Dynamic Routing Protocols Flashcards
OSPF
Open Shortest Path First:
Link State Protocol - each router maintains identical databases describing the network topology.
Uses Dijkstra’s algorithm - each router builds a tree with the shortest paths.
Advantages:
Scalable to large networks
Faster convergence than distance-vector routing protocols
Relatively quiet during steady-state conditions (periodic refresh every 30 minutes. Otherwise only updates when there are changes)
OSPF Routers
All OSPF networks must have at least one area - the backbone area, which is the core of the network and routers with at least one interface connected to it are backbone routers.
Area Border Routers (ABRs) are connecting other areas to the backbone area.
config range is available to ABRs to configure route summarization
Autonomous system boundary routers (ASBR) allow you to import external non-OSPF routes into an OSPF network. Can summarize these routes on ASBRs with command config summary-address
By default, OSPF area type is regular, but you can configure stub and nssa (Not-so-stubby area) area types
Stub Area
ABR can advertise routes from this type to the backbone area whil;e it advertises external routes to the stub area only though a default route.
NSSA
Similar to stub area except that they can have an ASBR, allowing to the ABR to advertise external routes to the backbone area.
Point-to-point network type
This is the normal type when routers are connected directly.
In the case of multiple dialup connections with net-device disabled, you must configure the type to point-to-multipoint: The hub creates a single IPsec virtual interface that is shared by all IPsec clients connecting to the same dial-up VPN.
OSPF Protocol Redistribution
Can manually filter routes by seting the redistribution of the other routing protocols. Particularly useful for ASBRs to specify the redistribution of other protocols, like RIP or static routes, to tother areas. Disabled by default
config router osfp
config redistribute ?
Filter Method: Access Lists
Simple(based on prefixes)
Prevent injecting routes into the routing tables with the parameter distribute-list-in [BGP: distribute-list-out parameter to prevent advertising routes to neighbors]
can also filter routes distributed from other protocols (connected, static, or RIP) in distribute-list configuration
Filter Method: Prefix Lists
Simple (based on prefixes with logical operator added)
Applies only to distribute-list-in
[BGP: Prevent injecting routes into the routing tables with the parameter prefix-list-in or advertising routes to neighbors with parameter prefix-list-out]
ge and le parameters added in the rule config for more granularity on the prefix match
Filter Method: Route Map
Advanced (access and prefix lists can be route map objects)
Filter incoming external routes with the parameter distribute-route-map-in
Can also filter routes redistributed by other protocols in config redistribute <bgp |connected | isis | rip | static >
[BGP: Filter injecting and advertising routes with parameters route-map-in and route-map-out]
OSPF commands
get router info ospf <options>
neighbor - status of all the ospf neighbors and their adjacency states
interface - status per interface, including number of adjacencies
status - Full status, including the router ID, features negotiated, number of areas attached to this router, and number of fully adjacent neighbors
database brief - complete link state database (LSDB) ordered by link state advertisement (LSA) types
database router lsa - Further details on type 1 LSAs</options>
get router info bfd neighbor - BRF negotiation status when BFD is enabled on OSPF routers
OSPF ECMP
OSPF works by default with ECMP RFC 2328
RFC 2328 introduces new path preference rules:
-Intra-area paths using non-backbone areas are most preferred
-Intra-area backbone paths and inter-area paths have equal preference
-Prefers intra-area routes in non backbone areas to reduce backbone overhead
Can enable ECMP RFC 1583, where the path selection is based solely on cost. It is recommended to enable when you want to reach external routes
OSPF over IPsec
OSPF can be protected using IPsec VPN tunnels. Two most commonly used implementations of OSPF over IPsec VPN are:
Site-to-Site
Dial-up (hub and spoke)
Virtual Link
With an NSSA, can integrate it into the OSPF Network with a virtual link. When you configure a virtual link on both routers, you allow a remote are to virtually connect directly to the backbone area
BGP
Border Gateway Protocol - underlying global routing system of the internet. Distance Vector protocol that sends its entire routing table to directly connected neighbors.
Uses Autonomous Systems (AS).
IBGP - Internal BGP
EBGP - External BGP
By default, FGT BGP doesn’t advertise prefixes from other protocols. A non-BGP route can be redistributed into BGP.
RIB
Routing Information Bases
BGP commands
get router info <options></options>
bgp summary - BGP status of the router and all of its neighbors, including: the AS, packet counters, and the length of time the neighbor has been up
bgp neighbors - Details of the neighbors, including: peer IP address and router ID, remote AS, BGP state, and negotiated capabilities
bgp network - Displays the BGP database
routing-table bgp - Displays the BGP routing table
ECMP with BGP routes
Must enable EBGP or IBGP multipath
config router bgp
set ebgp-multipath enable
end
Allows FGT to load balance outgoing traffic.
Loopback interfaces as BGP source
because they stay up, unlike physical interfaces
set update-source loopback_interface
set ebgp-enforce-multihop enable (required because loopback is not the next hop)
neighbor-group command
Allows FGT to apply common settings in the neighbor group for each BGP peer relationship
Useful in an SD-WAN overlay design
config router bgp
…
config neighbor-group
edit SpokeISP1
set interface ISP1
set remote-as 65100
next
end
config neighbor-range
…
set neighbor-group SpokeISP1
…
BGP Convergence Steps
Steps:
Installing a new path in the routing and forwarding tables
Processing and finding an alternate path
Fast Failure detection and information propagation
Route Reflectors
AKA RRs: act as concentrators for IBGP-speaking routers
set route-reflector-client enable -> defines which neighbors are the clients
Helps reduce the number of IBGP sessions inside an AS. RR forwards the routes learned from one peer to the other peers. If you configure these, you don’t need to create a full mesh IBGP network. Improves BGP convergence
BFD Parameter
Bidirectional Forwarding Detection - has a keepalive timer configured in seconds. enable for faster failure detection (in less that 1 second).
Configure it on both connectede routers and their corresponding interfaces, and for each neighbor and for multihop paths
set bfd enable
set ebgp-enforce-multihop -> the check is performed using a template -> config router bfd -> config multihop-template
graceful-restart command
Prevent traffic interruption during HA failover. Necessary since BGP router daemon process is only running on primary unit
HA cluster advertises that it is going offline
Enable to parameter on both connected routers
config router bgp
…
set graceful-restart enable
…
config neighbor
…
set capability-graceful-restart enable
BGP with FMGR
can create BGP templates in FMGR GUI and use the metadata variables to help configure a large BGP environment.
Another option is to import the BGP config from a device or VDOM.
Device manager > Provisioning Templates > BGP Template
