indicates whether the cell contains user data or control data. If the cell contains user data, the second bit indicates congestion, and the third bit indicates whether the cell is the last in a series of cells that represent one AAL5 frame. CLP1 bit of cell loss priority that indicates whether the cell should be preferen tially discarded if it

encounters congestion as it moves through the network HEC8 bits of header error control that are a checksum calculated only on the head er. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 12 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 12 All rights reserved 2008 Alcatel-Lucent PDU payload PAD UU CPI LI CRC-32 Variable length 0-47 1 1 2 4 Bytes PDU - Variable length user information field (broken into 48-byte segments) PAD - Padding used to cell-align the trailer between 0 and 47 bytes long. UU - CPCS user-to-user indication to transfer one byte of user information CPI - Common part indication LI - Length indicator ATM Adaptation Layer 5 Data Links Generally used to transport non-real time connectionless data Encapsulation used for transporting IP packets and inter-working with Frame Relay or Ethernet packets AAL5 is the simple and efficient AAL which is the one used most for data traffic; it has no per-cell length nor per-cell CRC fields ATM packets are further encapsulated by ATM adaptation layers (AAL), which are r esponsible for the segmentation and reassembly (SAR) of ATM cells of higher-layer data received at the other end. The purpose of this is to adapt the class of service from higher-layers onto connectionless ATM cells. The AAL classification is related to the service and application required for transport. Usually the follo wing adaptation layers are mapped to the following classes of service: AAL1 Constant Bit rate service AAL2 Variable Bit rate service AAL3/4 Connection-oriented data usually AAL5 Connectionless data service usually (for example, IP) Constant Bit Rate (CBR) service: AAL1 encapsulation supports a connection-orient ed service where minimal data loss is required. Examples of this service include 64 kb/s voice, fixed-rat e uncompressed video, and leased lines for private data networks. Variable Bit Rate (VBR) service: AAL2 encapsulation supports a connection-orient ed service in which the bit rate is variable but requires a bounded delay for delivery. Examples of this ser vice include compressed packetized voice or video. The requirement on bounded delay for delivery is nece ssary for the receiver to reconstruct the original uncompressed voice or video. Connection-oriented data service: For connection-oriented file transfer and data network applications where a connection is set up before data is transferred, this type of service has vari able bit rate and does not require bounded delay for delivery. Two AAL protocols were defined to support this servi ce class and have been merged into one type called AAL3/4. Connectionless data service: Examples of this service include datagram traffic a nd data network applications where no connection is set up before data is transferred. Connectionless data se rvice is used to transport IP/Ethernet/Frame Relay applications. Higher-level Service Delivery Units (SDUs) may be several bytes in length. Howev er, as the ATM payload is only 48 bytes, the SDU must be segmented into multiple cells as it enters the ATM net

work, then reassembled when it exits the ATM network. This function of the ATM adaptation layer is known as SAR. The adaptation layer comprises two sublayers, one of which is the SAR sublayer, the other being the c onvergence sublayer (CS), which performs service-dependent functions. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 13 All rights reserved 2008 Alcatel-Lucent Time Division Multiplexing Synchronous channel based Each station gets a fixed-length slot Unused slots are idle transmitted without data For example: T1, SONET Each host PC sends information to the switch. The switch then transmits a frame to the router at a constant data rate (for example, 1.5 Mb/s). This frame now divided into many fixed time s lots (24), each slot contains 64 kbits. Each host can occupy one or more time slots per frame. Each host PC is assigned a fixed data rate. If the host uses one time slot, then its transmission is 64 kbits in that slot. Because the pipe rate is 1.5 Mb/s, the host will have to supply their next 64 kbits in the next frame. In this slide, each host PC transmits its characteristic frame (grey, yellow, pu rple). The frames that are transmitted from the switch contain several timeslots. Within each of these fram es three of the timeslots are used by the respective host PCs. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 14 All rights reserved 2008 Alcatel-Lucent DS1/T1 1.544 Mb/s Framing Rate 24 subchannels (DS0) each 8 bits sampled at 8000 + framing bit Time Division Multiplexing Time Division Multiplexing (TDM) is a digital technology where individual signal s are interleaved into a composite multiplexed signal. Recurring fixed-length time slots are created such that each individual signal is represented by one channel or by multiple channels. The total transmission bandw idth is split among the time slots. The total composite signal includes the payload bits for the composing ch annels and overhead bits. The frame structures of the DS1 [ANSI95b] and the European E1 [ITU-T98a] signals are shown above. The DS1 signal consists of 24 payload channels plus overhead. The basic frame of each of these signals repeats every 125 s, that is, 8000 times per second. With 8 bits carried in each channel, this gives rise to a basic data rate of 64 kb/s for each channel. The requirement for this data rate stems from the n eed to sample the analog telephony signal 8000 times per second and encoding each sample in 8 bits. A DS1 frame contains 24 channels, each consisting of 8 bits, plus 1 framing/overhead bit, leading to a total of 19 3 bits. Because the frame repeats every 125 s (or 8000 times a second), the total bit rate of the DS1 signa l is 1.544 Mb/s. Similarly, the total bit rate of the E1 signal is 2.048 Mb/s (32 channels of 8 bits, repeating

every 125 s). Widely used signaling examples: DS1/T1, E1, DS3, E3, OC3/STM-1, OC12/STM-4 Other signaling examples: DS3 that uses 28 DS1 or 7 DS2 or 1 DS3 = 45 M OC3 that uses 3 DS3 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 15 All rights reserved 2008 Alcatel-Lucent Time Division Multiplexing E1 2.048 Mb/s Framing Rate 32 subchannels (DS0) each 8 bits sampled at 8000 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 16 All rights reserved 2008 Alcatel-Lucent SONET/SDH Overview SONET/SDH is was a layer-1 technology but uses layer-2 framing such as PPP, ATM or frame-relay for carrying data between routers SONET and SDH are TDM technologies designed for voice traffic SONET is used in North America, SDH in the rest of the world SONET aggregates older synchronous carriers such as DS1 and DS3 SDH aggregates European carriers such as E1 and E3 Basic SDH frame is the STM-1, which operates at 155.52 Mb/s and is equivalent to the SONET STS-3 Basic SONET frame is the STS-1, which operates at 51.84 Mb/s and is designed to carry a DS1 (T1) frame. STS-1 is exactly one third of an STM-1 frame SONET/SDH is the underlying technology for ATM transmission Synchronous optical network/Synchronous Digital Hierarchy (SONET/SDH) is a highbandwidth WAN transport technology developed by Bell Communications Research and later standardized by A NSI and ITU. SONET/SDH is synchronous in nature and specifies framing and multiplexing at the physical lay er of the OSI model. SONET/SDH was originally designed to transport voice but has been adapted to tra nsport data by using Layer 2 framing technologies such as PPP/HDLC and ATM. SONET/SDH technology is typically not implemented by small or medium-sized busin esses, because of its high cost. It is more commonly used by large global companies, long-distance companie s linking metropolitan areas and countries, or ISPs that need to guarantee fast, reliable access to the Inter net. SONET/SDH is particularly suited to audio, video, and imaging data transmission. As you can imagine, becau se of its reliance on fiberoptic cable and its redundancy requirements, SONET/SDH technology is expensive to impl ement. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 17 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 17 All rights reserved 2008 Alcatel-Lucent SONET/SDH Overview (continued) Basic SONET frame is known as STS-1 at 51.84 Mb/s Each STS-1 can carry one DS3 frame STM-1 frame is the equivalent of the STS-3 frame and designed for European carriers Higher levels achieved by combining exact multiples of STS-1 and

STM-1 STM-64 STM-16 STM-4 STM-1 STM-0 SDH frame 9953 2488 622 155.52 51.84 Bit rate (Mb/s) 4096 1024 256 64 16 E1s 5376 1344 336 84 28 DS1s 129 024 32 256 8064 2016 672 DS0s 256 64 16 4 1 E3s 131072 32768 8192 2048 512 E0s OC-192 OC-48 OC-12 OC-3 OC-1 STS-192 192 STS-48 48 STS-12 12 STS-3 3 STS-1 1 DS3s SONET frame The basic SONET signal is known as synchronous transport signal (STS-1) and has a bit rate of 51.84 Mb/s. This

includes a payload of 50.112 Mb/s and an overhead of 1.728 Mb/s. The STS-1 frame is 810 bytes and is transmitted in 125 ms, hence the bit rate of 51.84 Mb/s. Each STS-1 can carry one DS3 or 28 DS1 frames. For higher data rates, STS-1 sign al is incremented at fixed levels to STS-3, STS-48, and STS-192. Multiplexing can occur in one or multiple stages. For example, an STS-12 can be formed by 4 STS-3s, or 12 STS-1s, or 3 STS-3s and 3 STS-1s. Each STS-1 pa yload in a SONET frame is assigned a fixed position and can be extracted without having to fully demultipl ex the entire frame. This is a very big advantage of SONET compared to DS3. The STM frames (STM-1, and so on) used by SDH are effectively a multiple of STS3 frames. The overhead is identical, although the terminology and overhead usage varies somewhat between t he standards. STM-1 is designed to carry an E3 frame. A number of different standards have been defined for the multiplexing of lower data rates within STS-1 or STM-1 frames. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 18 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 18 All rights reserved 2008 Alcatel-Lucent Most commonly deployed on rings with ADM Other layouts are mesh, pointtopoint Many sites connect to the ADM using various signalling formats Support automatic protection switching on bidirectional rings under 50 ms SONET/SDH Deployment The ring topology is, by far, the most common in current service provider networ ks. It is common because it is the most resilient. Rings are based on two or four fibers. Transmission is in one direction on one half of the fibers and in the opposite d irection on the other half. Half the bandwidth can be reserved for protection. Quick recovery from a fiber cut an ywhere on the ring can be accomplished by switching to the signal being transmitted in the opposite direct ion. Ring topologies have been so successful at providing reliable transport that even long-haul carriers often use multiple, very large circumference rings in their nationwide networks. Add/drop multiplexers (ADM) are used at nodes on the ring for traffic originatio n or termination. It is not unusual for rings to be connected to other ringsin that case, cross-connects prov ide the interconnection function. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 19 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 19 All rights reserved 2008 Alcatel-Lucent Packet over SONET/SDH (POS) Packet over SONET/SDH uses PPP encapsulated data to provide framing for application packets Specified in RFC 2615 IP traffic is usually carried via POS Supports SONET/SDH level alarm processing, performance

monitoring, synchronization, and protection switching IP PPP frame SONET/SDH frame Datagram Protocol encapsulation and error control Byte delineation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 20 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 20 All rights reserved 2008 Alcatel-Lucent Data Link Types Broadcast/Shared Access Physical media is shared between many devices Each device can transmit independently Each station has a unique address For example: Wire and Wireless Ethernet Broadcast networks typically use shared media to communicate to all the devices that are attached to that shared media. For data to be reliably delivered from the source to the destinati on, each of the devices on the shared media is identified by a particular address. The frame that is sourced fr om the sending device is sent to all the devices sharing the media (broadcasting). All devices will receive the f rame but only the device whose address appears in the frame as the destination address will interpret the data. The rest of the devices will ignore the data. To transmit data reliably, the sending device on the shared media must compose t he frame, obtain control of the media, and transmit the information. Because the media is shared, it is poss ible for multiple stations to transmit their information simultaneously, resulting in a collision. This collis ion causes data corruption. Depending on the protocol used, an algorithm needs to be followed to ensure a mi nimum number of collisions and also to ensure proper recovery from collisions. An example of a shared media protocol that is very commonly used today is Ethernet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 21 Data Link Overview Section 2 Ethernet Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 22 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 22 All rights reserved 2008 Alcatel-Lucent Ethernet Overview Ethernet Ethernet History Ethernet Frame Types General Ethernet Frame Format Ethernet II Frame Capture Ethernet and the OSI Model Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 23 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 23 All rights reserved 2008 Alcatel-Lucent Ethernet Broadcast technology using shared media A passive, wait-and-listen network architecture

Interfaces on the common network media are identified by L2 addresses called MAC addresses Encapsulates higher-layer traffic in a frame with source and destination interface addresses to identify the devices on the media Can send a data frame to all devices (broadcasting) attached to the media Devices connected to each other using shared media are commonly referred to as a Local Area Network (LAN) Computers must contend for transmission time on the network media. In fact, Ethe rnet is commonly described as a contention-based architecture. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 24 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 24 All rights reserved 2008 Alcatel-Lucent Ethernet History Ethernet is a LAN architecture developed by the Xerox Corporation in cooperation with DEC and Intel in 1976 Ethernet supports data transfer rates of 10 Mb/s Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers Ethernet started using the CSMA/CD access method (halfduplex) to handle simultaneous demands Ethernet is one of the most widely implemented LAN standards Ethernet was originally designed by the Xerox Corporation, but the company was u nsuccessful at launching the technology commercially. Later Xerox joined with Digital Equipment Corporation t o commercially standardize a suite of network products that would use the Ethernet technology. Intel Corpor ation later joined the group, known as DEC-Intel-Xerox (DIX). DIX developed and published the standard that wa s used for the 10 Mb/s version of Ethernet. Originally, the only medium capable of handling these speed s was a multidrop thick coaxial cable. Carrier Sense, Multiple Access, Collision Detection (CSMA/CD) is used to arbitra te the access devices using the shared media. This is covered in detail later. The IEEE had started project 802, which was to provide the industry with a frame work for standardizing of LAN technology. Because the technology was so diverse, the IEEE formed working group s in support of the different LAN technologies. The 802.3 working group was tasked with standardizing LANs bas ed on the Ethernet technology. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 25 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 25 All rights reserved 2008 Alcatel-Lucent 802.3 IEEE format defined for Ethernet Intended to be used with IEEE 802.2 Preamble SFD DA SA Length LLC header and P a y l o a d (46 to 1500 bytes) FCS Ethernet II Length replaced by type to identify upper layer protocols Used for IP transport - most commonly used frame today Ethernet Frame Types

Preamble SFD DA SA Type P a y l o a d (46 to 1500 bytes) FCS Ethernet supports two frame types, but they have been standardized so that all t ypes can be transmitted on a common Ethernet network. The 16-bit field that follows the source address (SA) i ndicates whether the frame is Ethernet II or 802.3. If the value is 1536 or less, the frame is treated as 802. 3. If the value is greater than 1536, the frame is treated as Ethernet II. Ethernet II was originally developed by Digital, Intel, and Xerox in 1980 and is commonly known as the DIX standard. It was adopted by the IEEE and went through formal standardization to form the 802.3/802.2 frame types. The Ethernet II frame is usually used for transmission of IP datagrams. Ethernet 802.3 was developed by the IEEE from the original Ethernet standard in 1983. IEEE Ethernet defines two layers; the lower MAC layer in 802.3 and an upper LLC (logical link control) layer in 802.2. These are sublayers of the OSI data link layer (Layer 2). The two layers were defined sepa rately to provide additional link control features and so that common LLC frames could be used for different media types, such as Ethernet, Token Ring and FDDI. This allows bridging at Layer 2 between the different media types. There are three different 802.3 formats that were used for older protocols such as Novel Netwares IPX and Apple Computers Appletalk protocols and OSI protocols. Today, these formats are r arely used. The AlcatelLucent 7750 SR uses the 802.3 for the transmission of IS-IS routing updates; how ever, it uses Ethernet II for other traffic such as IP and MPLS. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 26 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 26 All rights reserved 2008 Alcatel-Lucent General Ethernet Frame Format Fixed sequence to alert the receiver (8 bytes) (0x55555555555555D5), start frame delimiter Destination MAC address (6 bytes) Source MAC address (6 bytes) Frame length or type information (2 bytes) Payload: Internet layer Frame check sequence (4 bytes) Preamble SFD DA SA Length/ type P a y l o a d (46 to 1500 bytes) FCS The frame consists of a set of bits organized into several fields. These fields include address fields, a variablesize data field that carries from 46 to 1500 bytes of data, and an error checking fie ld that checks the integrity of the bits in the frame to make sure that the frame has arrived intact. The ori ginal Ethernet standards defined the minimum frame size as 64 bytes and the maximum as 1518 bytes. These numbers include all bytes from the destination MAC address field to the frame check sequence field. The pr eamble and the start frame delimiter fields are not included when quoting the size of a frame. The IEEE 802 .3ac standard released in 1998 extended the maximum allowable frame size to 1522 bytes to allow for a VLAN tag to be inserted into the Ethernet frame format. Gigabit Ethernet and 10 gigabit Ethernet ports may suppor

t jumbo frames, which can be 9000 bytes. Preamble: A stream of bits that allows the transmitter and receiver to synchroni ze their communication. The preamble is a 56-bit long pattern of alternating ones and zeroes. The preamble i s immediately followed by the Start Frame Delimiter. Start Frame Delimiter (SFD): Always 10101011 and is used to indicate the beginni ng of the frame information. Destination MAC (DA): The MAC address of the machine receiving data. Source MAC (SA): The MAC address of the machine transmitting data. Length/Type: The payload length or type field, (also known as Ethertype). If the Ethernet frame is in the 802.3 format, this field is interpreted as length. If the Ethernet frame is in t he Ethernet II or original DIX format, the field is interpreted as type, or Ethertype. The numeric value in thi s field determines whether the frame is an 802.3 frame or Ethernet II frame. If the value is less than 1536, it is an 802.3 frame. If the value is 1536 or greater it is an Ethernet II frame. (. . . continued on slide 22) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 27 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 27 All rights reserved 2008 Alcatel-Lucent General Ethernet Frame Format Fixed sequence to alert the receiver (8 bytes) (0x55555555555555D5), start frame delimiter Destination MAC address (6 bytes) Source MAC address (6 bytes) Frame length or type information (2 bytes) Payload: Internet layer Frame check sequence (4 bytes) Preamble SFD DA SA Length/ type P a y l o a d (46 to 1500 bytes) FCS (. . . continued from slide 21) Data/Padding (also known as Payload): Where the IP header and data are placed if you are running IP over Ethernet. This field contains IPX information if you are running IPX/SPX (Novell ). Contained within the payload section of an IEEE 802.2 frame are four specific fields: DSAP - Destination Service Access Point SSAP - Source Service Access Point CTRL - Control bits for Ethernet communication NLI - Network Layer Interface An Ethernet frame must be a minimum of 64 bytes long. Therefore, if the data fie ld is less than 46 bytes in length, padding is included to bring the frame length to 64 bytes. Frame Check Sequence (FCS): A part of the frame that verifies that the informati on each frame contains is not damaged during transmission. If a frame is damaged during transmission, the FCS on the frame will not match with the recipient s calculated FCS. The FCS is calculated by the sender b ased on the entire contents of the frame. The recipient calculates an expected FCS value on the frame that it r eceives. Any frames that do not match the calculated FCS are discarded. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 28

Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 28 All rights reserved 2008 Alcatel-Lucent Ethernet II Frame Capture 0000 00 11 43 45 61 23 00 e0 52 d4 a5 00 08 00 45 00 ..CEa#..R.....E. 0010 01 21 0e ab 00 00 40 06 ea a8 8a 78 35 fe 8a 78 .!....@....x5..x 0020 35 95 00 17 09 55 98 09 6c 96 8e 7b 67 a7 50 18 5....U..l..{g.P. 0030 40 00 bc 0e 00 00 ff fb 03 0d 0a 64 65 76 69 63 @..........devic 0040 65 3a 20 20 73 54 57 33 32 66 62 69 38 32 0d 0a e: sTW32fbi82.. 0050 0d 0a 41 6c 63 61 74 65 6c 20 4e 65 74 77 6f 72 ..Alcatel Networ 0060 6b 73 20 43 61 6e 61 64 61 2c 20 36 30 30 20 4d ks Canada, 600 M 0070 61 72 63 68 20 52 6f 61 64 2c 20 4b 61 6e 61 74 arch Road, Kanat 0080 61 2c 20 4f 6e 74 61 72 69 6f 0d 0a 55 6e 61 75 a, Ontario..Unau 0090 74 68 6f 72 69 7a 65 64 20 61 63 63 65 73 73 20 thorized access 00a0 70 72 6f 68 69 62 69 74 65 64 2e 20 20 41 63 63 prohibited. Acc 00b0 65 73 73 20 74 6f 20 74 68 69 73 20 64 65 76 69 ess to this dev Destination address Source address Ether type L3/IP information TCP information This slide shows an actual sniffer trace of an Ethernet packet. Details of this trace are as follows: Frame 234 (303 bytes on wire, 303 bytes captured) Ethernet II, Src: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00), Dst: Dell_45:61:23 (00: 11:43:45:61:23) Destination: Dell_45:61:23 (00:11:43:45:61:23) Source: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00) Type: IP (0x0800) Internet Protocol, Src: 138.120.53.254 (138.120.53.254), Dst: 138.120.53.149 (13 8.120.53.149) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 289 Identification: 0x0eab (3755) Flags: 0x00 Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xeaa8 [correct] Source: 138.120.53.254 (138.120.53.254) Destination: 138.120.53.149 (138.120.53.149) Transmission Control Protocol, Src Port: 23 (23), Dst Port: 2389 (2389), Seq: 4, Ack: 1, Len: 249 Source port: 23 (23) Destination port: 2389 (2389) Sequence number: 4 (relative sequence number) Next sequence number: 253 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 16384 Checksum: 0xbc0e [correct] Telnet Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 29 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 29 All rights reserved 2008 Alcatel-Lucent LLC Interface to the L3 protocol MAC L2 addressing, data transfer, sync, error control, and data flow Ethernet and the OSI Model

Ethernet resides at the Data Link layer. This layer can be subdivided further in to two sublayers: LLC logical link control 802.2 MAC media access control The LLC interfaces between the network interface layer and the higher L3 protoco l and may provide additional functions such as flow control. LLC is only used with 802.3 Ethernet. It is not used with Ethernet II. The MAC layer is responsible for determining the physical source and destination addresses for a particular frame and for the reliable transfer of data, synchronization of data transmissio n, error control, and flow of data. At the physical layer, to observe the physical link condition, Ethernet uses the link integrity test, in which Ethernet transceivers continually monitor the data path for activity. The physic al layer standards also define the format of the electrical or optical signaling that is used to represent the binary ones and zeroes on the transmission media. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 30 Data Link Overview Section 3 Ethernet Addressing and Operation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 31 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 31 All rights reserved 2008 Alcatel-Lucent Ethernet Addressing and Operation Overview MAC Address Format Unicast Addressing Broadcast Addressing Multicast Addressing Ethernet Transmission Half-Duplex Operation (CSMA/CD) Full-duplex Operation Auto-negotiation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 32 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 32 All rights reserved 2008 Alcatel-Lucent MAC Address Format OUI is the number assigned by the IEEE to vendors such as AlcatelLucent OUI examples: Alcatel-Lucent Canada 00-80-21 and 00-D0-F6, Alcatel-Lucent USA 00-17-CC, Alcatel-Lucent Italia 00-20-60 OUI engine: http://standards.ieee.org/regauth/oui/index.shtml Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 33 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 33 All rights reserved 2008 Alcatel-Lucent Unicast Addressing Unique source and destination MAC addresses Frame is meant for one particular destination or host Ethernet II, Src: 138.120.100.2 (00:e0:b1:88:0d:c0), Dst: Dell_c5:79:87 (00:14:22:c5:79:87) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 138.120.252.84 (138.120.252.84), Dst: 138.120.132.135 (138.120.132.135)

Transmission Control Protocol, Src Port: 8080 (8080), Dst Port: 2730 (2730), Seq : 0, Ack: 3811441139, Len: 0 00:e0:b1:88:0d:c0 00:14:22:c5:79:87 Output In this slide, an Ethernet frame is composed by the source with the following so urce and destination addresses: Src : 00:e0:b1:88:0d:c0 Dest : Dell_c5:79:87 (00:14:22:c5:79:87) The frame is sent to a hub that connects all devices on a 4-node LAN. The hub be ing a simple replicator, sends the frame out on all its ports except the port where the frame was received (the port attached to the source). Although all devices receive the frame, only the device whose MAC address matche s the destination device accepts the frame. The output sample shows the use of an Ethernet frame destined for a unicast addr ess. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 34 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 34 All rights reserved 2008 Alcatel-Lucent Broadcast Addressing Unique source MAC address only, destination address is broadcast (ff-ff-ff-ff-ff-ff) Frame is meant for all devices on the LAN in a broadcast domain Frame 1 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: 192.168.0.101 (00:13:ce:2b:6b:28), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Source: 192.168.0.101 (00:13:ce:2b:6b:28) Type: ARP (0x0806) Address Resolution Protocol (request) Output 00:13:ce:2b:6b:28 In this slide, an Ethernet frame is composed by the source with the following so urce and destination addresses: Src : 00:13:ce:2b:6b:28 Dest : ff:ff:ff:ff:ff:ff The frame is sent to a hub that connects all devices on a 4-node LAN. The hub be ing a simple replicator, sends the frame out on all its ports except the port where the frame was received (the port attached to the source). All devices recognize that the destination address (ff-ff-ff-ff-ff-ff) is a spec ial address and process the frame. The output sample shows the use of an Ethernet frame destined for a broadcast ad dress. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 35 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 35 All rights reserved 2008 Alcatel-Lucent Multicast Addressing Unique source MAC address only, destination address is multicast group (01-00-5e-01-01-01) Frame is meant for only devices who are members of that group Ethernet II, Src: 192.168.0.101 (00:13:ce:2b:6b:28), Dst: 01:00:5e:01:01:01 (01: 00:5e:01:01:01) Destination: 01:00:5e:01:01:01 (01:00:5e:01:01:01) Source: 192.168.0.101 (00:13:ce:2b:6b:28) Type: IP (0x0800)

Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 239.1.1.1 (239.1.1.1 ) Internet Control Message Protocol 00:13:ce:2b:6b:28 01:00:5e:01:01:01 01:00:5e:01:01:01 Output In this slide, an Ethernet frame is composed by the source with the following so urce and destination addresses: Src : 00:13:ce:2b:6b:28 Dest : 01-00-5e-01-01-01 The frame is sent to a hub that connects all devices on a 4-node LAN. The hub be ing a simple replicator, sends the frame out on all its ports except the port where the frame was received (the port attached to the source). All devices that are members of the particular group (239.1.1.1) process that me ssage. The output sample shows the use of an Ethernet frame destined for a multicast ad dress. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 36 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 36 All rights reserved 2008 Alcatel-Lucent Ethernet Transmission Half-duplex transmission Data sent in one direction at a time Results in collisions Uses CSMA/CD to resolve collisions Hubs are the most common halfduplex devices Full-duplex transmission Data sent in both directions at the same time Requires point-to-point connections No collisions An approach to higher network efficiency Switches are the most common fullduplex devices Half-duplex transmission is the traditional means of transporting Ethernet frame s. Because data is transmitted in one direction at a time over a shared medium, such as a hub, coll isions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supp orts half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions, and as such the effective throughput is only 3 to 4 Mb/s. Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations require a point-to-point connection between the sender and the receiver port. Th erefore, a switch with 8 ports would have each of the 8 ports connected to the rest of the ports through a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because da ta can be transmitted bidirectionally, the effective rate of a 10-Mb/s full-duplex transmission is 20 Mb/s (that is, 10 Mb/s each way). Therefore, full-duplex transmissions are more efficient than half-duplex. Switch es and routers usually support full-duplex transmissions. When devices such as switches and hubs are interconnected, care must be taken to

ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to half-duplex because the hub only supports half-duplex. For switch-to-switch, swi tch-to-host, or switch-torouter connections, full-duplex can be used. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 37 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 37 All rights reserved 2008 Alcatel-Lucent Half-Duplex Operation (CSMA/CD) All hosts constantly listen to the line Host A transmits Hosts B, C, and D listen to Host A and do not transmit All hosts receive Host As message Hub Host A Host B Host C Host D The CSMA/CD access rules are summarized by the protocol acronym. Carrier sense (CS) Each Ethernet LAN-attached host continuously listens for traff ic on the medium to determine when gaps between frame transmissions occur. Multiple access (MA) LAN-attached hosts can begin transmitting any time that they detect that the network is quiet, meaning that no traffic is travelling across the wire. Collision detect (CD) If two or more LAN-attached hosts in the same CSMA/CD netwo rk or collision domain begin transmitting at approximately the same time, the bit streams from the tran smitting hosts will interfere (collide) with each other, and both transmissions will be unreadable. If that ha ppens, each transmitting host must be capable of detecting that a collision has occurred before it has finishe d sending its respective frame. Each host must stop transmitting as soon as it has detected the collision and mu st wait a random length of time as determined by a back-off algorithm before attempting to retransmit the f rame. In this event, each transmitting host transmits a 32-bit jam signal alerting all LAN-attached hosts of a collision before running the back-off algorithm. The CSMA/CD reduces the chance of collisions but does not prevent them. Both hos ts A and B could decide to transmit at once because no other hosts are transmitting a message on the line ( idle line). Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 38 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 38 All rights reserved 2008 Alcatel-Lucent Half-Duplex Operation (CSMA/CD) (continued) All hosts constantly listen to the line Host A and Host B transmit simultaneously Messages collide Both hosts back off for a random time interval Hub Host A Host B Host C Host D When host A and host B transmit frames at the same time, they both detect collis ions and corruption of the data. Both host A and host B generate a jam signal, which is received by other hosts s o that they discard the data that was just corrupted by the collision.

A random back-off timer is then started on the transmitting hosts. Depending on whose timer expires first, either host A or host B transmits if they detect no other transmission on the li ne. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 39 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 39 All rights reserved 2008 Alcatel-Lucent Full-duplex Operation Point-to-point only Attached to a dedicated switched port Requires full-duplex support on both ends Collision-free Full-duplex operation is an optional MAC layer capability that allows simultaneo us two-way transmission over point-to-point links. Full-duplex transmission involves no media contention, no collisions, and no nee d to schedule retransmissions. There are exactly two hosts connected on a full-duplex point-to-point link. The link bandwidth is effectively doubled because each link can now support full -rate, simultaneous, two-way transmission. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 40 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 40 All rights reserved 2008 Alcatel-Lucent Auto-negotiation Ethernet auto-negotiable operation Speed 10 Mb/s 100 Mb/s 1000 Mb/s 10000 Mb/s Operation mode Half-duplex (CSMA/CD) Full-duplex If auto-negotiation is enabled, directly-connected Ethernet nodes negotiate their speed and their duplex mode prior to establishing a link Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 41 Data Link Overview Section 4 Ethernet Physical Cabling Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 42 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 42 All rights reserved 2008 Alcatel-Lucent Ethernet Standards Four data rates are currently defined for operation over optical fiber and twisted-pair cables: 10 Mb/s 10Base-T Ethernet: twisted pair only 100 Mb/s 100Base-T or Fast Ethernet 1000 Mb/s 1000Base-T or Gigabit Ethernet 10 000 Mb/s 10 Gigabit Ethernet Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 43 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 43 All rights reserved 2008 Alcatel-Lucent 10Base-T Ethernet Originally IEEE 802.3i

Current standard is 802.3x Transmission rate with 802.3i is 10 Mb/s half-duplex; with 802.3x is 10 Mb/s full-duplex Frame format was based on Ethernet II, also called DIX Most networks currently use the 802.3x frame format Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 44 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 44 All rights reserved Alcatel-Lucent 100Base-T Ethernet IEEE standard is 802.3u Full-/half-duplex modes, 100 Mb/s data rate Cabling options 100Base-TX 2 pairs of twisted-pair cable 100Base-T4 4 pairs of twisted-pair cable 100Base-FX Optical cable Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 45 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 45 All rights reserved Alcatel-Lucent 1000Base-T Ethernet Also known as gigabit Ethernet or GigE IEEE standard is 802.3ab Full-duplex mode only, 1000 Mb/s data rate 802.3ab specifies distances of 100 m using 4 pairs of Cat 5e cabling Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 46 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 46 All rights reserved Alcatel-Lucent 10 Gigabit Ethernet IEEE standard is 802.3ae Full-duplex only, with 10 Gb/s data rate Minimizes the user s learning curve by maintaining the same management tools and architecture Physical media used is optical only Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 47 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 47 All rights reserved Alcatel-Lucent Ethernet Physical Cable Types LR Optical SFP 850 nm 10 km Single-mode SR Optical SFP 850 nm 300 m Multimode EW/ER Optical SFP 1550 nm 40 km Single-mode FX-SM Optical SFP 1310 nm 25 km Single-mode LW/LR Optical SFP 1310 nm 10 km Single-mode 10 gigabit Ethernet 1470 nm to 70 km Single-mode CWDM Optical SFP 1610 nm ZR Optical SFP 1550 nm 80 km Single-mode ZX Optical SFP 1550 nm 70 km Single-mode LX Optical SFP 1310 nm 10 km Single-mode SX Optical SFP 850 nm 550 m Multimode TX Copper 100 m Gigabit Ethernet FX Optical SFP 1310 nm 2 km Multimode 100Base 10/100Base TX Copper 100 m

2008

2008

2008

2008

Ethernet Designation Type Wavelength Distance Fiber Type CX4 15m T Copper - 30-100m Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 48 Data Link Overview Section 5 Ethernet Devices and Switching Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 49 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 49 All rights reserved 2008 Alcatel-Lucent Ethernet Devices and Switching Overview Ethernet Devices Switching Building up the MAC FDB MAC Address Exercise Broadcast/Multicast Across Switches Ethernet Network Domains Collision Domains Alcatel-Lucent Confidential for internal use only -- Do Not Di stribute Scalable IP Networks v2.01 Module 3 - 50 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 50 All rights reserved 2008 Alcatel-Lucent Ethernet Devices Hubs/Repeaters Signal amplification and replication Layer 1 devices that receive Ethernet frames and replicate across all other ports including the receiving port Do not inspect Layer 2 frame headers Half-duplex operation Switches Layer 2 devices that inspect Ethernet frame headers Switches receive Ethernet frames based on destination MAC address Full-duplex operation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 51 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 51 All rights reserved 2008 Alcatel-Lucent Switching 00 00 A2 00 00 02 2 00 00 A2 00 00 01 1 Node MAC Address Interface Switch Forwarding Table Ethernet switches use the source MAC address to dynamically learn which MAC addr esses are associated with an interface. The switch records this address information into a forwarding tabl e known as the MAC forwarding database (FDB). When the switch receives an Ethernet frame, it records the source MAC address an d the interface on which it arrived. It looks at the destination MAC address of the frame, compares it to th e entries in its MAC FDB, and transmits the frame out of the interface for that MAC address.

If no entry is found in the MAC FDB for the destination, the switch floods the f rame out of all its interfaces except the interface on which the frame arrived. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 52 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 52 All rights reserved 2008 Alcatel-Lucent Building up the MAC FDB Step 1: Host A sends a frame to Host B Step 2: The switch receives the frame on 1/1/1 and places the source in MAC FDB Step 3: The destination is not in the MAC FDB so the switch floods the frame to all ports except the source Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC FDB Step 5: The switch can now forward frames between Host A and Host B directly, th at is, without flooding Step 6 : Host C and Host D also send frames and are added to the FDB Step 2 Step 4 Step 6 MAC FDB 1/1/4 0000.8c01.000D 1/1/3 0000.8c01.000C 1/1/2 0000.8c01.000B 1/1/1 0000.8c01.000A Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 53 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 53 All rights reserved 2008 Alcatel-Lucent What are the MAC FDBs for Switches A and C after every PC has communicated with each other? MAC Address Exercise Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 54 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 54 All rights reserved 2008 Alcatel-Lucent Broadcast/Multicast Across Switches Broadcast and Multicast frames are treated similarly The switch examines the destination MAC address; if it is broadcast or multicast, the switch floods the frame out of all the remaining ports Advanced switches can build a special multicast table based on the destination group address and therefore only flood multicast frames to the required destinations Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 55 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 55 All rights reserved 2008 Alcatel-Lucent Ethernet Network Domains A collision domain is a group of Ethernet or Fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the col lision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment. A broadcast domain is a restricted area in which information can be transmitted to all devices in the domain. More specifically, Ethernet LANs are broadcast domains. Any device attached to t he LAN can transmit frames

to any other device because the medium is a shared transmission system. Frames a re normally addressed to a specific destination device in the network. While all devices detect the frame t ransmission in the network, only the device to which the frame is addressed actually accepts it. A special b roadcast address consisting of all 1s is used to send frames to all devices in the network. In an IP network, broadcast domains are separated by an IP router. Two devices o n separate broadcast domains cannot send Ethernet frames directly to each other. Instead they must se nd the frame to the router which then forwards the IP datagram to the destination in a new Ethernet frame o n the appropriate broadcast domain. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 56 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 56 All rights reserved 2008 Alcatel-Lucent In this slide, there are 8 collision domains and 3 broadcast domains. Collision Domains Collision domain Collision domain Collision domain Collision domain Collision domain Collision domain Collision domain Collision domain Broadcast domain Broadcast domain Broadcast domain Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 57 Data Link Overview Section 6 Ethernet Redundancy Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 58 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 58 All rights reserved 2008 Alcatel-Lucent Ethernet Redundancy Overview Ethernet Redundancy LAG Redundant Topology Broadcast Storms Database Instability STP Bridge Protocol Data Units RSTP Port States and Roles Port Role Assignment

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 59 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 59 All rights reserved 2008 Alcatel-Lucent Ethernet Redundancy Two types of redundancy Link redundancy on full-duplex connections Using multiple links between two devices via LAG Logical bundling to provide failover for one or more links Redundant topology Multiple paths to reach the same destination Provides protection for path failures where ports/devices fail Alcatel-Lucent Co nfidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 60 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 60 All rights reserved 2008 Alcatel-Lucent Link Redundancy - LAG Based on IEEE 802.3ad standard Benefits increased performance by providing incremental bandwidth between two devices . Support for up to 200 LAGs (R5.0) with 8 links per LAG, 64 LAGs on SR-1 ) increased resiliency by providing automatic, point-to-point redundancy between two devices if one or more links in the LAG should fail Statically configured or formed dynamically with LACP Failover time less than one second Alcatel-Lucent enhanced features Dynamic cost LAG port threshold A Link Aggregation Group (LAG) increases the bandwidth available between two nod es by grouping up to eight ports into one logical link. The aggregation of multiple physical links allows f or load sharing and offers seamless redundancy. If one of the links fails, traffic is redistributed over th e remaining links. Up to eight links can be supported in one LAG, and up to 64 LAGs can be configured on a 7x50 SR/ES S. Link Aggregation Control Protocol (LACP) is defined in IEEE802.3ad (Aggregation of Multiple Link Segments). LACP provides a standardized method for implementing link aggregation between di fferent manufacturers. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 61 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 61 All rights reserved 2008 Alcatel-Lucent config> lag 1 config>lag# description LAG from PE1 to PE2 config>lag# port 2/1/1 2/2/1 3/1/1 4/1/1 config>lag# port-threshold 2 action down config>lag# dynamic-cost config>lag# no shutdown config> lag 1 config>lag# description LAG from PE1 to PE2 config>lag# port 2/1/1 2/2/1 3/1/1 4/1/1 config>lag# port-threshold 2 action down config>lag# dynamic-cost config>lag# no shutdown Example configuration

LAG Configuration LAG configurations should include at least two ports A maximum of eight ports can be included in a LAG All ports in the LAG must share the same characteristics (speed, duplex, hold-timer, and so on) Port characteristics are inherited from the primary port Auto-negotiation must not be configured for 10/100 ports that are part of a LAG. Ports in a LAG must be configured as full-duplex. Configure ports as no autonegotiate (For 10GE ports, the xgig setting must be set to the same value) LAG Port Threshold Parameter This parameter determines the behaviour of a LAG when the number of available li nks falls below the configured threshold value. Two actions can be specified: Option 1: configure lag <lag-id> port-threshold <threshold value> action down If the number of available links is less than or equal to the threshold value, t he LAG is declared operationally down until the number of available links is greater than the thres hold value. Option 2: configure lag <lag-id> port-threshold <threshold value> action dynamic-cost If the number of available links is less than or equal to the threshold value, d ynamic costing is used to determine the advertised LAG cost. Note: The costing of a LAG only affects the IGP costing (OSPF only) Dynamic Cost Parameter Dynamic cost can be enabled with the general command config>lag <lag-id> dynamic -cost. This parameter enables or disables the dynamic IGP costing of a LAG when the num ber of active links is greater than the port-threshold value. When dynamic cost is enabled with this co mmand and the number of active links is greater than the port-threshold value (0-7), the path cost is dy namically calculated whenever there is change in the number of active links regardless of the specified port-t hreshold action. Note that if the port-threshold action is to declare the LAG down, then if the number of active lin ks falls below the portthreshold value the LAG is declared down, even if dynamic cost is enabled. Conversely, if the port-threshold is met and the action is set to dynamic cost, then the link cost is dynamically recalculated even if the general dynamic cost parameter is not configured. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 62 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 62 All rights reserved 2008 Alcatel-Lucent LAG Architecture Dynamic Cost config> lag 1 config>lag# dynamic-cost config>lag# port 2/1/1 2/2/1 3/1/1 3/2/1 config>lag# port-threshold 2 action down config> lag 2 config>lag# port 4/1/1 4/2/1 5/1/1 config>lag# port-threshold 2 action dynamic-cost config> lag 1 config>lag# dynamic-cost config>lag# port 2/1/1 2/2/1 3/1/1 3/2/1 config>lag# port-threshold 2 action down

config> lag 2 config>lag# port 4/1/1 4/2/1 5/1/1 config>lag# port-threshold 2 action dynamic-cost If each link in LAG 1 and LAG 2 has a cost of 100, then the cost of logical link LAG 1 is 100/4 = 25 and LAG 2 is 100/3 = 33 In this slide, each physical link is configured with a cost of 100. Thus the cos t of the logical link LAG 1 is 100/4 = 25 and LAG 2 is 100/3 = 33. The LAG groups LAG 1 and LAG 2 are configured as follows: LAG 1does not have the dynamic-cost parameter configured. If one link in LAG 1 f ails, there are three active links and the port threshold is two so the port-threshold action is not e xecuted. However, because the dynamic-cost parameter is not enabled on the LAG, the cost of LAG 1 remains the same (100/4=25). If another link in LAG 1 fails, the number of active links matches t he port threshold and the port-threshold action is executed, therefore LAG 1 is declared operationally down. LAG 2 does have the dynamic-cost parameter configured. If one link in LAG 2 fail s, there are two active links and the port threshold is two, so the port-threshold action is executed. B ecause the dynamiccost parameter is enabled on the LAG, the cost of LAG 2 changes to 100/2 = 50. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 63 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 63 All rights reserved 2008 Alcatel-Lucent Redundant Topology Redundancy Advantages Protection when an entire switch fails, rather than just link protection Load balancing across switches rather than just across links of the same switch Disadvantages May cause broadcast storms if not designed correctly May cause FDB table instability Frame looping problems Layer 2 has no mechanism to stop looping as Layer 3 has with TTL Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 64 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 64 All rights reserved 2008 Alcatel-Lucent Broadcast Storms Networks that are designed with redundancy and no Spanning Tree Protocol (STP) a re vulnerable to broadcast storms because as the switch receives multiple copies of a frame, it further rep licates each frame and transmits them out one or more ports on the switch. Because of the Layer 2 loop, the transmitted frames are received back and replic ated again. This results in an exponential increase in Layer 2 traffic in the looped network. Because there is no time to live (TTL) in Layer 2, this frame is copied and tran smitted repeatedly until the switch gets overwhelmed with activity and possibly resets or locks up. Consider the case where no traffic has been transmitted on the above network. Th

erefore, both Switch 1 and Switch 2 have an empty MAC FDB: Host A sends a frame with destination MAC address of Host B. One copy of the fra me is received by Host B and processed. The original frame is also received by Switch 1. Switch 1 records the source MAC of Host A to be on Segment 1. Because Switch 1 does not know where Host B is, it replicates the fra me and sends it out the port connected to Segment 2. The original frame is also received by Switch 2. Switch 2 records the source MAC of Host A to be on Segment 1. Because Switch 2 does not know where Host B is, it replicates the fra me and sends it out the port connected to Segment 2. Switch 2 receives the replicated frame from Switch 1 via Segment 2. Switch 2 rem oves the existing entry for Host A in the MAC FDB and records that Host A belongs to the port atta ched to Segment 2. Switch 2 then replicates the frame and transmits it out the port attached to Seg ment 1. The process is continues indefinitely causing a broadcast storm and MAC FDB inst ability. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 65 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 65 All rights reserved 2008 Alcatel-Lucent Database Instability MAC Address FDB Host A Port 0 MAC Address FDB Host A Port 0 Host A Port 1 Redundant networks without STP can also cause database instability. In this slide, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable dat abase as Switch 2 tries to keep up with the perceived location of Host A. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 66 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 66 All rights reserved 2008 Alcatel-Lucent STP Standardized by IEEE in 1990 as 802.1d, for Ethernet link management RSTP introduced as 802.1w in 1998 to speed convergence RSTP incorporated in latest STP in IEEE 802.1d-2004 Designed to prevent loops and therefore allow path redundancy to be designed into Ethernet bridge/switchbased networks STP uses a root/branch/leaf model, which determines one path to each leaf spanning the entire L2 network STP will selectively block ports to remove L2 loops End hosts (for example, PCs) are oblivious to STP and instead see one LAN segment Spanning Tree Protocol (STP) was invented in 1985 by Radia Perlman and was first published as a standard by

IEEE as 802.1d. Revisions to STP were published in 1998 and 2004. Rapid Spanning Tree Protocol (RSTP) was introduced in 1998 as IEEE 802.1w. In 2004, the IEEE incorporated RSTP in the Sp anning Tree Protocol and made the previous version obsolete. This version was published as IEEE 802.1d-20 04. STP is intended to prevent loops in an Ethernet network. It does this by selecti vely blocking ports to achieve a loop-free topology. The first version of STP was slow at converging. Enhancement s were introduced with RSTP to speed convergence and convergence time was improved again with IEEE 802.1d-20 04. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 67 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 67 All rights reserved 2008 Alcatel-Lucent STP Topology Main purpose of the STP is building loop-free active topologies Our ring topology will be converted into a spanning tree active topology with the root on top Spanning Tree topology can be thought of as a tree that includes the following c omponents : a root (a root bridge/switch) branches (LANS and designated bridges/switches) leaves (end nodes) There are no disconnected parts that are considered part of the tree. That is, t he tree encompasses all of its leaves. There are no loops in the tree. If you trace a path from one leaf to any other leaf, there is only one possible path. STP organizes and connects switches into a loop-free topology whi le leaving no segments isolated. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 68 Data Link Overview Section 7 Virtual LAN Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 69 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 69 All rights reserved 2008 Alcatel-Lucent Virtual LAN Overview The Development of VLANs Switches and VLANs How do VLANs Work? VLANs Over Multiple Switches VLAN Trunking VLAN Tagging VLAN Stacking VLAN Tags and VLAN Stacking Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 70 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 70 All rights reserved 2008 Alcatel-Lucent The Development of VLANs There are two main reasons for the development of VLANs: the amount of broadcast traffic increased security Broadcast traffic increases in direct proportion to the number of stations in th e LAN. The goal of the virtual LAN (VLAN) is the isolation of groups of users so that one group is not interrup

ted by the broadcast traffic of another. VLANs also have the benefit of added security by separating the network into dis tinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate n etworks. If traffic is to pass from one VLAN to another, it must be routed. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 71 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 71 All rights reserved 2008 Alcatel-Lucent Switches and VLANs A VLAN permits a group of ports to share a common broadcast domain regardless of physical location A VLAN can reside on one switch or on many switches Each VLAN is identified by a VLAN ID Devices in different VLANs can only communicate with each other if the frame is first sent to a Layer 3 device such as a router On the 7750 SR and 7450 ESS there is no default VLAN for all ports to join. Othe r types of switches may have a default VLAN for ports that are not assigned to a particular VLAN. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 72 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 72 All rights reserved 2008 Alcatel-Lucent How do VLANs Work? In this slide, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traff ic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Beca use broadcast traffic for a particular VLAN remains within that VLANs borders, inter-VLAN or broadcast domain communication must occur through a Layer 3 device such as a router. Usually, hosts are not VLAN-aware, and therefore no 802.1q configuration is requ ired on the hosts. The VLAN configuration is done when the switch and ports are assigned on a VLAN-by-VLAN b asis. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 73 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 73 All rights reserved 2008 Alcatel-Lucent Host 1 sends out a broadcast. Which hosts will receive the broadcast? VLAN Exercise Broadcast In this slide, Host 1 sends out a broadcast. Because Host 4 is the only other me mber of the VLAN, it is the only host to receive the broadcast. The FDB entries behave much the same way in the VLAN model as they do in the swi tch model. They are updated based on the source address. In this slide, the source address of the br oadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 tr ansmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In this case, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at Layer 3.

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 74 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 74 All rights reserved 2008 Alcatel-Lucent VLANs Over Multiple Switches The sharing of VLANs between switches is achieved by the insertion of a header w ith a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame. A VID must be assigned for each VLAN. Assigning the same VID to VLANs on differe nt connected switches can extend the VLAN (broadcast domain) across a network. The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet fr ame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses t he VID to determine which FDB it will use to find the destination. After a frame reaches the destination s witch port, the VLAN header is removed. This slide indicates which ports belong to which VLAN. The traffic ingressing a port in one VLAN will only be allowed to egress a port on the same switch belonging to the same VLAN. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 75 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 75 All rights reserved 2008 Alcatel-Lucent VLAN Trunking VLAN trunking provides efficient interswitch forwarding of VLAN frames. In the p revious slide, each VLAN required a separate interswitch connection to forward frames from one switch to another. VLAN trunking allows one Ethernet port to carry frames from multiple VLANs. This allows the use of one highbandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switche s instead of multiple fast Ethernet ports. VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB a t the destination switch designates the destination VLAN for the traffic on the VLAN trunk. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 76 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 76 All rights reserved 2008 Alcatel-Lucent VLAN Tagging Tag control information 2 bytes 2 bytes CFI (Canonical format: bit ordering can be different) User_priority VID 3 bits 1 bit 12 bits Payload Ether-type 802.1q Ethernet Frame Preamble SFD DA SA Ether Type P a y l o a d (46 to 1500 bytes) FCS VLAN tag Ether Type Range = 0x600-0xffff, default = 0x8100 For multi-vendor interoperability The VLAN header can be broken down into two parts the VLAN tag type and the tag

control information. The VLAN tag type is a fixed value that is an indicator of a VLAN tag. The VLAN tag is a fix length of 2 bytes, which is followed by the original EtherType describing the payload. The tag control information has three parts: Priority value (User priority) A 3-bit value that specifies a frames priority. CFI One bit. A setting of 0 means that the MAC address information is in its sim plest form. Currently no other value is supported. VID A 12-bit value that identifies the VLAN that the frame belongs to. If the VI D is 0, the tag header contains only priority information. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 77 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 77 All rights reserved 2008 Alcatel-Lucent VLAN Stacking A restriction of Ethernet VLANs is the limited number of VIDs. With 12 bits used to define the VID, there are only 4096 possibilities. Because VLAN 0 and 4095 are reserved, the PE is really only capable of supporting 4094 VLANs not a significant number if it is compared with the expanding rates of net works. One of the solutions to this restriction is VLAN stacking, also known as Q-in-Q. VLAN stacking allows the service provider to use Layer 2 protocols to connect customer sites. In this slide, three customers are connected through a common switch using VLAN stacking. At the PE, the administrator has assigned a VLAN to represent the customer on th at port. When the customer traffic arrives at the PE device, the PE switch inserts another VLAN tag in the frame. It is this second or stacked VLAN tag that takes the customer traffic through the provider network. A t the egress port of the PE equipment, the second or stack VLAN tag is removed and the traffic forwarded out the port. This allows Customers 1, 2, and 3 to use the same VLAN tags in their network. In theory, the service provider can support 4094 customers, with each customer supporting 4094 VLANs within thei r network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 78 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 78 All rights reserved 2008 Alcatel-Lucent VLAN Tags and VLAN Stacking Customer VLAN Tag 100 Customer VLAN Tag 100 Providers VLAN Tag 20 DA SA Ether Type VLAN tag Ether Type P a y l o a d (46 to 1500 bytes) FCS DA SA Ether Type VLAN tag Ether Type P a y l o a d (46 to 1500 bytes) FCS VLAN

tag Ether Type In the example on the previous slide, Customer 1 sent a frame to the PE switch w ith a VLAN tag of 100. The PE switch inserts a second VLAN tag of 20. This tag number represents Customer 1 tr affic. The second tag keeps Customer 1 traffic separate from Customer 2 and 3 traffic and gives Customer 1 t he ability to add 4095 more associated VLANs. The VLAN tag that is inserted by the provider is the VLAN tag that is used in th e provider network. When the frame has reached the appropriate egress port, the providers VLAN tag is removed and the frame with the customers VLAN tag is forwarded out the egress port. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 79 Data Link Overview Section 8 Module Summary Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 80 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 80 All rights reserved 2008 Alcatel-Lucent Module Summary After the successful completion of this module, you should understand the following concepts: Layer 2 OSI and Ethernet Defined Ethernet Ethernet Addressing and Operation Ethernet Physical Cabling Ethernet Devices and Switching Ethernet Redundancy Virtual LAN SONET/SDH and Packet over SONET/SDH Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 81 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 81 All rights reserved 2008 Alcatel-Lucent Learning Assessments List the necessities of having Layer 2 Define and differentiate between the various Layer 2 protocols Describe Ethernet Distinguish between the Ethernet Frame types List the types of addressing formats supported by Ethernet Describe Half Duplex operation and CSMA/CD Identify the common Ethernet Standards Describe the operation of an Ethernet Switch and how it differs from a Hub Describe the building of the forwarding MAC database on an Ethernet Switch Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 3 - 82 Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 82 All rights reserved 2008 Alcatel-Lucent Learning Assessments Differentiate between a collision domain and a broadcast domain Describe the operation of LAGS List the problems encountered in an Ethernet Loop Topology

Describe the operation of STP and RSTP List the advantages of using VLANS in an Ethernet network Describe VLAN Tags and the types of Tags supported Describe the operation of SONET/SDH List the bit rates supported by the common SONET frames Describe the POS (Packet over SONET) mechanism Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks v2.01 Module 3 | 83 All rights reserved 2008 Alcatel-Lucent www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks Module 4 Layer 3 and IP Services Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 2 All rights reserved 2008 Alcatel-Lucent Module Overview Layer 3 and IP Services Overview IP Addressing IP Subnet Basics IP Subnet Applications Route Aggregation IPv4 Forwarding Process IP in Home and Small Businesses Other Protocols that Support IP Operation IP Filters Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 1 - Layer 3 and IP Services Overview Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 4 All rights reserved 2008 Alcatel-Lucent Network Layer/Layer 3 OSI Why do we need Layer 3? Provides unique addressing for many devices to intercommunicate Finds a path for the end-to-end delivery of application data Characteristics Logical addressing Quality of service options for different application packets Routing protocols Devices Routers Layer 3 protocols IP, IPX, CLNS, AppleTalk The network layer, or Layer 3, is considered to be the lowest layer in the TCP a nd OSI protocol stacks that handles the end-to-end delivery of application data. The main function of t he network layer is to move data from the source to its destination or set of destinations regardless o f where the destination exists. The network layer performs this function by using a unique address and a standard set of protocols to help forward the data. Although a number of Layer 3 protocols are s till in use, Internet Protocol (IP) is used almost exclusively today. From the source, the data must pass through various physical mediums across seve ral Layer 2 domains

over routers before the data reaches its destination or destinations. The router s inspect the IP header before forwarding data to the appropriate interfaces. The IP address is a logical address that differs from a Layer 2 address, such as a MAC address, that is permanently programmed into the firmware. The IP address uniquely identifies the device on the Internet. Address distribution is controlled by the IANA, a global authority. Th e IANA ensures that every Internet address is unique. To ensure that the data is sent from a source to its correct destination, every device on the Internet must have a unique IP address. Routing protocols are required to forward the data. Routers use the routing prot ocols to build forwarding tables. When an IP packet is received, the router checks the forwardi ng table to identify the physical interface destination for the data. Typically, several routers are invo lved in an end-to-end data transfer. The most widely used L3 protocol is IP, which provides services that are roughly equivalent to the OSI network layer. IP provides a datagram (connectionless) transport service across the network. This service is referred to as unreliable, because the network does not guarantee del ivery or notify the end host system about packets that are lost because of errors or network congestion. IP datagrams may be up to 65 535 bytes (octets) in length. IP does not provide a mechanism for flow control. This is handled by the transpo rt layer. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 5 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 5 All rights reserved 2008 Alcatel-Lucent Layer 3 Connects Multiple Layer 2 Networks Higher layer required to connect many Layer 2 networks Every device connected to the Internet requires a unique Layer 3 address Packet over SONET Point-to-Point Layer 3 IP Routed Network In this slide, IP is required because the physical networks that are connected t o the user PCs are different in each location. The IP layer is required to direct the data from the source PC to the destination PC. The routers (as will be seen later) are responsible for directin g the data based on information in the IP header. The TDM, ATM, POS, and Ethernet-based switches tra nsmit the IP datagrams between the routers. The routers inspect the IP header and transmit th e IP datagram to the next-hop router. IP provides a consistent service interface for the higher layer protocol to comm unicate across the different physical networks. The data from every Internet application is transmi tted across the network in an IP datagram regardless of the type of data or the nature of the applicatio n. The IP network provides a universal addressing plan and simple forwarding service for every app lication using the

network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 6 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 6 All rights reserved 2008 Alcatel-Lucent Layer 3 Routing in the Network Which path will data take from the source to the destination? Packet over SONET Point-to-Point Layer 3 IP Routed Network In this slide, the IP address of the source data is 138.120.54.98/24 and the IP address of the destination is 160.16.20.1/24. Because the destination is not on the same Layer 2 network as the source, the data will travel to the router that is attached directly to the Layer 2 switch using Layer 2 forwarding. The router (R1) must then decide which router, R2 or R3, is the best next hop to rea ch the destination. R1 then transmits the data to the next router using the Layer 2 technology that con nects them (POS in this example). For R1 to decide which direction is the best path to the destination, the router must have the appropriate information about the network. This information is exchanged using r outing protocols that run on all the routers involved. In this slide, routers R1 to R4 use the same ro uting protocol. Every router on the network builds a routing table using the routing protocols a nd the information that they receive from the other routers. When data arrives at the router, it uses th e routing table to determine the next hop to the destination. The routing table contains a list of network destinations with the next-hop address to be used to reach them. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 2 IP Addressing Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 8 All rights reserved 2008 Alcatel-Lucent IP Addressing Overview Internet Protocol Overview IPv4 Packet Header IPv4 Address IP Address Classes Unique IP Addressing IP Global Address Assignments IPv4 Addressing Types Alcatel-Lucent Confidential for internal use only -- Do No t Distribute Scalable IP Networks v2.01 Module 4 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 9 All rights reserved 2008 Alcatel-Lucent Internet Protocol Overview Most commonly used Layer 3 protocol Connectionless protocol Provides support for framing and packet prioritization Maximum packet length is 65 535 bytes Version 4 is current version The Internet Protocol (RFC 791) provides services that are roughly equivalent to

the OSI network layer. IP provides a datagram (connectionless) transport service across the network. Th is service is sometimes referred to as unreliable because the network does not guarantee delivery or not ify the end host system about packets lost due to errors or network congestion. IP datagrams contain a message or one fragment of a message, which may be up to 65 535 bytes (octets). IP does not provide a mechanism for flow control. This is handled by the transpo rt layer. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 10 All rights reserved 2008 Alcatel-Lucent IPv4 Packet Header Version IP version is currently 4 IHL IP header length. The number of 32-bit words that form the header. The value is usually five. TOS Type of Service is also known as the Differentiated Services Code Point (DSC P). The TOS byte can be used to specify Quality of Service parameters for the packet, but this is oft en not respected by the network. Total Length The combined length of the header and the data, in bytes Identification Together with the source address, this 16-bit number uniquely ide ntifies the packet. The number is used during the reassembly of fragmented datagrams. Flags Three bits used for the fragmentation of packets. The first bit is unused. The second indicates DF, or don t fragment, meaning that the packet must be discarded instead of frag mented. The third indicates MF, or more fragments, indicating that this is not the last fragment Fragment Offset A value that indicates which fragment of the original packet thi s corresponds to. This is used during the reassembly of fragmented datagrams. Time To Live Number of hops or links that the packet may be routed over, decreme nted by each router (used to prevent accidental routing loops) Protocol Identifier that indicates the type of transport packet being carried (f or example, 1 = ICMP, 2= IGMP, 6 = TCP, 17 = UDP) Header Checksum 1s complement checksum that is inserted by the sender and updated whenever the packet header is modified by a router. Used to detect errors introduced into the IP header. Packets with an invalid header checksum are discarded by all nodes in an IP network. Source IP Address IP address of the original sender of the packet Destination IP Address IP address of the final destination of the packet Options Not often used. However when the options are used, the IP header length is greater than five 32-bit words to indicate the size of the options field. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 11 All rights reserved 2008 Alcatel-Lucent IPv4 Address The unique L3 identifier of computers, routers, and other devices in an IP network The 32-bit address is expressed in dotted-decimal format, with

each octet separated by a period IP address example: 192.168.2.100 Binary equivalent: 11000000101010000000001001100100 Dotted-decimal notation divides the 32-bit IP address into four octets of 8 bits each. These octets specify the value of each field as a decimal number. The range of each octet is from 0 to 255. As stated earlier, the L3 address is unique to the device and, as such, is used to recognize the device on the Internet. This is analogous to the postal service. For you to receive mail t hat is meant for you and your family, you need a unique address. In Canada, the address is a combination of a postal code for a region, a street name, and a house number. For example, 123 Walden Drive, K2K 2S 6 is a unique address in Canada. Similarly, every device that needs access to the Internet needs a uni que L3 address. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 12 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 12 All rights reserved 2008 Alcatel-Lucent IP Address Components The first part of an IP address, which is known as the network number or network prefix, identifies the network that a host resides in. The second part of an IP address, which is known as the host number, identifies a host in the network. This creates a two-level hierarchy, as shown in this slide above. All hosts in a network share the same network number or prefix. However, the hos t numbers must be unique to each host. Conversely, hosts with different network prefixes may share the same host number. The size of the network/host portions vary, as described in the following slides . Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 13 All rights reserved 2008 Alcatel-Lucent IP Address Classes To provide some form of flexibility to support the implementation of various net work sizes, the IP address space was originally divided into classes: Class A, Class B, and Class C . When the IP address was developed, the concept of classes could not have envisioned the enormous growth of the Internet. Therefore, many of the addressing problems can be traced back to this early clas sification of the IP address space. This division of addresses is referred to as classful addressing because the add ress space is split into predefined sizes. As shown in this slide, each class defines the boundary betwee n the network and host at a different octet within the 32-bit address. Class A (1 to 126) A Class A network has an 8-bit network prefix and the highest -order bit is always set to 0. This allows up to 126 networks to be defined because, 2 of the networks are reserved. The 0.0.0.0 network is reserved for default routes. The 127.0.0.0 netw ork is reserved

for loopback functions. Class B (128 to 191) A Class B network has a 16-bit network prefix and the two h ighest-order bits are always set to binary 10. Up to 16 384 networks can be defined. Class C (192 to 223) A Class C network has a 24-bit network prefix and the three highest-order bits are always set to binary 110. Up to 2 097 152 networks can be defined. Class D (224 to 239) Class D is used for multicast addresses in applications suc h as OSPF. Class E (240 to 255) Class E is reserved. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 14 All rights reserved 2008 Alcatel-Lucent Unique IP Addressing Each node that uses the TCP/IP suite has a unique 32-bit logical IP address A routers function is to join different IP networks. In this slide, each router i s connected to two or three networks through two or three interfaces. Each interface is identified by a unique IP address. The interfaces in the same network belong to the same network prefix or network clas s. There are five networks in this slide: Class C networks - 192.168.0.0 and 192.10.0.0 Class B networks - 172.5.0.0 and 172.16.0.0 Class A network - 10.0.0.0 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 15 All rights reserved 2008 Alcatel-Lucent IP Global Address Assignments Global addressing is provided by the IANA Major organizations of the world have specific address assignments Address assignments are available in RFC 1466 at: http://www.iana.org/assignments/ipv4-address-space One of the Alcatel-Lucent IP address assignments is 138.120.0.0 The addresses assigned by the IANA are also referred to as public addresses In addition, the IANA reserves some addresses (referred to as private addresses) to be used in private networks Under the current IP addressing scheme (known as IPv4 and eventually to be repla ced by IPv6), the address space is divided into two types: public address space and private addres s space. Understanding the difference is important and useful for a network administrator, especially i f your organization is connected to the Internet. All of the IP addresses (public address space) that a re routable by using the Internet are managed by one of three RIRs. Each RIR is responsible for a geograp hic region. Note: This should not be confused with the InterNIC (http://www.internic.net) an d its designated registrars, such as Network Solutions, Inc. These organizations handle domain na me registration, not address registration. The IANA distributes IP addresses to the RIRs. Address space must be requested from IANA, which grants or denies. Alternatively

, you can request the address space from your ISP. The ISP then allocates the space from its allotted address space or makes the request on your behalf. This system of requests manages address space and provides a central authority t o prevent addressspace collisions. When you use a public address, you can send to and receive from all non-broken parts of the Internet. This means that all routers on the Internet can route your IP a ddress to you. Therefore, not all address space is portable. If you own your address space, you can authorize an ISP to route the address spa ce for you. However, there is a chance that when you change providers or locations, it will no longer be possible to route your IP address to the new location. It is important, therefore, to check before you travel and need to use your address space. The IANA has reserved the following three blocks of the IP address space for pri vate Internets (local networks): 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 IP addresses from 169.254.0.0 to 169.254.255.255 are reserved for automatic priv ate IP addressing. These IP addresses should not be used on the Internet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 16 All rights reserved 2008 Alcatel-Lucent IP Address Hierarchy Early IP address allocation gave no consideration to hierarchy Routing tables started growing exponentially as Internet usage increased Hierarchical allocation introduced in the early 1990s, by region and by service provider BGPv4 supports address summarization IPv6 addressing provides vastly improved addressing hierarchy Important for network and routing scalability Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 17 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 17 All rights reserved 2008 Alcatel-Lucent IP Global Address Assignments Address allocation is delegated by IANA to Regional Internet Registries (RIRs) ARIN for North America 96.0.0.0/6 204.0.0.0/6, 208.0.0.0/7 RIPE NCC for Europe and Middle East 77.0.0.0/8 through 95.0.0.0/8 APNIC for Asia and Pacific region 114.0.0.0/8 through 126.0.0.0/8 RIRs allocate address space to service providers Every attempt possible is made to maintain hierarchy in address allocation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 18

Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 18 All rights reserved 2008 Alcatel-Lucent Private IP Address Space Private IP address space allocated in RFC 1918 in 1996 Identifies blocks of addresses not to be routed on public Internet Networks using private addressing perform Network Address Translation (NAT) to support connectivity to public Internet Specific address ranges identified by RFC1918 10.0.0.0/8 172.16.0.0/12 (172.16.0.0 through 172.31.255.255) 192.168.0.0/16 Supports more efficient use of public IP address space Provides additional security to hosts on private network Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 19 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 19 All rights reserved 2008 Alcatel-Lucent IPv4 Addressing Types - Unicast Address A unicast address identifies a single specific device on an IP network Example: 139.120.200.25 Unicast addresses are the addresses that are used for most data exchanges on the Internet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 20 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 20 All rights reserved 2008 Alcatel-Lucent IPv4 Addressing Types - Broadcast Address Refers to all IP devices in the broadcast domain A packet sent to all hosts in a broadcast domain (such as Ethernet) is referred to as a broadcast packet. A broadcast IP address contains the network number and all 1s for the host address Example: A packet sent to the IP broadcast address 138.120.255.255 is delivered to all hosts in the 138.120.0.0 network A broadcast address is an address that is used to send traffic to all of the hos ts in a specific broadcast domain. Routers with interfaces in the broadcast domain receive the broadcast bu t do not propagate it. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 21 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 21 All rights reserved 2008 Alcatel-Lucent IPv4 Addressing Types Multicast Address Used to address a group of hosts Reserved addresses are used for multicast applications (224.0.0.0 to 239.255.255.255) Multicast addresses are reserved for group membership applications. Multicast te chnology is an efficient way to deliver data to a group of destinations that need to receive the same dat a. The group of destinations is characterized by an IP address in the multicast range of 239.0.0 .0 to 239.255.255.255 that defines membership in the specific group. An example is a broadcast TV serv ice. When a host wants to receive a specific channel, the host joins the multicast group for the channe l, which is identified by a

multicast address; for example, 239.1.1.1. Multicast routing protocols route the data from the source to the various hosts that have joined the multicast group. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 22 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 22 All rights reserved 2008 Alcatel-Lucent IPv4 Addressing Types Anycast Address A unicast address that does not uniquely identify a host Updates are sent to the nearest host or service No specific address ranges for anycast addresses An anycast address is created by assigning the same unicast address to two or mo re hosts. In theory, the hosts are functionally equivalent, and you want to route packets to the nearest host. This works well in applications such as distributed Web sites. With the aid of dynamic routing prot ocols, the packets can find the nearest host and, if the host is not available, traffic is routed to th e next nearest host. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 3 - IP Subnet Basics Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 24 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 24 All rights reserved 2008 Alcatel-Lucent IP Subnet Basics Overview Subnetting Subnet Masking Calculating Host Addresses Extended Network Prefix Subnet Address Plan Subnetworks and Routers Configuring Routers Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 25 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 25 All rights reserved 2008 Alcatel-Lucent Subnetting Introduces an additional level of hierarchy in addressing Without subnetting, there are only the network and host portions With subnetting, there are the network, subnetwork, and host portions Host space is now more efficiently used. For example, with one network address, 6 or more subnetworks can be created There are three main problems with classful addressing. Lack of Internal Address Flexibility Big organizations are assigned large, monol ithic blocks of addresses that do not match the structure of their underlying internal networks. Inefficient Use of Address Space The existence of only three block sizes (Classe s A, B, and C) leads to waste of limited IP address space. Proliferation of Router Table Entries As the Internet grows, more and more entri es are required for routers to handle the routing of IP datagrams, which causes perform ance problems for routers. Attempting to reduce inefficient address space allocation leads to even more router table entries. Subnetting resolves the problems associated with classful addressing by adding a

layer of hierarchy to the addressing structure. Instead of being a simple two-level hierarchy that def ines the network prefix and host number, the subnet introduces a third level that defines a subnet numbe r. The third level provides network administrators with the flexibility to manage t heir current network address in a way that best suits their needs by assigning a distinct subnet numb er for each of their internal networks. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 26 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 26 All rights reserved 2008 Alcatel-Lucent Subnet Mask Defined Q. How do you identify the subnet portion of a network? A. Use a subnet mask A subnet mask is a 32-bit number that accompanies an IP address The mask indicates the network and the subnet Boolean logic is performed to differentiate the subnet host In a subnet, the first and last IP addresses are reserved The first address identifies the subnetwork The last address is reserved as a broadcast address for the subnetwork The subnet mask was created so that it has a one (1) bit for each corresponding bit of the IP address that is part of its network ID or subnet ID, and a zero (0) bit for each bit of the IP address that corresponds to the host ID. Therefore, the mask informs TCP/IP devices as to whi ch bits in the IP address belong to the network ID and subnet ID, and which bits in the IP address are part of the host ID. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 27 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 27 All rights reserved 2008 Alcatel-Lucent Subnet Mask and IP Address IP Address Example: 192.168.2.132 (Class C or /24 ) What is the network and what is the subnet? Assuming a subnet mask of 255.255.255.128 (32-bit value). What is the subnet for this address? Rewrite the IP address and subnet mask as binary, and apply Boolean logic: IP address 11000000.10101000.00000010.10000100 LOGICAL AND Subnet mask 11111111.11111111.11111111.10000000 equals Subnetwork 11000000.10101000.00000010.10000000 192.168.2.128 Network Class C 192.168.2.0 Subnetwork 192.168.2.128 Host range 192.168.2.129 to 192.168.2.254 The subnet mask of 255.255.255.128 has been chosen and is applied to the IP addr ess of 192.168.2.132, which is a Class C address. This subnet mask splits the Class C network of 192.1 68.2.0 into two subnetworks. Each subnetwork has 126 hosts. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 28 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 28 All rights reserved 2008 Alcatel-Lucent

Subnet Mask and IP Address (continued) IP Address Example: 192.168.2.132 with mask 255.255.255.128 applied What are the network and host ranges? 192.168.2.132 11000000.10101000.00000010.10000100 & 255.255.255.128 11111111.11111111.11111111.10000000 192.168.2.128 192.168.2.128 (Network) 192.168.2.129 (1st Host) 192.168.2.130 (2nd Host) . 192.168.2.254 (Last Host) 192.168.2.255 (Broadcast) 11000000.10101000.00000010.1 0000000 25 bits Host bits Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 29 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 29 All rights reserved 2008 Alcatel-Lucent Subnet Masks An IP address is always associated with a subnet mask, for example: IP address 192.168.2.132 with a subnet mask of 255.255.255.128 IP address 192.168.2.132 with a subnet mask of 255.255.255.0 Another denotation for subnet masking uses /x, where x represents the number of 1s in the subnet mask, for example: 255.255.255.0 can be referred to as /24, as in 24 1s 255.255.255.128 can be referred to as /25, as in 25 1s IP address 192.168.2.132/24 implies a subnet mask of 255.255.255.0 All possible subnet masks are as follows: 128.0.0.0 /1 255.255.128.0 /17 192.0.0.0 /2 255.255.192.0 /18 224.0.0.0 /3 255.255.224.0 /19 240.0.0.0 /4 255.255.240.0 /20 248.0.0.0 /5 255.255.248.0 /21 252.0.0.0 /6 255.255.252.0 /22 254.0.0.0 /7 255.255.254.0 /23 255.0.0.0 /8 255.255.255.0 /24 255.128.0.0 /9 255.255.255.128 /25 255.192.0.0 /10 255.255.255.192 /26 255.224.0.0 /11 255.255.255.224 /27 255.240.0.0 /12 255.255.255.240 /28 255.248.0.0 /13 255.255.255.248 /29 255.252.0.0 /14 255.255.255.252 /30 255.254.0.0 /15 255.255.255.254 /31 255.255.0.0 /16 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 30 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 30 All rights reserved 2008 Alcatel-Lucent Subnet Example For a network 192.168.1.0 and subnet mask /27, what are the possible subnets and hosts? What is the difference between 192.168.1.0/24 and 192.168.1.0/27? Subnet 0 192.168.1.0/27 11000000.10101000.00000001.00000000 Subnet 1 192.168.1.32/27 11000000.10101000.00000001.00100000

Subnet 2 192.168.1.64/27 11000000.10101000.00000001.01000000 Subnet 3 192.168.1.96/27 11000000.10101000.00000001.01100000 Subnet 4 192.168.1.128/27 11000000.10101000.00000001.10000000 Subnet 5 192.168.1.160/27 11000000.10101000.00000001.10100000 Subnet 6 192.168.1.192/27 11000000.10101000.00000001.11000000 Subnet 7 192.168.1.224/27 11000000.10101000.00000001.11100000 27 bits The subnet address 192.168.1.0/27 defines the subnet where all the addresses sta rt with the same 27 bits. This means that there are 5 bits remaining to define the host addresses fo r the subnet. These 5 bits can range from 00000 to 11111 or from 0 to 31. Therefore, the subnet address 192 .168.1.0/27 defines the range of addresses from 192.168.1.0 to 192.168.1.31. The address with all 0s in the host portion is the subnet address (192.168.1.0). The address with all 1s in the host portion is the broadcast address for the subnet (192.168.1.31). The subnet address 192.168.1.0/24 defines the subnet where all the addresses sta rt with the same 24 bits. This means that there are 8 bits remaining to define the host addresses fo r the subnet. These 8 bits can range from 00000000 to 11111111 or from 0 to 255. Therefore the subnet addre ss 192.168.1.0/24 defines the range of addresses from 192.168.1.0 to 192.168.1.255. The address wi th all 0s in the host portion is the subnet address (192.168.1.0). The address with all 1s in the host portion is the broadcast address for the subnet (192.168.1.255). Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 31 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 31 All rights reserved 2008 Alcatel-Lucent Calculating Host Addresses Host address 0 192.168.1.0/27 11000000.10101000.00000001.00000000 Host address 1 192.168.1.1/27 11000000.10101000.00000001.00000001 Host address 2 192.168.1.2/27 11000000.10101000.00000001.00000010 . Host address 29 192.168.1.29/27 11000000.10101000.00000001.00011101 Host address 30 192.168.1.30/27 11000000.10101000.00000001.00011110 Host address 31 192.168.1.31/27 11000000.10101000.00000001.00011111 All 0 host All 1 host Example: Find all hosts in subnet address 192.168.1.96/27 Total number of hosts 30 First host 192.168.1.96+1/27 192.168.1.97/27 Tenth host 192.168.1.96+10/27 192.168.1.106/27 Last host 192.168.1.96+30/27 192.168.1.126/27 Broadcast address 192.168.1.96+31/27 192.168.1.127/27 The assigned host address field of a subnet cannot contain all 0s or all 1s. The host number of all 0s is reserved for the network address; the host number of all 1s is reserved for the broadcast address for the network or subnet. In this slide, Five bits are used for the host address field. Using the formula of 2^5 -2 = 32 -2 = 30, there are 30 assignable host addresses in this subnet. This means that each of the subnets that were created can support up to 30 hosts

. To define the host address for the tenth host in the subnet, you arrange the hos t bits in the bit pattern that represents 10 or 01010. This results in a host address of 192.168.1 .10/27. If one of the other subnets is used, (for example, 192.168.1.96/27), defining th e host address is a little more difficult. However, the concept is the same. For a subnet address of 192.168.1.96/27 to define the tenth host address, you ar range the host bits in the bit pattern that represents 10 or 01010. This value is then added to the network address of 192.168.1.96/27 to give the host address of 192.168.1.106/27. To define the broadcast address for this network, the host bits should be all se t to 1 or 11111. This is the binary representation of 31, so 31 is added to the network address o f 192.168.1.96, which gives a broadcast address of 192.168.1.127/27 for the subnet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 32 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 32 All rights reserved 2008 Alcatel-Lucent Subnet Address Plan 1. How many subnets are required now? 2. How many subnets will be required in the future? 3. How many hosts are in the largest subnet? 4. How many hosts will be in the subnet in the future? An addressing plan requires careful planning and consideration for future requir ements. The network administrator cannot just look at the existing infrastructure in the assignment of addresses but must take into account the future growth of hosts of all the subnets, and the future growth in the number of subnets that will be required. To create a subnet address plan, the administrator must perform the following st eps: 1. Define the number of subnets that are required. In this slide, there is a requirement for nine subnets; 8 or 2^3 subnets would n ot meet the requirement. 2. To meet the requirement for nine subnets, plan for 16 or 2^4 subnets. This no w leaves room for future expansion. 3. Ensure that there is enough host space available to meet the requirements of the largest subnet. If the largest subnet requires 35 hosts, a 2^6- or 64-host space must be used. T his size also leaves room for expansion. 4. After the design is completed, ensure that the organizations allocated IP addr ess space is sufficient to meet current and future needs. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 33 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 33 All rights reserved 2008

Alcatel-Lucent Subnet Address Plan - Example 1. Subnet 2, the largest subnet, requires 20 host addresses 2. Network IP address is 192.168.1.0/24 The administrator must identify the bits required to provide the six required su bnets. Because the address is a binary address, the boundaries for the subnets are based on the pow er of 2. In this slide, the administrator requires 3 bits of the existing host address to provide the necessary subnets: 2^3 = 8 available subnets. This gives the subnets an extended prefix of 27 bits. The 4-octet subnet mask appears as 255.255.255.224. This leaves 5 bits of the last octet for host addresses. The calculation for usable or assignable host addresses is 2^n 2, or in this cas e 2^5 2. Two host addresses must be subtracted from the total because the host address 00 000 (all 0s) is reserved for the network address and the host address of 11111 (all 1s) is reser ved for the broadcast address of the subnet. The base address is 192.168.1.0/24. With the subnet extended prefix defined, the administrator has the following subnets, with each subnet supporting 30 hosts: 192.168.1.0/27 192.168.1.32/27 192.168.1.64/27 192.168.1.96/27 192.168.1.128/27 192.168.1.160/27 192.168.1.192/27 192.168.1.224/27 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 34 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 34 All rights reserved 2008 Alcatel-Lucent Subnetworks and Routers How are IP networks associated with routers ? Routers separate broadcast domains Every physical and logical interface on the router can belong to a network An IP address in the broadcast domain is assigned to an interface One interface per sub-network only (192.168.10.0/30) 192.168.10.1 (172.16.32.0/20) 172.16.32.1 1.1.1.1 (1.1.1.1/32) (1/1/1) (1/2/1) Loopback A router interface is a logical entity that is created in order to assign local networks in the router. The router interface is commonly referred to as a Layer 3 interface or L3 interface. The interface is always assigned an IP address. The IP address is applied along with the subnet mask. Although the interface is a logical entity, the interface can be associated with a physical port. This is

typically done to physically connect the router to another router, switch, hub, or host. The other device that is attached to the router must also be configured with an IP address in the same network as the IP address that is assigned to the router interface. An interface that is not associated with a physical port can be associated with a loopback interface and is logical. The physical and loopback interfaces are considered internal to the router and represent networks within the router. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 35 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 35 All rights reserved 2008 Alcatel-Lucent General Router Interface Configuration To configure a network interface, use the following command Address must be a host address on the subnet Context: config>router Syntax: interface ip-int-name address ip-addr{/mask-length | mask} [broadcast {allones | host-ones}] port [port-id | ccag-group] Example: config>router> interface to-ALA-2 config>router>if# address 10.10.24.4/24 config>router>if# port 8/1/1 config>router>if# description to port 6/1/1 on ALA-2 Context: config>router Syntax: interface ip-int-name address ip-addr{/mask-length | mask} [broadcast {allones | host-ones}] port [port-id | ccag-group] Example: config>router> interface to-ALA-2 config>router>if# address 10.10.24.4/24 config>router>if# port 8/1/1 config>router>if# description to port 6/1/1 on ALA-2 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 36 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 36 All rights reserved 2008 Alcatel-Lucent Adding Interfaces to Routers A:ASIN# configure router interface system A:ASIN>config>router>if# address 10.10.10.10/32 A:ASIN>config>router>if# back A:ASIN>config>router# interface toRouterB A:ASIN>config>router>if$ address 192.168.10.18/31 A:ASIN>config>router>if$ port 1/1/1 A:ASIN>config>router>if$ back A:ASIN>config>router# interface toLAN A:ASIN>config>router>if$ address 172.17.10.1/24 A:ASIN>config>router>if$ port 1/1/2 A:ASIN>config>router>if$ back A:ASIN>config>router# interface loopback1 A:ASIN>config>router>if# address 172.25.0.1/24 A:ASIN>config>router>if# loopback A:ASIN>config>router>if# exit A:ASIN# configure router interface system A:ASIN>config>router>if# address 10.10.10.10/32 A:ASIN>config>router>if# back A:ASIN>config>router# interface toRouterB A:ASIN>config>router>if$ address 192.168.10.18/31 A:ASIN>config>router>if$ port 1/1/1 A:ASIN>config>router>if$ back

A:ASIN>config>router# interface toLAN A:ASIN>config>router>if$ address 172.17.10.1/24 A:ASIN>config>router>if$ port 1/1/2 A:ASIN>config>router>if$ back A:ASIN>config>router# interface loopback1 A:ASIN>config>router>if# address 172.25.0.1/24 A:ASIN>config>router>if# loopback A:ASIN>config>router>if# exit 172.17.10.1/24 Router A has two physical interfaces: one is connected to the LAN and one is con nected to router B. Router A also has two logical interfaces the system address and the loopback add ress, both of which are internal to Router A. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 37 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 37 All rights reserved 2008 Alcatel-Lucent Verifying Added Interfaces A:ASIN# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Adm Opr(v4/v6) Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------loopback1 Up Up/-- Network loopback 172.25.0.1/24 n/a system Up Up/-- Network system 10.10.10.10/32 n/a toLAN Up Up/-- Network 1/1/2 172.17.10.1/24 n/a toRouterB Up Up/-- Network 1/1/1 192.168.10.18/31 n/a ------------------------------------------------------------------------------Interfaces : 4 =============================================================================== A:ASIN# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Adm Opr(v4/v6) Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------loopback1 Up Up/-- Network loopback 172.25.0.1/24 n/a system Up Up/-- Network system 10.10.10.10/32 n/a toLAN Up Up/-- Network 1/1/2 172.17.10.1/24 n/a toRouterB Up Up/-- Network 1/1/1 192.168.10.18/31 n/a ------------------------------------------------------------------------------Interfaces : 4 =============================================================================== Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 38 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 38 All rights reserved 2008 Alcatel-Lucent Special Subnet Masks

/31 subnet mask (RFC 3021) No broadcast or network address; only two host addresses Ideal for point-to-point links For example: 192.168.10.18/31, 192.168.10.19/31 /32 subnet mask No broadcast or network address; only one host address that represents the network Loopback addresses and system address For example: 192.168.10.20/32 /31 subnet mask Using the example of 192.168.10.18/31 in the classical sense decodes to a subnet mask of 255.255.255.254 with a network address of 192.168.10.18 and a broadcast address of 192.168.10.19. Because no addresses are reserved for host spaces, the devices need to be able t o handle the addresses as two host addresses. /32 subnet mask There is only one address which is reserved for loopback addresses and the syste m address. The system address is a special loopback address that serves as a router ID for routing protocols such as OSPF and BGP. Loopback addresses are internal logical addresses that are not associated with p hysical interfaces. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 39 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 39 All rights reserved 2008 Alcatel-Lucent Loopback and System Address Loopback address virtual address on the router does not correspond to any specific interface May have any prefix value (/32, /24, /18, etc.) System address Special loopback address on the Alcatel-Lucent 7750 SR Used as an address to the reach the router itself As a loopback address, system address is not associated with any specific interface system interface is defined by default, but does not have an address assigned to it Always has a /32 prefix value The system address is a special loopback address that serves as a router ID for routing protocols such as OSPF and BGP. It is also acts as an address for the router itself. The system ad dress can be reached through any active interface on the router. Loopback addresses are internal logical addresses that are not associated with p hysical interfaces. Note that only the system address is a /32 address and that the loopback addresses can be associated with any subnet mask range. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 4 IP Subnet Applications Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 41 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 41 All rights reserved 2008

Alcatel-Lucent IP Subnet Applications Overview Application of IP Subnets Limited number of hosts Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 42 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 42 All rights reserved 2008 Alcatel-Lucent Application of IP Subnets For a network of 192.168.10.0/24, generate subnetworks to address each network In this scenario, there are five networks (3 broadcast networks and 2 point-to-point link networks). Therefore, subnets can be generated with a /27 mask as listed in the table 192.168.10.96/27 192.168.10.224/27 192.168.10.64/27 192.168.10.192/27 192.168.10.32/27 192.168.10.160/27 192.168.10.0/27 192.168.10.128/27 In this slide, all of the networks have a /27 network mask. This means there are 30 hosts and 2 addresses reserved for the network and broadcast networks. Five of these network s can be assigned to each of the router interfaces. However, the connection between the routers and t he connection between the router and the Internet only require two host addresses for their re spective interfaces. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 43 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 43 All rights reserved 2008 Alcatel-Lucent Limited Number of Hosts The following subnetworks have been assigned randomly: 192.168.10.0/27 192.168.10.32/27 192.168.10.64/27 192.168.10.96/27 192.168.10.128/27 Each subnet supports 30 hosts The point-to-point link between the routers requires only two host addresses The broadcast networks attached to the switch may require 60 hosts each but are limited to 30 hosts How is the problem of limited hosts resolved? Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 44 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 44 All rights reserved 2008 Alcatel-Lucent VLSM VLSM resolves the problem of limited hosts Assign different subnet masks to the network (for example, use /26 for 192.168.10.0/24). The following subnets are generated: 192.168.10.0/26 192.168.10.64/26 192.168.10.128/26 192.168.10.192/26 (each subnet has 62 hosts) The number of hosts is not enough to represent five networks, but apply /30 to the subnet 192.168.10.192/26 192.168.10.192/26 can then be divided into: 192.168.10.192/30,192.168.10.196/30. 192.168.10.252/30 192.168.252/30 can 192.168.10.252/31, 192.168.10.253/31, 192.168.10.253/31,

192.168.254/31 Any one of the above addresses (/31) can be used to represent point-topoint links between the routers When you develop a subnet design, the network administrator must consider the sa me issues as the traditional subnet design. At each level, the administrator must ensure that the re are enough bits available for expansion. If the networks are spread over a number of different sites, the administrator m ust ensure that enough bits are used to support the sites and any future sites that may be deployed. In addition, the administrator must envision how each site may further subdivide the network to s upport the subnetworks in each site. Development of this hierarchical addressing scheme requires careful consideratio n and planning. The network must recursively work its way down so that each level has enough space i n the host address to support each requirement. This hierarchical addressing scheme is sometimes refer red to as variable length subnet masking (VLSM). If this hierarchical scheme is planned correctly before deployment, the multiple networks can then be aggregated into a single address that will help to reduce the number of routing entries in the backbone routers. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 45 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 45 All rights reserved 2008 Alcatel-Lucent Supporting VLSM Using subnet masks of different lengths introduces a new set of challenges. For example, how do the different subnets and their various extended prefixes ge t advertised throughout the network? This requires the use of more modern routing protocols. The routing protocol use d must be able to: Carry the extended prefixes with each subnet advertised Make forwarding decisions based on the longest match Perform summarization to support route aggregation Modern routing protocols such as OSPF, IS-IS, and RIPv2 carry the subnet mask in the routing update and therefore, support VLSM. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 46 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 46 All rights reserved 2008 Alcatel-Lucent VLSM - Example 1 In this example, the service provider is allocated an IP address of 172.16.0.0/16 The organization requires five subnets; each subnet needs at least 2000 hosts In a typical Class B network, there is only one network with 65 534 hosts. This network is represented by the last 16 bits. We need five networks. To obtain the required networks, we can use some of the default Class B host bits. Three options are available:

Option 1: Use 2 bits out of 16 for 2^2 = 4 networks and 2^14 = 16 384 hosts. Option 2: Use 3 bits out of 16 for 2^3 = 8 networks and 2^13 = 8192 hosts. Option 3: Use 4 bits out of 16 for 2^4 = 16 networks and 2^12 = 4096 hosts. Option 2 or 3 can be used but, because only five networks are required, option 2 is the best choice. However, if the network is expected to grow with no more than 4000 hosts in any subnet, option 3 may be a better option because the network has been designed for 16 subnets. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 47 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 47 All rights reserved 2008 Alcatel-Lucent VLSM - Example 2 The service provider has the IP address 172.16.0.0/16 and a subnet 172.16.64.0/19, which must be further subnetted into 6 subnets that support different numbers of hosts In this slide, subnet 172.16.64.0/19 has been isolated and will be further subdi vided to support the six subnets that are located in the local campus. The total number of hosts that are supported in the /19 network is 8190. This can be further subdivided into more subnetworks, each with a smaller number of hosts. If the requirement is to have six unequal subnets, one option is as follows: 172.16.64.0/20 2^12 2 = 4094 172.16.80.0/21 2^11 2 = 2046 172.16.88.0/22 2^10 2 = 1022 172.16.92.0/23 2^9 2 = 510 172.16.94.0/24 2^8 2 = 254 172.16.95.0/24 2^8 2 = 254 Note that the sum of all valid hosts is 8180. This is because by dividing furthe r, two addresses are reserved for the subnetwork number and broadcast number. The use of VLSM allows flexibility in the design of networks. Not all subnetworks or networks require the same number of h osts. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 48 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 48 All rights reserved 2008 Alcatel-Lucent IP Subnets using VLSM - Exercise 1 The base network address is 138.120.0.0/16 Divide the address space into the subnets as shown in the figure In this slide, the administrator is tasked with taking the base network address and subnetting it to support three subnets: Subnet 1, Subnet 2, Subnet 3. Then, the subnet 2 address must be further subdivided to support four subnets: S ubnet 2a, Subnet 2b, Subnet 2c, Subnet 2d. The administrator must then define the first, last, and br oadcast addresses for the second sub-subnet. Subnet 1 network address ______________________ Subnet 2 network address ______________________ Subnet 3 network address ______________________ Subnet 2a network address ______________________ Subnet 2b network address ______________________ Subnet 2c network address ______________________ Subnet 2d network address ______________________ Subnet 2b First host address ___________________

Last host address ___________________ Broadcast address __________________ Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 49 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 49 All rights reserved 2008 Alcatel-Lucent Using 10.10.10.0/24 as the base address, provide the IP subnet addresses IP Subnets using VLSM - Exercise 2 In this slide, the administrator is tasked with taking the base network address and subnetting it to support six subnets, ensuring that each subnet will support its host requirement s. The next task for the administrator is to take one of the subnets and further su bdivide it to support the point-to-point links that join the subnet routers to the main router. Given the IP address, use VLSMs to extend the use of the address. Provide a poss ible address for each of the following: HQ A ________________________ HQ B ________________________ HQ C ________________________ HQ D ________________________ HQ E ________________________ HQ F ________________________ Router A LAN ________________________ Router B LAN ________________________ Router C LAN ________________________ Router D LAN ________________________ Router E LAN ________________________ Router F LAN ________________________ Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 5 Route Aggregation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 51 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 51 All rights reserved 2008 Alcatel-Lucent Route Aggregation Overview Classless interdomain routing Route aggregation Use cases Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 52 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 52 All rights reserved 2008 Alcatel-Lucent Classless Interdomain Routing With the rapid expansion of the Internet, IPv4 addresses were quickly becoming d epleted and the sizes of routing tables were expanding exponentially. The response to these problems w as the development and adaptation of Classless Interdomain Routing (CIDR). CIDR eliminated the concept of address classes and replaced it with the concept of network prefixes. Rather than the first 3 bits defining the network mask, the network prefix now d efines the network mask. This prefix mask is a method of defining the leftmost contiguous bits in t he network portion of the routing table entry.

By eliminating the concept of address classes, CIDR provided a more efficient al location of the IP address space. In addition, CIDR supports the concept of route aggregation, whic h allows a single route entry to represent multiple networks. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 53 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 53 All rights reserved 2008 Alcatel-Lucent Routing Table 10.15.24.0/24 10.15.25.0/24 10.15.26.0/24 10.15.27.0/24 10.15.28.0/24 10.15.29.0/24 10.15.30.0/24 10.15.31.0/24 10.15.24.0/24 00001010 . 00001111 . 00011 000 . 00000000 10.15.25.0/24 00001010 . 00001111 . 00011 001 . 00000000 10.15.26.0/24 00001010 . 00001111 . 00011 010 . 00000000 10.15.27.0/24 00001010 . 00001111 . 00011 011 . 00000000 10.15.28.0/24 00001010 . 00001111 . 00011 100 . 00000000 10.15.29.0/24 00001010 . 00001111 . 00011 101 . 00000000 10.15.30.0/24 00001010 . 00001111 . 00011 110 . 00000000 10.15.31.0/24 00001010 . 00001111 . 00011 111 . 00000000 Network Line (/24) Common Line (/21) All possible combinations are contained within the network line and the common line Common bit pattern Route Aggregation Routing Table 10.15.24.0/21 As was discussed with VLSM in section 4 of this module, address planning is extr emely important when subnets are first deployed. The subnets should be deployed so that they support the concept of summarization and so that, when summarization is applied, all subnets can be rep resented by as few entries as possible in the routing table. In this slide, Router A supports eight subnets with a /24 prefix. Rather than ad vertising all eight subnets, the administrator decided to implement route summarization. To see what network address or addresses will be advertised from Router A to Router B, the administrator decide d to calculate what the new network prefix or prefixes should be. To implement route summarization: Define the octet that will be manipulated by the summarization. In this case, it is the third octet. Identify the original network prefix (/24). Look to the left of the prefix line and identify the area where all of the addre sses have the same bit pattern. Draw a line down that portion.

Look between these two lines and ensure that all possible bit patterns are conta ined between the two lines. If this is the case, you can then summarize those bit patterns in to (in this slide) a /21 mask. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 54 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 54 All rights reserved 2008 Alcatel-Lucent Route Aggregation - Exercise For the information on this slide, what summarized route or routes will be advertised to Router 2 from Router 1? In this slide, the administrator is going to be using route summarization on Rou ter 1. What route or routes will be advertised to Router 2? Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 55 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 55 All rights reserved 2008 Alcatel-Lucent CIDR and VLSM When you first look at CIDR and VLSM, they seem to both provide the same functio n and they are very similar. The difference between the two is how they appear to the Internet. For both CIDR and VLSM: The routing protocol must carry network-prefix information with each advertised route. All routers must support the longest-match forwarding algorithm. Addresses must be allocated to support route aggregation. The difference is how the manipulation of the address space appears to the Inter net. VLSM address manipulation is performed on the address that is assigned to an org anization and is invisible to the Internet. CIDR manipulates addresses, and these manipulations are advertised to the Intern et. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 56 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 56 All rights reserved 2008 Alcatel-Lucent Use Case 1 - An Enterprise Leases Addressing from ISP In this slide, an Enterprise in its main location leases its IP addressing from an ISP. The ISP grants the enterprise ownership to its 100.1.1.0/23 block of addresses a nd the Enterprise divides its address block into many /27 subnetwork blocks. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 57 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 57 All rights reserved 2008 Alcatel-Lucent LAB 2.1-2.2 IP Addressing See the Alcatel-Lucent IP Scalable Networks Lab Guide Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 6 - IPv4 Forwarding Process Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 59 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 59 All rights reserved 2008

Alcatel-Lucent IPv4 Forwarding Process Involves moving IP packets from one interface to another interface Requires a forwarding table Forwarding and routing are often used interchangeably, however, there are differ ences between the two terms. Forwarding refers to the process of moving transit packets from one interface to another interface. The forwarding process includes accessing the forwarding table, making the forwardin g decision, and sending the packet out of an interface. For a typical router to forward packet, the router must be able to build routing tables by using routing protocols. The 7750 SR creates a routing table in the CPM card and then loads th e routing table into a forwarding table on each IOM card. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 60 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 60 All rights reserved 2008 Alcatel-Lucent IP Forwarding Table A:P1# show router fib 1 =============================================================================== FIB Display =============================================================================== Prefix Protocol NextHop ------------------------------------------------------------------------------10.10.10.1/32 LOCAL 10.10.10.1 (system) 10.10.10.2/32 OSPF 10.12.0.2 (toP2) 10.10.10.3/32 OSPF 10.13.0.2 (toP3) 10.12.0.0/24 LOCAL 10.12.0.0 (toP2) 10.13.0.0/24 LOCAL 10.13.0.0 (toP3) 10.23.0.0/24 OSPF 10.13.0.2 (toP3) 10.34.0.0/24 OSPF 10.13.0.2 (toP3) 192.168.1.0/24 LOCAL 192.168.1.0 (toPE1) ------------------------------------------------------------------------------Total Entries : 8 ------------------------------------------------------------------------------A:P1# show router fib 1 =============================================================================== FIB Display =============================================================================== Prefix Protocol NextHop ------------------------------------------------------------------------------10.10.10.1/32 LOCAL 10.10.10.1 (system) 10.10.10.2/32 OSPF 10.12.0.2 (toP2)

10.10.10.3/32 OSPF 10.13.0.2 (toP3) 10.12.0.0/24 LOCAL 10.12.0.0 (toP2) 10.13.0.0/24 LOCAL 10.13.0.0 (toP3) 10.23.0.0/24 OSPF 10.13.0.2 (toP3) 10.34.0.0/24 OSPF 10.13.0.2 (toP3) 192.168.1.0/24 LOCAL 192.168.1.0 (toPE1) ------------------------------------------------------------------------------Total Entries : 8 ------------------------------------------------------------------------------This slide shows the output of the forwarding table on line card 1 of the 7750 S R-7. When a packet enters the router by way of the line card, the packet destination IP address is compared with the contents in the forwarding table. If there is a match (longest match) with a pre fix in the forwarding table, the packet is switched to the interface shown above as the next hop. For example, if the incoming packet has a destination IP address of 10.12.0.12, the destination IP address matches the prefix 10.12.0.0/24 because 24 bits are compared. The packet will be switched to the toP2 interface and sent out from the toP2 interface. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 61 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 61 All rights reserved 2008 Alcatel-Lucent Packet Forwarding in Detail Packet forwarding includes the following key actions: 1. Data link layer frame validation: basic frame length and FCS verification, as well as the frame sanity checks When a router receives a frame from a LAN, the first step is to read the destina tion MAC address to ensure that the router is the intended recipient of the frame. The next step, as suming that the router is the intended recipient of the frame, is to check the FCS to see whethe r there are any errors related to the frame. If there are errors, the router discards the frame at this point. 2. Network-layer protocol demultiplexing: determination of the upper protocol th at needs to receive encapsulated data This step is performed after the L2 information is removed so that the payload, is handed to the correct upper layer. 3. IP packet validation: basic IP header verification A check is performed to determine whether this is an IP packet. The version and ToS fields are examined and removed. The TTL field should be greater than 1; if the TTL = 1, th e packet is discarded because this packets TTL is finished. 4. Forwarding decision: forwarding table lookup Check the forwarding table. If there is a match between the destination IP addre ss in the packet and one of the prefixes (every entry is checked), the egress interface is chosen.

5. Data link frame construction: packet encapsulation The IP packet is now encapsulated in the L2 frame that corresponds to the egress interface. If the interface is Ethernet, new source and destination MAC addresses are added includ ing the type field, and a new FCS is generated. The packet is sent to the physical layer for transpo rt. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 7 - IP in Home and Small Businesses Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 63 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 63 All rights reserved 2008 Alcatel-Lucent IP in Home and Small Business - Overview Use of IP in Home and Small Businesses Default Gateway Home Network Evolution Address Translation Address Assignment DHCP Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 64 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 64 All rights reserved 2008 Alcatel-Lucent Use of IP for Home and Business Protocol of choice for routing over the Internet Used extensively in service provider and carrier core networks Commonly used in the enterprise space Gaining popularity in the home network Has evolved from only Internet access to providing various services to the home and business/enterprise Used to deliver phone, television, and other multimedia services Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 65 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 65 All rights reserved 2008 Alcatel-Lucent Default Gateway Access to the Internet or any general network router H:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : bell.ca IP Address. . . . . . . . . . . . : 70.120.132.235 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 70.120.128.1 H:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : bell.ca IP Address. . . . . . . . . . . . : 70.120.132.235 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 70.120.128.1 H:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : bell.ca IP Address. . . . . . . . . . . . : 70.120.132.236 Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 70.120.128.1 H:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : bell.ca IP Address. . . . . . . . . . . . : 70.120.132.236 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 70.120.128.1 This slide shows a very simple home network. There are two home PCs that are connected to an L2 switch. The switch is then co nnected to a router, which is located in the service provider boundary. The demarcation point is the router interface towards the L2 hub. The L2 hub is owned by the home user. In order to communicate to the Internet, each of the PCs need a unique routable IP address. For traffic from the PCs to the general Internet, a designated router address is provided, w hich is the default gateway. The IP address is the address of the interface on the ISP router that f aces the home network. Since the home PCs are on the same network, they can communicate with each other without accessing the Internet. For the home PC to access the eBay site, the IP packet composed will contain the source address of the PC, and the destination address of eBay (76.67.217.148). The PC does not know wh ere the server for eBay exists and the packet is directed to the default gateway, which knows where to forward the packet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 66 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 66 All rights reserved 2008 Alcatel-Lucent Home Network Evolution Home networks today use IP routing in the home environment Require a home-based router and Address Translation Modern home networks, such as the one shown in this slide, support multiple serv ices. These services can be delivered on a one technology by a one provider or by multiple service pr oviders. Home networks have evolved from a PC that is connected to a modem or a switch to multiple PCs, home televisions, digital phones all connected via one L2 technology to a home router that is mana ged at the home and not the service provider. The router on one side connects to the home network an d on the other side connects to the service provider access devices. In this case, the demarcation p oint is the modem. All the services (in this single provider multiple services scenario) are sent t o the modem via DSL or cable. Every device in the home in the scenario requires an IP address in order to conn ect to the Internet. There are several disadvantages: It is not financially viable to have a unique public IP routed address. Also, th is is not scalable. For the traffic to be received by each device, the ISP needs to monitor every ho

me device for a single access point. The ISP is typically not interested in maintaining multiple IP addresses for the average home user. The best scalable solution for now is a home-managed router, which assigns priva te IP addresses to each of the home devices and has a public IP address that represents the home to the ISP. This is possible by using Network Address Translation or Port Address Translation. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 67 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 67 All rights reserved 2008 Alcatel-Lucent Network Address Translation One-to-one address translation Does not monitor transport layer port numbers NAT Table Public pool: 192.1.1.1 192.1.1.254 /24 Internal <> External 10.1.1.1 <> 192.1.1.2 10.1.1.2 <> 192.1.1.3 10.1.1.3 <> 192.1.1.4 NAT Table Public pool: 192.1.1.1 192.1.1.254 /24 Internal <> External 10.1.1.1 <> 192.1.1.2 10.1.1.2 <> 192.1.1.3 10.1.1.3 <> 192.1.1.4 NAT is defined in RFCs 2663 and 3022. It is important to note that the 7750 SR does not currently support Network addr ess translation (NAT) or Port address translation (PAT). This feature is generally found in enterprise ro uters, and the 7750 SR is not an enterprise router. The 7750 SR is not generally placed at that level of a network. There are currently no plans for the 7750 SR to support NAT or PAT. However, NAT and PAT generally appear in the network infrastructure, and, theref ore, network experts should have a generic understanding of their purpose. NAT and PAT were created to alleviate the stresses of IP address allocation. Wor king closely with the private IP address ranges, NAT and PAT allow for private IP addresses to be tran slated into public IP addresses. This translation can be in one of two forms. The first form of translation is one-to-one translation, also known as NAT. One pr ivate IP address is translated to one public IP address. In this form, the transport-layer port numb ers are not monitored or modified. This allows all applications to function normally without any change t o the upper layers. The disadvantage of this form of translation is that there must be a pool of availab le IP addresses to support all the private IP-addressed clients. If all of the IP addresses in the pool are in use and there is a new NAT requirement, it will fail because there is no available IP address in the po ol of public IP addresses. In this example of NAT, the range of public IP addresses is from 192.1.1.2 to 19

2.1.1.254. Each client that sends traffic through the router is mapped to one IP address in the pool. I f 253 clients are actively sending traffic through the router and if the 254th client tries to send traffic out the router, the request will time out because there are no available public IP addresses to use for NAT. Although this limits the number of clients that can simultaneously use this NAT router, it does not limit the types of applications that each client can use. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 68 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 68 All rights reserved 2008 Alcatel-Lucent Port Address Translation Many-to-one address translation Monitors transport layer port numbers PAT Table Public pool: 192.1.1.5/32 (Int. 1/1/1) Internal <> External 10.1.1.1:1101 <> 192.1.1.5:2203 10.1.1.2:1212 <> 192.1.1.5:2204 10.1.1.3:1212 <> 192.1.1.5:2205 PAT Table Public pool: 192.1.1.5/32 (Int. 1/1/1) Internal <> External 10.1.1.1:1101 <> 192.1.1.5:2203 10.1.1.2:1212 <> 192.1.1.5:2204 10.1.1.3:1212 <> 192.1.1.5:2205 The second form of translation is many-to-one, also known as Port address translat ion (PAT). One public IP address supports multiple private IP addresses simultaneously. To acco mplish this, the router must not only map the IP address of the client device, but the router must also map the port number in use by the client. As translation occurs, the IP address is changed to one publi c IP address. To keep track of the multiple streams of traffic from client devices, the port numbers a re mapped to unique port numbers in the database. This port change is transparent to the client. Mos t modern applications do not have a problem with the change of port. However, some applications (mostl y legacy applications) require specific source and destination port numbers. If the router modifies the source port to a port that differs from the port that the application expects or requires, the applica tion may not function correctly. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 69 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 69 All rights reserved 2008 Alcatel-Lucent Addressing in a Routed Home Network The router interface that faces the ISP, which is sometimes referred to as the W AN side, has a public IP address of 70.120.122.11/24. The router interfaces that face the home network are based on the 192.168.10.0/2 4 subnet and each

device, including the router interface, has an IP address from the 192.168.10.0/ 24 subnet. The default gateway that is programmed into every IP device for Internet access is the router interface address that faces the home network, which, in this case, is 192.168.10.254/24. When any device attempts a TCP/UDP connection to the Internet, the home router h andles the address translation by using a port address translation table. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 70 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 70 All rights reserved 2008 Alcatel-Lucent Accessing the Internet How does the home router/gateway/PC receive a public routed IP address from the Service Provider ? Every home router and PC that needs to connect to the Internet requires a public IP address. These IP addresses must be requested from the IANA and its regional subsidiaries. A home user does not request an IP address from the IANA, instead the user reque sts an IP address from a service provider. The service provider is assigned IP address blocks depending on their size and business requirements. A home address is assigned one IP address or multiple IP addresses depending on their service plan. The home router can also have a static IP address assigned by the service provid er. However in most cases the IP addresses are distributed via a Dynamic means. In t he former case the IP address is reserved for the particular home and programmed by the home user. In the latter case a protocol is used by the home router and an IP address is assigned by the service provider depending on the protocol parameters. The protocol is known as Dynamic Host control Protocol (DHCP). Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 71 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 71 All rights reserved 2008 Alcatel-Lucent DHCP DISCOVER OFFER REQUEST ACK MAC address of home router IP address offered by ISP Formal IP address request Final confirmation of IP address DHCPDISCOVER The DHCP client initiates the process by broadcasting a datagram tha t is destined for UDP port 68 (used by BOOTP and DHCP servers). This first datagram is known as a DHCP discover message, which is a request to any DHCP server that receives the datagram for co nfiguration information. The DHCP discover datagram contains many fields, but the most field important contains

the MAC address of the DHCP client. DHCPOFFER A DHCP server, which is configured to lease addresses for the network t hat the client computer resides on, constructs a response datagram known as a DHCP offer and se nds the datagram via broadcast to the computer that sent the DHCP discover. This broadcast is sent to UDP port 67 and contains the MAC address of the DHCP client. The DHCP offer also contains the MA C and IP addresses of the DHCP server, and the values for the IP address and subnet mask that are offe red to the DHCP client. At this point, the DHCP client can receive several DHCP offers, assuming there a re multiple DHCP servers with the capability to offer the DHCP client an IP address. In most case s, the DHCP client accepts the first DHCP offer that arrives. DHCPREQUEST The client selects an offer, and constructs and broadcasts a DHCP req uest datagram. The DHCP request datagram contains the IP address of the server that sent the of fer and the physical address of the DHCP client. The DHCP request performs two basic tasks. First of all, the request informs the selected DHCP server that the client requests the server to assign an IP add ress (and other configuration settings) to the DHCP client. Secondly, the request notifies the o ther DHCP servers with outstanding offers that their offers were not accepted. DHCPACK When the DHCP server, from which the offer was selected, receives the DHC P request datagram, the server constructs the final datagram of the lease process. This da tagram is known as a DHCP ACK (short for acknowledgement). The DHCP ACK includes an IP address and su bnet mask for the DHCP client. Optionally, the DHCP client is often also configured with IP addres ses for the default gateway, several DNSs, and possibly one or two WINS. In addition to IP addresses , the DHCP client can receive other configuration information such as a NetBIOS node type, which can c hange the order of NetBIOS name resolution. (continued on slide 74) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 72 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 72 All rights reserved 2008 Alcatel-Lucent DHCP DISCOVER OFFER REQUEST ACK MAC address of home router IP address offered by ISP Formal IP address request Final confirmation of IP address (.continued from slide 73) The DHCP servers maintain a list of assigned IP addresses and the term of each l

ease. Before the lease expiration, the client that requested an IP address via DHCP requests an IP addr ess again. The server can choose to assign a different IP address or the IP address that was previousl y assigned. For a home gateway router that does address translation, the home router perform s the role of a client to the service provider. The home router also performs the role of a DHCP server to the home devices. IP-enabled devices at home request IP addresses from the home router, which assi gns IP addresses in the private range. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 8 - Other Protocols that Support IP Operation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 74 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 74 All rights reserved 2008 Alcatel-Lucent Other Protocols ICMP ARP Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 75 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 75 All rights reserved 2008 Alcatel-Lucent ICMP Overview Defined in RFC 792 Core IP application protocol used mainly to report errors in delivering IP datagrams (RFC 1122) Also used for diagnostic or routing purposes Required to send error control messages to routers and hosts Encapsulated in the IP packet and routed similar to a data packet The version of ICMP for IPv4 is also known as ICMPv4 because it is part of IPv4. IPv6 has an equivalent protocol, ICMPv6 Internet Control Message Protocol (ICMP) messages are constructed at the IP laye r, usually from a normal IP datagram that generated an ICMP response. IP encapsulates the appropri ate ICMP message with a new IP header (to send the ICMP message to the original sending host) and transmits the resulting datagram in the usual manner. For example, each device (such as an intermediate router) that forwards an IP da tagram must decrement the TTL field of the IP header by one. If the TTL reaches 0, an ICMP ti me to live exceeded in transit message is sent to the source of the datagram. Each ICMP message is encapsulated directly in one IP datagram, and therefore, as with UDP, ICMP does not guarantee delivery. Although ICMP messages are contained in standard IP datagrams, ICMP messages are usually processed as a special case, differentiated from normal IP processing, rather than processed as a normal subprotocol of IP. In many cases, it is necessary to inspect the contents of the ICMP messag e and deliver the appropriate error message to the application that generated the original IP pack et (that is the application that prompted the sending of the ICMP message).

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 76 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 76 All rights reserved 2008 Alcatel-Lucent ICMP Message Type 8 and Type 0 (Echo Request and Reply) Host device sends an echo request to the destination device Destination device sends an echo reply Echo request and echo reply messages are very frequently used. A host or router sends an ICMP echo request message to a specified destination. Any device that receives an echo req uest generates an echo reply and returns the reply to the original sender. The request contains an opti onal data area, and the reply contains a copy of the data sent in the request. The echo request and repl y can, therefore, be used to test whether a destination is reachable. The echo request and reply are sent via IP datagrams. Assumptions: The IP software on the source computer must route the datagram. The intermediate routers between the source and destination must be operating an d must route the datagram correctly. The destination device must be running, and both the ICMP and IP software must b e working. All routers along the path must have the correct routes. Ping is the most common way to send an ICMP echo request. The command usually se nds a series of echo request messages and captures the corresponding echo replies. Ping then cal culates the data loss statistics. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 77 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 77 All rights reserved 2008 Alcatel-Lucent ICMP Message Type 3 (Destination Unreachable) Normal IP packet flow from Host A to Host B Destination link is broken ICMP destination unreachable message is sent to source Destination link is repaired The destination unreachable message is used to inform the sending host that the destination address cannot be reached. For example, if the destination device connects to an Etherne t network, the network hardware does not provide ACKs. Therefore, a router can continue to send packets to a destination even after the destination is powered down without receiving an indi cation that the destination is down. The destination unreachable message contains a code field that provides addition al information as to why the packet was not delivered. For example: If a router does not have a route to the destination network, the router will re turn destination unreachable, code 0 (network unreachable). If the router connected to the destination network does not receive a reply to i ts ARP request for the destination address, the router will send a destination unreachable code 1 ( host unreachable). If the packet must transit a network where the MTU is less than the IP datagram

size and the DF flag (Dont Fragment) is set in the IP header, the router drops the packet and ret urns a destination unreachable code 4 (fragmentation required and DF flag set). Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 78 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 78 All rights reserved 2008 Alcatel-Lucent ARP Overview Resolves a host/gateway MAC address for a given IP address Required in a broadcast Ethernet LAN See RFC 826 and RFC 1122 The Address Resolution Protocol (ARP) is defined in RFC 826. However, RFC 826 co ntained some ambiguities which were clarified in RFC 1122 (Host Network Requirements). Theref ore, ARP implementations need to incorporate both RFC 826 and RFC 1122 in order to work r eliably and consistently with other implementations. RFC 826 introduced the concept of an ARP as a useful way for devices to locate t he Ethernet hardware address of another IP host on the same LAN. All LAN media and many WAN media now use ARP to locate the hardware addresses of other IP devices on the LAN. When a device needs to send an IP packet to another device on the LAN, the IP st ack software first checks whether it knows the hardware address that is associated with the destina tion IP address. If so, the sender transmits the data to the destination system, using the protocols and addressing appropriate for the network medium used by the two devices. However, if the destination syst em s hardware address is not known, the IP stack software must locate the address before any data can be sent. At this point, IP uses ARP to locate the hardware address of the destination system. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 79 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 79 All rights reserved 2008 Alcatel-Lucent Using ARP Host 1 needs to ping Host 2? Which host has 192.168.10.4? 192.168.10.4 is 00:00:11:22:33:AB ARP performs this task by sending a broadcast to the network, requesting (ARP re quest) the system that is using the specified IP address to respond with its hardware address. If the d estination system is powered up and on the network, the system will detect this broadcast (as will al l of the other devices on the LAN), and will return an ARP response to the original system. Note that t he response is not broadcast over the network, but is sent directly to the requesting system. All of the local IP devices must monitor the network for ARP broadcasts and, if THEY detect a request for themselves (as indicated in the destination IP address field of the ARP requ est), the devices must generate a response packet and send the packet to the requesting system. The res ponse packet consists of the local device s IP and hardware addresses. The response is also marked as such, with the messagetype

field indicating that the current packet is an ARP response. The new ARP packet is then unicast directly to the original requester, where the packet is received and processed. In this slide, Host 1 tries to ping Host 2. Host 1 checks its cache of MAC addre sses for the destination MAC address of Host 2. If the MAC address is not in the cache, Host 1 sends an A RP request message. The ARP request is a broadcast message that is sent to all hosts in the broadcast do main. Each host opens the frame and checks the destination IP address. If the address is not the host s address, the host ignores the packet. However, when Host 2 receives the request with its own IP ad dress, it sends an ARP reply. This ARP reply is carried in a frame that has for its destination the MAC address of Host 1, and the source is the MAC address of Host 2. When the reply is received, Host 1 learns t he MAC address of Host 2 and can now transmit the ICMP message in a frame with the MAC address to Host 2. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 80 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 80 All rights reserved 2008 Alcatel-Lucent Host 1 ARP cache ARP Cache 192.168.10.3 00:00:11:22:33:CC 192.168.10.4 00:00:11:22:33:AB When the requesting system receives an ARP response, the system stores the hardw are and IP address pair of the requested device in a local cache. The next time that the system nee ds to send data, the system will check the local cache and, if an entry is found, the system will use the entry, which eliminates the need to broadcast another request. Similarly, the system that responded to the ARP broadcast will store the hardwar e and IP addresses of the system that sent the original broadcast. However, IP addresses that are assigned to a host may not be static and may move from host to host. If the ARP cache is not timed out, the source may be unable to send its traffic to the correct destination host. Several strategies exist that can alleviate the situation but they are out side the scope of this course. Host 1 maintains an ARP cache that has the MAC addresses for hosts 4 and 2. Ther efore, Host 1 does not need to send an ARP request for these hosts. However, if Host 1 needs to send tr affic to Host 3, Host 1 will use ARP to get Host 3s hardware/MAC address and then insert the addresses in its ARP cache. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 81 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 81 All rights reserved 2008 Alcatel-Lucent Using ARP with a Router Host 1 needs to ping Host 7 in a remote network? 1 2 192.168.10.99 00:00:11:22:33:99 172.16.20.99 00:00:66:77:88:99 192.168.10.1 00:00:00:00:00:01 3

4 5 6 172.16.20.2 00:00:00:00:00:02 7 8 9 9 In the previous slide, we discussed the use of the ARP in the same subnet. What happens if the distant host is not in the same subnet, as shown in this slide? Host 1 needs to send traffic to Host 7, which is in a remote broadcast domain. H ost 1 needs to know whether Host 7 can be reached. Host 1 tries to ping Host 7. However, in the abse nce of an ARP entry for 172.16.20.2, Host 1 needs to send an ARP request. Because 172.16.20.2 is not in the local broadcast domain, Host 1 sends an ARP request (1) for its default gateway which is the rou ter interface, as shown in this slide. Host 1 and Host 3 are programmed with a default gateway address in case they nee d to connect to hosts that are outside their local domain. Note that for a local host to contact a rem ote host, the local host sends an ARP request to the default gateway. The router receives the broadcast on its interface in the 192.168.10.0 domain an d sends an ARP response (2) with its MAC address. Host 1 can now form the IP packet to send to Host 7. The router uses its forwarding table and forwards the packet out of the second i nterface. However, the router does not have an ARP entry for the host 172.16.20.2. Therefore, the route r uses its L3 interface and MAC address to send the ARP request (5) in this broadcast domain. When Host 7 receives the broadcast, it responds with a unicast ARP response (6) to the router. The ARP only works within the scope of a broadcast domain. Therefore, the respon se is not forwarded by a router. The router, similar to the hosts, maintains an ARP cache listing (3 , 7) all of the entries in its broadcast domain. Host 1 can now send an IP packet (Echo Request) (4) and obtain an Echo Response (9) from Host 7. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 82 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 82 All rights reserved 2008 Alcatel-Lucent ARP Request Packet Frame 31 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff Source: 00:04:80:9f:78:00 Type: ARP (0x0806) Trailer: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) Sender MAC address: 00:04:80:9f:78:00

Sender IP address: 138.120.53.253 Target MAC address: 00:00:00_00:00:00 Target IP address: 138.120.53.149 Frame 31 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff Source: 00:04:80:9f:78:00 Type: ARP (0x0806) Trailer: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) Sender MAC address: 00:04:80:9f:78:00 Sender IP address: 138.120.53.253 Target MAC address: 00:00:00_00:00:00 Target IP address: 138.120.53.149 In this slide, a host with IP address 138.120.53.253 is attempting to resolve th e MAC address for a host with IP address 138.120.53.149. The destination MAC address of the Ethernet II f rame is sent to the broadcast address ff:ff:ff:ff:ff:ff. All devices in the same broadcast domain wi ll receive this frame. Only the host with IP address 138.120.53.149 will reply. The Type for ARP is 0x0 806 and indicates which protocol is transported in the Ethernet II frame. ARP Packet Hardware type - Each L2 protocol is assigned a number that is used in this field ; for example, Ethernet is 1. Protocol type - Each protocol is assigned a number that is used in this field; f or example, IP is 0x0800. Hardware size Size, in bytes, for hardware addressing. Ethernet addresses are 6 bytes. Protocol size Size, in bytes, for logical addressing. IPv4 addresses are 4 bytes . Opcode - Operation that the sender is performing. A value of 1 is for an ARP req uest and a value of 2 is for an ARP reply. Sender MAC address - MAC address of the sender Sender IP address The protocol address of sender Target MAC address - Hardware MAC address of the intended receiver. The MAC addr ess will be all 0s for a request. Target IP address - Protocol address of the intended receiver Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 83 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 83 All rights reserved 2008 Alcatel-Lucent ARP Reply Packet Frame 32 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00 Destination: 00:04:80:9f:78:00 Source: 00:11:43:45:61:23 Type: ARP (0x0806) Address Resolution Protocol (reply) Hardware type: Ethernet (0x0001)

Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (0x0002) Sender MAC address: 00:11:43:45:61:23 Sender IP address: 138.120.53.149 Target MAC address: 00:04:80:9f:78:00 Target IP address: 138.120.53.253 Frame 32 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00 Destination: 00:04:80:9f:78:00 Source: 00:11:43:45:61:23 Type: ARP (0x0806) Address Resolution Protocol (reply) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (0x0002) Sender MAC address: 00:11:43:45:61:23 Sender IP address: 138.120.53.149 Target MAC address: 00:04:80:9f:78:00 Target IP address: 138.120.53.253 In this slide, the packet is the ARP reply in response to the ARP request on the previous slide. The Ethernet frame is a unicast frame and is sent only to the MAC address of the ARP request sender. All of the fields in the ARP reply packet have the same meaning as the fields in the AR P request packet. The main differences in the APR reply packet are: the Opcode (2 is for a request) an d the pack contains MAC addresses for the sender and the target. Note that the sender and target address es have been swapped. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 9 - IP Filters Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 85 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 85 All rights reserved 2008 Alcatel-Lucent IP Filters Overview IP Filters Filter Operation IP Filter Configuration Components Configuring an IP Filter Applying an Filter on an Interface Show Filter IP Command Alcatel-Lucent Confidential for internal use only -- Do N ot Distribute Scalable IP Networks v2.01 Module 4 - 86 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 86 All rights reserved 2008 Alcatel-Lucent IP Filters Filter policies (also known as ACLs) are implemented on the 7750 SR Applied to interfaces Can be applied on inbound traffic, outbound traffic, or both Default is that a filter is not applied to interfaces Same filter can be used on multiple interfaces

Filters, also known as access control lists (ACL), are templates that are applie d to services or network ports to control network traffic into (ingress) or out of (egress) a SAP or netw ork port based on IP and MAC match criteria. Filters are applied to examine packets that are entering or leaving a SAP or network interface. Filters can be used on several interfaces. The same filter can be app lied to ingress traffic, egress traffic, or both. Ingress filters affect only inbound traffic that is sen t to the routing complex, and egress filters affect only outbound traffic that is sent from the routing comple x. Configuring a service or network port with a filter is optional. If a service or network port is not configured with filter policies, all traffic is allowed on the ingress and egres s interfaces. By default, no filters are associated with services or interfaces; the filters must be explicit ly created and associated with the service or interface. When you create a filter, default values are prov ided although you must specify a unique filter ID for each new filter policy, each new filter entry, an d the associated actions. The filter entries specify the filter match criteria. Only one ingress filter po licy and one egress filter policy can be applied to a SAP or network interface. You can modify filter polic ies and entries. Network filter policies control the forwarding and dropping of packets based on IP match criteria. The IP match criteria are not applied to non-IP packets. Therefore, the default acti on in the filter policy applies to the non-IP packets. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 87 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 87 All rights reserved 2008 Alcatel-Lucent Filter Operation A filter policy compares the match criteria specified in a filter entry to the p ackets that are entering the system, in the order that the entries are numbered in the policy. When a pac ket matches all of the parameters in the entry, the system performs the specified action to drop or for ward the packet. If a packet does not match the entry parameters, the packet continues through the fil ter process. If the packet does not match any of the entries, the system performs the specified defa ult action. Each filter policy is assigned a unique filter ID. Each filter policy is defined with: Scope Default action Description At least one filter entry Each filter entry contains: Match criteria An action Filter-entry match criteria can be as general or specific as required, but all o f the conditions in the entry must be met for the packet to be a match and the specified entry action pe rformed. The process stops when the first complete match is found. Then the action defined in the ent

ry is performed, that is, the packets that match the criteria are dropped or forwarded. Up to 65 535 IP and 65 535 MAC filter IDs (unique filter policies) can be define d. Each filter ID can contain up to 65 535 filter entries. As few or as many match parameters can be s pecified as required, but all of the conditions must be met for the packet to be a match and the speci fied action performed. The process stops when the first complete match is found and the action that is defined in the entry is performed. IP filter policies match criteria that associate traffic with an ingr ess or egress SAP. (continued on slide 90) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 88 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 88 All rights reserved 2008 Alcatel-Lucent Filter Operation (continued from slide 89) Match criteria to drop or forward IP traffic include: Source IP address and mask The values can be entered as search criteria. Address ranges are configured by specifying network prefix values. The prefix mask length is expres sed as an integer (range 0 to 32). Destination IP address and mask The values can be entered as search criteria. Ad dress ranges are configured by specifying network prefix values. The prefix length is express ed as an integer (range 0 to 32). Protocol The protocol (for example, TCP, UDP) allows the filter to search for th e specified protocol. Source port/range The source port number or range allows the filter to search fo r the matching TCP or UDP port and range values. Destination port/range The destination port number or range allows the filter to search for the matching TCP or UDP values. DSCP marking A DSCP marking allows the filter to search for the specified DSCP. ICMP code An ICMP code allows the filter to search for the matching ICMP code in the ICMP header. ICMP type An ICMP type allows the filter to search for the matching ICMP type in the ICMP header. Fragmentation When fragmentation matching is enabled, a match occurs when packet s are set to the more fragment bit set or the fragment offset field of the IP header is se t to a non-zero value. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 89 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 89 All rights reserved 2008 Alcatel-Lucent IP Filter Configuration Filter implementation considerations: Creating a filter policy is optional. A filter must be explicitly associated with a service for the packets to be matc hed.

Each filter policy must consist of at least one filter entry. Each entry represe nts a collection of filter match criteria. When packets enter the ingress or egress ports, packets a re compared to the criteria that are specified in the entry or entries. When you configure a large (complex) filter, it may take a few seconds to load t he filter policy configuration and for configuration to be implemented. The action keyword must be entered for the entry to be active. A filter entry wi thout the action keyword is considered incomplete and is inactive. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 90 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 90 All rights reserved 2008 Alcatel-Lucent Components Major components of a filter policy Filter ID Description Entry Scope Default action Entry ID Description Action Packet-matching criteria Filter ID Filter ID (mandatory) The value that identifies the filter Description (optional) A brief overview of the filter features Scope (mandatory) A filter policy must be defined with an exclusive scope for on e-time use, or a template scope, which enables the policy to use with multiple SAPs and interfa ces. Default action (mandatory) The action to be applied to packets when no action is specified in the IP or MAC filter entries, or when the packets do not match the specified cri teria Entry ID (one or more) represents a collection of filter match criteria. Packet matching starts the comparison process with the criteria specified in the lowest entry ID. Entries i dentify attributes that define matching conditions and actions. All of the criteria in the entry must ma tch the specified action to be performed. Each entry consists of the following components: Entry ID (mandatory) The value determines the order of the entry IDs in a specif ic filter ID, in which the matching criteria specified in the collection are compared. Packets ar e compared to entry IDs in ascending order. Description (optional) A brief overview of the entry ID criteria. Action (mandatory) An action parameter must be specified for the entry to be act ive. A filter entry without a specified action parameter is inactive. Packet-matching criteria You can enter and choose criteria to create a specific template through which packets are compared, and forwarded or dropped, depending on the specified action. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 91 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 91 All rights reserved 2008

Alcatel-Lucent Configuring a Descriptor for an IP Filter To create a context for an IP filter policy, use the following command Context: config>filter Syntax: [no] ip-filter filter-id [create] Example: config>filter# ip-filter 12 create Context: config>filter Syntax: [no] ip-filter filter-id [create] Example: config>filter# ip-filter 12 create ip-filter Syntax [no] ip-filter filter-id [create] Context config>filter Description This command creates a configuration context for an IP filter policy. An IP filt er policy specifies a forward or drop action for packets, based on the specified match criteria. An IP filter policy (also called an ACL), is a template that can be applied to multiple services or multiple netw ork ports when the scope of the policy is template. Changes to the existing policy, using the subco mmands, are applied immediately to all services to which this policy applies. Therefore, when many c hanges to an IP filter policy are required, we recommend that you copy the policy to a work area. You c an modify the workinprogress policy and then replace the original filter policy with the revised pol icy. Use the config filter copy command to maintain policies. The no form of the command is used to delete the IP filter policy. A filter poli cy cannot be deleted until the policy is removed from all SAPs or network ports to which the policy is appl ied. Parameters filter-id IP filter policy ID number Values 1 to 65 535 create The create keyword is required when the configuration context is first created. After the context is created, you can navigate to the context without using the create keyword. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 92 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 92 All rights reserved 2008 Alcatel-Lucent Creating a Description for an IP Filter To name an IP filter, use the following command Context: config>filter>ip-filter Syntax: description string Example: config>filter>ip-filter# description test-filter-list Context: config>filter>ip-filter Syntax: description string Example: config>filter>ip-filter# description test-filter-list description Syntax [no] description string Context config>filter>ip-filter ip-filter-id config>filter>ip-filter ip-filter-id>entry entry-id config>filter>log log-id config>filter>mac-filter mac-filter-id config>filter>mac-filter mac-filter-id>entry entry-id

config>filter>redirect-policy config>filter>redirect-policy>destination Description This command creates a text description that is stored in the configuration file for a configuration context. The description command associates a text string with a configuration c ontext to identify the context in the configuration file. The no form of the command removes the descri ption string from the context. Default No description is associated with the configuration context. Parameters string The description character string is up to 80 printable, 7-bit ASCII chara cters and excluding double quotation marks. If the string contains spaces, use double quot ation marks to delimit the start and end of the string. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 93 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 93 All rights reserved 2008 Alcatel-Lucent Configuring the Default Action To define the default action when none of the entries matches, use the following command Context: config>filter>ip-filter Syntax: default-action {drop | forward} Example: config>filter>ip-filter# default-action drop Context: config>filter>ip-filter Syntax: default-action {drop | forward} Example: config>filter>ip-filter# default-action drop default-action Syntax default-action {drop | forward} Context config>filter>ip-filter ip-filter-id config>filter>mac-filter mac-filter-id Description This command specifies the action to be performed when the packets do not match the specified criteria in all of the entries of the IP filter. When multiple default-action co mmands are entered, the last command overwrites the previous command. Default drop Parameters drop All packets will be dropped unless there is a specific filter entry that ca uses the packet to be forwarded. forward All packets will be forwarded unless there is a specific filter entry th at causes the packet to be dropped. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 94 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 94 All rights reserved 2008 Alcatel-Lucent Defining an Entry in an IP Filter To create an entry ID, use the following command Context: config>filter>ip-filter Syntax: [no] entry entry-id [create] Example: config>filter>ip-filter# entry 12 create Context: config>filter>ip-filter Syntax: [no] entry entry-id [create]

Example: config>filter>ip-filter# entry 12 create entry Syntax [no] entry entry-id [create] Context config>filter>ip-filter ip-filter-id config>filter>mac-filter mac-filter-id Description This command allows you to create or modify an IP or MAC filter entry. Multiple entries can be created using unique entry ID numbers in the filter. The Alcatel-Lucent 7750 SR implemen tation exits the filter at the first match and perofrms the action according to the accompanying action command. For this reason, entries must be sequenced correctly from most explicit to least explicit . An entry may not have any match criteria (in which case, everything matches) but must have at least th e action keyword for the entry to be considered complete. Entries without the action keyword are rend ered inactive. The no form of the command removes the specified entry from the IP or MAC filter. Default None Parameters entry-id A unique identifier for the match criterion and the corresponding actio n. We recommend that you specify multiple entries for entry IDs in staggered increment s. This allows users to add an entry to a policy without renumbering existing entries. Values 1 to 65 535 create This keyword is required when the configuration context is first created. After the context is created, you can navigate to the context without using the create keyword. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 95 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 95 All rights reserved 2008 Alcatel-Lucent Configuring Match Criteria To define a matching criterion, use the following command Context: config>filter>ip-filter>entry Syntax: [no] match [protocol protocol-id] Example: config>filter>ip-filter>entry# match src-ip 10.1.1.1/32 config>filter>ip-filter>entry# match protocol tcp config>filter>ip-filter>entry# match src-port gt 1023 Context: config>filter>ip-filter>entry Syntax: [no] match [protocol protocol-id] Example: config>filter>ip-filter>entry# match src-ip 10.1.1.1/32 config>filter>ip-filter>entry# match protocol tcp config>filter>ip-filter>entry# match src-port gt 1023 When multiple criteria are specified in an entry, all must be met (AND condition) match Syntax [no] match [protocol protocol-id] Context config>filter>ip-filter ip-filter-id>entry entry-id Description This command provides the context to enter match criteria for the filter entry. When the match criteria are met, the action associated with the match criteria is performed. If more tha n one match criterion in a match statement is configured using the AND function, all criteria must be met before the action that is associated with the match is performed. A match context may consist of multip

le match criteria, but multiple match statements cannot be entered for an entry. The no form of the com mand removes the match criteria for the entry ID. Parameters protocol The protocol keyword configures an IP to be used as an IP filter match criterion. The protocol type, such as TCP or UDP, is identified by its protocol number. protocol-id The decimal value that represents the IP to be used as an IP filter match criterion. Protocol numbers include ICMP (1), TCP (6), and UDP (17). The no form of the com mand removes the protocol from the match criterion. Values 1 to 255 (expressed in decimal, hexadecimal, or binary notation). Keyword s are: none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-f rag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pnni, ptp, rdp, rsvp, stp, tcp, udp, and vrrp. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 96 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 96 All rights reserved 2008 Alcatel-Lucent Configuring the Action to be Performed To define the action to be performed, use the following command Context: config>filter>ip-filter>entry Syntax: [no] action [drop | {forward [next-hop {ip-address | indirect ip-address | interface ip-int-name | redirect-policy policy-name}]}] Example: config>filter>ip-filter>entry# action drop Context: config>filter>ip-filter>entry Syntax: [no] action [drop | {forward [next-hop {ip-address | indirect ip-address | interface ip-int-name | redirect-policy policy-name}]}] Example: config>filter>ip-filter>entry# action drop action Syntax [no] action [drop | {forward [next-hop {ip-address | indirect ip-address | interface ip-int-name | redirect-policy policy-name}]}] Context config>filter>ip-filter ip-filter-id>entry entry-id Description This command allows you to create or modify the drop or forward action that is a ssociated with the match criteria. The action keyword must be entered for the entry to be active. Default No action is specified, therefore, the entry is inactive. Parameters [drop | forward] If neither drop nor forward is specified, the filter action is No-Op, and the filter entry is inactive. drop Packets that match the entry criteria will be dropped forward Packets that match the entry criteria will be forwarded Default No-Op Filter entry is inactive. Values next-hop ip-addr IP address of the direct next hop to which to forward matching packets, in dotted-decimal notation interface ip-int-name Name of the egress IP interface from which matching packet s will be forwarded. This parameter is only valid for unnumbered point-to-point interfaces

. redirect policy-name Redirect policy configured in the config>filter>redirect-po licy context indirect ip-addr IP address of the indirect next hop to which to forward matchin g packets, in dotted-decimal notation. The direct next-hop IP address and egress IP interface are determined by a routing table lookup. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 97 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 97 All rights reserved 2008 Alcatel-Lucent Applying a Filter on an Interface To apply a filter on the egress or ingress of an interface, use the following command Context: config>router>if>ingress config>router>if>egress Syntax: [no] filter ip ip-filter-name Example 1: config>router>if>ingress> filter ip 1 Example 2: config>router>if>egress> filter ip 2 Context: config>router>if>ingress config>router>if>egress Syntax: [no] filter ip ip-filter-name Example 1: config>router>if>ingress> filter ip 1 Example 2: config>router>if>egress> filter ip 2 egress | ingress Context config>router>interface ip-int-name [egress | ingress] filter Syntax [no] filter ip ip-filter-name Context config>router>interface ip-int-name>ingress config>router>interface ip-int-name>egress Description This command allows access to the context to configure egress and ingress networ k filter policies for the IP interface. If an egress or ingress filter is not defined, filtering is no t performed in the corresponding direction on the interface. This command also associates an IP filter policy with an IP interface. Filter po licies control packet forwarding and dropping based on IP match criteria. The ip-filter-name must be c onfigured before the filter command is performed. If the filter ID does not exist, an error is genera ted. Only one filter ID can be specified. The no form of the command removes the filter policy association w ith the IP interface. Default No filter is specified. Parameters ip-filter-name The filter name acts as the ID of the IP filter policy, expressed as a decimal integer. The allowed value is an integer, from 1 to 65 535, that corresponds to a previously created IP filter policy. The filter policy must already exist in the created IP filters. Values 1 to 65 535 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 98 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 98 All rights reserved 2008 Alcatel-Lucent IP Filter Configuration Example

ALC-A# configure filter ALC-A>config>filter# ip-filter 1 create ALC-A>config>filter>ip-filter$ description new-filter ALC-A>config>filter>ip-filter$ default-action drop ALC-A>config>filter>ip-filter$ entry 1 create ALC-A>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24 ALC-A>config>filter>ip-filter>entry$ match protocol tcp ALC-A>config>filter>ip-filter>entry>match$ src-port range 666 999 ALC-A>config>filter>ip-filter>entry>match$ exit ALC-A>config>filter>ip-filter>entry# action forward ALC-A>config>filter>ip-filter>entry# ^z ALC-A# configure router interface to-ALC-B ALC-A>config>router>if# ingress ALC-A>config>router>if>ingress# filter ip 1 ALC-A>config>router>if>ingress# ALC-A# configure filter ALC-A>config>filter# ip-filter 1 create ALC-A>config>filter>ip-filter$ description new-filter ALC-A>config>filter>ip-filter$ default-action drop ALC-A>config>filter>ip-filter$ entry 1 create ALC-A>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24 ALC-A>config>filter>ip-filter>entry$ match protocol tcp ALC-A>config>filter>ip-filter>entry>match$ src-port range 666 999 ALC-A>config>filter>ip-filter>entry>match$ exit ALC-A>config>filter>ip-filter>entry# action forward ALC-A>config>filter>ip-filter>entry# ^z ALC-A# configure router interface to-ALC-B ALC-A>config>router>if# ingress ALC-A>config>router>if>ingress# filter ip 1 ALC-A>config>router>if>ingress# In this slide, IP filter 1 was created. In the filter, the default action is to drop IP packets that do not meet the explicit match settings. In the match settings, the filter checks for all traffic sourced from IP subnet 1.2.3.0 that uses TCP at the transport layer and uses application ports 666 to 999. If these criteria are met, the packet is forwarded. After the filter is created, the filter must be associated with the ingress or e gress of an interface. In this slide, the filter is applied to the ingress. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 99 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 99 All rights reserved 2008 Alcatel-Lucent IP Filter Configuration Example - Denying a Subnet RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action forward RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24 RTR-B>config>filter>ip-filter>entry# action drop RTR-B# configure router interface toRTR-C RTR-B>config>router>if# ingress RTR-B>config>router>if>ingress# filter ip 1 RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action forward RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24

RTR-B>config>filter>ip-filter>entry# action drop RTR-B# configure router interface toRTR-C RTR-B>config>router>if# ingress RTR-B>config>router>if>ingress# filter ip 1 In this slide, RTR-B is configured to stop traffic from network 1.2.3.0/24 from entering the router on interface toRTR-C. This filter blocks all traffic received from that network fro m passing through to any other network in the topology. All other traffic received on the toRTR-C interface is allowed to enter, which i s the default action. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 100 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 100 All rights reserved 200 8 Alcatel-Lucent IP Filter Configuration Example - Allowing a Client RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.4/32 RTR-B>config>filter>ip-filter>entry# action forward RTR-B# configure router interface toRTR-A RTR-B>config>router>if# egress RTR-B>config>router>if>egress# filter ip 1 RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.4/32 RTR-B>config>filter>ip-filter>entry# action forward RTR-B# configure router interface toRTR-A RTR-B>config>router>if# egress RTR-B>config>router>if>egress# filter ip 1 In this slide, the filter has been modified to allow only traffic from host 1.2. 3.4 to reach RTR-A, by applying the filter on the egress direction of RTR-Bs interface toRTR-A. All othe r traffic received from RTR-C will be dropped if the traffic trying to access RTR-A. However, traffic fr om RTR-C to Other Networks will be accepted. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 101 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 101 All rights reserved 200 8 Alcatel-Lucent IP Configuration Example - Allowing Access to a Server RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match dst-ip 172.2.3.4/32 RTR-B>config>filter>ip-filter>entry# action forward RTR-B# configure router interface to-Other-Networks RTR-B>config>router>if# ingress RTR-B>config>router>if>ingress# filter ip 1 RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match dst-ip 172.2.3.4/32

RTR-B>config>filter>ip-filter>entry# action forward RTR-B# configure router interface to-Other-Networks RTR-B>config>router>if# ingress RTR-B>config>router>if>ingress# filter ip 1 In this slide, traffic from Other Networks can only be sent to server 172.2.3.4. Traffic from Other Networks to any other address is dropped. However, traffic from subnet 172.2.5.0/24 behind RTR-A can reach any client/serv er on subnet 172.2.3.0/24 behind RTR-C. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 102 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 102 All rights reserved 200 8 Alcatel-Lucent Show Filter IP Command To examine an IP filter, use the following command Context: show>filter Syntax: ip {ip-filter-id [entry entry-id] [association | counters]} Example: show filter ip 1 Context: show>filter Syntax: ip {ip-filter-id [entry entry-id] [association | counters]} Example: show filter ip 1 ip Syntax ip {mac-filter-id [entry entry-id] [association | counters]} Context show>filter Description This command displays IP filter information. Parameters ip-filter-id Detailed information about the specified filter ID and its filter e ntries Values 1 to 65 535 entry entry-id Information about the specified filter entry ID of the specified filter ID only Values 1 to 9999 association Appends information about where the filter policy ID is applied to t he detailed filter policy ID output counters Counter information for the specified filter ID Output No Parameters Specified When no parameters are specified, a brief list of IP filters is produced. The following slide provides an example and describes the output for t he command. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 103 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 103 All rights reserved 200 8 Alcatel-Lucent Show Filter IP Example ALA-1# show filter ip 1 =============================================================================== IP Filter =============================================================================== Filter Id : 1 Applied : Yes Scope : Template Def. Action : Drop Entries : 1 Description : new-filter ------------------------------------------------------------------------------Filter Match Criteria : IP ------------------------------------------------------------------------------Entry : 1 Log Id : n/a

Src. IP : 1.2.3.0/24 Src. Port : 666..999 Dest. IP : 0.0.0.0/0 Dest. Port : None Protocol : 6 Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off Sampling : Off Int. Sampling : On IP-Option : 0/0 Multiple Option : Off TCP-syn : Off TCP-ack : Off Match action : Forwarded Ing. Matches : 0 Egr. Matches : 0 =============================================================================== ALA-1# show filter ip 1 =============================================================================== IP Filter =============================================================================== Filter Id : 1 Applied : Yes Scope : Template Def. Action : Drop Entries : 1 Description : new-filter ------------------------------------------------------------------------------Filter Match Criteria : IP ------------------------------------------------------------------------------Entry : 1 Log Id : n/a Src. IP : 1.2.3.0/24 Src. Port : 666..999 Dest. IP : 0.0.0.0/0 Dest. Port : None Protocol : 6 Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off Sampling : Off Int. Sampling : On IP-Option : 0/0 Multiple Option : Off TCP-syn : Off TCP-ack : Off Match action : Forwarded Ing. Matches : 0 Egr. Matches : 0 =============================================================================== In this slide, IP filter 1 was created. In the filter, the default action is to drop IP packets that do not meet the explicit match settings. In the match settings, the filter checks all traffic sourced from IP subnet 1.2. 3.0 that uses TCP at the transport layer and uses application ports 666 to 999. If these criteria are met , the packet is forwarded. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Layer 3 and IP Services Section 10 - Module Summary Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 105 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 105 All rights reserved 200 8 Alcatel-Lucent Module Summary After successful completion of this module, you should be able to: Describe Layer 3 and IP services Describe the basics of IP addressing including its components, classes, how they are managed and allocated, and the purpose and types of addresses State the purpose, components, and operation of the IP subnet address Develop an IP address plan using IP subnetting and addressing summarization Recognize and define the fields in the IP header

Describe other protocols that support IP operation Describe the IP address forwarding process Describe the 7750 SR IP filter operation, components, configuration, and application Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 106 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 106 All rights reserved 8 Alcatel-Lucent Learning Assessment Describe Layer 3 and IP services Describe the basics of IP addressing including its components, classes, how they are managed and allocated, and the purpose and types of addresses State the purpose, components, and operation of the IP subnet address Develop an IP address plan using IP subnetting and addressing summarization Recognize and define the fields in the IP header Describe other protocols that support IP operation Describe the IP address forwarding process Describe the 7750 SR IP filter operation, components, configuration, and application Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 4 - 107 Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 107 All rights reserved 8 Alcatel-Lucent LAB 2.3-2.4 Layer 3 Interfaces and ICMP/ARP See the Alcatel-Lucent IP Scalable Networks Lab Guide Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks v2.01 Module 4 | 108 All rights reserved 8 Alcatel-Lucent www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks Module 5 IP Routing Protocol Basics Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 2 All rights reserved Alcatel-Lucent Module Overview Concepts and Purpose of IP Routing Static Routes Dynamic Routing Protocol Concepts OSPF Routing Protocol Introduction to Border Gateway Protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute IP Routing Protocol Basics Section 1 Concepts and Purpose of IP Routing Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 4 All rights reserved Alcatel-Lucent Concepts and Purpose of IP Routing Overview IP Routing Concepts Routing Protocols The Routing Table Building the Routing Table and its Components Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 5

200

200

200

2008

2008

Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 5 All rights reserved 2008 Alcatel-Lucent IP Routing Concepts What is IP routing? Determines a path to send packets from a source to a destination along a set of routers Each router forwards the packet from one interface to another interface What is a routing protocol? Provides the mechanism to maintain routing tables for routers Allows routers to share route information used to build and maintain routing tables IP routing IP routing is the set of tasks involved in sending a packet from the source to t he destination across an IP network. The packet enters the IP network via a router and is sent to another router in the network and so on until the packet reaches the destination. The routers in the n etwork use their routing tables to determine how to forward the packet. Routing tables The routing tables are built manually by the network administrator or by protoco ls that run on every router. The routing table maintains a list of IP networks and the physical interfaces on the router to reach these networks. Using the routing table, an IP packet is routed to its destinati on. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 6 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 6 All rights reserved 2008 Alcatel-Lucent Routing Protocols Static Dynamic IGP EGP Distance Vector Link State RIPv1 and RIPv2 OSPF IS-IS Path Vector BGP Explicitly define next hop on every router/ Define default route IP routing populates the routing table with routes IP routing can be divided into two main categories - static and dynamic. Dynamic routing protocols can be further divided into two main categories - Interior Gateway Protocols (IG P) and Exterior Gateway Protocols (EGP). IGPs such as RIP and OSPF are used for routing within an autonomous system. An a utonomous system is defined as the networks and routers that are under the control of one entity or administrative authority. The goal of an IGP is to find the lowest cost route to every destinat ion in the network. IGPs can be further divided into distance vector and link state protocols. Distance vector routing protocols use a hop-count metric to determine the best r oute to a destination regardless of the bandwidth capability of the network links along th

e path. RIP is a distance vector protocol. Each router that participates in a distance vector rou ting protocol does not have a complete topological view of the network; the router only knows the best next hop to the destination. This is covered in further detail later in this module. Link state routing protocols use a cost metric that is a representation of the l ink status and the physical bandwidth of the router interfaces along the path. Therefore, the link state protocols select a path based on the route that has the least cost, which is representative of th e path that has the most physical bandwidth. Common LS protocols are OSPF and IS-IS. Each router tha t participates in a link state routing protocol has a complete topological view of the network. This is covered in further detail later in this module. The goal of an EGP is to provide routes between autonomous systems. However the EGP must also consider policy enforcement that may exist between the autonomous systems. Becau se an EGP works within policy constraints, the protocol will not necessarily choose the lo west cost route. BGPv4 is the current EGP used in the Internet. BGP is a path vector protocol tha t chooses the path based on the number of autonomous systems that must be traversed rather than on the number of routers that the path must traverse. BGP performs policy-based routing because p olicies can be used in many different ways to influence the ways a preferred route is chosen. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 7 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 7 All rights reserved 2008 Alcatel-Lucent IP Routing Example IP-C Network Type NH Hops 3.3.3.0/24 Direct 0 Remote Direct 2.2.2.0/24 2 1.1.1.0/24 0 IP-B Network Type NH Hops 3.3.3.0/24 Direct 0 Remote Direct 1.1.1.0/24 2 2.2.2.0/24 0 Assuming that the routing tables exist on the routers in this slide, the basic f low of a packet of data through a network can be described as follows: Device A (1.1.1.2) needs to send data to server D (2.2.2.2). Because device A is not located on the same segment as device D, device A must use the default gateway (1.1.1.1) fo r the

segment. Device A uses ARP for the 1.1.1.1 address to learn the MAC address of t he gateway. The router responds with the MAC B address. Device A can now encapsulate the dat a, as shown in the top block diagram of this slide. Note that the source and destinati on IP addresses identify the overall source and destination devices; the frame source and destin ation addresses identify the path across one Ethernet segment. When the frame arrives at router B, the router removes the L2 header and trailer , examines the IP header, checks the routing table for an entry that matches the destinatio n IP address in the IP packet, and determines that the data needs to be sent to router C. To sen d the data, router B encapsulates the data in a POS/PPP frame and forwards the data. Router C removes the IP datagram from the PPP frame and checks its routing table . Because the destination IP network is directly connected to its Ethernet port, router C checks its ARP cache to find the destination MAC address. When the destination L2 MAC address i s determined, router C creates the frame of data and forwards the data to server D . Note that the IP addressing did not change throughout the movement of the data. However, the L2 framing changed over each segment that the packet traversed. The IP address iden tifies a device within the entire network topology; the L2 address identifies a device on that s egment only. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 8 All rights reserved 2008 Alcatel-Lucent 7750 SR Sample Routing Table A:PE1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------10.1.2.0/24 Local Local 03d23h08m 0 to-p2r1 0 10.1.3.0/24 Local Local 03d23h08m 0 to-p3r1 0 10.1.4.0/24 Local Local 04d00h34m 0 to-p4r1 0 10.2.3.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.2.4.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.3.4.0/24 Remote OSPF 04d00h16m 10 10.1.3.31 2000 10.10.10.11/32 Local Local 06d18h33m 0 system 0 10.10.10.21/32 Remote OSPF 00h41m04s 10 10.1.2.21 1000 ------------------------------------------------------------------------------No. of Routes: 8

=============================================================================== A:PE1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------10.1.2.0/24 Local Local 03d23h08m 0 to-p2r1 0 10.1.3.0/24 Local Local 03d23h08m 0 to-p3r1 0 10.1.4.0/24 Local Local 04d00h34m 0 to-p4r1 0 10.2.3.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.2.4.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.3.4.0/24 Remote OSPF 04d00h16m 10 10.1.3.31 2000 10.10.10.11/32 Local Local 06d18h33m 0 system 0 10.10.10.21/32 Remote OSPF 00h41m04s 10 10.1.2.21 1000 ------------------------------------------------------------------------------No. of Routes: 8 =============================================================================== This slide displays the output from a 7750 SR routing table. Major components of the routing table Dest Prefix - The network that has been advertised to this router. The terms pre fix and network are used interchangeably. Type The type of interface. Indicates whether the destination prefix belongs to a locally attached network or to a remote network. Protocol - If the destination network is not directly attached to the router, th e routing protocol that was used to advertise the destination prefix to this router is displayed. The pr otocols can be, for example, RIP, OSPF, BGP, and static. Age - How long this entry has been in the routing table. Preference - A unit of measurement that indicates the preference of one routing protocol over another routing protocol. Next Hop - The IP address of the neighbor that advertised the destination prefix to the router. Metric - The numerical value used by a routing protocol to calculate the best ro ute to a destination. Depending on the routing protocol, the metric is usually a hop count or a cost t hat is assigned to a network link. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 9 All rights reserved 2008 Alcatel-Lucent Building the Routing Table and its Components How many networks is router 1 connected to? All routing protocols serve the same purpose: to find paths through a network an d store the paths in a routing table. The paths are also called routes, or more specifically, IP rout

es. The routes are advertised to neighbors. Each router in a network needs to populate its routing table so that it can forw ard IP data packets. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 10 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics Building the RIB on R1 1. R1 records all of the directly connected networks including its system address, which is an internal loopback address 2. R2 advertises its direct networks to R1 3. R3 advertises its direct networks to R1 This slide describes a routing protocol operation that is based on a distance ve ctor protocol. Distance vector protocols will be discussed in detail later. When routers 2 and 3 are turned up, they both send information about their local networks to their neighbors. In this case, R1 receives routing updates from both R2 and R3 about t heir directly connected networks. A routing update is a type of network advertisement made by one router to anothe r router. This is part of the routing protocol that runs between the routers in order to exchange the updates. A typical routing update consists of the following components: a network address with a network mask (also known together as a network prefix) a metric associated with the prefix the IP address of the next hop to reach this network prefix R1 uses this information, including its locally discovered networks, and builds a routing information base (RIB). The RIB is protocol dependent. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 11 All rights reserved 2008 Alcatel-Lucent Information sent from R2 to R1 Existing RIB on R1 Information sent from R3 to R1 Routing Protocol Basics Continuing to Build the RIB 10.10.3.0/30 toR3 0 10.10.1.0/30 toR2 0 192.168.10.10/32 system 0 172.16.1.0/24 to Net A 0 Dest. Prefix Next Hop Metric 192.168.20.30/32 10.10.1.2 0 10.10.2.0/30 10.10.1.2 0 Dest. Prefix Next-Hop Metric 192.168.30.30/32 10.10.3.2 0 10.10.2.0/30 10.10.3.2 0 172.16.2.0 10.10.3.2 0 Dest. Prefix Next-Hop Metric Each routing update typically consists of a network, an associated mask, a metri c, and the next hop to reach the destination. In this slide, router 1 builds a RIB, which collects and maintains all of the in formation from its neighbors. If routers 2 and 3 advertise new network information, the routers sen d an advertisement to router 1. Router 1 then updates the information in the RIB if necessary.

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 12 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 12 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics Routing Metrics Continuing to build the router information base on R1 4. R2 sends its learned information to R1 5. R3 sends its learned information to R1 6. R1 recalculates all of the learned information to build the final routing table that will be used for IP forwarding When updates are received from their directly attached neighbors, routers 2 and 3 build their respective RIBs and then propagate the information to other neighbors. The updates include the learned destination prefix, the network mask, the metric , and the next-hop IP address or interface. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 13 All rights reserved 2008 Alcatel-Lucent Information sent from R2 to R1 Information sent from R3 to R1 Existing RIB on R1 Routing Protocol Basics Continuing to Build the RIB 172.16.2.0/24 10.10.3.2 1 192.168.30.30/32 10.10.3.2 1 192.168.20.20/32 10.10.1.2 1 10.10.2.0/30 10.10.3.2 1 10.10.2.0/30 10.10.1.2 1 10.10.3.0/30 toR3 0 10.10.1.0/30 toR2 0 192.168.10.10/32 system 0 172.16.1.0/24 to Net A 0 Dest. Prefix Next-Hop Metric 172.16.2.0/24 10.10.1.2 2 192.168.30.30/32 10.10.1.2 2 10.10.3.0/30 10.10.1.2 2 192.168.10.10/32 10.10.1.2 2 172.16.1.0/24 10.10.1.2 2 Dest. Prefix Next-Hop Metric 192.168.20.20/32 10.10.3.2 2 10.10.1.0/30 10.10.3.2 2 192.168.10.10/32 10.10.3.2 2 172.16.1.0/24 10.10.3.2 2 Dest. Prefix Next-Hop Metric Alcatel-Lucent Confidential for internal use only - Do Not Distribute Scalable IP Networks v2.01 Module 5 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 14 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics Generating the Routing Table 192.168.20.20/32 10.10.3.2 3 10.10.1.0/30 10.10.3.2 3 192.168.10.10/32 10.10.3.2 3 172.16.1.0/24 10.10.3.2 3 192.168.30.30/32 10.10.1.2 3 172.16.2.0/24 10.10.1.2 3 10.10.3.0/30 10.10.1.2 3 192.168.10.10/32 10.10.1.2 3 172.16.1.0/24 10.10.1.2 3 172.16.2.0/24 10.10.3.2 1 192.168.30.30/32 10.10.3.2 1

192.168.20.20/32 10.10.1.2 1 10.10.2.0/30 10.10.3.2 1 10.10.2.0/30 10.10.1.2 1 10.10.3.0/30 10.10.3.2 0 10.10.1.0/30 10.10.1.2 0 192.168.10.10/32 system 0 172.16.1.0/24 to Net A 0 Dest. Prefix Next-Hop Metric Existing RIB on R1 192.168.30.30/32 10.10.3.2 2 192.168.20.20/32 10.10.1.2 2 172.16.2.0/24 10.10.3.2 2 10.10.2.0/30 10.10.1.2 2 10.10.3.0/30 toR3 0 10.10.1.0/30 toR2 0 192.168.10.10/32 system 0 172.16.1.0/24 to Net A 0 Dest. Prefix Next-Hop Metric Routing table on R1 (Best routes) In this slide, router 1 takes the information from the RIB and generates a routi ng table. Using an algorithm, router 1 will calculate the best path to a particular networ k. The parameter that is used in the algorithm to differentiate between two advertisements about the s ame network from two different neighbors is referred to as the metric or cost. In this example, t he metric is the hop count or the number of hops that the destination network is from the source R1. For example, routers 2 and 3 advertise the destination network 172.16.2.0/24 to router 1. R2 advertises 172.16.2.0/24 with a metric of 2. R3 previously advertised 172.16.2.0 /24 with a metric of 0 because this network was directly attached to R3. Any local networks on a part icular router are considered to be the lowest metric or 0. When R1 receives the update from R2 and R3, R1 installs both the updates in its RIB and adds the value 1 to the metric advertised by bot h R2 and R3. In this case, the 172.16.2.0/24 update from R2 will be installed in the R1 RIB with a me tric of 3 (2 + 1); the update from R3 will be installed with a metric of 1 ( 0 +1). Because R1 receives the update about 172.16.2.0/24 from R2 and R3, a metric of 1 will be added to their individual ad vertised metrics. The routing table on R1 is built from the existing RIB on R1. The best routes, d epending on the algorithm used, are sent to the routing table and this will be used to forward t he IP packets. The best routes in our example are the routes with the least cost or hop count to th e particular destination. Note also for advertisements about a prefix that contains equal metrics, the rou te selection algorithm must use a differentiator to install one route in the routing table. I n this slide, network 10.10.2.0/30 is the network that is directly attached to routers 2 and 3. Theref ore, when it is advertised to R1 from R2 and R3, the advertisement contains the same metric. R1 updates its RIB with both the updates. However, R1 chooses to install only the update from R2. T

his is dependent entirely on the routing protocol who can use different criteria to install the u pdate. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 15 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics IP Routing When an IP packet enters router R1, the IP packets destination address is compare d to the entries in the R1 forwarding table. If an entry matching the destination is found, the next hop IP address is examined. The local interface corresponding to the next hop IP address is then d etermined by reexamining the R1 forwarding table. The IP packet is then forwarded to the corresponding lo cal interface and out of the router R1. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 16 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics Control Plane vs Data Plane Routing updates sent as part of the routing protocol operation comprise the control plane Data that is forwarded using the routing table comprises the data plane Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 17 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 17 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics Next Hop Interface 172.16.2.0/24 ??? 2 10.10.10.0/29 To Network 2 2 192.168.10.10/32 system 0 172.16.1.0/24 To Network A 0 Dest. Prefix Next-hop Metric The neighbor interface may not always be a point-to point interface, as shown in the following example In this slide R1, R2, and R3 are connected in a common broadcast domain. R1 has one interface that is configured towards the broadcast domain. When R3 and R2 send updates about their local networks to R1, they include the I P address of their interface on the broadcast domain. R1 installs network 172.16.9.0/24 with a next-hop of 10.10.10.3 and network 172. 16.2.0/24 with a next-hop of 10.10.10.2. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 18 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 18 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics - Preference A router may run more than one routing protocol. In this slide, the R1-R2 and R2-R3 interfaces are running OSPF, and the R1-R5 an d R5-R3 interfaces are running RIP. Network B can be advertised on both the interfaces of R3, each running a differe nt protocol. Therefore, this network is advertised to R1 by both RIP and OSPF. R1 has to deci de which entry to install in its routing table. In order to choose between the two updates, R1 use

s an additional parameter known as preference. The preference parameter indicates the routers pre ference of one protocol over another protocol. By default, on the 7750 SR, routes learned from OSPF are preferred over routes learned from RIP. Therefore, the route learned from OSPF is installe d in the routing table on R1. Note that protocol with a lower preference value is preferred. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 19 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 19 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics - Routing Table Management Each routing protocol populates its routes in its RIB Each protocol independently chooses the best routes based on the lowest metric The best routes from each protocol are sent to the RTM process When a routing protocol learns routes from its neighbors, the protocol populates its RIBs with the routes. Each protocol stores the routes it has learned from its neighbors in its RIB. For each destination in the RIB, the routing protocol chooses the best route bas ed on the lowest metric. The best routes are sent to the routing table manager (RTM). Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 20 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 20 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics Route Selection Using Preference The RTM may receive a best route from multiple protocols Selection is based on lowest preference value The RTM sends its best route to the FIB This route is the active route and is used for forwarding Because metrics from different protocols are not comparable, the RTM uses the pr eference to choose from all of the best routes that it receives. The lower the protocols preference, the more likely that the best or active route will be selected from that protocol. Different protocols should not be configured with the same preference. The best routes from the RTM are placed in the forwarding information base (FIB) , also commonly referred to as the routing table. The FIB is distributed to the various line cards on the 7750 SR and is used to f orward incoming IP packets. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 21 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 21 All rights reserved 2008 Alcatel-Lucent Routing Protocol Basics - Default Preference Table RIP 100 Yes BGP 170 Yes IS-IS Level 2 external 165 Yes IS-IS Level 1 external 160 Yes OSPF external 150 Yes IS-IS Level 2 internal 18 Yes IS-IS Level 1 internal 15 Yes OSPF internal 10 Yes Static 5 Yes

Direct attached 0 No Route type Preference Configurable This slide lists the default preference values that are assigned to each routing protocol on the 7750 SR. All of the preference values, with the exception of the preference for directly attached networks, are configurable. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute IP Routing Protocol Basics Section 2 Static Routes Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 23 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 23 All rights reserved 2008 Alcatel-Lucent Static Routes Configured by an administrator and not dynamically learned using routing protocols Entries do not change dynamically if the topology changes Preferred over any other dynamic protocol Static routes are manually configured. They describe the remote destination netw ork and the nexthop that a packet must be forwarded to in order to reach the destination. The destin ation can be one network or a range of networks. Note that for two routers to forward data to each other bidirectionally, a stati c route needs to be configured on both routers. For example, in this slide, there would be a static route on router 1 (10.10.1.2) to forward packet data. There would also need to be a static route c onfigured on router 2 so that it knows how to packet forward data to router 1. By default, a static route is created with a preference of 5 and a metric of 1. However, these parameters can be changed to accommodate a different configuration. If the prefe rence and metric parameters are left at the default values, a static route is always preferred ov er a route learned from a dynamic routing protocol. By adjusting the preference value, the user can define a secondary route that will be used if the dynamic protocol fails to provide a route. Or, a second static route can be configured as a backup to the primary static route by assigning a higher metr ic to the secondary route. Static routing saves bandwidth and processing because there are no advertisement s or updates. However, any changes to the routes must be made manually, so there is no real-ti me response if a destination becomes unreachable. Static routing also allows you to override any decision by a routing protocol. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 24 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 24 All rights reserved 2008 Alcatel-Lucent Static Route - Example Static Route Config on R1 config router static-route 192.168.1.0/24 next-hop 10.10.1.2

Static Route Config on R5 config router static-route 172.16.0.0/24 next-hop 20.10.1.2 In this example, the corporate headquarters network is connected to two remote s ites. The corporate site provides the remote sites with resources and Internet access. Bec ause the corporate network is connected through one link to each of the sites, the corporate site w ill only send traffic on this link to each of its remote sites. A remote network like this, with only one connection to the backbone network, is often referred to as a stub network. By configuring a static route on R1, traffic destined for network 192.168.1.0/24 will exit out of the interface on R1 to CR1. A static route configured on R5 will send traffic to CR2 . If R2 wants to reach either remote site, it must also be configured with a static route in the correc t direction. In order for traffic to flow in both directions, the remote networks must also be configu red with static routes to reach the corporate network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 25 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 25 All rights reserved 2008 Alcatel-Lucent Default Routes Static Default Route in CR1 config router static-route 0.0.0.0/0 next-hop 10.10.1.1 A static default route in the routing table is a wildcard entry that fits any de stination. The route is used when the destination address of a packet does not match any other entry in the routing table. A default route is often used on a stub network when there is only one path to rea ch the other remote networks. The default route is a static route with a network address and mask of 0.0.0.0. In this slide, for the Remote site 1 to access the resources of the corporate he adquarters network, it does not need to list every entry in its routing table for every resource that i t needs to send traffic to. Therefore it uses the default route to match any possible route. The default route is the longest match in the routing table when nothing else matches. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 26 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 26 All rights reserved 2008 Alcatel-Lucent Static Route Configuration To configure static routes in the routing table, use the following command Context: config>router> Syntax: [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference prefe rence] [metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-intname] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole Example: config>router> static-route 10.1.1.0/24 next-hop 10.2.2.2 Example: config>router> static-route 0.0.0.0/0 next-hop 10.3.3.3

Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 metric 100 Context: config>router> Syntax: [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference prefe rence] [metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-intname] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole Example: config>router> static-route 10.1.1.0/24 next-hop 10.2.2.2 Example: config>router> static-route 0.0.0.0/0 next-hop 10.3.3.3 Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 metric 100 Syntax [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [ metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-int-name] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [ metric metric] [tag tag] [enable | disable] indirect ip-address [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [ metric metric] [tag tag] [enable | disable] black-hole Context config>router Description This command creates static route entries for both the network and access routes . When a static route is configured, one of the parameters must be configured: next-hop, indirec t, or black-hole. Parameters ip-prefix The destination address of the static route, in dotted-decimal notatio n mask The mask associated with the network address preference preference The preference of this static route compared to other rout es metric metric The cost metric for the static route, expressed as a decimal integ er next-hop [ip-addr | ip-int-name] Specifies the directly connected next-hop IP ad dress black-hole Specifies that the route is a black-hole route Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 27 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 27 All rights reserved 2008 Alcatel-Lucent LAB 3 Static Routing, Default Routes and IP Filters See the Alcatel-Lucent IP Scalable Networks Lab Guide Alcatel-Lucent Confidential for internal use only -- Do Not Distribute IP Routing Protocol Basics Section 3 Dynamic Routing Protocol Concepts Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 29 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 29 All rights reserved 2008 Alcatel-Lucent Dynamic Routing Protocol Concepts Overview Distance Vector Overview

Topology Change Link State Overview Exchange of Link State Information Link State Protocol Distance Vector vs Link State Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 30 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 30 All rights reserved 2008 Alcatel-Lucent Distance Vector Overview Routers send periodic updates to physically adjacent neighbors Updates contain distance (how far) and vectors (direction) for networks Routers do not have a view of the entire network topology; routers only have a view of a distance and a vector Examples: RIPv1 and RIPv2 If using a distance vector routing algorithm (Bellman-Ford) a router passes a co py of its routing table periodically to all its neighbors. These regular updates between routers communi cate topology changes. Each router receives a routing table from its direct neighbor. In this slide, RTR-B receives a routing update from RTR-A. RTR-B uses the information received from RTR-A to recalculate its routing table. RTR-B then sends its routing table to RTR-D. This same step-by-step process occurs in all directions between direct-neighbor routers. IMPORTANT With distance vector, a routing table is not transmitted beyond the im mediate neighbor. For example, RTR-D does not receive a routing update directly from RTR -A. The distance vector algorithm allows network metrics to accumulate. Each router maintains a routing table with the next hop for all of the listed destinations. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 31 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 31 All rights reserved 2008 Alcatel-Lucent Distance Vector Overview Topology Change This slide shows the distance vector step-by-step process for updating all route rs in a network when a topology change occurs. Each router sends its entire routing table to each of its adjacent neighbors. Th is table includes reachable addresses, a value that represents the distance metric, and t he IP address of the first router on the path to each network that the router knows about. As each router receives an update from its neighbor, the router calculates a new routing table and transmits the table to each of its neighbors at the next timed interval. In a very large network with many routers, it can take a long time for all the r outers in the network to know about a topology change. Therefore, distance vector protocols ha ve a high convergence time which is very undesirable. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 32 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 32 All rights reserved 2008 Alcatel-Lucent Link State Overview Routers send triggered updates to physically adjacent neighbors

Updates/LSP contain router names and link cost metrics Each router has a view of the entire topology Examples: OSPF, IS-IS Adjacency Database RTR-B on 1/1/2 RTR-C on 1/1/1 Link State Database RTR-A to RTR-C, cost=1000 RTR-A to RTR-B, cost=1000 RTR-C to RTR-B, cost=1000 RTR-B to 2.2.2.0/24, cost=1000 Routing Table 2.2.2.0/24 via 1/1/2 Link state routing protocols maintain a complete database of topology informatio n. While distance vector protocols have nonspecific information about distant networks, link state routing protocols maintain full knowledge of distant routers and how they interconnect, that is, t he latter have a view of the entire internetwork topology. OSPF and IS-IS are examples of link state r outing protocols. Link State Packets (LSPs) are used to transmit the information that is required to build the topological database, which is used by the Shortest Path First (SPF) algorithm t o build an SPF tree, and finally, a routing table of paths to each network destination. When a link-s tate topology changes, all of the routers must become aware of the change so they can update t heir routing table accordingly. This involves the propagation of common routing information to all routers in the network. To achieve information convergence, each router performs the following: Keeps track of it neighbors Builds an LSP that lists neighbor router names and link metrics (cost). This inc ludes new neighbors, changed metrics, and links to neighbors that are down. Sends out the LSP so that all routers receive the LSP Upon receiving an LSP, records the LSP in its database so that it has the most u p-to-date topology information Using accumulated LSP data, builds a complete network topology, and independentl y executes the SPF algorithm to calculate routes to every network Each time there is a change to the link-state database, the router recalculates the best paths and updates the routing table Link state protocols keep three databases in the router: The adjacency database, sometimes called the neighbor database, keeps track of a ll of the other routers that are directly attached. The adjacency database is maintained w ith periodic hello messages. The link state database (LSDB) stores the most recent LSPs sent by all the route rs in the network. The database is used to create the SPF tree that ultimately creates the routing table. The routing table, sometimes called the forwarding database, is used by the rout er to

optimally forward IP packets to the destination network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 33 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 33 All rights reserved 2008 Alcatel-Lucent Exchange of Link State Information Link-state routers use the following process to discover the network topology: Each router creates an LSP with link-state information about all its directly connected networks Routers exchange LSPs with their directly connected neighbors The link-state information is flooded to all routers in the network Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 34 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 34 All rights reserved 2008 Alcatel-Lucent Link State Protocol - Topological Database Each router builds a topological database that consists of all the LSPs from the other routers in the network Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 35 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 35 All rights reserved 2008 Alcatel-Lucent Link State Protocol - Topology Changes Link-state updates are driven by topology changes When a router recognizes a topology change (that is, link down, neighbor down, n ew link, or new neighbor), the router must notify its neighbors. To do this, each link-state rou ter performs the following: The router that recognizes the change sends new link-state information about the change. When a router receives new link-state information, the router must populate the information in its topological database and send the information to its neighbors. The SPF algorithm must be run against the new topological database to update the routing table with the new information. Each time that there is a topology change that causes an update to the topologic al database, the SPF algorithm must be run. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 36 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 36 All rights reserved 2008 Alcatel-Lucent Distance Vector vs Link State Passes link-state routing updates to other routers Passes copies of the routing table to neighbor routers Event-triggered updates: faster convergence Frequent, periodic updates: slow convergence Calculates the shortest path to other routers Adds distance vectors from router to router Gets a common view of the entire network topology

Views the network topology from the neighbors perspective Distance vector Link state Alcatel-Lucent Confidential for internal use only -- Do Not Distribute IP Routing Protocol Basics Section 4 OSPF Routing Protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 38 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 38 All rights reserved 2008 Alcatel-Lucent OSPF Routing Protocol Overview OSPF OSPF Router ID OSPF Point-to-Point Neighbor Adjacency OSPF Link State Flooding Sequence Numbers OSPF Single Area Point-to-Point Configuration Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 39 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 39 All rights reserved 2008 Alcatel-Lucent OSPF Link-state protocol with fast convergence and inherent loop prevention mechanisms Scalable Hierarchical using areas Uses the Shortest Path First (SPF) algorithm for routing decisions Default cost metric takes into account the physical bandwidth of the port or can be set manually Classless protocol Authentication support Support for VLSM and address aggregation OSPF Version 2 is a widely deployed, well known protocol for IPv4, OSPF Version 3 is standardized and supports IPv6 OSPF is a link-state routing protocol. As such, it uses the SPF algorithm to fin d the shortest path to every destination in the network. Link-state routing protocols are inherently lo op free and have a fast convergence time. Link-state routing protocols have limited scalability, so OSPF supports hierarchy with the concept of areas. This greatly increases the scalability of O SPF. The subnet mask is carried in OSPF link-state updates, so variable length and no ncontiguous subnets are supported. Route aggregation is also supported to enable more efficient addr ess management. OSPF supports authentication for security. The OSPF cost metric is based on the physical bandwidth of the port. This allows OSPF to make its path decisions based on the path that has the most bandwidth rather than the lea st number of hops. The traffic engineering extensions to OSPF allow the protocol to track and adver tise the available bandwidth, administration groups, maximum number of hops, and so on. This featur e is used by MPLS to create traffic tunnels and is covered in the Alcatel-Lucent MPLS course. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 40 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 40 All rights reserved 2008 Alcatel-Lucent

OSPF Router ID OSPF requires a unique method of identifying each router in the network OSPF must be able to associate router interfaces with a specific router, just as a person may say R1 has two links, one link is in the 10.10.2.0 network and the other link is in the 10.10.1.0 network The router ID that is used for OSPF can be configured explicitly using the follo wing command: configure router router-id <ip-address>. This router ID is also used for other r outing protocols such as BGP. To use a separate router ID for different protocols, you can override this highlevel router ID with an OSPF-specific router ID using the following command: configure router ospf route r-id <ip-address>. If a router ID is not configured but a system interface is configured with an IP address, the system IP address is used as the OSPF router ID. To configure a system interface, use the following command: configure router interface system address <ip-address>/32. If neither a router ID nor a system interface address is configured, the last fo ur octets of the chassis MAC address are used as the OSPF router ID. The chassis MAC address can be viewe d using the following command: show chassis. The OSPF router ID selection is not pre-emptive. If the OSPF router ID is reconf igured, the change will not take effect until the OSPF routing process is restarted. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 41 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 41 All rights reserved 2008 Alcatel-Lucent Configuring an OSPF Point-to-Point Neighbor Adjacency OSPF is a dynamic routing protocol that is based on routers exchanging link-stat e information with each other. Two OSPF routers must create an OSPF neighbor adjacency before they can exchange routing information. On point-to-point OSPF networks, neighboring routers become fully adjacent with each other. For example, in this slide, R1 becomes fully adjacent with both R1 and R3. In this slide, all neighbor adjacencies in the point-to-point network are indica ted with the arrows. Routers can be connected on a shared broadcast segment, such as Ethernet, rather then a point-topoint segment. On a broadcast segment, additional steps are performed to reduce the am ount of OSPF control traffic that flows between routers on the segment. This involves el ecting designated routers (DRs) and backup designated routers (BDRs). However, these concepts are beyond the scope of this course and are covered in the Alcatel-Lucent Interior Routing Protocols course. This course discusses only the point-to-point scenario. Note that the default OSPF interface type is broadcast for Ethernet interfaces a nd must be explicitly configured as point-to-point. The configuration will be presented later in this section.

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 42 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 42 All rights reserved 2008 Alcatel-Lucent OSPF Neighbor Adjacency Hello Packet The main components of the OSPF Hello Packet are shown below Parameters that are denoted with an asterisk must be set the same on both router s to form an adjacency or to keep an adjacency alive. Hello packets are sent between routers to form an adjacency and to proceed to 2way state. Hello packets are also used as a keep-alive when the adjacency is formed. On point-to-point links, OSPF traffic is always sent to reserved multicast addre ss 224.0.0.5. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 43 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 43 All rights reserved 2008 Alcatel-Lucent OSPF Neighbor Adjacency - Discovery Consider the case where R1 and R2 are rebooted, they need to re-create their adjacency OSPF State = DOWN Hello (RID = 1.1.1.1 Neighbors = 0) OSPF State = DOWN OSPF State = INIT Hello (RID = 2.2.2.2 Neighbors = 1.1.1.1) OSPF State = INIT OSPF State = 2-Way Hello (RID = 1.1.1.1 Neighbors = 2.2.2.2) OSPF State = 2-Way When both routers are first powered up, they are in the OSPF down state. Both OSPF routers send OSPF hello packets to discover each other. When the discovery process is complete, the routers are in a 2-way state and are ready to exchange routing information. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 44 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 44 All rights reserved 2008 Alcatel-Lucent OSPF Neighbor Adjacency Exchanging Routing Information After the routers discover each other, they are ready to start exchanging routin g information Higher Router Id is decided as the Master MTU Check is performed At this point, each router has a summary of the routing information of their nei ghboring router. The routers are now ready to request specific routing information from their neighbo r OSPF State = Exchange start DBD - RID 1.1.1.1 DBD RID = 2.2.2.2 OSPF State = Exchange DBD RID 1.1.1.1 summary of networks DBD RID 1.1.1.1 summary of networks In the exchange start state, both routers send database description (DBD) packet s to establish a master-slave relationship. The highest router ID becomes the master. MTU checking is also performed in the exchange start state. The OSPF MTU from bo th neighbors must match to proceed beyond the exchange start state. The OSPF MTU can be confi gured explicitly on the OSPF interface. If the MTU is not configured, the physical port MTU becom es the OSPF MTU. Therefore, if an OSPF MTU is not configured, the physical port MTUs must match t o create an adjacency. The OSPF MTU determines the maximum size of the OSPF CTL packets, whi ch is typically the size of the link state update and link state request packets. In the exchange state, the database description is first sent by the slave route

r to the master router to provide a summary of the networks that the slave router knows about. The mast er router then sends the slave router a summary of the networks that the master router knows ab out. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 45 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 45 All rights reserved 2008 Alcatel-Lucent OSPF Neighbor Adjacency Requesting Specific Routing Information After the routers have a summary of their neighbors link state database, they can request specific information as needed OSPF State = Loading LSREQ Send specific information on these networks LSUPDATE Receipt of the information as you requested OSPF State = Full at this point, both routers have identical routing information LSREQ Send specific information on these networks LSUPDATE Receipt of the information you requested LSACK Acknowledge In loading state, routers use a specific OSPF packet type, called a link state a dvertisement (LSA), to describe their routing information. In loading state, both routers go through a Request, Reply, Acknowledge sequence until each router has a full view of their neighbors routing information. At this point, both route rs have an identical link state database and are considered fully adjacent. Once the link state datab ase is fully up to date, the routers run the SPF algorithm to calculate the best path to each desti nation in the network and use this information to build their routing table. In a single area point-to-point network, only the router LSAs (Type 1 LSAs) will be used. In more complex topologies, there are other types of LSAs exchanged. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 46 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 46 All rights reserved 2008 Alcatel-Lucent OSPF Link State Flooding - Keeping Routing Information Up to Date R8 LSDB R2 Router LSA Adv router = 2.2.2.2 Networks: 10.10.2.0/30 10.10.3.0/30 2.2.2.2/32 R2 Floods its Router LSA every 30 min R2 LSDB R2 Router LSA Adv router = 2.2.2.2 Networks: 10.10.2.0/30 10.10.3.0/30 2.2.2.2/32 A router LSA is flooded to all routers in the OSPF every time there is a topolog y change on one of the directly connected links of the router. If there are no topology changes, the ro uter will still flood the router LSA every 30 minutes. Every LSA has a maximum age of 60 minutes. An O SPF router will

age all LSAs in its link state database and will purge any LSAs for which it has not received a refresh in the last 60 minutes. Router LSAs on point-to-point networks are always flooded to multicast IP addres s 224.0.0.5. This is the same multicast address that is used for OSPF hello packets while creating an d maintaining an OSPF neighbor adjacency. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 47 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 47 All rights reserved 2008 Alcatel-Lucent Sequence Numbers OSPF uses a sequence number to ensure that LSAs are not transmitted around the O SPF area indefinitely. The acknowledgement of LSAs is used to guarantee the reliability o f LSA transmission to neighboring routers. The following rules are applied by the OSPF router to process the LSAs that are received from its neighbors. If the sequence number is lower than the sequence number in the link state datab ase, the incoming link-state information is considered to be out of date and is discarded . The receiving router will update the sending router with an up to date LSA from its own databa se. If the sequence number is the same as the number in the database, an acknowledge ment is sent. The incoming link-state information is then discarded. If the sequence number is higher than the number in the database, the new link-s tate information is added to the link state database, an acknowledgement is sent and the linkstate information is forwarded to its neighbors. All OSPF control packets use IP protocol discriminator 89. OSPF does not use TCP or UDP as a transport layer. Instead IP uses the protocol ID 89 to extract all OSPF packets for the OSPF process on the router. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 48 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 48 All rights reserved 2008 Alcatel-Lucent OSPF Single Area Point-to-Point Configuration R1 OSPF Configuration Step 1 Create the Router Interfaces R1>config>router# info interface "system address 1.1.1.1/32 exit interface "toR2 address 10.10.2.1/30 port 1/1/2 exit interface "toR3 address 10.10.1.1/30 port 1/1/3 exit Step 2 Add the Router Interfaces to OSPF as type

Point-to-Point R1>config>router>ospf# info area 0.0.0.0 interface "system interface-type point-to-point exit interface "toR2" interface-type point-to-point exit interface "toR3" interface-type point-to-point exit The steps for OSPF configuration for R2 and the other routers in the network fol low the R1 configuration. The only difference is that you need to verify that the IP addres ses and port numbers on the interfaces are accurate. It is also good practice to verify that the inte rface names have the correct descriptions. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 49 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 49 All rights reserved 2008 Alcatel-Lucent R1# show router ospf neighbor =============================================================================== OSPF Neighbors =============================================================================== Interface-Name Rtr Id State Pri RetxQ TTL ------------------------------------------------------------------------------toR3 3.3.3.3 Full 1 0 35 toR2 2.2.2.2 Full 1 0 31 ------------------------------------------------------------------------------No. of Neighbors: 2 =============================================================================== R1# R1# show router ospf neighbor =============================================================================== OSPF Neighbors =============================================================================== Interface-Name Rtr Id State Pri RetxQ TTL ------------------------------------------------------------------------------toR3 3.3.3.3 Full 1 0 35 toR2 2.2.2.2 Full 1 0 31 ------------------------------------------------------------------------------No. of Neighbors: 2 =============================================================================== R1# Show OSPF Neighbors This slide shows the OSPF adjacencies created by R1 with its directly-connected neighbors. The output includes the logical router interface that the adjacency was created on a nd the router ID of the neighbors. The neighbor state is Full when the routers have synchronized their databases an d have fully created their adjacency. Other states that may be displayed are: Init, 2Way, Exstart, an d Exchange, which are usually only briefly displayed. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 50

Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 50 All rights reserved 2008 Alcatel-Lucent OSPF Metric Calculation Default Metric OSPF Reference Bandwidth/Actual Bandwidth of Physical Port Configured Metric R1>config>router>ospf# area 0 interface toR1 R1>config>router>ospf>area>if# info interface-type point-to-point metric 674 The OSPF metric that is advertised in the R1 LSA for an interface is automatical ly calculated based on the OSPF reference bandwidth which, by default, is 100 Gb/s. The metric is ca lculated by dividing the reference bandwidth by the actual bandwidth of the link. For example, the me tric of a 1 Gb link is 100 Gb/s / 1 Gb/s = 100. The metric of a 100 Mb link is 100 Gb/s / 100 Mb/s = 1000. Lower bandwidth links have a higher metric (cost) and are thus less preferred. Alternatively, the OSPF metric of an interface can be configured in the OSPF int erface context. The default metric of system and loopback interfaces on a router is zero. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 51 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 51 All rights reserved 2008 Alcatel-Lucent R1# show router ospf interface ========================================================================== OSPF Interfaces ========================================================================== If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper -------------------------------------------------------------------------system 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP toR3 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP toR2 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP -------------------------------------------------------------------------No. of OSPF Interfaces: 3 ========================================================================== R1# R1# show router ospf interface ========================================================================== OSPF Interfaces ========================================================================== If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper -------------------------------------------------------------------------system 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP toR3 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP toR2 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP -------------------------------------------------------------------------No. of OSPF Interfaces: 3 ========================================================================== R1#

Show OSPF Interfaces This slide shows the interfaces that are running OSPF, including their names and the areas that they belong to. Note that the operating status for the interfaces to R2 and R3 is PToP because the routers have been defined as point-to-point interfaces in the OSPF configuration. The Designated Rtr and Bkup Desig Rtr fields are only applicable to OSPF broadcast i nterfaces, which are not covered in this course. For OSPF point-to-point Interfaces, the De signated Rtr and Bkup Desig Rtr values are always 0.0.0.0. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 52 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 52 All rights reserved 2008 Alcatel-Lucent R1# show router route-table Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------1.1.1.1/32 Local Local 23d04h39m 0 system 0 2.2.2.2/32 Remote OSPF 01h35m59s 10 10.10.2.2 674 3.3.3.3/32 Remote OSPF 01h15m54s 10 10.10.1.2 1000 4.4.4.4/32 Remote OSPF 00h05m49s 10 10.10.2.2 1674 10.10.1.0/30 Local Local 01h44m29s 0 toR3 0 10.10.2.0/30 Local Local 01h46m07s 0 toR2 0 10.10.3.0/30 Remote OSPF 00h05m49s 10 10.10.2.2 1674 ------------------------------------------------------------------------------No. of Routes: 7 R1# show router route-table Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------1.1.1.1/32 Local Local 23d04h39m 0 system 0 2.2.2.2/32 Remote OSPF 01h35m59s 10 10.10.2.2 674 3.3.3.3/32 Remote OSPF 01h15m54s 10 10.10.1.2 1000 4.4.4.4/32 Remote OSPF 00h05m49s 10 10.10.2.2 1674 10.10.1.0/30 Local Local 01h44m29s 0 toR3 0 10.10.2.0/30 Local Local 01h46m07s 0 toR2 0 10.10.3.0/30 Remote OSPF 00h05m49s 10 10.10.2.2 1674 ------------------------------------------------------------------------------No. of Routes: 7

Show Route Table This slide shows the forwarding information that is used by the router to forwar d traffic to its destination. Note that local routes always have a metric of 0 and a preference o f 0. Therefore, even if OSPF had learned of paths to these destinations, the paths would not be enter ed in the forwarding table because the OSPF preference value is 10. The information also includes the address or name of the next-hop interface. For a local route, the name of the interface is displayed (for example, toR3 or toR2). For a remotely learned route, the address of the next hop is displayed (for exam ple, 10.10.2.2). A data packet whose destination address matches this entry in the route table will be forwarded to the next hop address. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 53 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 53 All rights reserved 2008 Alcatel-Lucent LAB 4 OSPF See the Alcatel-Lucent IP Scalable Networks Lab Guide Alcatel-Lucent Confidential for internal use only -- Do Not Distribute IP Routing Protocol Basics Section 5 Introduction to Border Gateway Protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 55 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 55 All rights reserved 2008 Alcatel-Lucent Introduction to Border Gateway Protocol Overview Interior and Exterior Gateway Protocols Routing End-to-end from Enterprise to Content Provider BGP When to Use BGP Use Cases Protocol Summary Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 56 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 56 All rights reserved 2008 Alcatel-Lucent Interior and Exterior Gateway Protocols Interior Gateway Protocols Run within an organization Purpose is to provide routing to internal networks Exterior Gateway Protocols Run between organizations Purpose is to provide routing to the Internet Example: BGP Based on Distance Vector The IGP is designed to route between networks within an organization. The networ ks within an organization are private or public addresses that are typically not advertised t o other organizations. Routing information must also be exchanged between organizations. These routes a re public IP addresses because they are exchanged on the Internet. More control is required o ver the way that traffic flows between organizations - it is not always the shortest path that is preferred. BGPv4 provides many features to control traffic flows between organizations and is the

EGP used on the Internet. BGPv4 is also able to scale to very large networks, which is an import ant requirement in order to manage the 200,000+ routes of the Internet. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 57 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 57 All rights reserved 2008 Alcatel-Lucent Routing End-to-end from Enterprise to Content Provider Information from the content provider must reach the enterprise router for data transfer However, every ISP, including the content provider, runs its choice of IGP A common protocol is required for end-to-end routing In this slide, the enterprise offices need the address information of the conten t providers. However, the information from the content provider must traverse many ISPs, and each ISP runs their own choice of IGP. When the origin of the prefix is the content provider that runs O SPF as their IGP and the Tier 2 ISP runs IS-IS, the prefix must be relearned in the Tier 2 ISP as an IS-IS prefix and, therefore, the prefix could lose its original attributes. Every other ISP in the path of the prefix towards the enterprise will need to relearn the prefix in the protocol of its ch oice. In this slide, although end-to-end routing can be achieved by the process of red istribution, there are several disadvantages, such as the following: Router redistribution removes the metrics of the original protocol and uses the metrics of the newer protocol. This could have a negative effect. Router redistribution needs to be managed carefully with extensive policies. Distributing the Internet addresses into an IGP is not a scaleable design and mo st routers are not designed to handle the large number of Internet prefixes. Router distribution requires a common protocol to run between all of the routers that are involved in the transfer of network prefixes. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 58 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 58 All rights reserved 2008 Alcatel-Lucent BGP Overview IGPs run within an autonomous system EGPs run between autonomous systems From earlier modules of this course, we know that an autonomous system (AS) is a group of networks and networking equipment under a common administration. An IGP (such as OSPF) is used to exchange routing information within the AS and an EGP (such as BGP) is used to e xchange routing information between ASs. BGP is not a discovery protocol and BGP routers are not always directly connecte d. BGP routers are manually configured to connect to other BPG routers using TCP/IP. They become BG P peers. An IGP is required within the AS to route traffic in the AS, including traffic b

etween BGP peers. BGP sessions between routers in different ASs are known as external BGP sessions (EB GP), while sessions between routers in the same AS are internal BGP sessions (IBGP). BGP is administratively much more complex than an IGP. BGP updates include path information that is used for routing policy enforcement and loop detection between ASs. Adding to the complexity of BGP is the fact that topology and routing table size s become much larger than in an IGP environment. The increased size of the tables means that factors such as CPU loading, memory utilization, update generation, and route processing have greater implica tions in BGP. These items, and others, affect convergence. Convergence may be viewed in two wa ys. Local convergence is the time for a router to receive and process all outstanding mess ages, and achieve a stable topology. Network convergence is the time for all routers in the system t o achieve a stable topology. In IGP terms, the system is usually the local AS. In BGP terms, the sy stem is the Internet. Because the entire Internet is the scope of BGP, the administration is more comp lex than the administration of one AS. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 59 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 59 All rights reserved 2008 Alcatel-Lucent BGP Scope Enables the exchange of routing information between autonomous systems An Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other Autonomous systems. RFC 1930 Note: As of March, 2008, the routing table for the Internet backbone consists of approximately 245 000 routes. A key strength of BGP is that it enables the implementation of administrative po licies to manage traffic flow between autonomous systems based on virtually any policy. BGP is scalable to the following characteristics: Large number of autonomous systems Large number of neighbors Large volume of table entries High rate of change BGP has proven scalability. BPG is the protocol of choice for service providers and runs on their Internet routers. The protocol is the fundamental building block of the Internet and is used by every service provider in the world for service-provider interoperability. BGP is the most feature-rich and scalable routing protocol in use today. It supports the current requirements of the Internet and, with extended capabilities such as multiple protocol families and extended AS numbers , is well-positioned for the future. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 60 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 60 All rights reserved 2008

Alcatel-Lucent BGP Autonomous Systems Types of autonomous systems Public Range is 0 to 64511 Assigned by ARIN or another regional authority Private Range is 64512 to 65535 Public autonomous systems Are assigned by the IANA or a regional authority Must be used to connect to other autonomous systems in the Internet Range is 0 to 64511 Private autonomous systems Are assigned by ISPs (for some clients), local administrators, and so on Are not allowed to be advertised to other ISPs or on the Internet Range is 64512 to 65535 Regional Internet Registries The IANA is the umbrella organization. Regional Internet Registries (RIRs) are n onprofit corporations established for the purpose of administration and registration of IP address spa ce and Autonomous System (AS) numbers. There are five RIRs. Registry Geographic Region AfriNIC Africa, portions of the Indian Ocean APNIC Portions of Asia, portions of Oceania ARIN Canada, the United States, and many Caribbean and North Atlantic islands LACNIC Latin America, portions of the Caribbean RIPE NCC Europe, the Middle East, Central Asia Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 61 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 61 All rights reserved 2008 Alcatel-Lucent BGP Establishment Initiate TCP connection Initiate TCP connection OPEN BGP Session (AS Num) OPEN BGP Session (AS Num) Keep Alive Keep Alive TCP Phase BGP Phase Session Maintenance Remove Redundant TCP connection Although BGP behavior is similar to other TCP/IP applications, BGP is an enhance d distance vector protocol, also called a path vector protocol. The characteristics of BGP are: Neighbors can be any reachable devices, not just directly connected devices Unicast exchange of information Reliability via TCP Uses well known TCP port 179 Periodic keepalive for session management Event-driven Robust metrics Neighbor relationships in BGP are somewhat different from what is normal in the IGP world. Traditionally, neighbors are always directly connected routers. With BGP, this i s not the case. Neighbors may be directly connected, but it is not required because BGP uses uni cast TCP/IP for

neighbor establishment. Neighbor relationships can be established with any IP-re achable device. At the application layer, BGP functions similarly to other TCP/IP applications, such as Telnet, FTP, and HTTP. BGP may be viewed as an application because it uses registered port nu mber 179 in the TCP/IP model. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 62 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 62 All rights reserved 2008 Alcatel-Lucent BGP Sessions IBGP neighbors are peers in the same autonomous system By default, they do not need to be directly connected There are two types of BGP neighbor relationships: EBGP and IBGP. Regardless of the type, a BGP session between two devices is referred to as a neighbor or peer session. A BGP router is also referred to as a BGP speaker. A session between two devices in different autonomous systems is referred to as an external BGP or EBGP session. Typically devices with an EBGP session are directly connected, and share a common data link, but it is not mandatory. Because the devices are in different autonom ous systems, the administration of each device is usually handled separately. Therefore, you shou ld ensure that the configuration parameters match so that peering will succeed. A session between two devices in the same autonomous system is referred to as an internal BGP or IBGP session. Typically devices with an IBGP session are not directly connected, because they may be across the country or the world. Because the devices are in the same autonomous system, the administration of each device is usually handled by the same organization. You n eed to ensure that the configuration parameters match so that peering will succeed. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 63 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 63 All rights reserved 2008 Alcatel-Lucent BGP Routing BGP uses multiple metrics to choose the best routes Requirements are different from IGP For example, AS 65250 will only use the link between Router A to C to send all traffic into AS 65250 The criteria that BGP uses for route selection are very different from an IGP. I n an IGP environment, the routes are selected based on one metric such as cost, or hop count. However, when you use BGP to route traffic between organizations, the choice may not be solely made based on the shortest path, but rather financial, security, and geographical reasons. In this slide, AS 65250 has the following agreement with AS65200: any prefixes t hat are sent from AS 65250 will be installed such that the return traffic from AS 65200 will only

exit from router A. Under the same agreement, AS65200 requires traffic from AS 65250 only enter the AS via router B. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 64 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 64 All rights reserved 2008 Alcatel-Lucent When to Use BGP Use BGP in the following environments You are an ISP and need to pass client traffic from one AS to another AS You need to multi-home to several ISPs because of company requirements Traffic flow from or to your company must be managed and controlled Do not use BGP in the following environments You do not need to have more than one connection to the Internet The company engineers do not understand how BGP works The hardware and physical links to the ISP cannot handle the load of BGP traffic Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 65 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 65 All rights reserved 2008 Alcatel-Lucent Use Case 1 Which Customer Should Run BGP? ISP-1 and ISP-2 will be running BGP since they are acting as transit providers f or their customers to the Internet. The Internet is made up of hundreds or thousands of routers and AS numbers. Some of the larger Internet providers are shown in the Internet cloud and they interconn ect and share routes between each other using eBGP. There are two enterprise customers shown in the d iagram. Customer 1 has a single connection to ISP-1 and is borrowing address space from that provider (subnet 209.217.64.64/28). This customer will use a default-route to ISP-1. ISP1 will have a route back to their customers subnet using either static-routes or a dynamic routing p rotocol. ISP-1, using BGP, will advertise their supernet of 209.217.64.0/18 to their upstream provider s in the Internet cloud using eBGP. From the Internet it will appear as though 209.217.64.64/28 is not being advertised and only the supernet will be seen (209.217.64.0/18) coming from AS 7 788 which belongs to ISP-1 (best practice is to summarize and not leak specific subnets in most ca ses). Customer 2 has a two connections for redundancy to ISP-1 and ISP-2. Customer 2 h as their own IP address block which they received from ARIN. In the previous slide it was mentio ned that, in most cases, there is no need to run a complex routing-protocol like BGP unless you ha ve multiple connections to the Internet like Customer 2. Customer 2 requires redundant conne ctivity to the Internet because either they needed the extra bandwidth or simply cannot afford to be offline from the Internet if a link fails. The server in the Customer 2 cloud could be offeri ng important files and must be online 24/7/365. From the Internet it will appears as though 200.46.198.

0/24 is coming from AS 31000 which was assigned to Customer 2 from ARIN. In fact the Internet, using BGP, will see 200.46.198.0/24 with two paths. One path will be 200.46.198.0/24 from AS 31000, 26 230 (ISP-2) and another path for this same address space coming from AS 31000, 7788 (ISP-1). Since BGP is a path-vector protocol, in most cases, the route selection used by the Internet (from AT&T as an example) will make its route selection to reach Customer 2 based on th e shortest amount of AS-PATHs (ASNs). There are several route-metrics used in BGP for route s election and they are covered in detail in Alcatel-Lucents BGP course. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 66 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 66 All rights reserved 2008 Alcatel-Lucent Use Case 2 - Enterprise to ISP Connection (BGP) In this slide, the enterprise has a large OSPF network with multiple LAN segment s. The enterprise also has multiple connections to two ISPs (AS 47 and AS 395). In this configurat ion, the enterprise will often run BGP to manage the connections with their ISPs. BGP policies are used t o determine the path that is used for traffic to leave the enterprise. One ISP may be preferred for some routes, or one ISP may be used as a primary connection to the Internet with the other ISP u sed as a backup. Within the enterprise network, internal routing information is exchanged with OS PF. The enterprise networks are summarized as 100.200.0.0/20, and advertised to the ISPs and onward s to the Internet with BGP. In this scenario, the enterprise uses a private AS number and its rout es are advertised by the ISPs using their AS numbers. The full set of Internet routes is not exported into OSPF. Instead, a default ro ute is advertised by the Internet-connected routers. Some subsection of the BGP routes that are received may be advertised into the enterprise in order to influence the route for that traffic egresses th e enterprise network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 67 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 67 All rights reserved 2008 Alcatel-Lucent Use Case 3 - ISP Interconnections (Transit Traffic) In this slide, an enterprise is connected to its two ISPs (AS 47 and AS 395). Ro uting information is exchanged between the enterprise and the two ISPs using BGP. Both ISPs are Tier 2 ISPs which means that they purchase transit capacity from one or more Tier 1 ISPs. Similar to the enterprise, the Tier 2 ISPs pay the Tier 1 providers to carry their traffic. The Tier 1 providers carry transit traffic. This is traffic that originated outs ide of their network and has a destination outside of their network. A Tier 2 ISP may be connected to mor e than one Tier 1 ISP, or may have transit arrangements with other Tier 2 ISPs. Multiple connectio ns are often used to provide the ISP with a redundant path to all Internet destinations.

An ISP with multiple connections to the Internet usually needs to control the pa th used for its traffic. The reason may be to ensure the shortest path, but often is related to cost or o ther considerations. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 68 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 68 All rights reserved 2008 Alcatel-Lucent Protocol Summary IP # 17 (UDP) 6 (TCP) 89 Application port # 520 179 Transport protocol UDP TCP Topology size Small Very large Large VLSM/CIDR support Yes Yes Yes Metric type Distance vector Adv. DV Link-state Metric Hops Multiple Cost Authentication Simple & MD5 MD5 Simple & MD5 Update type Broadcast/Multicast Unicast Multicast Updates Periodic Incremental Incremental Feature RIPv2 BGP OSPF This slide shows the differences and similarities of the routing protocols that are supported on the 7750 SR platforms. RIP, OSPF, and IS-IS are the IGPs; BGP is the EGP. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 69 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 69 All rights reserved 2008 Alcatel-Lucent LAB 5 BGP See the Alcatel-Lucent IP Scalable Networks Lab Guide Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 70 IP Routing Protocol Basics Section 6 Module Summary Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 71 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 71 All rights reserved 2008 Alcatel-Lucent Module Summary After successful completion of this module, you should understand: The concepts and purpose of IP routing The purpose and configuration of static routes The basic concepts of a dynamic routing protocol The purpose and basic operation of OSPF The purpose and basic operation of BGP Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 5 - 72 Alcatel-Lucent Scalable IP Networks v2.01 Module 5 | 72 All rights reserved 2008 Alcatel-Lucent Learning Assessment Describe IP routing and the need for a routing protocol Differentiate between the static and dynamic routing protocols List and discuss the basic elements of a routing table Distinguish between the control plane and data plane Describe and differentiate between the Distance Vector and Link state methodologies Describe the OSPF adjacency establishment process Describe the usage of sequence numbers in OSPF Differentiate between an IGP and a EGP

Describe the scope and operation of BGP Alcatel-Lucent Confidential for internal use only -- Do Not Distribute www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks Module 6 Overview of Transport Protocols Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 2 All rights reserved 2008 Alcatel-Lucent Module Overview Transport Layer Protocols TCP UDP Port Numbers and Sockets Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Overview of Transport Protocols Section 1 - Transport Layer Protocols Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 4 All rights reserved 2008 Alcatel-Lucent Transport Layer Layer 4 Layer 4 of the OSI model Provides a data transport service to higher protocol layers Internet applications use a transport layer (TCP or UDP) TCP and UDP are transport protocols for the TCP/IP stack TCP provides a high level of service to upper protocols Reliable data transfer and packet reordering End-to-end error checking and flow control UDP provides simple datagram delivery service Unreliable service, but less overhead OSI transport layers are TP0, TP1, TP2, TP3, and TP4 TP4 and TCP are functionally similar TP0 and UDP are functionally similar In the TCP/IP stack Transmission Control Protocol (TCP) and User Datagram Protoc ol (UDP) provide services similar to the OSI transport protocols. Therefore, TCP and UDP are often referre d to as transport or Layer 4 protocols. Internet applications such as web browsing and e-mail transfer use the services of the transport protocols. If the application needs a high level of service, such as reliable data transfer and flow control, the application typically uses TCP for data transfer. If an application needs a simpler service with less overhead, the application ma y use the UDP. There are very few higher level protocols that do not use TCP or UDP. OSPF uses IP datagrams directly. OSPF does not use a transport protocol. The transport layers that are defined in the OSI provide a wide range of service s. TP0 provides the lowest level of service and TP4 provides the highest level of service. Both TP4 and TCP are built to provide a reliable, connection-oriented, end-to-en d transport service on top of an unreliable network service. The network service may lose packets, store packe ts, deliver packets in the wrong order, or even duplicate packets. Both protocols must be able to deal with the most severe problems

(for example, a subnetwork stores valid packets and sends them at a later date). TP4 and TCP both have connect, transfer, and disconnect phases; their principles of operation during t hese phases are also quite similar. In an OSI network the session layer uses the OSI transport layer. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 5 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 5 All rights reserved 2008 Alcatel-Lucent Encapsulation of Application Data by TCP An Internet application such as e-mail, that needs to transfer data across the I nternet will use the services of an Internet transport protocol. E-mail uses TCP, because e-mail needs a reliable data transfer service. The application data is passed to the TCP services layer. The TCP layer divides the application data into segments, if necessary. Each TCP segment contains a TCP header. The size of the segments is based on the MTU size of the Layer 2 networks that are expected to be used for the transfer. The TCP segments are passed to the IP services layer. The IP services layer is r esponsible for the delivery of IP datagrams across the network. Each IP datagram contains an IP header and is rout ed across the network. Because IP is an unreliable service, if TCP determines that some of the IP datag rams were not received, TCP requests retransmission of the missing TCP segments, which provides a reliable t ransfer service. After the TCP segments are received by the receiving system, the TCP services la yer supplies the application data to the receiving application exactly as the data was sent by the transmitti ng application. On a computer that is connected to the Internet, the TCP and IP services are usu ally provided as part of the operating system services. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Overview of Transport Protocols Section 2 Transmission Control Protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 7 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 7 All rights reserved 2008 Alcatel-Lucent TCP Overview TCP Concepts TCP Header TCP Connection Management Establishing a TCP Connection the Three-way Handshake TCP Reliable Data Transfer TCP Flow Control TCP Operation Congestion Control in TCP Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 8 All rights reserved 2008 Alcatel-Lucent TCP Concepts The primary purpose of TCP is to provide reliable communications between applica tion services. Because the lower levels are unreliable, TCP must guarantee the delivery of the data. Functionality provided by TCP

Data transfer From the application-services viewpoint, TCP provides a contiguous stream of data through the network. TCP groups the bytes into segments, and passes the segments to the Internet layer for transmission to the destination. Reliability TCP uses sequence numbers, which count each byte transmitted, and TC P waits for an acknowledgment from the far end. If the acknowledgment is not received within a specific interval, the data is retransmitted. Flow control Flow control refers to the capability of the receiver to control th e rate at which data is sent by the sender. The receiver specifies the "window size" parameter which indicate s how many bytes it is capable of buffering. The sender is not permitted to send more than the amount s pecified by the window size until it receives an acknowledgement. If the window size is 0, the sender is not permitted to transmit any data until the window size is changed. Multiplexing Port numbers are used for multiplexing and demultiplexing. Logical connections To support reliability and flow control, TCP must initialize and maintain status information for each connection. The status information contains sockets numbers , sequence numbers, and window size. These components combine to form a logical connection. Full-duplex A TCP connection is full duplex - either end may transmit data at an y time. ---REFERENCE: RFC 793 defines details of TCP. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 9 All rights reserved 2008 Alcatel-Lucent TCP Header The TCP header is used for all TCP segments including session establishment, session destruction, and during basic data transfer Source and Destination ports Port addresses identify the upper-layer application s that use the connection. Sequence Number Each byte of data is assigned a sequence number. This 32-bit num ber ensures that data is correctly sequenced. The first byte of data that is sent by a station in a TCP h eader has its sequence number in this field (for example, 58000). If this segment contains 700 bytes of data, the next segment sent by this station will have sequence number of 58700 (that is, 58000 + 700). Acknowledgment Number This 32-bit number indicates the next sequence number that the sending device expects from the other station. HLEN The header length provides the number of 32-bit words in the header. Someti mes called the Data Offset field. Reserved The value is always set to 0. Code bits The following flags indicate the type of header: URG Urgent pointer ACK Acknowledgment PSH Push function. This function causes the TCP sender to push all unsent data t o the receiver rather than send segments when the sender sends the data (for example, when the buffer is full) RST Reset the connection

SYN Synchronize sequence numbers FIN End of data Window The window indicates the range of acceptable sequence numbers after the l ast segment that was successfully received. The range of numbers is the allowed number of octets that the sender of the ACK is willing to accept before an acknowledgment. Checksum Checksum is used to verify integrity of the TCP segment. Checksum calcu lation is performed on the TCP pseudo-header and data. This is the IP source and destination addresses, TCP header and the TCP data. Urgent pointer The urgent pointer indicates the end of the urgent data so that i nterrupted data streams can continue. When the URG bit is set, the data is given priority over other data st reams. Option Several options are defined for TCP. The most common is the TCP MSS, whic h is sometimes called the Maximum Window Size or SMSS. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 10 All rights reserved 2008 Alcatel-Lucent TCP Connection Management Before data is transmitted, connection must be established using three-way handshake MSS and other parameters may be negotiated at session establishment After session is established, data can be transmitted in both directions (full duplex) All of the data that is sent by the near end and the far end is acknowledged by the receiving end The connection is closed by each side when they are finished transmitting data Maximum Segment Size (MSS) defines the largest segment that will be sent on the connection. The value is an estimate by the TCP of the size of datagrams that can be accommodated on the con nection without fragmentation. Usually each side sends the MTU value of their Layer 2 connection in the MSS field. The lower of the two values is then used by both sides as the MSS. The problem with determining the MSS from the two endpoints is that there may be a link in the middle of the connection that has a smaller MTU than either end. In this case, all full size p ackets will have to be fragmented to transverse this link. Fragmentation is an inefficient operation, a nd should be avoided if possible. TCP may also perform Path MTU Discovery in which TCP attempts to find the MTU th at is supported across the connection and use this MTU as the MSS. However Path MTU Discovery is not always supported. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 11 All rights reserved 2008 Alcatel-Lucent Establishing a TCP Connection the Three-way Handshake 1. SYN (seq=A, ack=0) 2. SYN/ACK (seq=B, ack=A+1) 3. ACK (seq=A+1, ack=B+1)

The slide shows how a three-way handshake is established. In a TCP session, data is not transmitted until the three-way handshake is successfully completed and the session is considered open . The opening TCP segments include the sequence numbers from both sides. After a session is established between the two hosts, data can be transferred un til the session is interrupted or shut down. Data is sent in TCP segments. The TCP segment is a combination of the data and a TCP header. There are three steps to establish the TCP session, (therefore, the term three-w ay handshake). These steps are: One endpoint (Host A) sends a TCP segment with the SYN bit set in the header. Th is indicates that the host needs to establish a TCP connection. TCP also selects a 32-bit sequence num ber to use for the session. This number is included in the TCP header and is known as the Initial S end Sequence (ISS). The acknowledgement field is 0. The other endpoint (Host B) receives the SYN segment and, if an application is r eady to accept the connection, TCP sends a second segment with the SYN and the ACK bits set in the header. TCP on this host also selects its sequence number for the session and transmits the number a s its ISS. TCP also sends a value in the acknowledgement field of the TCP header. This number is the value of the ISS that was received from the original sender plus 1. After the first endpoint (Host A) receives the SYN/ACK from the second endpoint (Host B), the first endpoint (Host A) transmits a TCP segment with only the ACK bit set. The sequenc e number that is sent is the original ISS plus 1. The acknowledgement number sent is the ISS that was received from the second endpoint (Host B) plus 1. The original endpoint (Host A) now considers th e connection to be open and can start transmitting data. After the second endpoint (Host B) receive s the ACK segment, the second endpoint (Host B) considers the connection to be open and the second endp oint (Host B) can start to transmit and receive data. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 12 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 12 All rights reserved 2008 Alcatel-Lucent TCP Reliable Data Transfer TCP provides a full-duplex, reliable data transfer service TCP maintains the order of application data across the network Reliable transfer is accomplished using positive acknowledgement with retransmission Sender specifies sequence number of data sent Receiver acknowledges by stating next sequence number expected Sender retransmits if a specific sequence number is not acknowledged Receiver uses sequence numbers to reorder the data stream for the application If an application requires reliable transfer of its data across the network, the applications will use TCP to

obtain that service. TCP is responsible for ensuring that all data is received a nd sent to the receiving application in the order in which it was sent. The technique is known as positive acknowledgement with retransmission. Data is often exchanged in both directions between the two ends of an application, therefore, TCP provides a ful l-duplex data exchange. This means that after the connection is established, each endpoint can transmit data. Only one TCP connection is required to provide this two-way data exchange. Each segment that is sent by TCP has an identifying sequence number transmitted in the TCP header. This sequence number indicates the number of the first byte of data in the overall da ta stream for this connection. The receiver acknowledges receipt of this data by transmitting an acknowledgemen t number that indicates the next byte of data in the stream that the receiver expects to receive. If some of the data is lost, the receiver will continue to send the same acknowledgement number that indicates the bytes t hat were received successfully. The sender maintains a retransmission timer. If the sender does no t receive an acknowledgement for some bytes of data that were sent, the data will be retransmitted when the r etransmission timer expires. Because the TCP segments are transmitted over an unreliable network service (IP network), the segments may arrive at the destination in a different order than they were originally sent. T he sequence numbers are used by the receiver to reconstruct the data stream and ensure that the data is provided to the application in the same order that the data was sent. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 13 All rights reserved 2008 Alcatel-Lucent TCP Reliable Data Transfer Example ACK number 27500 SEQ number 27000 TCP 500 bytes data ACK number 27500 ACK number 27500 ACK number 29000 SEQ number 27500 TCP 500 bytes data Lost SEQ number 28000 TCP 500 bytes data SEQ number 28500 TCP 500 bytes data Retransmit SEQ number 27500 TCP 500 bytes data Sender Receiver This slide shows reliable data transfer between two hosts. 1. The sender sends a TCP segment with 500 bytes of data on an established conne ction. The sequence number is 27000. 2. The receiver acknowledges the receipt of this data with an acknowledgement nu mber of 27500. 3. The sender sends another segment of 500 bytes with a sequence number of 27500 . This segment is lost by the network (unreliable service). 4. The sender sends another segment of 500 bytes with a sequence number of 28000 . This segment is successfully received by the receiver and is buffered. 5. The receiver sends an acknowledgement number of 27500 because the receiver st ill has not received

the segment that contains the 500 bytes of data in the overall data stream. 6. The sender sends another segment of 500 bytes with a sequence number of 28500 . This segment is received and buffered. Another acknowledgement of 27500 is sent. 7. The retransmission timer expires for the sender and the missing segment that contains 27500 is retransmitted. 8. The receiver receives the segment 27500 and now has the data up to byte 29000 . The receiver sends an acknowledgement of 29000. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 14 All rights reserved 2008 Alcatel-Lucent TCP Flow Control Sending multiple segments without an acknowledgement results in higher data transfer rates Receiver must buffer the received data until the application requests it Flow control allows receiver to control the transmission rate Receiver uses the window parameter in TCP header to indicate how many bytes can be sent The window field specifies how many bytes can be sent without an acknowledgement If window value is 0, sender cannot transmit data until the receiver adjusts window size The window size is always controlled by receiver If a sender waits to receive acknowledgement for each segment that it sends befo re sending another segment, the effective throughput of the connection can be greatly limited over the bandw idth that is supported by the transmission media. This is not significant on a high-speed LAN because the ackn owledgements are received very quickly. However, if the network round trip time (RTT) is long, the sender may spend a significant amount of time waiting for acknowledgements. To increase the overall throughput on TCP connections, TCP allows the sender to send more than one segment without waiting for an acknowledgement. This provides a higher overall throughpu t. However there is a danger of overwhelming the receiver with too much data. To avoid overwhelming the recei ver, the amount of data that can be sent to the receiver must be controlled. To accomplish this, the rec eived data is buffered in a preset amount of buffer space until it is requested by the application. The amount of buffer space is specified in the TCP header window parameter. When the receiver sends an acknowledgement, the receivers TCP header sets the value of the window parameter to specify the amount of buffer space in bytes that is available. This is the maximum amount of data that the sender can send before it receives the next acknowledgement. If the receivers buffer becomes full, the receiver sends a window size of 0 and t he sender cannot transmit any more data. When the receiving application requests the data and buffer space is available, the receiver sends an updated window size and the sender can start to transmit more data. The window value is always set by the receiver, which provides a flow control me chanism for the receiver. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Scalable IP Networks v2.01 Module 6 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 15 All rights reserved 2008 Alcatel-Lucent Sender Receiver TCP Flow Control Example ACK number 27000, window = 5000 SEQ number 27000 1000 bytes data ACK number 30000, window = 2000 3000 bytes buffered ACK number 32000, window = 5000 0 bytes buffered ACK number 32000, window = 0 5000 bytes buffered Application requests all data from TCP (5000 bytes) SEQ number 28000 1000 bytes data SEQ number 29000 1000 bytes data SEQ number 31000 1000 bytes data SEQ number 30000 1000 bytes data This slide shows how flow control works. 1. The sender received an ACK from a previous transmission that indicates a wind ow size of 5000 bytes. 2. The sender has 3000 bytes to send and transmits them in three 1000-byte segme nts, one after the other. 3. The receiver buffers the received data and sends an ACK to acknowledge all th e received data. The receiver sets the window size to 2000. 4. The sender has more data to send. Because the last window size was 2000, the sender cannot send more than 2000 bytes. This data is sent in two 1000-byte segments. 5. The receiver buffers the 2000 bytes as they are received. Because the applica tion has not requested any data, the initial 3000 bytes received are still being buffered. 6. The receivers buffer is now full and an ACK with a window value of 0 is sent. 7. Even if the sender has more data to send, the sender must not transmit any mo re data because the window size is currently 0. 8. The application requests data from TCP and the 5000 bytes are taken from the buffer. The buffer is now empty and an ACK is transmitted to reset the window size to 5000. 9. When the sender receives the new window size, the sender can now transmit mor e data. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 16 All rights reserved 2008 Alcatel-Lucent TCP Operation Example Initial 3-way handshake Data transfer Closing session SYN Seq.no. 122 Ack.no. 0 Wnd 8192 LEN = 0B ACK Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 0B Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 200B Seq.no. 323 Ack.no. 287 Wnd 8192 LEN = 400B

FIN Seq.no. 723 Ack.no. 287 Wnd 8192 LEN = 0B ACK Seq.no. 724 Ack.no. 288 Wnd 8192 LEN = 0B SYN+ACK Seq.no. 286 Ack.no. 123 Wnd 8760 LEN = 0B Ack.no. 323 Wnd 8560 Ack.no. 723 Wnd 8160 FIN+ACK Seq.no. 287 Ack.no. 724 Wnd 8160 LEN = 0B Assumptions Although the data transfer and window parameter negotiation occur as a duplex op eration, the slide above only shows a single-sided transfer. Initial Three-way handshake 1. The session begins with host 10.10.10.1/24, which initiates a SYN that contai ns the sequence number 122, which is the ISS. There are only zeros in the acknowledgment number field b ecause this field not used in the SYN segment. The window size of the sender starts as 8192 octets. 2. The receiving host sends its ISS (286) in the sequence number field and ackno wledges the sender s sequence number by incrementing the number by 1 (123); the receiver expects this value to be the starting sequence number of the data bytes that the sender will send next. This is called the SYN-ACK segment. The receiver s window size starts as 8760. 3. When the SYN-ACK is received, the sender issues an ACK that acknowledges the receiver s ISS by incrementing the ISS by 1 and placing the value in the acknowledgment field (287 ). The sender also sends the same sequence number that it sent previously (123). These three segmen ts that are exchanged to establish the connection never contain any data. Data transfer 1. From now on, ACKs are used in every segment sent. The sender starts sending d ata by specifying the sequence number 123 again because this is the sequence number of the first byte of the data that it is sending. Again, the acknowledgment number 287 is sent, which is the expected seq uence number of the first byte of data that the receiver will send. In this example, the sender initially sends 200 bytes of data in one segment. (Continued on slide 17) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 17 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 17 All rights reserved 2008 Alcatel-Lucent TCP Operation Example Initial 3-way handshake Data transfer Closing session SYN Seq.no. 122

Ack.no. 0 Wnd 8192 LEN = 0B ACK Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 0B Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 200B Seq.no. 323 Ack.no. 287 Wnd 8192 LEN = 400B FIN Seq.no. 723 Ack.no. 287 Wnd 8192 LEN = 0B ACK Seq.no. 724 Ack.no. 288 Wnd 8192 LEN = 0B SYN+ACK Seq.no. 286 Ack.no. 123 Wnd 8760 LEN = 0B Ack.no. 323 Wnd 8560 Ack.no. 723 Wnd 8160 FIN+ACK Seq.no. 287 Ack.no. 724 Wnd 8160 LEN = 0B (Continued from slide 16) Data transfer (continued) 2. The receiver acknowledges the receipt of the data by sending the number 323 i n the acknowledgment number field, which acknowledges that the next byte of data to be sent will star t with sequence number 323. It is assumed that sequence numbers up to and including 323 have bee n successfully received. Note that not every byte needs to be acknowledged. The receiver subtra cts 200 bytes from its previous window size of 8760 and sends 8560 as its new window size. 3. The sender sends 400 bytes of data, starting at sequence number 323. Closing session 1. The receiver acknowledges receipt of the data with the number 723 (323 + 400) . The receiver subtracts 400 bytes from the previous window size of 8560 and sends the new wind ow size of 8160. 2. The sender transmits the expected sequence number 723 in a FIN because, at th is point, the application needs to close the session. The receiver sends a FIN-ACK that acknow ledges the FIN and increments the acknowledgment sequence number by 1 to 724, which is the number t hat the receiver will expect on the final ACK. 3. The sender transmits the final ACK, which confirms the sequence number 724. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 18 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 18 All rights reserved 2008 Alcatel-Lucent Congestion Control in TCP IP does not provide a congestion control mechanism An IP router that experiences congestion drops packets TCP includes a congestion control mechanism TCP gradually increases transmission rate on a new connection until there is congestion (slow start) When there is congestion, TCP reduces the transmission rate (congestion avoidance) Transmission rate is gradually increased until there is congestion

again Transmission rate is controlled by the congestion window which is maintained by the sender Regardless of the congestion window value, the sender never sends more data than allowed by the window size Congestion control and IP Although ICMP contains a source quench message type that is intended for congestio n control, this message type is not used for end-to-end congestion control. The normal behavior of an IP router when there is congestion is to queue packets for a relatively short period. If the queuing spa ce is depleted, additional packets are discarded. Congestion control and TCP TCP implements a congestion control mechanism to help manage congestion on an en d-to-end connection. A variety of different algorithms are used, but TCP congestion control typically h as two phases slow start and congestion avoidance. After a TCP connection is established, data is not immediately transmitted to th e maximum value that is allowed by the TCP window size. Instead, transmission by the sender is limited b y the congestion window. This value is initially set to one or two segments. Each time a segment is acknowledg ed, the congestion window is increased. This is the slow start phase of TCP. When congestion is detected (either through the receipt of duplicate ACKs or the expiry of a timer that measures the round trip time), TCP enters congestion avoidance. The congestion w indow is reduced and then gradually increased until congestion is encountered again. This process continue s through the life of the TCP connection. The maximum transmission rate is ultimately controlled by the TCP window size, b ecause this is the receivers flow control mechanism. If the window size is less than the size allowed by the congestion window, the transmission rate will never exceed the size specified by the TCP window. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 19 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 19 All rights reserved 2008 Alcatel-Lucent Sender Receiver TCP Congestion Control Example ACK number 13000, window = 7000 ACK number 17000, window = 6000 ACK number 15000, window = 6000 ACK number 17000, window = 7000 Slow start SEQ number 15000 1000 bytes data SEQ number 16000 1000 bytes data SEQ number 12000 1000 bytes data SEQ number 17000 1000 bytes data dropped ACK number 12000, window = 8000 cnwd = 1 SEQ number 13000 1000 bytes data SEQ number 14000 1000 bytes data cnwd = 2 cnwd = 4 cnwd = 2 Congestion avoidance

SEQ number 18000 1000 bytes data delayed This slide shows how TCP congestion control works. 1. During the three-way handshake to establish the connection, the receiving sid e specified a window size of 8000. An MSS of 1000 bytes has also been established for the connection. 2. Because this is the start of the session, the sender is in the slow start pha se and therefore, sets its congestion window (cnwd) value to 1. Therefore, the sender transmits one segment of 1000 bytes even though there is more data to send and a window size of 8000 is specified by the receiver. 3. The first segment is acknowledged by the receiver with a window size of 7000 and the segment is buffered. The sender increases its cnwd value to 2. The sender can now transmit two segments of 1000 bytes each. 4. The receiving application has used the previous segment, but the two new segm ents are buffered and are acknowledged with a window size of 6000. 5. Because the sender received an acknowledgement for two more segments, the sen der increases the cnwd value by 2 to 4. The sender then transmits 4 segments of 1000 bytes each. 6. The third segment is dropped due to congestion and the fourth segment is dela yed. When the first two segments are received, an acknowledgement (17000) is sent. Because the previousl y buffered segments have been used and the two new segements are buffered, the window size is 6000. 7. After a delay, because of congestion, the fourth segment is received and ackn owledged. Because the third segment is still missing, the acknowledgement number is still 17000. Becau se the two previous segments have been used and the new segment is buffered, the window size is 7000 . 8. When the sender receives the second acknowledgement, the sender determines th at congestion occurred and enters the congestion avoidance phase. The cnwd value is reduced by half to 2. Depending on timer values and the implementation, the missing segment may be ret ransmitted immediately or later. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Overview of Transport Protocols Section 3 - User Datagram Protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 21 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 21 All rights reserved 2008 Alcatel-Lucent UDP - Overview Capabilities UDP header User Datagram Protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 22 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 22 All rights reserved 2008 Alcatel-Lucent UDP Capabilities UDP provides a connectionless, unreliable datagram delivery service Used when a reliable mechanism is not required or when the overhead of TCP is not required, for example

DNS performs simple query/response and does not require reliable service RPC needs simple transport and manages reliability itself UDP is often used for audio and video streams Real-time nature of the application means that retransmission is not practical RTP provides sequencing and timing information The User Datagram Protocol (UDP) provides a simple, connectionless, unreliable d atagram delivery service. The service is similar to the service that is provided by IP, although UDP has p ort addresses to support multiplexing between different applications. UDP is used when an application doe s not need a reliable transfer mechanism or if the application needs to avoid the additional overhead of TCP. Unreliable refers to the fact that UDP does not provide flow control, acknowledg ement, or retransmission capabilities such as those provided by TCP. These capabilities slow down communi cation. Therefore, UDP may be used for applications where real-time factor is more critical than packet los s; for example for Voice over IP. Domain Name System (DNS) resolves domain names (such as www.alcatel-lucent.com) to an IP address. This is a simple query and response. As a result, the overhead of establishing a connect ion is not worthwhile. If the query or response is dropped, the host sends the query again. Remote Procedure Call (RPC) supports inter-process communication across a networ k. Many implementations of RPC manage the reliability and sequencing of data and use UDP as a simple dat agram delivery service to avoid the overhead of TCP. UDP is also widely used for real-time audio and video streaming. Because these a pplications often have realtime constraints, retransmitting lost data is not a viable option and the application uses other methods to handle missing data. Many of these applications use Real Time Protocol (RTP), wh ich includes a mechanism for carrying sequence and timing information. Timing information is not provided in TCP and this is important for many real-time applications. RTP data is carried in UDP datagrams. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 23 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 23 All rights reserved 2008 Alcatel-Lucent UDP Header UDP provides a simple datagram delivery service. There is no additional connecti on overhead such as the overhead in TCP. The application data is transmitted in a UDP datagram. The UDP header is very simple compared to the TCP header. There are no synchroni zation, sequence, or acknowledgment fields. The header only contains the source and destination appli cation port number, a length field for the length of the data, and a checksum. Therefore, the UDP datagram ha s very little overhead. Some protocols that use UDP include: SNMP, DNS, and DHCP. ----REFERENCE: Originally defined in RFC768 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 24 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 24 All rights reserved 2008 Alcatel-Lucent

UDP Example Unlike TCP, UDP offers no delivery guarantees or congestion avoidance. UDP is co nsidered to be a means of best-effort transport. UDP provides a transport mechanism for one application to send a datagram to another application. The responsibility for error recovery or any form of reliability re sides with the application itself. Similar to TCP, UDP uses port numbers to identify the receiving and sending appl ication processes. UDP uses the port numbers in the multiplexing and demultiplexing operations. UDP is especially suitable for real-time applications such as VoIP that require low overhead and do not benefit from retransmission of lost data. The following are some of the well-known UDP port numbers: Port 67 Dynamic Host Configuration Protocol (DHCP) Port 69 Trivial File Transfer Protocol (TFTP) Port 123 Network Timing Protocol (NTP) Port 520 Routing Information Protocol (RIP) Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Overview of Transport Protocols Section 4 - Port Numbers and Sockets Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 26 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 26 All rights reserved 2008 Alcatel-Lucent Ports and Sockets Overview Ports and Sockets Ports Sockets Telnet Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 27 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 27 All rights reserved 2008 Alcatel-Lucent Ports and Sockets Transport layer (TCP and UDP) port numbers act as transport addresses Port numbers allow multiple applications to use a transport protocol simultaneously (multiplexing) Port numbers identify the application that receives incoming data at the receiver Application access to transport layer services is through a socket Server applications usually listen to a well-known port 80 is a well-known port for HTTP 23 is a well-known port for Telnet Client application connects to the server on the well-known port Both TCP and UDP contain a source and destination port number in their headers. These port numbers allow multiple applications to use the transport simultaneously on the same physical c onnection. This capability is known as transport-level multiplexing. If several transport sessions are active for a system on the network, the data is demultiplexed based on the source address and port number when the data arrives. This allows TCP or UDP to identify the application process that the incoming data is destined to. Typically, a server application listens to a well-known port. This means that al l incoming data destined for the port is given to the application. The client application will then connect to th

e well-known port in order to establish communication. Servers are not required to use the well-known port, bu t the client application must know the port to connect to. For example, the well-known port for HTTP is 80. When the web server is started, the server will typically listen to port 80. Client requests will be made to port 80 and the requests will be passed to the web server to respond. In some cases, the web server may be configured to listen to a port oth er than 80; for example, some web servers are configured to listen on port 8080. In this case, the client must know to connect to port 8080. If the request is made to port 80, there will be no response since there is no p rocess listening to port 80. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 28 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 28 All rights reserved 2008 Alcatel-Lucent Ports Ports identify an application service. This allows the transport layer to differ entiate between application services. Each process that needs to communicate with another process identifies itself to the transport layer by using one or more port numbers. A port is a 16-bit number that is used by the host-to-host protocol to identify to which higher-level protocol or application service the port must deliver incoming messages. There are two types of port numbers: Well-known ports Well-known port numbers belong to standard servers. The port nu mbers range from 1 to 1023. These port numbers are assigned by the IANA. Ephemeral ports Client applications do not require well-known port numbers becau se they initiate communications with servers. The host system allocates each client process a por t number for as long as the process needs the port number. The port numbers range from 1024 to 65535 and are not controlled by the IANA. Because the host dynamically assigns the port number to the client application, the port number may vary each time that the client application is started. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 29 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 29 All rights reserved 2008 Alcatel-Lucent Sockets Unique application handle into the TCP/IP stack Used to differentiate application users between network hosts Formulated by using a transport protocol, IP address, and application source and destination port numbers Created at both ends of the data transfer (that is, the source and destination) Example: Socket address = Protocol, local IP address, and local port number (for example, TCP, 138.120.3.1, 15633) Conversation = Protocol, local IP address, local port number, remote IP address, and remote port number (for example, TCP, 138.120.3.1, 15633. 137.10.2.2, 23) Sockets are used to identify the network connection between applications. Althou gh applications on different

hosts can be differentiated using IP addresses and destination addresses, it is impossible to differentiate between two sessions on the same hosts for the same application. Example: There are two Telnet sessions between Host A and Host B. The IP address and destination port numbers are not enough for Host B to differentiate between the two Telnet sessio ns. In this case, the source port numbers, which are unique for each Host A client session, are required for Host B to differentiate between the packets of each of the sessions. The next slide contains a detailed example of Telnet. In this example of a Telnet request, Host A uses a unique source port number and the well-known port number 23 as the destination port for the server application on Host B. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 30 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 30 All rights reserved 2008 Alcatel-Lucent TCP/IP Telnet server Operating system Telnet client 2 Operating system Telnet client 1 Operating system 138.120.191.233 138.120.168.100 A1 A2 Transport Example Telnet 1. Enable Telnet server application 2. Enable Telnet client 1 and Telnet client 2 application 3. Create socket address for client 1 of TCP,138.120.168.100,23, 138.120.191.233 ,15633, and for client 2 of TCP, 138.120.168.100,23, 138.120.191.233,15634 4. Connect client 1 and client 2 to server 5. Listen to client requests, incoming request from client 1 and incoming reques t from client 2 6. Conversation with client 1: TCP, 138.120.168.100,23,138.120.191.233,15633 and 7. Conversation with client 2: TCP, 138.120.168.100,23,138.120.191.233,15634 2 2 1 6 4 7 4 5 6 PC A wants to Telnet into a server with two applications, A1 and A2. The IP address of A is 138.120.191.233 and the server address is 138.120.168.100 . Application A1 opens a client session with a socket handle. Application: Telnet Source port number: 15633 Destination port number: 23 Transport layer: TCP Socket handle: TCP, 138.120.191.233, 15633 Application A2 Application: Telnet Source port number: 15322 Destination port: 23

Transport layer: TCP, 138,120.191.233, 15634 The server enables the Telnet server and creates a destination socket. Application: Telnet server Source port number: 23 Destination port number: 15633, 15634 Socket handle: TCP, 138.120.168.100, 23 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 31 Overview of Transport Protocols Section 5 - Module Summary and Learning Assessment Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 32 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 32 All rights reserved 2008 Alcatel-Lucent Module Summary After the successful completion of this module, you should understand the following concepts TCP uses port numbers for multiplexing between applications TCP provides connection-oriented services between hosts TCP provides delivery guarantees for data UDP uses port numbers for multiplexing between applications UDP provides a connectionless service UDP does not provide delivery guarantees for data Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 6 - 33 Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 33 All rights reserved 2008 Alcatel-Lucent Learning Assessment Describe what a send_SYN is used for Describe whether the send and receive windows on a local host must match Describe the process that works in conjunction with the congestion-avoidance process in TCP when network congestion is detected Describe how UDP establishes a session Describe how UDP identifies the application services that it is supporting Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks v2.01 Module 6 | 34 All rights reserved 2008 Alcatel-Lucent www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Alcatel-Lucent Scalable IP Networks Module 7 7750 SR and 7450 ESS Services Overview Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 2 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 2 All rights reserved 2008 Alcatel-Lucent 7750 SR and 7450 ESS Services Overview Services Building Blocks - Network Components Provider Edge (PE) Node Components VPN Service Building Blocks Tunneling Concepts MPLS Basics Service Building Blocks MPLS Fundamentals MPLS VPN Services VPWS Ethernet Encapsulation VPLS VPRN

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 3 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 3 All rights reserved 2008 Alcatel-Lucent Services Building Blocks - Network Components Customer edge devices A customer edge (CE) device resides on the customer premises. The CE device prov ides access to the service provider network over a link to one or more provider edge (PE) routers. The end user typically owns and operates these devices. The CE devices are unaware of tunneling protoco ls or VPN services that are provided by the service provider. Provider edge devices A provider edge (PE) device has at least one interface that is directly connecte d to the CE devices. In addition, a PE device usually has at least one interface that connects to the se rvice provider core devices, or provider routers. Because the PE device must be able to connect to d ifferent CE devices over different access media, the PE device is usually able to support many diffe rent interface types. The PE device is the customer s gateway to the VPN services offered by the servi ce provider. Provider router Provider (P) routers are located in the provider core network. The P router supp orts the service providers bandwidth and switching requirements over a geographically dispersed ar ea. The P router does not connect directly to the customer equipment. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 4 4 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 4 All rights reserved 2008 Alcatel-Lucent Provider Edge (PE) Node Components Service Access Point (SAP) The logical entity that serves as the customer access to the service Service Distribution Points (SDP) The method that a service uses to connect to another routers service The transport tunnel encapsulation that this service will be using MPLS/RSVP-TE, MPLS/LDP, or IP/GRE SDPs are locally unique, the same SDP ID can be used on another router SDP is not specific to one service, many services can use the same SDP The terms customers and subscribers are used synonymously The customer ID is assigned when the customer account is created To provision a service, a customer ID must be associated with the service at the time of service creation Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 5 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 5 All rights reserved 2008 Alcatel-Lucent VPN Service Building Blocks Tunneling Concepts In order to be able to provide a virtual private network (VPN) service, the serv ice provider must encapsulate the customer data to traverse the service provider network. Dependin g on the nature of the VPN service, the encapsulation of the Layer 2 and Layer 3 headers may be inc luded. The customer

data must be transported without any changes across the service provider network from one customer site to another customer site. In order to accomplish this, an additional header is added to the customer data for transport across the service provider network. Instead of routing or switching the data across th e service providers network using the customers Layer 2 or Layer 3 headers, the data traverses the ne twork using the header that is added at the edge of the service provider network. Therefore, the customer data is effectively tunneled across the service provider network unchanged. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 6 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 6 All rights reserved 2008 Alcatel-Lucent MPLS Basics Common Acronyms MPLS has become the basic building block for the various services and VPNs offered on the 7750 SR platforms. Below are some of the more common MPLS acronyms that are used when discussing services: LER Label edge router LSR Label switch router LSP Label switch path Push Swap Pop Label Stack RSVP-TE Resource reservation protocol with traffic engineering extensions T-LDP Targeted label distribution protocol Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 7 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 7 All rights reserved 2008 Alcatel-Lucent MPLS Basics In an MPLS network, routers are categorized as Label Edge Routers (LERs) or Labe l Switch Routers (LSRs). The LERs are the endpoints of the MPLS tunnels, known as Label Switched Paths (LSPs), and are normally at the edge of the network. The LSRs are at the core of the network and provide the connectivity between the LERs. The MPLS-enabled routers (LERs and LSRs) use a signaling protocol to distribute labels across the network. These labels are used to make the forwarding decision for incoming traf fic rather than the IP address. This basically turns the Layer 3, routed network into a switched networ k. The method for distributing labels through the network depends on the signaling protocol being used, either LDP or RSVP. The next few slides discuss LDP at a high level. RSVP and LD P are covered in more detail in the MPLS course. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 8 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 8 All rights reserved 2008 Alcatel-Lucent MPLS Basics (continued) 10.1.1.0/24 20 1

10.1.2.0/24 Network Label Interface Before LDP can be enabled on a router, the network must be running a routing pro tocol. The routing protocol allows LDP to find the adjacent router and automatically set up a peeri ng session with adjacent LDP-enabled routers. Once a peering session is established, the routers check their routing tables and send out a label associated with networks that they see. In this slide, an LDP session is established between Router 2 and Router 3. Rout er 3 checks its routing table for networks that Router 3 sees behind Router 2 and sends a label to Route r 2 to represent those networks. For example, Router 3 sends a label with the value 20 to represent net works 10.1.1.0/24 and 10.1.2.0/24. Each time Router 2 receives a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, the router pushes the label (20) onto the packet and puts the packet in the LSP that takes the MPLS frame to Router 3. Because Router 3 has sent the label (20), the router knows that any MPLS frame c oming in with the label (20) is destined for a network that is terminated from it. Router 3 remove s the label (20) from the frame, does a Layer 3 look up, and routes the packet to its destination. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 9 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 9 All rights reserved 2008 Alcatel-Lucent MPLS Basics (continued) 10 Ingress Label 10.1.1.0/24 20 1 10.1.2.0/24 Egress Interface Label Network The previous slide described the LDP session between Router 2 and Router 3. In this slide, LDP is enabled on Router 1. Router 1 now sets up a peering sessio n with Router 2. Router 2 sends a label to Router 1 to represent the networks that Router 2 sees behind Router 1. In this case, Router 2 sends a label with a value of 10 to Router 1 to represent the 10.1.1.0/ 24 and 10.1.2.0/24 networks. Note that the label that is sent to Router 1 is not the same label that Router 2 received from Router 3. Labels are only locally significant. When receiving a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, Rou ter 1 pushes a label (10) onto the packet and sends it to Router 2. At this point Router 2s function has changed. Now, when it receives an MPLS frame with a label (10) it swaps (switches) out the label (10), replaces it with the label (20), and sends it to Router 3. Router 3s function remains the same. Router 3 removes the label (20) and routes t he packet to its destination.

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 10 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 10 All rights reserved 2008 Alcatel-Lucent MPLS Basics (continued) 10.1.1.0/24 10 1 10.1.2.0/24 Network Label Interface 10 Ingress Label 10.1.1.0/24 20 1 10.1.2.0/24 Egress Interface Label Network 20 Route Label This slide shows the complete LSP setup from Router 1 to Router 3. Router 1s func tion is to perform a Layer 3 lookup, and if the packet is destined for one of the networks supported by Router 3, Router 1 pushes (encapsulates the packet in an MPLS frame) the appropriate label onto the packet. This is the function of an LER. When Router 2 receives the MPLS frame, it examines the label, swaps the label fo r the appropriate egress label, and sends the frame out the appropriate interface to its destinati on. Router 2 now functions as an LSR and is basically a Layer 2 switch function. When receiving the MPLS frame, Router 3 examines the label and pops (removes the packet from the MPLS frame) the label, performs a Layer 3 lookup, and routes the packet to the a ppropriate network. Note that LSPs are unidirectional. For bidirectional communications, an addition al LSP must be set up in the opposite direction. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 11 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 11 All rights reserved 2008 Alcatel-Lucent Service Building Blocks MPLS Fundamentals The encapsulation by the MPLS label of the Layer 2 header that is received from the CE device depends on whether a Layer 2 or Layer 3 VPN service is offered by the carrier. T his is discussed later in this module. In an MPLS network, the first PE router is called the Ingress Label Edge Router (iLER). The iLER encapsulates the customer PDU with an MPLS label. The intermediate routers, which are usually P routers, are called Label Switchin g Routers (LSRs). LSRs make switching decisions that are based on the MPLS label. The LSR reads the lab el in the incoming MPLS frame, makes a switching decision, swaps the label, and then transmits the MPLS frame out the appropriate port. The last PE router on the LSP is the Egress Label Edge Router (eLER). The eLER i s the termination point of the LSP, or the end of the tunnel. The egress LER removes the MPLS label and

forwards the customer PDU to the CE device. Packet walkthrough In this slide, CE1 sends a data frame towards CE2. On an Ethernet interface, thi s is a normal IP datagram that is encapsulated in Ethernet. CE1 is not aware of the MPLS LSP that originates on PE1. The packet that is sent from CE1 to PE1 is unlabeled because the packet does not contain an MPLS label. When the packet reaches PE1, an MPLS label is applied to the frame. This label c orresponds to the LSP that ends on PE2. The MPLS label encapsulates the unlabeled packet that was rece ived from CE1. The labeled MPLS packet is then sent along the LSP to P2. P2 processes the MPLS packet and checks its MPLS table to perform a label swappi ng operation. It reads label value 101, performs a table lookup, switches the packet out of the a ppropriate interface to P3, and applies the label value of 96. P3 performs a similar label swap operation and switches the MPLS packet out from its interface to PE2 with the label value 101. Note that, by coincidence, this is the same label valu e that is used by PE1. However, this is not a problem because labels are locally significant to the rou ter. When PE2 receives the labeled packet, PE2 performs a lookup on the received labe l value of 101. Because P2 is an edge router that is directly connected to CE2, PE2 strips the M PLS label and then forwards the unlabeled packet to CE2. As with CE1, CE2 is totally unaware of the LSP through the provider core. CE2 receives the same PDU as though CE1 and CE2 were directly con nected. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 12 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 12 All rights reserved 2008 Alcatel-Lucent Services Building Blocks - MPLS Fundamentals (continued) Because MPLS tunnels are unidirectional, two LSPs are required for bidirectional communication. Therefore, traffic that is sent between two customer sites may follow different paths over the network. The LSP is defined by the labels that are used to switch along the path. These l abels may be configured statically, but are usually signaled dynamically with an MPLS label s ignaling protocol. Because MPLS labels are locally significant to the router, two routers on the LS P can use the same label for the same or different LSPs. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 13 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 13 All rights reserved 2008 Alcatel-Lucent MPLS An MPLS path is defined by the labels used to switch along the path Two protocols are available to dynamically signal labels: LDP and RSVP

LDP always follows the path chosen by the IGP An MPLS node distributes labels to all its neighbors The MPLS node selects the next-hop neighbor according to the IGP and uses the label from that next-hop neighbor RSVP LSPs may follow IGP or may take other paths Path can be explicitly specified Path can be chosen using a traffic engineering-enabled routing protocol Additional paths can be created for redundancy An MPLS path is defined by the labels that are used to switch along the path. Th e egress router of the LSP signals the label that should be used for the LSP to the next upstream route r. The upstream router will transmit data; data flows from upstream to downstream. The two protocols th at are available to dynamically signal labels are: LDP and RSVP. MPLS and LDP When LDP is the label signaling protocol, the LSP always follows the path chosen by the Interior Gateway Protocol (IGP). An LSR that has LSPs passing through or ending on the ro uter distributes a label for each LSP to all its LDP neighbors. An upstream router may receive labe ls for a specific LSP from multiple neighbors and chooses the downstream router to use based on the ne xt hop that is determined by the IGP. This means that the next-hop LSR for the LSP is the same as the next-hop router that is chosen by the IGP; the label that is used is the one signaled by that neighbor. MPLS and RSVP When RSVP is the label signaling protocol, labels are specifically requested by the ingress router for the LSP. The request travels along the path to the egress LSR, which generates a label for the LSP. This path may follow the IGP, in which case the path will be the same as the one used by LDP. A second option is that the path of the LSP may be explicitly specified, partially or completely. A third option is that a traffic engineering-enabled routing protocol will be used to ch oose a path that meets some specific constraints. The RSVP also allows additional, redundant paths to be created that can be used for fast failover if the original LSP fails. The services that are transported over an LSP are then prote cted so that a failover to the backup LSP can be performed much more quickly than when only the IGP is r elied on. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 14 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 14 All rights reserved 2008 Alcatel-Lucent VPN Services Service routers allow service providers to offer simple, transparent L2 and L3 VPNs to customers over the service providers existing IP/MPLS networks The 7750 SR offers the following L2 and L3 VPN services: VPWS Provides L2 point-to-point service Emulates a single leased line or circuit between two locations Supports Ethernet, frame relay, and ATM encapsulation

VPLS Provides L2 multipoint service Emulates a simple L2 LAN switch between two or more locations VPRN Provides L3 service Emulates a simple IP router between two or more sites Service routers use MPLS to provide a variety of VPN services over their core IP /MPLS network. The service provider can offer simple, transparent Layer 2 and Layer 3 VPN services to multiple customers over a single network. Three types of services are supported: VPWS, VPLS and VPR N. Virtual Private Wire Service Virtual Private Wire Service (VPWS) is a simple Layer 2 service that emulates a single leased line or circuit between two locations. The customer has no knowledge of the service prov ider network; the service acts as a simple point-to-point connection between customer sites. The V PWS can emulate an Ethernet connection (epipe), a frame relay connection (fpipe), or an ATM connect ion (apipe). The Layer 2 frames of customer data are encapsulated in MPLS labels and tunneled acr oss the service provider network. Virtual Private LAN Service Virtual Private LAN Service (VPLS) is a Layer 2 multipoint service that can be u sed to interconnect more than two customer locations. From the customers perspective, VPLS looks as t hough a simple Layer 2 LAN switch exists between the different customer locations. The Ethernet frames of customer data are encapsulated in MPLS labels and tunneled across the service provider ne twork. Virtual Private Routed Network Virtual Private Routed Network (VPRN) is a Layer 3 service that makes the servic e provider network appear as a simple IP router that connects two or more customer locations. The V PRN allows the CE devices to exchange route information with the VPRN as if it were an IP router. The IP packets containing customer data are encapsulated in MPLS labels and tunneled across the service provider network. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 15 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 15 All rights reserved 2008 Alcatel-Lucent VPWS Ethernet Encapsulation A VPWS is a simple point-to-point service, emulating a simple Layer 2 connection between two customer locations. The customer frame is not checked and MAC learning is not pe rformed by the VPWS. The customer Layer 2 frames are encapsulated in MPLS labels and switched a cross the service provider network. Service access points (SAPs) are defined on the PE devices that face the custome r device. The SAPs represent the customer access to the service. Multiple SAPs may be defined on th e same physical port and may be used for different services.

Service distribution points (SDPs) are defined on the service provider network s ide and define the connection of the service to an MPLS transport tunnel. Many services can be boun d to one SDP. The concepts of SDP and SAP are further discussed in the Alcatel-Lucent Services course. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 16 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 16 All rights reserved 2008 Alcatel-Lucent VPWS Ethernet Encapsulation (continued) PE2 strips the MPLS label PE2 then looks at the service label to determine which service the frame belongs to PE2 then makes the appropriate forwarding decision for the destination customer site The ingress PE receives customer data on a SAP that is associated with a specifi c service. The SAP may be a port, a port with a specific VLAN tag in the case of an Ethernet port, or a port with a specific circuit ID in the case of ATM or frame relay. The customer data is encapsulated with a service label by the ingress PE. Becaus e many services may be configured on the PE, the service label identifies the specific service that the data belongs to. The service label value is signaled to the ingress PE by the egress PE when the serv ice is initialized. After the data is encapsulated with the service label, the data must be forwarde d over the correct SDP that is defined by the service. A second, outer label is added to the data. This label identifies the LSP that will be used to transport the MPLS packet to the far end of the tunnel the egress PE device. The data is label switched along the LSP using this outer label. The egress PE removes the MPLS-encapsulated data from the SDP. The inner, servic e label is used to identify the service that the data belongs to and, after the labels are removed, the data is transmitted on the appropriate SAP for the service. In other words, the service label is use d to demultiplex the data from the SDP to the appropriate service. CE devices are never aware of SDPs and SAPs. The CE devices transmit to the ingr ess PE device, possibly using a specific VLAN tag, and then receive an unlabeled packet from th e egress PE device. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 17 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 17 All rights reserved 2008 Alcatel-Lucent VPLS A VPLS is similar to a VPWS, with SAPs to provide customer access and SDPs to pr ovide the transport connection across the network to the remote PEs of the service. However, a VPLS is a multipoint service that supports multiple access points (as opposed to a VPLS, which is onl y point-to-point with two access points). A VPLS acts as a logical Layer 2 switch that connects all of the CE devices that are attached to the service. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Scalable IP Networks v2.01 Module 7 - 18 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 18 All rights reserved 2008 Alcatel-Lucent VPLS (continued) Because a VPLS emulates a switched Ethernet service, a MAC address forwarding da tabase (FDB) must be maintained for each VPLS. When a unicast frame with an unknown source address arrives on a SAP or an SDP, the VPLS learns the address, in the same way that an Ethernet switch learns a MAC address on its ports. The VPLS FDB associates MAC addresses with SAPs and SDPs, but is o therwise similar to an Ethernet switch. When an Ethernet frame arrives on a SAP or an SDP, a lookup is performed in the FDB for the destination address. If there is an entry for the address, the frame is forwarde d to the appropriate SAP or SDP. If there is no entry for the address, the frame is flooded to all other SAPs and SDPs, which is similar to the flooding of an unknown frame on an Ethernet switch. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 19 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 19 All rights reserved 2008 Alcatel-Lucent VPRN A VPRN is a class of VPN that allows the connection of multiple sites in a route d domain over a service provider IP/MPLS network. VPRN is a Layer 3 service (as opposed to VPWS and VPLS , which are Layer 2 services). From the customers perspective, all of the sites appear to be connected to a priv ate routed network that is administered by the service provider for that customer only. Each PE rou ter providing VPRN services maintains a separate IP forwarding table for each VPRN. Each customer o f the service provider has their own private IP address space and, therefore, may have overlapping IP a ddresses. The VPRN service uses VPN Routing and Forwarding Instances (VRFs) within the PE device to maintain forwarding information on a per-customer basis. A VRF is a logical private forwa rding (routing) table that securely isolates the routing information of one customer from the next cus tomer, and also from the routes of the provider core network. Each PE maintains multiple separate VRF s that are based on the number of distinct VPRN services that the PE supports. Each CE router becomes a routing peer of the provider PE router that it is direc tly connected to. Routes are exchanged between the CE and the PE routers. The PE devices in a VPRN service exchange routes with each other so that the routes can be transmitted to the remote CE de vices of the customer. The transport of customer data is similar to a VPWS or VPLS, except that the Lay er 2 headers are removed and the IP datagrams are encapsulated with the MPLS headers. Customer da ta arrives at a VPRN SAP, is encapsulated with an inner service label and an outer transport lab el, and is then carried

across the network using MPLS. Alcatel-Lucent Confidential for internal use only -- Do Not Distribute 7750 SR and 7450 ESS Services Overview Module Summary and Learning Assessment Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 21 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 21 All rights reserved 2008 Alcatel-Lucent Module Summary After the successful completion of this module, you should be able to: Describe the different types of routers and their function in a VPN services-based network Describe the concept of tunneling and its role in providing VPN services Describe how MPLS can be used as a method of tunneling and label switching Describe the three major VPN services - VPWS, VPLS, and VPRN Describe SAPs, SDPs, and their application to VPN services Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 22 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 22 All rights reserved 2008 Alcatel-Lucent Learning Assessment CE routers reside on customer premises and are unaware of VPN services provided to the customer by carrier PE routers P Routers make up the service providers core network and are concerned with switching labeled packets across the network Tunneling allows a service provider to transparently transport a customers traffic though an IP/MPLS network MPLS employs label switching as a method of tunneling There are three major VPN services, VPWS, VPLS, and VPRN VPWS is a layer 2 point to point service that supports Ethernet, frame relay or ATM connections VPLS is a layer 2 Ethernet multipoint service that emulates an Ethernet switch Alcatel-Lucent Confidential for internal use only -- Do Not Distribute Scalable IP Networks v2.01 Module 7 - 23 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 23 All rights reserved 2008 Alcatel-Lucent Learning Assessment (continued) VPRN is a layer 3 routed VPN service over a service providers existing IP / MPLS network MPLS transport tunnel labels are swapped by the service provider routers along an MPLS path as the customer data traverses the MPLS nework. MPLS service labels are inner labels negotiated by the PE routers of the service and remain constant as the traffic traverses the MPLS network Alcatel-Lucent Confidential for internal use only -Do Not Distribute Scalable IP Networks v2.01 Module 7 - 24 Alcatel-Lucent Scalable IP Networks v2.01 Module 7 | 24 All rights reserved 2008 Alcatel-Lucent LAB 6 - Services See the Alcatel-Lucent IP Scalable Networks Lab Guide Alcatel-Lucent Confidential for internal use only -- Do Not Distribute www.alcatel-lucent.com 3HE-02767-AAAA-WBZZA Edition 02 Alcatel-Lucent Confidential for internal use only -- Do Not Distribute