1. 2 2 Switch Volume II D-Link Switching Advanced Technology.

2 2 Switch Volume II D-Link Switching Advanced Technology

Module 7 Module 8 Module 9 Module 10 Module 11 :::::::::: Virtual Router Redundant Protocol Routing Information Protocol Open Shortest Path First Multicast in D-Link Switching Environment Quality of Service 3 3

4 4 Switch Module 7 Virtual Router Redundancy Protocol (VRRP)

The IP address, mask and default gateway are manually configured, with the gateway pointed to a gateway device, here Router-A. The gateway forward the client traffic to the destination Problem with this configuration The client do not have access to the external network any more when the router fails Solution VRRP is an solution to the problem Virtual Router Redundancy Protocol Overview ! Typical topology with an Internet access gateway Layer 2 Switch Router-A 192.168.11.1 Client 1 IP: 192.168.11.100 GW: 192.168.11.1 Client 2 IP: 192.168.11.200 GW: 192.168.11.1 Network Topology without VRRP 5 VRRP or Virtual Routing Redundancy Protocol is a function on a switch that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router that controls the IP address associated with a virtual router is called the Master, and it will forward packets sent to this IP address. This will allow any Virtual Router IP address on the LAN to be used as the default first hop router by end hosts. Utilizing VRRP, the administrator can achieve a higher available default path cost without needing to configure every end host for dynamic routing or routing discovery protocols. 5

VRRP operation The Virtual Router Identifier (VRID) and IP address are configured on each router A virtual MAC address is created to associate it with a virtual router The virtual router utilizes an IEEE 802 MAC address with the format: 00-00-5E-00-01- {VRID} – 00-00-5E is derived from IANA OUI – 00-01 is assigned to VRRP –The last octet is the VRID Virtual Router Redundancy Protocol Overview ! VRRP is a gateway redundancy protocol designed to prevent from a single point failure when the default gateway fails. Virtual MAC Address (M) VRID 1 / IP addr (S) VRID 1 / IP addr Virtual Router When a client communicates with the virtual router, it does not need to have the information about the physical router in the network. 6

7 Router-A and Router-B are grouped into a VRRP virtual router group. The members of the virtual router group have their own IP addresses:192.168.11.1 and 192.168.11.2 in this example. The virtual IP (192.168.11.200) is assigned to the Virtual Router. The clients do not need to know the physical interface IP addresses of Router-A and Router-B. Client-1 and Client-2 take the virtual IP address for their default gateway address. Result: The clients can access the Internet through the Virtual Router. As the master router assuming the virtual IP is failed, the backup router takes over the master role without user intervention. Virtual Router Redundancy Protocol Overview ! A VRRP Scenario 192.168.11.2 Router-B VRRP Router / Virtual Router Router-A VRID = 1 (Master) Virtual IP: 192.168.11.200 VRRP Router / Virtual Router 192.168.11.1 Layer 2 Switch Client-1 IP: 192.168.11.x GW: 192.168.11.200 VRID = 1 (Backup) Virtual IP: 192.168.11.200 Backup Master The Backup Router will assume the Master role if it does not receive VRRP packets from the Master for a period of time. Client-2 IP: 192.168.11.x GW: 192.168.11.200 7

Header MACHeader IPVRRP HeaderFCS VRRP Router Virtual Router Redundancy Protocol VRRP Packet VRRP packet is used for communication among VRRP routers. All routers with a common VRID form a VRRP group. The router priority and the state of the VRRP Master router are exchanged periodically VRRP packets are encapsulated in IP packets and sent to the IPv4 multicast address 224.0.0.18 assigned by the IANA. The IP protocol number assigned by the IANA for VRRP is 112 (decimal). 8888

Ver=2Type=1Virtual Router IDPriorityCount IP Address Authentication TypeAdver IntervalChecksum Virtual IP Address 1 Header MACHeader IPVRRP HeaderFCS Virtual Router Redundancy Protocol VRRP Packet " 31 241684 0 Virtual IP Address n Authentication Data (1) Authentication Data (2) 9

#$% 10 Virtual Router Redundancy Protocol VRRP Packet VRID = 10 IP = 192.168.10.252 IP=192.168.10.253 Virtual MAC: 00-00-5E=00-01-0A TTL must be 255 Multicast Address: 224.0.0.18 VRID = 10 Priority = 255 (highest) Adver Int = 1 Auth Type = Simple Auth String = ‘dlink’ 10

#$% & 11 Enable VRRP enable vrrp enable vrrp ping Create VRRP Router create vrrp vrid 1 ipif LAN ipaddress 11.1.1.1 state enable priority 200 advertisement_interval 1 preempt true critical_ip 10.53.13.224 critical_ip_state enable Configure VRRP Advertisement interval and authentication (option) config vrrp vrid 1 ipif LAN state enable priority 200 advertisement_interval 2 config vrrp ipif LAN authtype simple authdata tomato Virtual Router Redundancy Protocol Switch Configuration Enable the VRRP function Allow the virtual IP address to be pinged from other host end nodes to verify the connectivity Configure VRRP VRID, interface and IP address (Optional) Assign priority, advertisement interval, preempt and critical IP Control whether a higher priority backup router will preempt a lower priority Master router (default = true) Configure VRRP with VRID is 1 in interface LAN with priority 200 and advertisement_interval 2 Configure the authentication type for the VRRP routers of an IP interface 11

#$% &'%( Host-1 and Host-2 connect to the Internet through Switch-A to; Host-3 and Host-4 connect to the Internet through Switch-B. Load Balancing can be achieved by distributing hosts among different VRIDs When L3 Switch-A fails, L3 Switch-B will become the Master for VRID 253. When L3 Switch-B fails, L3 Switch A will become the Master for VRID 252. Virtual Router Redundancy Protocol Multiple Virtual Routers VRID = 252 IP=192.168.1.252 VRID = 253 IP=192.168.1.253 Master 253 Backup 252 Master 252 Backup 253 GW=192.168.1.252 Host-1 192.168.1.1 GW=192.168.1.252 Host-2 192.168.1.2 GW=192.168.1.253 Host-3 192.168.1.3 GW=192.168.1.253 Host-4 192.168.1.4 L3 Switch-AL3 Switch-B 12

)**'% Virtual Router Redundancy Protocol Multiple Virtual Router IP=192.168.1.x/24 GW1=192.168.1.252 GW2=192.168.1.253 Host-1Host-2Host-3Host-4 L3 Switch-A VRRP enabled on Net192_168_1 Master of VRID=252 create vrrp vrid 252 ipif 192_168_1 ipaddress 192.168.1.252 state enable create vrrp vrid 253 ipif 192_168_1 ipaddress 192.168.1.253 state enable enable vrrp L3 Switch-A Master VRID: 252 Backup VRID: 253 L3 Switch-B VRRP enabled on Net192_168_1 Backup of VRID=252 create vrrp vrid 252 ipif 192_168_1 ipaddress 192.168.1.252 state enable create vrrp vrid 253 ipif 192_168_1 ipaddress 192.168.1.253 state enable enable vrrp L3 Switch-B Master VRID: 253 Backup VRID: 252 13

#$% &) With the Critical IP feature, the switch will detect the status of the next hop to the Internet by ARP request every 30 seconds periodically. If the Critical IP fails to respond, the Master router will declare down immediately and the Backup router will take over. Virtual Router Redundancy Protocol VRRP with Critical IP Host-1Host-2Host-3Host-4 Switch-A to Internet 192.168.2.1 Switch-B to Internet 192.168.3.1 IP=192.168.1.x/24 GW1=192.168.1.252 GW2=192.168.1.253 L3 Switch-B Master VRID: 253 Backup VRID: 252 L3 Switch-A Master VRID: 252 Backup VRID: 253 Critical IP for VRID 252Critical IP for VRID 253 14 VRRP with Critical IP With the Critical IP feature, the switch will detect the status of next hop to the Internet by ARP request in every 30 seconds periodically. If Critical IP fails to respond, the Master router will declare down immediately and Backup router will take over immediately. It provides enhanced failover feature which meet many customers’ requirement. 14

L3 Switch-A and L3 Switch-B provide VRRP function L3 Switch-A is the Master L3 Switch-B is the Backup packets are routed by L3 Switch-A. L3 Switch-B is Backup. )**) 15 Objective VRRP is enabled at Interface192_168_1 on both routers. When NAT-A is working, 192.168.1.x When NAT-A fails, L3 Switch-B will become the Master, and route the packet for 192.168.1.x network. It provides the redundant default route. Principle With the Critical IP function, the switch will detect the status of NAT devices by using ARP request every 30 seconds. If one of the NAT devices fails, VRRP switchover takes place. Virtual Router Redundancy Protocol VRRP with Critical IP IP: 192.168.1.x/24 GW: 192.168.1.252 NAT-A 192.168.2.1 Ipif: 192_168_2 IP: 192.168.2.252 L3 Switch-A Ipif: 192_168_1 IP: 192.168.1.252 NAT-B 192.168.3.1 Ipif: 192_168_3 IP: 192.168.2.253 L3 Switch-B Ipif: 192_168_1 IP: 192.168.1.253 15

)**) L3 Switch-A Configuration Two Networks. RIP enabled. VRRP enabled on ipif192_168_1 Master of VRID = 252 Critical IP = 192.168.2.1 config vlan default delete 1-12 create vlan vlan2 tag 2 config vlan vlan2 add untag 1-6 create ipif 192_168_1 192.168.1.252/24 vlan2 state enable create vlan vlan3 tag3 config vlan vlan3 add untag 7-12 create ipif 192_168_2 192.168.2.252/24 vlan3 state enable enable rip config rip all tx_mode v2_only rx_mode v2_only state enable create vrrp vrid 252 ipif 192_168_1 ipaddress 192.168.1.252 state enable critical_ip 192.168.2.1 critical_ip_state enable create vrrp vrid 253 ipif 192_168_1 ipaddress 192.168.1.253 state enable critical_ip 192.168.2.1 critical_ip_state enable L3 Switch-B Configuration Two Networks. RIP enabled. VRRP enabled on ipif192_168_1 Backup of VRID = 252 Critical IP = 192.168.3.1 config vlan default delete 1-12 create vlan vlan2 tag 2 config vlan vlan2 add untag 1-6 create ipif 192_168_1 192.168.1.253/24 vlan2 state enable create vlan vlan3 tag3 config vlan vlan3 add untag 7-12 create ipif 192_168_3 192.168.2.253/24 vlan3 state enable enable rip config rip all tx_mode v2_only rx_mode v2_only state enable create vrrp vrid 252 ipif 192_168_1 ipaddress 192.168.1.252 state enable critical_ip 192.168.3.1 critical_ip_state enable create vrrp vrid 253 ipif 192_168_1 ipaddress 192.168.1.253 state enable critical_ip 192.168.3.1 critical_ip_state enable enable vrrp Virtual Router Redundancy Protocol VRRP with Critical IP enable vrrp 16

17 Switch Module 8 Routing Information Protocol (RIP)

(! Distance Vector is an approach to find routes between networks. The router using distance vector routing protocol exchanges the information with its neighbor and determine the route based on the knowledge of “Distance” and “Vector”: “Distance” refers to “metric”; i.e. how far the destination is “Vector” refers to the direction to the destination Examples of Distance Vector Routing Protocols Routing Information Protocol (RIP) for IP Cisco System Internet Gateway Protocol (IGRP) Xerox Networking System (XNS) RIP Novell IPX RIP AppleTalk Routing Table Maintenance Protocol (RTMP) Routing Information Protocol Distance Vector Routing Protocol 18 A router with Distance Vector Routing Protocol updates all its neighbors by broadcasting its entire routing table. Distance Vector Routing Protocol has the following characteristics: Each node knows the distance to its directly connected neighbors. A node sends routing updates periodically to its neighbors (Eg. RIP sends routing updates to its neighbors every 30 seconds. New nodes advertise themselves to their neighbors. A router with Distance Vector Routing Protocol sends its updates to its neighboring routers. These routers will pass the updated information to their neighbors. Periodic Updates: Updates to the routing tables are sent every certain time period. Triggered Updates: If a metric changes on a link, a router sends out an update immediately without waiting for the end of the update period. Full Routing Table Updates: Most distance vector routing protocols send their neighbors the entire routing table. Route Invalidation Timers: The entries in the routing table become invalid if they are not refreshed by new routing updates. 18

NETVIAHOP 10.0.2.0 10.0.3.0 10.0.1.0 10.0.4.0 10.0.5.0 -- 10.0.2.1 10.0.3.2 0011200112 NETVIAHOP 10.0.3.0 10.0.4.0 10.0.2.0 10.0.5.0 10.0.1.0 -- 10.0.3.1 10.0.4.2 10.0.3.1 0011200112 NETVIAHOP 10.0.4.0 10.0.5.0 10.0.3.0 10.0.2.0 10.0.1.0 -- 10.0.4.1 0012300123 NETVIAHOP 10.0.2.0 10.0.3.0 10.0.1.0 10.0.4.0 10.0.5.0 -- 10.0.2.1 10.0.3.2 0011200112 NETVIAHOP 10.0.3.0 10.0.4.0 10.0.2.0 10.0.5.0 10.0.1.0 -- 10.0.3.1 10.0.4.2 10.0.3.1 0011200112 NETVIAHOP 10.0.4.0 10.0.5.0 10.0.3.0 10.0.2.0 -- 10.0.4.1 00120012 NETVIAHOP 10.0.1.0 10.0.2.0 10.0.3.0 10.0.4.0 10.0.5.0 -- 10.0.2.2 0012300123 NETVIAHOP 10.0.1.0 10.0.2.0 10.0.3.0 10.0.4.0 -- 10.0.2.2 00120012 NETVIAHOP 10.0.2.0 10.0.3.0 10.0.1.0 10.0.4.0 -- 10.0.2.1 10.0.3.2 00110011 NETVIAHOP 10.0.3.0 10.0.4.0 10.0.2.0 10.0.5.0 -- 10.0.3.1 10.0.4.2 00110011 NETVIAHOP 10.0.4.0 10.0.5.0 10.0.3.0 -- 10.0.4.1 001001 NETVIAHOP 10.0.1.0 10.0.2.0 10.0.3.0 -- 10.0.2.2 001001 NETVIAHOP 10.0.2.0 10.0.3.0 -- 0000 NETVIAHOP 10.0.3.0 10.0.4.0 -- 0000 NETVIAHOP 10.0.4.0 10.0.5.0 -- 0000 NETVIAHOP 10.0.1.0 10.0.2.0 -- 0000 (! Routing Information Protocol Distance Vector Routing Protocol 10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0 Router DRouter CRouter BRouter A.1.2.1.2.1.2.1 t 0 t 1 t 2 t 3 19 The flow chart in the slide describes the operation of the Distance Vector Routing Protocol algorithm. At time 0, Distance Vector Routing Protocol is enabled in all routers. These routers only have the knowledge of their directly attached network. The hop count of directly connected network is 0. At time 1, the routers start to exchange routing information. Router A learns the routing information of networks 10.0.2.0 and 10.0.3.0 from its neighbor, Router B. One hop count is added when the route information is passed over one router. In Router A, by comparing the learned routes with the information in its routing table, the hop count of route 10.0.2.0 is greater than its own route information in the routing table. Hence, Router A adopts the original one and disregards that information. At time 2, router A repeats the process of time 1. Router A learns another route information of network 10.0.4.0. At time 3, all routers have learned all the routes of the entire network. The routing information of this network is synchronized now. 19

NETVIAHOP 10.0.3.0 10.0.4.0 10.0.2.0 10.0.5.0 10.0.1.0 -- 10.0.3.1 10.0.4.2 10.0.3.1 0011200112 NETVIAHOP 10.0.4.0 10.0.5.0 10.0.3.0 10.0.2.0 10.0.1.0 -- 10.0.4.1 0012300123 NETVIAHOP 10.0.2.0 10.0.3.0 10.0.1.0 10.0.4.0 10.0.5.0 -- 10.0.2.1 10.0.3.2 0011200112 NETVIAHOP 10.0.1.0 10.0.2.0 10.0.3.0 10.0.4.0 10.0.5.0 -- 10.0.2.2 0012300123 Routing Information Protocol Distance Vector Routing Protocol 10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0 Router DRouter CRouter BRouter A.1.2.1.2.1.2.1 Issue: If Router D fails, Router A, B and C, which still have the entries about network 10.0.50.0 in their routing table, will continue to send packets to Router D. This will generate a black hole issue. Solution: Set a route invalid timer for each entry in the route table. Router C sets a timer for the route after it learned the route 10.0.5.0 and place it into the routing table. When Router C receives periodic updates from Router D, it will reset the timer and discard the packets. If Router D fails, the timer of route 10.0.5.0 will not be updated and will expired. The next update from Router C will notice this missing route to other routers. 20

NETVIAHOP 10.0.3.0 10.0.2.0 10.0.1.0 -- 10.0.3.1 012012 NETVIAHOP 10.0.4.0 10.0.5.0 -- 10.0.4. 2 0101 %+, Routing Information Protocol Distance Vector Routing Protocol 10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0.1 Router A.2.1 Router B.2.1 Router C.2.1 Router D Routing Update Issue: Router C learns the route 10.0.5.0 from Router D and updates the route back to Router D. It is called reverse route. In a more serious situation, if route 10.0.5.0 is down and Router C updates the route to Router D at the same time. Router D adopts the route information from Router C and will result in a route loop issue. Solution: Split Horizon is a technique to prevent the issue of reverse route between two routers. The interface will not send a specific routes which it received and learned from. In the above example, Router C only sends two route information (10.0.4.0 & 10.0.5.0) to Router B instead of the route information it learned from Router B. 21

NETVIAHOP 10.0.3.0 10.0.4.0 10.0.2.0 10.0.5.0 10.0.1.0 -- 10.0.3.1 10.0.4.2 10.0.3.1 Infinity 0 infinity 1 infinity NETVIAHOP 10.0.3.0 10.0.4.0 10.0.2.0 10.0.5.0 10.0.1.0 -- 10.0.3.1 10.0.4.2 10.0.3.1 0 infinity 1 infinity 2 %+,(( Routing Information Protocol Distance Vector Routing Protocol 10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0.1 Router A.2.1 Router B.2.1 Router C.2.1 Router D Routing Update Split Horizon with Poison Reverse is a safer and stronger mechanism compared to standalone Split Horizon working. Split Horizon with Poison Reverse can prevent and stop potential loops. Compared to standalone Split Horizon, the updated packets are larger. In the above example, Router C includes three additional route information and metric “infinity” in the update to Router B. Router B will correct the corrupted information after receiving Router C’s update. 22

23 )* Issue: In the above example, Route B detects the route 10.0.5.0 is failed and sends the notice to its neighbors (Router A & D). Router D will mark the route unreachable via Router B. At the same time, Router C updates the next-best path to 10.0.5.0 is three hops away and Router D places this information into its route table. Router D will inform Router B that it has an alternative route to 10.0.5.0 with four hops via Router C. Next, Router B updates Router A and it forms a loop. It is called counting-to-infinity issue because the hop count to 10.1.5.0 will continue to increase to infinity. Solution: Define an infinity value. RIP, for example, has an infinity value of 16. The convergence is very slow and the network will take up to 7.5 minutes to re-converge because its update period is 30 seconds. Triggered updates can be used to reduce this convergence time. Triggered updates: If a router receives a route with a better or worse metric, it will send out an update without waiting for its update timer to expire. Routing Information Protocol Distance Vector Routing Protocol 10.0.1.0 10.0.2.0 A CD 10.0.5.0 10.0.4.0 B 10.0.3.0 Link Failure ABDC 10.0.2.010.0.3.010.0.4.0 Link Failure Routing update 10.0.5.0 is unreachable Routing update 10.0.5.0 is unreachable Routing update 10.0.5.0 is unreachable Routing update 10.0.5.0 is unreachable 10.0.1.0.1 10.0.5.0.1.2 Unlike regular update (every 30 seconds), triggered updates only include the entries which are changed. It can help alleviate the possibility of Counting to Infinity Issue. 23

+ 24 ( Holddown timer is a mechanism to prevent a router from accepting any changes to a route for a period of time so that some problems, like interface flapping, do not impact the network. Routing Information Protocol Distance Vector Routing Protocol ABC 10.0.2.010.0.3.010.0.4.010.0.1.0.1.2 Link Failure 10.0.4.0 is unreachable! ABDC 10.0.2.010.0.3.010.0.4.0 Link Failure Bad Routing Update Holddown Timer Bad Routing Update Holddown Timer Bad Routing Update Holddown Timer 10.0.1.0.1 10.0.5.0.1.2 Bad Routing Update Holddown Timer Poison Reverse Holddown Timer 10.0.4.0 is unreachable! Poison Reverse Holddown Timer Interface of a Router Down/Up Process Page is Animated Holddown Timer: All routers running RIP must have identical holddown timer value Interface of a Router Down/Up Process From the example in the above slide, when Router C detects the network 10.0.4.0 fails, it sends the last route update with the infinite hop counts of network 10.0.4.0. As Router B receives the route information from Router C, it starts the Holddown Timer for the route 10.0.4.0 and sends poison reverse to Router C. Next, Router B updates Router A, and the same procedure repeats till the entire network converge. When interface 10.0.4.0 recovers, Router C will update Router B immediately. Router B will accept and adopt the route because of smaller hop counter (original is infinite). Next, Router B updates its neighbors about this new update. 24

*(--! RIPv1 is defined in RFC 1058 All RIP messages are encapsulated in a User Datagram Protocol (UDP) It defines two types of messages Request message Response message It uses classful routing The routing updates do not carry subnet information and lack support for Variable Length Subnet Masks (VLSM). No router authentication mechanism. Routes update via broadcast. Limited to 15 hop counts. 25 Routing Information Protocol RIP Version 1

CommandVersionReserved (set to 0) Address Family IdentifierReserved (set to 0) IP Address Unused (set to 0) Metric ………… Address Family IdentifierReserved (set to 0) IP Address Unused (set to 0) Metric Route Entry -" Command: Indicate whether the packet is a request or response entry. Request: The request asks that a router to send all or part of its routing table. Response: The response can be an unsolicited regular routing update or a reply to a request. Responses contain routing table entries. Version Number: Specify the RIP version used. The value is 1 for RIPv1. Zero: This field is not actually used by RFC1058 RIP. It was added solely to provide backward compatibility with pre-standard varieties of RIP. Its name comes from its defaulted value: ZERO. Address-Family Identifier, AFI: Specify the address family used. RIP is designed to carry routing information for several different protocols. Each entry has an address-family identifier to indicate the type of address being specified. The AFI for IP is 2. IP Address: The address of the destination of the route. Metric: Indicate the number of hops (routes) which have been traversed in the trip to the destination. This value is between 1 and 15 for valid route. 26 Routing Information Protocol RIP Version 1

-.( ' ((%(( 27 Router ARouter B 10.1.1.110.1.1.2100.100.100.100200.200.200.200 Routing Information Protocol RIP Version 1 123123 Initially, both Router A and B send the request to each other with broadcast. Router A and B reply with full routing table to each other. The periodic update will be forwarded with broadcast packet. To: 255.255.255.255 To: 10.1.1.2 To: 10.1.1.1 To: 255.255.255.255 Page is Animated A router running RIP sends a request to ask for a full route table or only specific route information. Requesting Full Route Table Step 1: Router A sends the Request message with a single route entry in which the address family identifier is set to zero and metric is 16. Step 2: When Router B receives this type of request, it will send back full route table to Router A via Unicast. Only Request Specific Route Information Step 1: Router A sends the Request message including specifying the address in the request. Step 2: When Router B receives this type of request, it will send back the route information which Router A request. 27

-.( /(%( Routing Information Protocol RIP Version 1 Request Packet Response Packet 28

Address ClassMost Significant BitValue Ranges Class A00000.0.0.0 to 126.255.255.255 Class B1000128.0.0.0 to 191.255.255.255 Class C1100192.0.0.0 to 223.255.255.255 Class D1110224.0.0.0 to 239.255.255.255 Class E1111240.0.0.0 to 255.255.255.255 )((* Routing Information Protocol RIP Version 1 10.10.20.64 10.10.20.192 10.15.75.64 10.93.1.1 10.100.3.5 192.168.1.0 192.168.1.32 192.168.1.64 192.168.1.96 192.168.1.128 10.0.0.0 Network Boundary Route summarization at boundary routers 29 Classful routing protocol does not advertise an address mask along with advertised destination address. Therefore, a classful routing protocol must follow major class A, B or C network portion of a destination as shown in the above table. When packets pass through the router: If the destination address is a member of a directly connected major network, the subnet mask configured on the interface attaching to that network will be used to determine the subnet of the destination address. If the destination address is not a member of a directly connected major network, the router will try to match only the major A, B or C portion of the destination address. 29

*(00! The RIPv2 specification (RFC2453) allows more information to be included in RIP packets. It provides a simple authentication mechanism (not supported in RIPv1) RIPv2 is a Classless Routing Protocol. Comparing with RIPv1, RIPv2 has the following advantages. Carry mask information for each route entry Designated next hop to select the best next hop on broadcast networks Multicast routing update to reduce resource consumption Plain text authentication and MD5 authentication to enhance security Routing Information Protocol RIP Version 2 30 Comparing with RIPv2, RIPv1 is a Classful Routing Protocol and supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information. It can only recognize routing information of standard Class A, B and C networks. Therefore, RIPv1 does not support subnets. RIPv2 is classless routing protocol which have the capability to carry subnet masks in their route advertisements. It provides a much greater benefit because a subnet mask is associated with each route. It is able to use variable-length subnet masking (VLSM) and summarize a group of major network address with a single aggregate address. 30

CommandVersionReserved (set to 0) Address Family IdentifierRoute Tag IP Address Subnet Mask Next Hop Metric ………… Address Family IdentifierRoute Tag IP Address Subnet Mask Next Hop Metric Route Entry 0" Version: The value is 2 in a RIPv2 packet implementation. Address-Family Identifier, AFI: Specify the address family used. RIP is designed to carry routing information for several different protocols. Each entry has an address-family identifier to indicate the type of address being specified. The AFI for IP is 2. If the AFI for the first entry in the message is 0xFFFF, the remainder of the entry contains authentication information. Currently, the only authentication type is simple password. Route Tag: Provide a method for distinguishing between internal routes (learned by RIP) and external routes (learned from other protocols) IP Address: Specify the IP address for the entry. Subnet Mask: Contain the subnet mask for the entry. If this field is zero, no subnet mask has been specified for the entry. Next Hop: Indicates the IP address of the next hop to which packets for the entry should be forwarded. Metric: Indicate how many internetwork hops (routes) have been traversed in the trip to the destination. This value is between 1 and 15 for a valid route, or 16 for an unreachable route. 31 Routing Information Protocol RIP Version 2

-.( ' ((%(( 32 Router ARouter B 10.1.1.110.1.1.2100.100.100.100200.200.200.200 Routing Information Protocol RIP Version 2 123123 Initially, both Router A and B send the request to each other with multicast. Router A and B reply with full routing table to each other. The periodic update will be forwarded with broadcast packet. To: 224.0.0.9 To: 10.1.1.2 To: 10.1.1.1 To: 224.0.0.9 Page is Animated RIPv2 sends RIP announcements to the IP multicast address of 224.0.0.9. 32

0(( 12 33 Routing Information Protocol RIP Version 2 33

0(( 13% 34 Routing Information Protocol RIP Version 2 34

Enable RIPv1 for Both Switches enable rip config rip all tx_mode v1_only rx_mode v1_only state enable Check Interface Status DES-3612:5#sh iproute Command: show iproute Routing Table IP Address/Netmask --------------------------- 10.1.1.0/24 100.1.1.0/24 200.1.1.0/24 Gateway ------------ 0.0.0.0 10.1.1.2 Interface ------------ System int1 System Cost ------- 1 2 Protocol ------------ Local RIP Check RIP Version and Status DES-3612:5#sh rip Command: sh rip RIP Global State : Enabled RIP Interface Settings Interface IP Address ----------- --------------- System 10.1.1.1/24 Int1 100.1.1.1/24 TX Mode ------------- V1 Only RX Mode ------------- V1 Only Authentication ------------------- Disabled State -------- Enabled #$% &- Routing Information Protocol Switch Configuration 100.1.1.1200.1.1.110.1.1.110.1.1.2 DGS-3612-1DGS-3612-2 Total Entries : 2 35

#$% &0 Enable RIPv2 for Both Switches enable rip config rip all tx_mode v2_only rx_mode v2_only state enable Check Interface Status DES-3612:5#sh iproute Command: show iproute Routing Table IP Address/Netmask --------------------------- 10.1.1.0/24 100.1.1.0/24 200.1.1.0/24 Gateway ------------ 0.0.0.0 10.1.1.2 Interface ------------ System int1 System Cost ------- 1 2 Protocol ------------ Local RIP Check RIP Version and Status DES-3612:5#sh rip Command: sh rip RIP Global State : Enabled RIP Interface Settings Interface IP Address ----------- --------------- System 10.1.1.1/24 Int1 100.1.1.1/24 TX Mode ------------- V2 Only RX Mode ------------- V2 Only Authentication ------------------- Disabled State -------- Enabled Routing Information Protocol Switch Configuration 100.1.1.1200.1.1.110.1.1.110.1.1.2 DGS-3612-1DGS-3612-2 Total Entries : 2 36

#$% & DGS-3612:5#config rip all authentication enable key Command: config rip all authentication enable key Success. DES-3612:5#sh rip Command: show rip RIP Global State : Enabled tication State -------- Enabled RIP Interface Settings Interface IP Address TX Mode RX Mode Authen- ----------- -------------- ------------ ------------- ---------- System 10.1.1.1/24 V2 Only V2 Only Enabled Int1 100.1.1.1/24 V2 Only V2 Only Enabled Total Entries : 2 Routing Information Protocol Switch Configuration 100.1.1.1200.1.1.110.1.1.110.1.1.2 DGS-3612-1DGS-3612-2 37

38 Switch Module 9 Open Shortest Path First (OSPF)

Nodes respond immediately when the network changes Sending periodic updates at a long time interval Each router maintains its own routing table and calculates respectively its best paths to all destinations in the network with Dijkstra’s (Shortest Path First - SPF) algorithm LSA has sequence number and Link State Advertisement (LSA) acknowledge mechanism Example: OSPF, IS-IS Open Shortest Path First Link-State Routing Protocol Link = Link between Routers State = state of the link Link State Routing Protocol Characteristics 39 Comparing with Distance-Vector Routing Protocol, all routers running the Link State Routing Protocol have an identical routing table and can calculate the best route individually. The Open Shortest Path First (OSPF) routing protocol uses a link-state algorithm to determine routes to network destinations. A “link” is an interface on a router and the “state” is a description of that interface and its relationship to neighboring routers. The state contains information such as the IP address, subnet mask, type of network the interface is attached to, other routers attached to the network, etc. The collection of link-states is then collected in a link-state database that is maintained by routers running OSPF. 39

Link-State information must be synchronized among routers. Every router maintains the following information: Open Shortest Path First Link-State Routing Protocol To make consistent routing decisions in a common routing domain: – Directly connected routers or in other words, the adjacency information – The information of all other routers and their attached network n a common routing domain – The calculated result of using Dijkstra’s (SPF) algorithm, i.e. best routes to each destination 40 Routers running the Link State Routing Protocol have the same routing information and make decision on the best route to a specific destination. In order for every router in a network area to make a consistent decision, the routers in the area should be equipped with the following information. Neighbor routers information All other routers information Define area Attached network Using the same way to calculate the best path 40

Open Shortest Path First Link-State Routing Protocol 4% 1. Detecting network change 2. Create a Link-State Advertisement (LSA) concerning that link and propagates to all neighbor devices 3. Each routing device takes a copy of the LSA and updates its Link-State Database (LSDB) 4. Forward the LSA to neighboring devices 1 2 5 3 LSDB Router E A 4B4B D C E 5. LSDB (Topology Table) is used to calculate the best paths through the network and put it in the routing table Drawback: Memory resource issue CPU consumption issue 41 Link State Routing Protocol is not perfect. In a large and complicated network, the protocol may generate some issues because all routers keep a complete router information in its database (routers need to have enough space to store all route information). These routers also need to calculate the best paths to destinations on their own (routers need to be equipped with powerful chips to deal with frequent calculations). 41

4%(" (4"! OSPF RFCs RFC 1131 (version 1) RFC 2328 (version 2) Link-State Routing Protocol Hello / Adjacencies Link-StateLink State Advertisement (LSA) over all adjacencies Database (LSDB) Router’s link Router’s interface Router’s neighbor Flooding LSAs throughout an area / all routers build identical Link-State Database SPF (Dijkstra) algorithm to calculate a shortest pathRouting Table Open Shortest Path First Overview 42 OSPF belongs Link-State routing protocol and uses Hello messages to keep in touch with its neighbors. All routers in the network fully exchange route information via Link-State Advertisement (LSA) with one another so that all routers have the identical Link-State Routing Database. If there is any route path change, all routers will be notified immediately through the LSA flooding. 42

Link State Types Descriptions 1Router link advertisement 2Network link advertisement 3 or 4Summary link advertisement 5AS external link advertisement 6Group Membership LSA 4" ( 43 Open Shortest Path First Overview A Hello Protocol DR / BDR Election C Multi-Access D Internal Routers Backbone / Internal Routers ASBR External AS RIP Area 4 F GH OSPF Autonomous Backbone Area / Area 0 I JL M Virtual Link LSA Exchange B Stub Area Area 1 E K Area 2 Totally Stub Area Area 3 NSSA No Type 4 LSA (ASBR Summary LSAs) No Type 5 LSA (AS External LSAs) No Type 3 LSA (Summary LSA) No Type 4 LSA (ASBR Summary LSAs) No Type 5 LSA (AS External LSAs) No Type 4 LSA (ASBR Summary LSAs) No Type 5 LSA (AS External LSAs) ABR 43

4" To run OSPF, a router must have a Router ID. It is a 32-bit unsigned number to uniquely identifies a router in the Autonomous System (AS). Router ID assignment Configure it manually Router ID is automatically selected from active interfaces: Open Shortest Path First OSPF Hello / Adjacency – The highest IP address on an loopback interface is chosen by default – The highest IP address on an active interface is chosen – Selection begins at the start of the OSPF process LSDBs use the OSPF Router ID to differentiate one router from the others. Break the tie during the Designated Router (DR) and Backup Designated Router (BDR) election process. E1 192.168.0.1 E2 E3 192.168.10.1 192.168.20.1 Router ID 44 Autonomous System (AS) It is a collection of router operators that presents a common, clearly defined routing policy. Designated Router (DR) In multi-access network, DR represents this network to other OSPF areas and manages the flooding process on the multi-access network. Backup Designated Router (BDR) In multi-access network, BDR is responsible for taking over the DR position when DR fails. 44

Discover Neighbors “Keep-alive” mechanism between neighbors – Broadcast Hello Interval: 10 seconds – Non Broadcast Interval: 30 seconds – Router Dead Interval: 40 seconds (four times the Hello Interval) Ensure bidirectional communications between neighbors It helps to elect the Designated Router (DR) and Backup Designated Router (BDR) on Broadcast and Non-Broadcast Multi-Access (NBMA) network. Open Shortest Path First OSPF Hello / Adjacency + Before any Link-State Advertisements (LSAs) can be sent, OSPF routers must discover their neighbors and establish adjacencies. Hello Router ID Area ID Address mask of the originating interface Authentication type and information Hello and dead intervals All Neighbors list Router priority DR IP address BDR IP address Authentication password Hello 45

265 Neighbor The interfaces of two routers connect to common network. Neighbor relationship is maintained by exchanging Hello messages between two routers. Open Shortest Path First OSPF Hello / Adjacency Not Match Match Exist Neighbor Table Reset RouterDeadInterval Timer Add to neighbor table Not Exist Adjacency AB Verify: Router ID, Area ID, Network Mask, … No adjacency Start to build an adjacency AB A relationship is already formed between two neighboring routers for exchanging routing information. Two routers synchronizing the LSDB with each other (exchanging Database Description (DD) packets and LSAs) become adjacent. Not every pair of neighboring routers will become adjacent. It depends on the network type. Routing Information LSDB Routing Information 46 When a router receives Hello message from its neighbor, it will verify all information (such as Router ID, Area ID, etc) and check its neighbor table. If the neighbor has been recorded in the neighbor table, the router knows that this neighbor is still alive and reset the Router Dead Internal Timer. If the neighbor information does not exist in the neighbor table, the router will create new one. In a broadcast network, a DRothers router does not form an adjacency to other DRothers routers but to the DR or BDR router. 46

+ 47 Open Shortest Path First OSPF Hello / Adjacency 47

4" 2% Point-to-Point Networks – T1, DS-3, SONET link In point-to-point networks, routers always become adjacent. The destination address of OSPF packets on these networks will always be the reserved class D address 224.0.0.5, known as AllSPFRouters. Broadcast Networks – Ethernet, Token Ring, FDDI OSPF routers on broadcast network will elect a Designated Router (DR) and a Backup Designated Router (BDR). Hello packets are multicast with AllSPFRouter destination address 224.0.0.5 (Destination MAC address is 0100.5E00.0005) All other routers will multicast Link State Update and Link-State Acknowledge packets to 224.0.0.6 (Destination MAC address is 0100.5E00.0006) Non-Broadcast Multi-Access (NBMA) networks – x.25, Frame Relay, ATM No broadcast capability OSPF routers on NBMA elects a DR and BDR, and all OSPF packets are unicast. Point-to-Multicast Networks Routers on these networks do not elect a DR and BDR, and the OSPF packets are unicast to each known neighbor. Virtual Link OSPF packets are unicast over virtual links. Open Shortest Path First OSPF Hello / Adjacency 48 224.0.0.5: OSPF AllSPFRouters address. It is used to send Hello packets to all OSPF routers on a network segment. 224.0.0.6: OSPF AllDRRouters address. In a multi-access network, the address is used for communication between routers and DR or BDR. 48

(!/7%(7! 49 # In a multi-access network, flooding of Link-State Advertisements (LSAs) can be observed: Many unnecessary LSAs – If n is the number of routers on a multi-access network, there will be n(n-1)/2 adjacencies. Each router will flood n-1 LSAs for its adjacent neighbors and one LSA to the network. Resulting in LSAs originating from the network. Routers would in turn flood LSAs to each other, creating many copies of the same LSA on the same network. DR/BDR mechanism resolves the above issues. DR has the following duties: To represent the multi-access network and its attached routers to the reset of OSPF area. To manage the flooding process on the multi-access network. BDR assumes the DR role if the DR fails. Open Shortest Path First OSPF Hello / Adjacency Multi-Access Area ABC DE No DR/BDR Election N=5 5(5-1)/2=10 A BC DE ABC DE (DR)(BDR) All routers form adjacent not only with the DR but also with the BDR (DRother) DR/BDR Election 49

/7# DR and BDR election are based on: Router Priority – 8-bit unsigned integer from 0 to 255 (highest) Router ID Open Shortest Path First OSPF Hello / Adjacency 50 DR / BDR will be elected based on the following rules: The router with highest priority value is the DR The router with the second highest priority value is the BDR In case of tie. The highest Router ID is DR and the second is BDR A router with priority 0 cannot be the DR or BDR A router that is not DR or BDR is a DRother If a router with higher priority enters the network, it does not preempt the DR or BDR. 50

51 4"6 After building neighbor relationship between two routers, they need to experience four stages to reach a full adjacency: Neighbor Discovery Bidirectional Communication Database Synchronization Full Adjacency Open Shortest Path First OSPF Hello / Adjacency

4"6 Neighbor Discovery Down –No Hello message from the neighbor in Last RouterDeadInterval. If a neighbor transits to the Down state from some highest state, the Link State Retransmission, Database Summary and Link state Request lists are cleared. Initial –The Router has seen a Hello message from a neighbor. Bidirectional communication Two-Way –––––– The Router can see its own Router-ID in the Neighbor field of the neighbor’s Hello packet. DR/BDR election (in the multi-access area) The Router receives Database Description (DD) packets from the neighbor in the initial state cases a transition to two-way. Database Synchronization ExStart –The master/slave relationship is negotiated and the adjacency between the OSPF routers begins to form. The initial DD sequence number is decided in this state. ExChange –The two OSPF routers identify their Master/Slave status and send Database Description packets describing its entire link- state database to neighbors. The router may also send Link State Request packet to ask for more recent LSAs. Loading –Link State Request packets are sent to neighbors asking for more recent LSAs that are discovered but not yet received. Full Adjacency Full –Neighbors in this state are full adjacent. Open Shortest Path First OSPF Hello / Adjacency 52 An OSPF Router transits a neighbor through several states before the neighbor is considered full adjacency. The four stages mentioned in previous slide can be separated into seven states. Down State Initial State Two-Way State ExStart State ExChange State Loading State Full State 52

o DD LSR Thanks for the information. (( *#$"* Open Shortest Path First OSPF Hello / Adjacency A Down State Initial State Router A neighbor List 172.16.5.2/24 in Port1 Two-Way State ExStart State E x c h a n g ExChange State e P r o t Loading State c o l Full State 172.16.6.1/24 Down State Initial State 172.16.5.2/24 Port 2 172.16.5.1/24 Port 1 I am router id 172.16.5.1, and I see no one 224.0.0.5 hello DD LSU I am router id 172.16.5.2, and I see 172.16.5.1 Unicast Packet In Two-Way state, all routers that have each other in their lists of neighbors have established bidirectional communication. If link type is a broadcast network (LAN), DR/BDR election. The DR forms the bidirectional adjectives between all other routers on the LAN link. Router A & B generate empty DD to each other for master/slave negotiation. I will start exchange (my router id 172.16.5.1) MS-bit is 1 (Master), DD Sequence number is XXX, M-bit is 1 (not last DD packet) I will start exchange (my router id 172.16.6.1) MS-bit is 1 (Master), DD Sequence number is YYY, M-bit is 1 (not last DD packet) You are Master. Here is a summary of my LSDB (LSA header) MS-bit-0 (Slave) DD Sequence number is YYY Here is a summary of my LSDB (LSA header) MS-bit is 1 (Master) DD Sequence number is YYY+1 DD Ack!! (with the same DD Sequence number) I need complete entry for network 172.16.6.0/24 Here is the entry for network 172.16.6.0/24 LSAck B Router B neighbor List 172.16.5.1/24 in Port2 Two-Way State ExStart State ExChange State Keep exchange DD packet till M-bit=0 Loading State Full State 53 This is the process flow chart of exchanging full routing information. Initially, two router A and B stay in Down state. After OSPF feature is enabled on both routers, they are moved to Initial state and send Hello packets to each other. Router A is moved to Two-Way state when receiving a Hello packets with its Router ID in it. In Two-Way state, all routers which each other in the neighbor lists will establish bidirectional communication. If the link-type is a broadcast network (LAN), DR/BDR election mechanism will be launched. The DR forms the bidirectional adjacencies between all other routers on the LAN. Router A and B generate and send empty DD to each other for master/slave negotiation. If both routers receive empty DD packets, they will go to ExStart state. For example, Router B, with larger Router ID, will become the Master and lead router information exchange. Router A will accept and use Router B’s sequence number as the initial number. They will exchange summary of LSDB in the ExChange state. After checking the summary of LSDB from Router B, if Router A found some router information is not in its routing table, it will send Link state Request (LSR) to Router to request for the missing information. When Router B receives, it will send the Link State Update (LSU) and ask Router A to acknowledge. In the Loading state, the request LSR and LSU will be fully exchanged till both having identical router information. Lastly, it will move to Full state. * Empty DD is used for master/slave negotiation and Router ID is used to decide which side is leading the route information exchange. 53

5 ((%! Open Shortest Path First OSPF Hello / Adjacency AB DD Address Book Summarization 54 DD packet is a summary of LSDB. It is similar to the summary of address book which allows others to quickly know which route is missing. 54

55 Open Shortest Path First OSPF Hello / Adjacency ( *# A ExchangeProtocolExchangeProtocol Full State ExChange State Loading State Two-Way State ExStart State Down State Initial State Router A neighbor List 172.16.5.2/24 in Port1 Full State 172.16.6.1/24 Down State Initial State Router B neighbor List 172.16.5.1/24 in Port2 172.16.5.1/24 Port 1 hello DD 172.16.5.2/24 Port 2 hello Router A & B generate empty DD to each other for master/slave negotiation ExStart State ExChange State Keep exchange DD packet till M-bit=0 Loading State DD LSR DD LSU LSAck B Two-Way State ospf_adjacency_establishment.logospf_adjacency_establishment.pcap (ospf_adjacency_establishment.pcap.PCA) 55

4"( Problem: In the Link-State Routing Protocol, all routers must keep all routing information in the Link-State Database (LSDB). Memory Issue – In a large scale network, the size of the LSDB is large. CPU Issue – Dijkstra (SPF) calculation consumes time and can be very complex in a large network environment. Solution: Area reduces the impact on the CPU / Memory. Link-State routing protocols use a two layer area model Transit Area –––– Fast and efficient forwarding IP packets Interconnection with other OSPF area types – OSPF are 0 / backbone area – Summarize the topologies of each area to every other area Regular Area –––––– Regular areas are where the users and resources reside. Traffic between regular areas must cross a transit area Area numbers are not 0 / many area type Open Shortest Path First OSPF Areas A EFD C J Regular area G Area 1 H Area 2 I Area 3 Transit area / Backbone area External AS B Examples of Area ID 0 = 0.0.0.0 (reserved for Backbone) 275 = 0.0.1.19 275 100010011 00000001 00010011 1.19 56 OSPF uses areas to reduce LSA flooding impact because not all routers need to keep a copy of all route information. There are two types of areas in OSPF. One is the backbone area, also called area 0 or Transit area. The other area is the regular area which must attach to backbone area. 56

4")(( Open Shortest Path First OSPF Areas A hierarchical design Smaller link-state database size Reduction on link-state update (LSU) overhead Detailed LSA flooding at the area boundary An identical link-state database shared among routers in an area 57

% ( *4"( 58 A router can exist as more than one router type. A router has separate LSDB for each area to which it connects. Four types of roles in OSPF and each is responsible for different router filter and route transmission Internal Router – Router’s Interfaces are all in the same area Backbone Router –Routers have at least one interface connected to area 0 ABR (Area Border Router) – Router’s interface connects to one or more areas to the backbone and acts as a gateway for inter-area traffic ASBR (Autonomous System Boundary Router) – Routers have at least one interface attached to another autonomous It is a gateway for external traffic, injecting routes into the OSPF area. – It separates LSA flooding zone. –––– It becomes the primary point for area address summarization. It functions regularly as the source of default routers –It maintains the LSDB for each area which it is involved. Open Shortest Path First OSPF Areas C J D G Area 1 E H Area 2 F I Area 3 ASBR / Backbone Router Backbone area A External AS B Backbone / Internal Router ABR Internal Router 58

Virtual links must be configured between two ABRs. The area through which the virtual link is configured must have full routing information. The transit area cannot be a stub area. Virtual link should be a temporary solution because it will increase network complexity and difficult to troubleshoot. Open Shortest Path First OSPF Areas Virtual Links is a link to the backbone through a non-backbone area Purposes of Virtual Links ABR 1 2 To connect two parts of a partitioned backbone through a non-backbone area To link an area to backbone through a non-backbone area Virtual Link Area 0 Area 1 Area 2Area 3 Area 2 Area 1 Area 0 ABR Virtual Link 59 In some special network environment, a regular area cannot attach to the backbone area directly. The feature of Virtual Link enables a logical link to backbone area and does not violate the rule. 59

Link State TypeDescriptions 1Router LSA 2Network LSA 3 or 4Summary LSA 5AS external LSA 6Group Membership LSA 7NSSA External LSA 8External attributes LSA for Border Gateway Protocol (BGP) 9, 10 or 11Opaque LSAs (! Open Shortest Path First OSPF LSA Types Each router in the Autonomous System originates one or more Link-State Advertisements which are stored in the Link-State Database. The area topology view in an AS can be derived from all the LSAs. Link State ID 60 Different types of OSPF routers generate different route information (LSA). There are 11 types of LSAs and each type of LSA is for different purpose. 60

61 1. 2. 3. 4. Router’s link Interface The state and outgoing cost of each link Any known OSPF neighbors on the link Open Shortest Path First OSPF LSA Types % -& Who: Every router Scope: Flood only within a defined Router area LSA List: Type = 1 Router LSA Router ID Type = 1 Router LSA Router ID 61

Open Shortest Path First OSPF LSA Types % 0&2 Who: DR Router Scope: flooded on every multi-access network LSA List: All attached routers, including DR itself Note: There is no metric field in the Network LSA. (The cost from the pseudo node represented by the LSA to any attached router is always 0) Router ID: 192.168.100.30 Router ID: 192.168.100.20 192.168. 0.1 DR Router ID: 192.168.100.10 Attached Router = 192.168.100.30 Attached Router = 192.168.100.20 Attached Router = 192.168.100.10 Type = 2 192.168.0.1 Subnet = 255.255.255.0 Attached Router = 192.168.100.30 Attached Router = 192.168.100.20 Attached Router = 192.168.100.10 Type = 2 192.168.0.1 Subnet = 255.255.255.0 62

ABR Internal Router (What destinations the ABR can reach) Backbone (What destinations in ABR’s attached area) LSA List: Destination Summary Note: ABR only originate a single Network Summary for each destination even if they knows there are multiple routers to destination (lower cost) When a router receives Summary LSA, it just simply adds the cost of route to the ABR without running SPF algorithm Open Shortest Path First OSPF LSA Types % 8& Who: Area Border Router (ABR) Scope: 192.168.10.0/24172.17.5.0/24 ABR Area 0Area 172.17.5.0 Type = 3 172.17.5.0 Subnet = 255.255.255.0 Metric = 120 Type = 3 192.168.10.0 Subnet = 255.255.255.0 Metric = 60 63 ABRs generate summary LSAs. They are sent for the following purpose 1.to advertise the destinations outside that area 2.to advertise the destinations within its connected areas into the backbone 3.to advertise a default route 63

% 9&7 Who: ABR Scope: Flood only into a single area LSA List: The destination is an ASBR, subnet mask is zero; thus it is the host address of an ASBR. Note: ASBR Summary LSA will always be a host address because it is a route to a router. 64 Open Shortest Path First OSPF LSA Types Type = 4 192.168.10.1 Subnet = 0.0.0.0 Metric = 64 ABR 192.168.10.0/24 ASBR Router ID = 192.168.10.1 172.17.5.0/24 Area 172.17.5.0 64

% :&((!#$ Who: Autonomous System Boundary Router ASBR Scope: Flood throughout the autonomous system LSA List: Destination external to the OSPF antonymous system and a default route 65 Open Shortest Path First OSPF LSA Types Type = 5 192.168.10.0 Subnet = 255.255.255.0 Metric = 10 Forwarding Address = 192.168.20.254 192.168.10.0/24 ASBR Router ID = 192.168.10.1 OSPF Autonomous System 192.168.20.254 65

% ;< Type 6: Group Membership LSA It is and multicast extension used for OSPF known as multicast OSPF (MOSPF) Type 7: NSSA External LSA It is an LSA type used in Not-So-Stubby-Areas (NSSAs) and it only floods within the not-so-stubby-areas. Who: ASBRs within not-so-stubby areas (NSSAs) Scope: Flood only within not-so-stubby areas LSA List: AS External LSA Type 8: External Attributes LSA It is used to internetwork OSPF and BGP. transporting BGP information across an OSPF domain. Type 9: Opaque LSA Its information is used for application-specific purpose. The information field can be used directly by OSPF or indirectly by other applications to distribute information throughout the OSPF domain. 66 Open Shortest Path First OSPF LSA Types 66

4"5 In an autonomous system, AS External LSAs are flooded throughout the OSPF autonomous system but not in a Stub Area. A default route is used in a Stub Area for AS external destinations. Problem: External LSAs may occupy a large percentage of LSAs in the database of every router. Not every router needs to know about all the external destinations. Solution: A Stub Area It does not receive AS External LSAs (Type 5 LSA) and ASBR Summary LSA (Type 4). ABRs use Network Summary LSAs (Type 3) to advertise a single default route (destination 0.0.0.0) into the area. Open Shortest Path First OSPF Special Area 67 In the real world practice, most of the route information are injected from outside the AS. In the area, not all devices need to know or keep all routes information in their database. Therefore, OSPF has defined some special areas for blocking unnecessary routes injecting into those areas. There are three types of special areas: Stub Area Totally Stub Area Not-So-Stubby Area 67

4"5 There are several restrictions and issues All routers in a Stub Area must be configured as a stub router and have an identical LSDB to form adjacencies. A virtual link is not allowed in a Stub Area. No ASBR in the Stub Area If there are more than one ABR in a Stub Area and default routes are generated from all ABRs, the internal routers in the Stub Area do not know which one is the best to reach the external destination. Open Shortest Path First OSPF Special Area ABR ASBR Area 1 AS External LSAs Stub Area Area 2 68

4"55 Open Shortest Path First OSPF Special Area No Type 3 (ASR Summary LSA) except for a single type 3 LSA to advertise the default route No Type 4 (ASBR Summary LSA) No Type 5 (AS External LSA) In a Totally Stubby Area, the routes outside an area in an autonomous are blocked. A default route is used to reach all destinations outside the area no matter where the destination is in the autonomous system or not. 69

4" 2552! In a network environment where the characteristics of stub area are required but the area attaches to other routing domain, NSSA is the solution. It breaks stub area rules and allows external routes to enter the OSPF autonomous system. An ASBR in the NSSA originates Type 7 LSAs (NSSA External LSA) to advertise the external destinations. The NSSA External LSA is flooded to other areas in the AS with a flag P-bit in its header set to1 after this type 7 LSA is translated into type 5 Open Shortest Path First OSPF Special Area Area 0 Type 5 Area 2 Not-So-Stubby Area RIP ABR Type 7 ASBR Type 7 70 Not-So-Stubby Area is a special area which is the transit area connecting to external AS and backbone area. 70

Link State TypesType 1 & 2Type 3Type 4Type 5Type 7 Backbone areaYes No Non-backbone, non-stub areaYes No StubYes No Totally StubbyYesNo Not-So StubbyYes NoYes 4"% ( Open Shortest Path First OSPF Special Area This table shows the types of LSAs allowed in different areas. 71

Area 1Area 3 R4 #$% &4" 72 Area 2 (Stub Area) Virtual link Redistribution P10 (100.1.1.1/24) P23 (3.1.1.1/24) P9 (3.1.1.2/24) (NSSA Area) P10 (4.1.1.1/24) P9 (4.1.1.2/24) Backbone Area 0 P9 (77.1.1.1/24) P10 (99.1.1.1/24) R1 P22 (1.1.1.1/24) P9 (1.1.1.2/24) (Normal Area) P10 (2.1.1.1/24) R2 P9 (2.1.1.2/24) R3R5 P1 (100.1.1.2/24) R6 External AS(RIP) RIP(101.1.1.1/24) RIP(102.1.1.1/24) Open Shortest Path First Switch Configuration 72

)*=75>-/ ?8;$$! L3 Switch Configuration VLAN and IP Interface Settings config command_prompt Area0 config vlan default delete 22-23 config ipif System ipaddress 77.1.1.1/24 create vlan area1 tag 2 config vlan area1 add tagged 22 create ipif area1 1.1.1.1/24 area1 create vlan area3 tag 3 config vlan area3 add tagged 23 create ipif area3 3.1.1.1/24 area3 OSPF Settings config ospf router_id 1.1.1.1 config ospf ipif System area 0.0.0.0 state enable config ospf ipif area1 area 0.0.0.0 state enable config ospf ipif area3 area 0.0.0.0 state enable enable ospf 73 Open Shortest Path First Switch Configuration 73

)*=2-0/ ?8;$$! L3 Switch Configuration VLAN and IP Interface Settings config command_prompt Area1 config vlan default delete 9-11 create vlan area0 tag 2 config vlan area0 add tagged 9 create ipif area0 1.1.1.2/24 area0 create vlan area2 tag 3 config vlan area2 add tagged 10 create ipif area2 2.1.1.1/24 area2 OSPF Settings config ospf router_id 2.2.2.2 config ospf ipif area0 area 0.0.0.0 state enable create ospf area 0.0.0.1 type normal config ospf ipif area2 area 0.0.0.1 state enable create ospf virtual_link 0.0.0.1 3.3.3.3 hello_interval 10 dead_interval 40 authentication none enable ospf 74 Open Shortest Path First Switch Configuration 74

)*=508/ #8@$$! L3 Switch Configuration VLAN and IP Interface Settings config command_prompt Area2 config vlan default delete 9-11 create vlan area1 tag 3 config vlan area1 add tagged 9 create ipif area1 2.1.1.2/24 area1 create vlan area2 tag 2 config vlan area2 add untagged 10 create ipif area2 99.1.1.1/24 area2 OSPF Settings config ospf router_id 3.3.3.3 create ospf area 0.0.0.1 type normal config ospf ipif area1 area 0.0.0.1 state enable create ospf virtual_link 0.0.0.1 2.2.2.2 hello_interval 10 dead_interval 40 authentication none create ospf area 0.0.0.2 type stub config ospf ipif area2 area 0.0.0.2 state enable enable ospf 75 Open Shortest Path First Switch Configuration 75

)*=289/ ?8;$$! L3 Switch Configuration VLAN and IP Interface Settings config command_prompt Area3_1 config vlan default delete 9-11 create vlan area0 tag 3 config vlan area0 add tagged 9 create ipif area0 3.1.1.2/24 area0 create vlan area3 tag 2 config vlan area3 add tagged 10 create ipif area3 4.1.1.1/24 area3 OSPF Settings config ospf router_id 4.4.4.4 config ospf ipif area0 area 0.0.0.0 state enable create ospf area 0.0.0.3 type nssa translate enable config ospf ipif area3 area 0.0.0.3 state enable enable ospf 76 Open Shortest Path First Switch Configuration 76

)*=28:/ #8@$$! L3 Switch Configuration VLAN and IP Interface Settings config command_prompt Area3_2 config vlan default delete 9-11 create vlan area3 tag 2 config vlan area3 add tagged 9 create vlan rip tag 3 config vlan rip add tagged 10 OSPF Settings create ipif area3 4.1.1.2/24 area3 config ospf router_id 5.5.5.5 create ospf area 0.0.0.3 type nssa translate enable enable ospf RIP Settings create ipif rip 100.1.1.1/24 rip enable rip config rip ipif rip tx_mode v2_only rx_mode v1_or_v2 state enable create route redistribute dst ospf src rip create route redistribute dst rip src ospf all create route redistribute dst ospf src local mettype 2 metric 20 77 Open Shortest Path First Switch Configuration 77

)*= #$;/ #8@$$! L3 Switch Configuration VLAN and IP Interface Settings config command_prompt External_AS config vlan default delete 1-3 create vlan rip1 tag 3 config vlan rip1 add tagged 1 create vlan rip2 tag 4 config vlan rip2 add tagged 2 create vlan rip3 tag 5 config vlan rip3 add tagged 3 RIP Settings create ipif rip1 100.1.1.2/24 rip1 create ipif rip2 101.1.1.1/24 rip2 create ipif rip3 102.1.1.1/24 rip3 enable rip config rip all tx_mode v2_only rx_mode v1_or_v2 state enable 78 Open Shortest Path First Switch Configuration 78

79 Switch Module 10 Multicast in D-Link Switching Environment

'-> '( # Internet Group Multicast Protocol (IGMP v1, 2 & 3) IGMP Snooping IGMP Fast Leave IGMP Snooping Multicast VLAN Per-Port Multicast Stream Control Protocol Independent Multicast 80

'(** 4 Three methods of traffic transmission: Unicast (multiple copies, multiple receivers) –––– An application sends two copies of traffic to two clients Dedicate bandwidth for every traffic session Multicast (single copy, multiple receivers) –––– The client device decides whether or not to listen to the multicast address An efficient solution for traffic transmission Broadcast (single copy, all receivers) –––– An application sends only one copy of each packet using a broadcast address Each host device must process the broadcast data frame Multicast in D-Link Switching Environment Internet Group Multicast Protocol B CBCCBC AAAA Multicast Server Unicast x 2 Multicast Server Multicast x 1 Multicast Client-1 Multicast Client-2 Multicast Client-1 Multicast Client-2 Unicast Multicast 81 If a multicast server wants to deliver duplicated traffic to a number of client, there are several ways to transmit the traffic. Unicast – It wastes bandwidth and it is not efficient. For example, the server needs to generate duplicated unicast traffic to each client. Multicast – It is the best solution for sending duplicated traffic to a group of clients. The server just needs to generate one copy of traffic for a group of clients. Broadcast – Broadcast packet will deliver to all clients and is regardless of the clients’ requirements. 81

( A(( *'( Advantages Multicast applications send a data stream in stead of multiple ones; thus the network resource is efficiently utilized. Disadvantages Multicast utilizes User Datagram Protocol (UDP) as the transport layer protocol. UDP is not a connection-oriented protocol and thus it lacks of reliability like TCP does. The way how UDP delivers network traffic may cause packet losses. This might impact some delay or packet loss sensitive applications like VoIP. Multicast in D-Link Switching Environment Internet Group Multicast Protocol 82 Multicast has many advantages such as enhanced traffic efficiency, reduced bandwidth wastage and optimized network performance. However, it also has some drawbacks. Multicast adopts User Datagram Protocol (UDP) to transfer packets and does not ensure all packets are delivered successfully. 82

'( IP multicast relies on the concept of a virtual group address called Multicast IP address. L2 Switch’s behavior to handle multicast frame A multicast frame is treated as a unknown unicast or broadcast frames. Hence, the multicast will be flooded to all ports within a VLAN. Problem When a client joins a specific group, it will cause all multicast traffic to be flooded to all ports within the VLAN. Every client has to process the data. Solution Set up a static multicast FDB for a specific port (eg. Limit destined multicast group by forwarding to port 1 & 2 only) Dynamic configuration with IGMP Snooping 83 Multicast in D-Link Switching Environment Internet Group Multicast Protocol Router L2 Switch Client-1 Client-2 Client-3 Receive CNN channel traffic even though they do not watch it. 83

'((( Class D1110Multicast ID 28 Bits Class D address rangegroup address or destination address of IP multicast traffic These address consists of – Binary 1110most significant bits (MSB) in the first octet – Remaining 28 bitsidentify the multicast group ID Multicast IP address range: 224.0.0.0 to 239.255.255.255 224.0.0.1 all multicast systems on a subnet 224.0.0.2 all multicast routers on a subnet First 4 bits Example: 224.1.1.10 11100000.00000001.00000001.00001010 28 bits Multicast in D-Link Switching Environment Internet Group Multicast Protocol Source: http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml 84 Multicast IP range belongs to class D (224.0.0.0 to 239.255.255.255). Each multicast IP address can map to a multicast MAC address. Multicast IP address consists of two segments. First four bits must be 1110 and the remaining 28 bits represent a specific multicast group ID. In the above example, multicast IP address 224.1.1.10 can map to multicast IP address 11100000.00000001.00000001.00001010. The first four bits 1110 is called MSB (most significant bits) The remaining 28 bits are used to identify the multicast group ID 84

DescriptionRange Local Network Control Block224.0.0.0 to 224.0.0.255 Global scope address224.0.1.0 to 238.255.255.255 Source Specific Multicast Block232.0.0.0 to 232.255.255.255 GLOP Block233.0.0.0 to 233.255.255.255 Administratively Scoped Block239.0.0.0 to 239.255.255.255 '((( Multicast in D-Link Switching Environment Internet Group Multicast Protocol Reserved Local Network Control Block (224.0.0.0 to 224.0.0.255) Internet Assigned Numbers Authority (IANA) reserved addresses for network protocols on a local network segment. Router do not forward packets in this address range (packet with a Time-to-Live (TTL) value of 1) 224.0.01 All Hosts 224.0.0.2 All Multicast Routers 224.0.0.3 All Distance Vector Multicast Routing Protocol (DVMRP) Routers 224.0.0.5 All Open Shortest Path First (OSPF) Routers 224.0.0.6 All OSPF Designated Router (DR) Routers Eg. OSPF uses the IP addresses 224.0.0.5 and 224.0.0.6 to exchange link-state information Eg. 224.0.0.1 identifies all-hosts group (if you send an ICMP echo request packet to this address, all multicast-capable hosts on the network will answer the packet). Global Scope Address (224.0.1.0 to 238.255.255.255) Companies use these addresses to multicast data between organizations and across the Internet. Eg. IANA reserves the IP address 224..0.1.1 for Network Time Protocol (NTP) 85 In the multicast IP address range 224.1.1.10 to 239.255.255.255, some multicast IP addresses are reserved. 85

'((( Source Specific Multicast Block (232.0.0.0 to 232.255.255.255) This is reserved for Source-Specific Multicast (SSM), the extension of Protocol Independent Multicast (PIM). In SSM, forwarding decisions are based on a group of two addresses, which is referred to as (S,G), where S is the IP address of source and G is the multicast group address. It can solve address allocation problems because the source address makes each channel unique. GLOP Block (233.0.0.0 to 233.255.255.255) RFC3180, “GLOP addressing in 233/8”, proposes that 233.0.0.0 to 233.255.255.255 address range. GLOP numbering sets the first octet of the address to 233, the next two octets to the registered Autonomous System value and the fourth octet is locally assigned. GLOP addresses are used by ISPs who want to provide multicast contents on the Internet. Administratively Scoped Block (239.0.0.0 to 239.255.255.255) RFC2635, “Administratively Scoped IP Multicast” to be constrained to a local group or organization. Companies, schools or organizations use these addresses to have local multicast applications where edge routers to the Internet do not forward multicast frames outside their intranet domains. Multicast in D-Link Switching Environment Internet Group Multicast Protocol 86 GLOP is not an acronym; it refers to the multicast addressing method for IPv4. 86

1110 224.1.1.10 '( ' )(( Multicast MAC address starts with 25-bit prefix 0x01-00-5E (Binary is 00000001.00000000.01011110.0xxxxxxx.xxxxxxxx.xxxxxxxx) with 25 th bit set to 0) All the IP multicast addresses have the first four bits set to 1110, the remaining 28 (32-4=28) least significant bits (LSB) must map into the 23 LSBs of the MAC address. The MAC address loses five bits of uniqueness in the IP to MAC address mapping process. This method for mapping a multicast IP address to a MAC address results in a 32:1 mapping. Each multicast MAC address represents a possible 32 distinct IP multicast addresses. 87 238.1.1.10 238.129.1.10 239.1.1.10 239.129.1.10 Multicast MAC Address 0x01-00-5E-01-01-02 00000001-00000000-01011110-0xxxxxxx-xx… 32 bits 28 bits Multicast IP Address : Multicast MAC Address : 01-00-5e-01-01-0a 25 bits 23 bits 28 bits – 23 bits = 5 bits lost Multicast Address Overlap 224.1.1.10 224.129.1.10 225.1.1.10 225.129.1.10 226.1.1.10 226.129.1.10 32 multicast IP addresses …… …… Multicast in D-Link Switching Environment Internet Group Multicast Protocol

Multicast Group Example Channel List CH 10 Movie Channel Group 1: 225.1.1.10 Movie Channel CH 11News ChanelGroup 2: 225.1.1.11 News Channel Current versions of IGMP IGMP version 1 (RFC1112) IGMP version 2 (RFC2236) IGMP version 3 (RFC3376) The IGMP manages multicast group memberships mainly based on How a client Join (Report) a group How a client Leave a group How a router Query clients ?% '?' ! Multicast in D-Link Switching Environment Internet Group Multicast Protocol Hosts use IGMP to dynamically register themselves to a multicast group on a particular subnet. Routers and switches keep listening to IGMP messages and periodically send out queries to discover which groups are active or inactive on a particular subnet or VLAN. TV to send Query Remote Control to send Join / Leave 88 IGMP is a control protocol which has three main messages as follows: Join (Report) message Leave message Query message Multicast group (eg. 225.1.1.10) is like a television channel number which you are watching in your daily life. Eg. News channel number is 11. The remote control is like a multicast client, it can join or leave a multicast group. If you want to watch movie channel, the remote control will send the join message to your television. If you want to switch TV channel from movie channel to news channel, the remote control will send the leave message to stop receiving movie channel traffic and it will send another join message to the television to receive news channel. The television is the router which sends query message to the remote control periodically to make sure that the clients will still want to continue receiving the same channel. 88

?% '(- Query Mechanism The Querier sends IGMP Query to all clients (224.0.0.1) periodically (60 seconds) and Time to Live (TTL) value of packet is equal to 1. There is no querier election mechanism. The designated router (DR) is elected by multicast routing protocol, such as PIM. Join Mechanism When receiving an IGMP query message, clients will respond with IGMP Join Report for the group it is interested. When a host wants to join a multicast group, it sends out a multicast membership report to the router. Report Suppression Mechanism. If a client receives a given group report (eg. 225.1.1.10) from other members, it will keep quiet and will not send the same report to ask for multicast traffic. The benefit is to reduce bandwidth over the local subnet. Leave Mechanism Clients leave multicast group quietly without sending notification to the multicast router. The multicast route stops forwarding traffic after client response timeout (no client in a group) Client-1Client-2Client-3 A Join Report Multicast Server B Join Report DR Query TTL=1, 224.0.0.1 Join Report Group 1: 225.1.1.10 Movie Channel Group 2: 225.1.1.11 News Channel Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 1 89

?'(- B Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 1 60sec. Multicast Server Query TTL=1, 224.0.0.1 Multicast Client 90

?'(-% Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 1 Multicast Server Report 234.1.1.10 Multicast Client 91

2)(%( Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 1 3 mins. Routers stop forwarding multicast stream Once the router receives a report from the client, the counter will be refreshed to 3:00 and start to count down. 92

?% '(0 IGMPv2 solves the limitation (no leave mechanism) of IGMPv1 RFC 2236 Backward compatible with IGMPv1 Addition two features Queries Election Mechanism Leave Group Message – Host sends leave message if it leaves the group and is the last member. – It reduces leave latency compared to IGMPv1. 93 Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 2 93

?% '(0 Query Mechanism Query is sent with multicast IP address (224.0.0.1) and have an IP TTL equal to 1. Query interval is 60 to 120 seconds (default is 60 seconds). Query Election Mechanism resolves multiple queries on single multicast subnet. IGMPv1 does not have this mechanism. –––––––– Step 1: Initially, IGMPv2 routers regard themselves as queriers and send an IGMP general query message. Step 2: When an IGMP router receives a query message with lower source IP than itself, it will become the non-querier. Step 3: The IGMP routers with lowest IP address will be elected as the Querier. After election process, all non-querier routers start a timer, known as “other querier present timer”. If a router receives a query before the timer expires, it will reset the timer. Otherwise, it assumes the querier fails and re-initiates an election process. Group Specific Query is aimed at a specific group to query. Join Mechanism A client can send the join packet any time and does not wait to receive a query message in order to reduce join latency. It is the same as IGMPv1, asynchronous Join. Suppresses mechanism. Only one member per group responds with a report to a query. AB Non-QuerierQuerier 192.168.0.1 Querier 192.168.0.2 Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 2 Querier Election 94 IGMPv2 adds some features including Query Election Mechanism, Group Specific Query and Leave Mechanism. 94

?% '(0 Leave Mechanism Leave Group Mechanism – Step 1: A client sends the Leave message to all routers (224.0.0.2) on local subnet. – Step 2: When receiving the “Leave message”, the querier feedbacks a number of group-specific queries to the associated group. This is to confirm if there are any other clients who wish to receive traffic for the group. – Step 3: One of the remaining members of the group will response a join report within the maximum response time (Query-Interval Response Time) set in the query message. – Step 4: If the querier receives join message sent by a client, it will keep sending traffic into the subnet. Otherwise, the querier will assume no client is interested in the group and stop forwarding traffic to the group. Benefits of Group Specific Queries – Quickly find out if any members are left in the group – Router does not need to ask all groups for a report – Shorten the traffic flooding time The difference between Group Specific Query and General Query – General Query – Multicast to “All-Hosts” (224.0.0.1) address – Group Specific Query for Group “G” – Multicast to Group “G” multicast address Leave A Querier Group Specific Query Max. Response Time: 10 seconds 225.1.1.10 Client-2 Group: 225.1.1.11 Group: 225.1.1.10 Client-3 Report Client-1 Group: 225.1.1.10 Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 2 95 Group Specific query can help to reduce the bandwidth consumption. For example, in IGMPv1, a client leaves quietly without sending any notice to a Querier. This will cause continuous multicast query traffic in the segment until timeout. Group Specific Query is efficient in resolving such issue and can shorten the flooding time. In IGMPv2, when a Querier receives leave message from a client, it will feedback with Group Specific Query for specific multicast group. The router will stop flooding traffic into the segment when it does not receive any clients’ Join responses after repeating the query for three times. Group Specific Query uses multicast group IP address as the destination address. 95

?'(0 B 96 Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 2 Multicast Server Query TTL=1, 224.0.0.1 Multicast Client 96

?'(0' (( Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 2 Multicast Server Leave 234.1.1.10 Multicast Client 97

?'(0 ?% * B( Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 2 Multicast Server Group-Specific Query TTL=1, 234.0.0.1 Multicast Client 98

Client-1 BE ?% '(8 RFC 3376 Enhance host control capability using Source Filter Mode (include/exclude Source Lists) Group and source-specific queries – General query – multicast to “All-Hosts” (224.0.0.1) address and does not carry group address and source address. – Group specific query – multicast to the Group “G” multicast address and carries a group address and no source address. – Group and source specific query – multicast to the Group “G” multicast address and carry a group address and one or more source addresses. 99 For all hosts to receive/reject a designated multicast group from one or a set of multicast servers. Group 1: 225.1.1.10 Movie Channel A D Multicast Server-1 IP address: 192.168.0.10 Client-2 Group 2: 225.1.1.10 News Channel C F Multicast Server-2 Packets (S2,G) IP address: 192.168.0.11 Example: If client-2 only wants to see movie channel (HBO), it just needs to include Server-1 into its report. Enhance query and report capabilities Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 99

?% '(8 Report containing Multiple Group Records Unlike IGMPv1 and IGMPv2 report message (report to target multicast group), IGMPv3 report message is designated to 224.0.0.22 and contains one or more group records. Each group entry contains a multicast group address and an uncertain number of source addresses. All IGMPv3 routers listen to 224.0.0.22 address in order to receive and maintain IGMP membership state for every member on the subnet. (IGMPv1/v2 router only main group state on a subnet basis. No Report Suppression (IGMPv1 and IGMPv2 have) because every host has to report a specific multicast address list for the group. Group record types Current-state record (include/exclude): the current-state record reports the current reception state of the interface. Filter-mode-change record (include/exclude): indicates that the interface filter mode has changed from Include to Exclude or from Exclude to Include for the specific multicast address list. Source-List-Change record (include/exclude): indicates that new source addresses are allowed or old source addresses are blocked Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 V3 Report (224.0.0.22) Group 224.1.1.10 Exclude: “192.168.1.1” V3 Report (224.0.0.22) Group 224.1.1.10 Include: “192.168.1.1” Specified Multicast Address List 100 There are six types of IGMP Join Report Include current-state record Exclude current-state record Include filter-mode-change record Exclude filter-mode-change record Include Source-list-change record Exclude Source-list-change record 100

?'(8 C Report 1 – Client 1 sends a report to join all sources of the multicast group 224.1.1.10 Report 2 (Joining only specific Source/Include) – Client 1 sends a report to join only the source multicast group 224.1.1.10 except the group from the source (192.168.1.1) Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 AB C Client-1 Report Multicast Server-1 Source IP: 192.168.0.1/24 Multicast Group: 224.1.1.10 Multicast Server-2 Source IP: 192.168.1.1/24 Multicast Group: 224.1.1.10 Multicast traffic From Server-1 Multicast traffic From Server-2 V3 Report (224.0.0.22) Group 224.1.1.10 Report -1 Exclude: “null” (any source) V3 Report (224.0.0.22) Group 224.1.1.10 Report-2 Include: 192.168.0.1 (only from source 192.168.0.1) V3 Report (224.0.0.22) Group 224.1.1.10 Report-3 Exclude: 192.168.1.1 (any source, except source 192.168.1.1) 101 IGMPv3 allows Client-1 to use different types of report to join the multicast group. In the example, the client can send Report-1 to join group 224.1.1.10 with exclude list equal to “null”. This means that Client-1 can receive the multicast stream from any source. 101

?'(8 ' No Report Suppression mechanism. The router multicast periodic membership queries to “All-Hosts” (224.0.0.1) group address. All hosts respond by sending back an IGMPv3 membership report that contains their specific multicast address list for the interface. Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 AB C Client-1 Report Multicast Server-1 Source IP: 192.168.0.1/24 Multicast Group: 224.1.1.10 Multicast Server-2 Source IP: 192.168.1.1/24 Multicast Group: 224.1.1.10 Query Report V3 Report (224.0.0.22) Group 224.1.1.10 Report -1 Exclude: “null” V3 Report (224.0.0.22) Group 224.1.1.10 Report-3 Exclude: 192.168.1.1 Report Query 224.0.0.1 Client-2 102 IGMPv3 does not support Suppress mechanism but IGMPv1 and IGMPv2 support. This is because different users may receive the multicast stream from different multicast sources. As mentioned in the previous slide, all IGMPv3 routers listen to 224.0.0.22 address in order to receive and maintain IGMP membership state for every member on the subnet. 102

?'(8 B" Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 Type code = 0x11 (IGMP Query) Max Response Time – The maximum time in seconds that the switch will wait for reports from members Multicast Address – This field is identical to IGMPv2 version. 0.0.0.0 is for General Queries S flag – It indicates that the router is receiving message that is not processed. QRV (Querier Robustness Value) – It affects various timers and retries counts. Increasing this value provides more protocol robustness at the expense of latency. QQIC (Querier Query Interval) – This field indicates the Query Interval in use by the Querying router. (Same format as Maximum Response Time) Number of Sources – the number of Source Addresses in the Group-and-Source-Specific Query. 103

?'(8%" Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 Type code = 0x22 (IGMP Report) Number of Group Record – Number of Group Records in Report Group Record: Mode include Exclude and Include – which specifies which Sources to “include” or “exclude” Aux Data Len (Group Records) – indicates the size of Auxiliary Data area Number of Source (Group Records) – indicates the number of Sources in the list Multicast Address (Group Records) – the multicast group address of the joined group 104

?'(8% Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 Multicast Server Report 224.0.0.22 Multicast Client 105

?'(8 B 106 Multicast in D-Link Switching Environment Internet Group Multicast Protocol Version 3 Multicast Server Query TTL=1, 224.0.0.1 Multicast Client 106

CategoryFunctionIGMPv1IGMPv2IGMPv3 QueryPeriodically Query Yes 224.0.0.1 TTL=1 Interval = 60-120 (60) Yes Group-Specific QueryNoYes Group-and-Source Specific QueryNo Yes Query Election MechanismNoYes ReportReport SuppressionYes No Asynchronous ReportYes LeaveLeave NotificationNoYes Include / Exclude MechanismNo Yes )%(***?'(( Multicast in D-Link Switching Environment Internet Group Multicast Protocol IGMPv2 uses IGMPv1 membership report for backward-compatibility with IGMPv1 107

?'% Internet Group Management Protocol (IGMP) Snooping is a layer 2 function that enables a switch to learn multicast group membership while the IGMP messages pass through the switch. The switch will forward multicast traffic only to ports that request for it, based on IGMP queries and report messages that have been snooped. 108 Flooding to all ports Media Server Multicast Stream PCs Without Multicast Support Page is Animated Multicast Stream Media Server Multicast Stream PCs With IGMP Snooping Support Multicast Stream Multicast in D-Link Switching Environment IGMP Snooping Computers and network devices which want to receive multicast traffic need to inform nearby routers / switches that they will become members of a multicast group. IGMP is used to communicate this information. IGMP also periodically checks for members in the multicast group who are no longer active. IGMP snooping allows the switch to recognize IGMP queries and reports which are sent between layer 3 devices and an IGMP host. IGMP snooping must be enabled on the switch. The switch can open or close a port to a specific multicast group member based on the IGMP messages sent from the layer 3 device to the IGMP host or vice versa. The switch monitors IGMP messages and discontinues forwarding multicast packets when there are no hosts requesting for it. 108

Port No.Multicast GroupMulticast MAC 251, 10, 25239.1.1.1001005e010110 #$% & ?'% 109 1 PC-1 10 PC-2 Media Server L3 Switch IGMP Snooping FDB 25 L2 Switch IGMP Report / Query Multicast: 224.1.1.10 Page is Animated Switch (Processor) intercepts and examines contents between hosts and routers to determine where the traffic should forward. Users on VLAN-1 and VLAN-2 join the same multicast group, or switch to the same TV channel 2121 Multicast in D-Link Switching Environment IGMP Snooping L2 Switch Behavior L2 Switch uses forwarding table to switch packets. If packet’s destination MAC is not found in FDB, the switch engine will flood the packets to all ports. Step 1. The first join sent by PC-1 joins the group 224.1.1.10. (At this time, there are no entry associated with the L2 multicast MAC address = 224.1.1.10) Step 2. The switch will be aware of the IGMP report and populates the multicast FDB table with an entry of 0x01005e010110 equivalent of IP multicast address 224.1.1.10. (This entry is populated with the port associated with PC-1 and Server) Step 3. PC-2 sends IGMP Report to multicast group (224.1.1.10). Step 4. The switch will be aware of the IGMP report and add port 10 into the old entry of MAC 0x01005e010110. Step 5. This results is port 1, 10 and 25 are being associated with the multicast MAC address 0x01005e010110. 109

Multicast Client )**?'% 110 ISM Report VLAN ID 1 IP: 10.90.90.100 Non-Multicast Client IP: 10.90.90.101 When IGMP snooping is enabled, only the user who sends IGMP report will receive the multicast stream. Non-multicast client does not receive the multicast stream. Multicast Server Channel IP: 239.10.10.10 DGS-3627 DES-3528 26 DES-3528 Non-Multicast Client IP: 10.90.90.102 Multicast in D-Link Switching Environment IGMP Snooping 110

)**?'% DES-3528 Configuration enable igmp_snooping config igmp_snooping vlan default state enable config multicast vlan_filtering_mode vlan default filter_unregistered_groups DGS-3627 Configuration enable igmp_snooping config igmp_snooping all state enable config igmp all version 2 config igmp ipif System state enable 1. Enable Switch’s IGMP snooping feature 2. Enable IGMP snooping on specific VLAN 3. Avoid multicast stream to “non-multicast client” of the specified VLAN 4. 5. 6. 7. Enable Switch’s IGMP snooping feature Enable IGMP snooping on specific VLAN Configure switch to send IGMPv2 query Enable IGMP on specific IP Interface 111 Multicast in D-Link Switching Environment IGMP Snooping 111

* ?'% DES-3528 Configuration show igmp_snooping config igmp_snooping group DES-3528:5#show igmp_snooping Command: show igmp_snooping IGMP Snooping Global State : Enable VLAN Name Query Interval Max Response Time Robustness Value Last Member Query Interval Host Timeout Leave Timer Querier State Querier Router Behavior State Fast Leave Receive Query Count Send Query Count : default : 125 : 10 :2 :1 : 260 :2 : Disabled : Non-Querier : Enabled : Disabled :0 112 Multicast in D-Link Switching Environment IGMP Snooping 112

?'% Multicast in D-Link Switching Environment IGMP Snooping IGMP Query Packet IGMP Report IGMP Leave 113

?'" ( When IGMP Fast Leave is enabled, a port will be removed immediately upon receiving an IGMPv2 leave message and end stations will exit from the multicast session quickly to reduce superfluous network traffic. Fast Leave is an essential feature to shorten response time when switching channels for IPTV and IGMP. 114 Multicast in D-Link Switching Environment IGMP Fast Leave

?'" ( According to IGMPv2 standard implementation, IGMP client may request to leave a multicast group by sending a leave message. Without IGMP Fast Leave Issue: When IGMP snooping querier receives the leave message, it will send group specific query to clients. If there is no response after time out (default value is two seconds), that client will be taken out from the membership list. There will be some latency between the leave process. With IGMP Fast Leave Solution: With IGMP fast leave enabled, a port will be removed immediately when the IGMP v2 leave message is received. Thus end stations will exit quickly from a multicast session and reduce superfluous network traffic. Benefits of IGMP Fast Leave When implementing MOD service, users can receive TV-like broadcast. When they switch among the channels, with IGMP fast leave enabled, the bandwidth can be released more efficiently. 115 Multicast in D-Link Switching Environment IGMP Fast Leave 115

Port No.Multicast GroupMulticast MAC 1, 1010, 25239.1.1.1101005e010111 D" (" 116 Media Server 1 10 25 IGMP Report / Query Multicast: 224.1.1.10 PC-1 IGMP Report / Query PC-2 Multicast: 224.1.1.11 Symptom: Wastage of bandwidth and inefficiency. Client still receives multicast traffic till timeout after sending leave message to the switch L3 Switch IGMP Snooping FDB Switch (Processor) intercepts and sends back specific query to check whether there is any other users remaining in the group Users send the Leave message to change the multicast channel or stop multicast traffic 2121 L2 Switch After three times of group specific queries, the switch makes sure there is no other users in the same group and stops forwarding multicast streams. 3 Page is Animated Multicast in D-Link Switching Environment IGMP Fast Leave 116

Port No.Multicast GroupMulticast MAC 1, 1010, 25239.1.1.1101005e010111 D" (" 117 Media Server L3 Switch IGMP Snooping FDB L2 Switch 1 10 25 IGMP Report / Query Multicast: 224.1.1.10 PC-1 IGMP Report / Query PC-2 Multicast: 224.1.1.11 Users send the Leave message to change the multicast channel or stop multicast traffic 1 Switch (Processor) intercepts and stops forwarding multicast traffic to clients 2 Page is Animated Multicast in D-Link Switching Environment IGMP Fast Leave 117

?'" ((( Multicast in D-Link Switching Environment IGMP Fast Leave With IGMP Fast Leave enabled, the forwarding of Multicast traffic will be stopped immediately If IGMP Fast Leave disabled, Multicast client receives the multicast stream until query timeout. 118

#$% & ?'" ( 119 When IGMP Fast Leave is enabled on a switch, it stops the multicast stream immediately once it receives an IGMP Leave message from a Multicast client. Multicast Server DGS-3627 DES-3528 Multicast Client Leave Message Multicast Client IGMP Snooping Fast Leave enabled DES-3528 Multicast Client Multicast in D-Link Switching Environment IGMP Fast Leave 119

)**?'" ( Multicast in D-Link Switching Environment IGMP Fast Leave Enable IGMP snooping on a switch and a specific VLAN enable igmp_snooping config igmp_snooping vlan default state enable Avoid unregistering clients from receiving traffic and enable IGMP fast leave config multicast vlan_filtering_mode vlan default filter_unregistered_groups config igmp_snooping vlan default fast_leave enable 120

?'%'('!2 Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN D-Link ISM VLAN is designed to optimize network performance where multicast services are deployed in VLANs. It can prevent bandwidth wastage caused by multiple copies of identical multicast flows in the uplink ports. It can be done by snooping all the multicast messages received and the same multicast message will be sent to the uplink once. Only one multicast stream for each channel is received from the uplink 121 Cisco’s feature to address this multicast optimization demand is called Multicast VLAN Registration (MVR). D-Link’s ISM VLAN is the corresponding feature to Cisco MVR. 121

D2 122 L3 switch copies two identical multicast streams and sends them to VLAN-1 and VLAN-2 4 VLAN-1VLAN-2 L2 Switch PC-1PC-2 Symptom: Wastage of uplink bandwidth especially while many users are requesting identical multicast streams, such as the World Cup. Uplink is consumed by multiple users L3 Switch Users on VLAN-1 and VLAN-2 join the same multicast group, or switch to the same TV channel 1 L2 Switch sends Join messages to L3 switch with tagged VID 1 and VID 2 respectively 2 ' Media Server Media Server sends a multicast stream to L3 switch 3 Page is Animated Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN Multicast VLANs may exist in the switching environment. When a multicast query passes through the switch, the switch will forward separate copies of data to each VLAN, which will increase the data traffic and may clog the traffic path. In order to reduce the traffic load, ISM VLANs can be deployed. This feature allows the switch to forward one copy of the same multicast traffic to recipients of the multicast VLAN instead of multiple copies. Regardless of other VLANs that are deployed on the switch, users may add any ports to the multiple VLAN where they wish multicast traffic is to be sent. Once it is configured properly, the stream of multicast data will be relayed to the receiver ports timely and reliably. 122

D2 123 L3 Switch sends only one Multicast stream to ISM VLAN 100. L2 switch forwards the multicast stream from ISM VLAN to VLAN-1 and VLAN-2 4 3 Page is Animated VLAN-1VLAN-2 ' Media Server Media Server sends a multicast stream to L3 switch PC-1PC-2 D-Link ISM VLAN saves uplink bandwidth running multicast applications in MAN efficiently. L3 Switch L2 Switch sends Report / Leave 2 message to L3 switch with tagged VID 100 L2 Switch Create ISM VLAN 100 VID 100, with members for all ports. Users on VLAN-1 and VLAN-2 1 join the same multicast group, or switch to the same TV channel Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN It defines IGMP multicast traffic across different VLANs and responds only to join and leave messages from the multicast group configured with ISM. It is designed to mitigate the impact of broadcast / multicast floods and it can further prevent security breach, such as data sniffing. Without ISM VLAN, when users in different VLANs join a common multicast group, multiple copies of identical multicast flows in the uplink. It will cause packet duplication and lead to bandwidth congestion. When a ISM switch receives the IGMP Report message, ISM switch will forward VLAN ID and IP (optional) to IGMP router. 123

'(( Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN Client to Switch L2 Switch to Router (L3 Switch) Replaced VLAN/IP Address 124 ISM Mechanism ISM is used by application receiving multicast traffic across an Ethernet based service provider network. It allows a subscriber on a port to subscribe and unsubscribe to a multicast stream on the network-wide multicast VLAN. It operates on the underlying mechanism of the IGMP snooping function and requires IGMP snooping to be enabled. The CPU sets up a forwarding table once ISM is configured, the CPU then intercepts the IGMP messages and modifies the forwarding table to include or remove the receiver port as a receiver of the multicast stream. This selectively allows traffic to cross between different VLANs. With IGMP and ISM both enabled, ISM reacts only to join and leave messages from the multicast group configured under ISM. IGMP will react to all messages. 124

#$% &'2 When Multicast clients send IGMP report to join a channel, the L2 switch will replace client’s VLAN to ISM VLAN and IP address if configured. Multicast Server Channel IP: 239.10.10.10 DGS-3627 Multicast Client DES-3528 Multicast Client IP: 10.90.90.102 ISM VLAN ID: 101 IP: 192.168.101.5 26 DES-3528 IGMP Report VLAN ID 1 IP: 10.90.90.90.100 Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN Multicast Client IP: 10.90.90.101 IP: 10.90.90.100 125

)**'2 L2 Switch Configuration enable igmp_snooping multicast_vlan create igmp_snooping multicast_vlan vlan101 config igmp_snooping multicast_vlan101 state enable replace_source_ip 192.168.101.5 config igmp_snooping multicast_vlan101 add member_port 1-24 config igmp_snooping multicast_vlan101 add source_port 25-26 create igmp_snooping multicast_vlan_group _profile 1 config igmp_snooping multicast_vlan_group_profile 1 add 239.10.10.10 config igmp_snooping multicast_vlan_group vlan101 add profile_name 1 1. 2. 3. 4. 5. 6. 7. Enable Multicast VLAN Create ISM VLAN 101 Enable ISM VLAN & replace the client’s IP address with 192.168.101.5 Specify the ISM member ports Specify the ISM TV source port Add multicast IP address in the ISM VLAN Apply the profile to multicast VLAN 126 Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN 126

)**'2 L3 Switch Configuration VLAN Setting create vlan IPTV tag 101 config vlan IPTV add tagged 22 create vlan source tag 102 config vlan source add untagged 23 IGMP Setting enable igmp_snooping config igmp_snooping all state enable create ipif IPTV 192.168.101.1/24 IPTV config igmp ipif IPTV version 3 query_interval 15 max_response_time 10 robustness_variable 2 state enable create ipif source 192.168.102.1/24 source config igmp ipif source version 3 query_interval 15 max_response_time 10 robustness_variable 2 state enable PIM Setting enable pim config pim ipif IPTV state enable config pim ipif source state enable 127 Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN 127

*'2 )*0 DES-3528:5#show igmp_snooping multicast_vlan Command: show igmp_snooping multicast_vlan ISM VLAN Global State : Enabled VLAN Name : vlan101 VID : 101 Member (Untagged) Ports : 1-24 Tagged Member Ports : Source Ports : 25-26 Untagged Source Ports : Status : Enabled Replace Source IP : 192.168.101.5 Remap Priority : None DES-3528:5#show igmp_snooping vlan vlan101 Commang: show igmp_snooping vlan vlan101 IGMP Snooping Global State : Disable Data Driven Learning Max Entries : 128 VLAN Name : vlan101 Query Interval : 125 Max Response Time : 10 Robustness Value :2 Last Member Query Interval :1 Querier State : Disable Querier Role : Non-Querier Querier IP : 0.0.0.0 Querier Expiry IP : 0 secs State : Disable Fast Leave : Disable Report Suppression : Enable Rate Limit : No Limitation Version :3 Data Driven Learning State : Enable Data Driven Learning Aged Out : Disable Data Driven Group Expiry Time : 260 128 Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN 128

*'2 )* DES-3528:5#show igmp_snooping multicast_vlan_group Command: show igmp_snooping multicast_vlan_group VLAN Name ----------------- vlan101 VLAN ID ------------- 101 Multicast Group Profile -------------------------------- 1 DES-3528:5#show igmp_snooping multicast_vlan_group_profile Command: show igmp_snooping multicast_vlan_group_profile Profile Name ------------------- 1 Multicast Addresses ------------------------------ 239.10.10.10 Multicast in D-Link Switching Environment IGMP Snooping Multicast VLAN Total Entries: 1 129

'() 130 Subscriber 4 Service 3 Subscriber 3 Service 2 Subscriber 2 Service 1 Subscriber 1 Service 1 Service 1: 239.10.10.1~239.10.10.20 Service 2: 239.10.10.1~239.10.10.50 Service 3: 239.10.10.1~239.10.10.100 20 channels: $10/month 50 channels: $20/month 100 channels: $30/month Once the MOD service goes live, it is important to ensure that only “paid” subscribers receive the services. For example, if channel 1-20 are free channels and channel 21 onwards are for paid subscribers only. There should be some security controls even if there are IGMP join messages for channel 21 onwards from the unpaid ports. These join messages should not be forwarded out. D-Link provides a feature to assign limited multicast addresses per port so that ISP can use this feature as a security control to pre-configure channels for each subscriber on port level. This is to prevent unauthorized multicast join to join. Multicast Channels Multicast in D-Link Switching Environment Per-Port Multicast Stream Control The IP Multicast Profile setting window allows the user to add a profile where multicast address(es) reports are received on specified switch ports. This function will therefore limit the number of reports received and the number of multicast groups configured on the Switch. The user may set an IP multicast address or a range of IP multicast addresses to accept reports (Permit) or deny reports (Deny) coming from the specified switch ports. 130

#$% &'() When per-port Multicast Stream Control is enabled, it allows the administrator to permit or deny access to a port or a range of ports by specifying a range of multicast addresses. Multicast Server DGS-3627 1 6 DES-3528 20 DES-3528 Profile 1: 239.10.10.1~239.10.10.20 Profile 2: 239.10.10.1~239.10.10.100 Paid channels Unpaid channels Multicast in D-Link Switching Environment Per-Port Multicast Stream Control Paid Subscriber Unpaid Subscriber Unpaid Channels Paid Subscriber Paid Channels 131

)**'( ) L2 Switch Configuration IGMP Snooping Settings enable igmp_snooping config igmp_snooping vlan default state enable config multicast vlan_filtering_mode vlan default filter_unregistered_groups config igmp_snooping vlan default fast_leave enable Per-Port Multicast Stream Control Settings create mcast_filter_profile profile_id 1 profile_name Channel_range1 create mcast_filter_profile profile_id 2 profile_name Channel_range2 config mcast_filter_profile profile_id 1 add 239.10.10.1-239.10.10.20 config mcast_filter_profile profile_id 2 add 239.10.10.1-239.10.10.100 config limited_multicast_addr ports 1 add profile_id 1 access permit config limited_multicast_addr ports 8 add proile_id 12 access permit 132 Multicast in D-Link Switching Environment Per-Port Multicast Stream Control 132

%'('! Protocol Independent Multicast (PIM) PIM makes multicast forwarding decision based on the information supplied by unicast routing protocols, such as OSPF, RIP. When a multicast packet arrives on an interface of router, it will be forwarded to destination or receiver following the path or multicast distribution tree. PIM has two variants: Dense-Mode – Uses “Push” Model – Assume that at least one multicast group client on each subnet of the network – Step 1: Routers flood multicast traffic throughout all the network – Step 2: Routers prune back when it has no client interested in the multicast – Flood and prune behavior (typically every three minutes) Sparse-Mode Multicast in D-Link Switching Environment Protocol Independent Multicast – Uses “Pull” Model – Assume that no receivers are interested in multicast traffic unless a client requests for it. – Uses a Rendezvous Point (RP) – sender and receiver “rendezvous” at this point to learn each other. – Senders are “registered” with RP by first-hop router. – Receivers are “joined” to the Shared Tee (root is RP) by their local designated router. 133 With the development of network infrastructure, there is frequent use of multicast applications. PIM is a multicast routing protocol which is widely deployed for IPTV service delivery. PIM has two modes in light of forwarding mechanism. Different modes are applied in different network environment. Dense-Mode Sparse-Mode 133

(""! Unicast Routing Where is the packet going (destination) Multicast Router Where does the packet come from (source) Multicast Routing uses Reverse Path Forwarding (RPF) to check the incoming multicast packets Reverse Path Forwarding (RPF) The check mechanism to determine whether router should forward or drop packets according to the interface of the incoming packet. RPF is a key point in multicast forwarding. It prevents forwarding loop issue. Source Destination How to reach the destination? Multicast Routing Source Destination Unicast Routing Where does the packet come from? Multicast in D-Link Switching Environment Protocol Independent Multicast 134 Before inspecting PIM, we need to understand how general routing protocol sends packets to the correct destinations. Multicast routing focuses on where the packets come from and which backward path to the source correct is. Multicast routing uses RPF check mechanism to achieve the goal. 134

" )'( Step 1: Take out the source IP address of multicast packets and check unicast routing table to determine whether the packets are arrived on the correct interface. Step 2: If the packets have arrived on the interface leading back to the source, the RPF check is successful. The router will replicate and forward the packets to the outgoing interfaces. Step 3: If the RPF check fails, the router will drop the packet silently. 135 Multicast in D-Link Switching Environment Protocol Independent Multicast

Unicast Routing Table NetworkInterface 192.168.0.0/24S1 192.168.3.0/24S0 192.168.4.0/24E0 AB DFDF EGEG C RPF Check Multicast Server Multicast Stream: 224.1.1.10 IP: 192.168.0.10 Multicast Packet Src IP: 192.168.0.10 Router CRouter G S0 S1S2 E0 RPF Check Successful! Packet arrived on correct interface. Forward out all outgoing interfaces. Router only accepts multicast data from source 192.168.0.10 from interface S1. Router D Multicast in D-Link Switching Environment Protocol Independent Multicast " ) H 136 When multicast packets are flooded to the whole network, Router F decides which interface is correct and is allowed to receive multicast traffic. 136

Unicast Routing Table NetworkInterface 192.168.0.0/24S1 192.168.3.0/24S0 192.168.4.0/24E0 " )" AB CEGEG H 137 Multicast Server Multicast Stream: 224.1.1.10 IP: 192.168.0.10 Multicast Packet Src IP: 192.168.0.10 D RPF Check F Router CRouter G S0 S1S2 E0 RPF Check Fail! Packet arrived on the wrong interface. The switch discards the packet. Router only accepts multicast data from source 192.168.0.10 from interface S1. Router D Drop Multicast in D-Link Switching Environment Protocol Independent Multicast

%'( 1( ' 138 CD Multicast Client Prune Overrides Assert Mechanism AB Multicast Client Join Graft Message RPF Check EHG JIF Page is Animated Multicast Client RPF Check – Recalculation of RPF Interface when the unicast routing table changes Assert Message – Elect a designated forwarder on multi-access network Prune overrides on multi-access network Multicast Traffic Graft Message Prune Message Multicast Server Prune Message Multicast in D-Link Switching Environment Protocol Independent Multicast Initially, the multicast traffic will flood to the whole network. When routers receive the multicast traffic, they will perform RPF check to filter unnecessary redundant incoming traffic. Next, it will send the prune message to uplink router if no user wants to receive the multicast stream. On the other hand, if a client under a router (eg. Router G) wants to receive the multicast traffic, the router will send Graft message to uplink router. Some networks will cause duplicated traffic into the multi-access area. For example, Router E delivers traffic to both Router A and B which are connected in the same multi-access area. It will cause Router A and B to inject duplicated multicast traffic into the same segment and cause bandwidth wastage. Dense- Mode uses Assert mechanism to resolve this issue. In another example, Router H transmits multicast stream into the segment attaching to Router C and D. Only one router (Router D) has multicast stream requirement. The Join message sent by Router D may be overwritten by the prune message sent from Router C when there is no user under Router C. Network administrators need to pay attention to avoid such issue. 138

139 %'( 1( ' Application: small-size network with densely distributed multicast members Use Flood and Prune model When a router receives a multicast packet, it executes RPF check mechanism. Graft mechanism – to request / resume multicast traffic Step 1: The router sends a graft message to upstream router towards the source Step 2: When upstream router receives a graft message from its interface, it puts the interface into forwarding state and response with a graft-ack message to the graft sender. Step 3: After sending a graft message, the router will wait for the router to send graft-ack. Otherwise, it will continue sending graft messages until it receivs it. Pruning Message – send to upstream only with the following conditions Traffic arrives on a non-RPF A leaf router without any receivers (no member join the group) A non-leaf router receives a prune message from all of its neighbors. Use a Source-Distribution Tree to forward multicast data Multicast forwarding path is a source tree (shortest path tree, SPT). A multicast source as its “root” and multicast group members as its “leaves” 139 (leaf) Multicast Server (Root) Prune Message Graft Message Multicast Clients Group: 225.1.1.10 Multicast in D-Link Switching Environment Protocol Independent Multicast

'' "A PIM-DM Initial Flooding PIM-DM initially floods multicast out “ALL” non RPF interfaces – PIM-DM neighbor – A directly connected member of the group PIM-DM Flooding Step 1: The multicast server (source) floods multicast group traffic throughout the entire network. Step 2: When each router receives the multicast traffic via its RPF interface, it creates an (S,G) entry and forwards traffic to all its PIM-DM neighbors. Step 3: Traffic arriving via a non-RPF interface will be corrected by the normal PIM-DM pruning mechanism. Step 4: Prunes are sent on the RPF interface when the router has no downstream multicast group members. Result: Multicast traffic is pruned off from all links except those which are necessary. The Shortest Path Tree (SPT) is built from the Source to the Receiver. Note: – Even though the flow of multicast traffic is no longer reaching most of the routers in the network, (S,G) state still remains in all routers. This (S,G) state will remain until the source stops transmitting. – In PIM-DM, Prune expires after three minutes. This causes the multicast traffic to be re-flood to all routers. 140 Multicast in D-Link Switching Environment Protocol Independent Multicast Multicast Packet Prune Message Multicast Group Member Group: 225.1.1.10 RPF Check 1 Multicast Server 23 (S,G) is created in the multicast routing table and the path from the multicast source to receive clients using the shortest path tree S is the IP address of the multicast source. G is the multicast group address 140

141 ''(('( Problem – After Router A and B receive an (S,G) packet from the upstream router, they will forward the packet to the local subnet. The client will receives two identical multicast packets from Router A and B. Solution – Both Router A and B send assert message to all PIM routers (224.0.0.13) through the interface where the packet was received. This is to shutoff duplicate flows into the multicast- access area. Forward Election – An assert message contains the multicast source address (S), multicast group address (G), administration distance and metric to the source. Routers compare these values to determine who has the best path (lowest cost) to the source. Step 1: Compare distance value Step 2: Compare metric value the higher distance wins the smaller metric wins 141 Multicast in D-Link Switching Environment Protocol Independent Multicast B E0 A E0 S0 Step 3: If metric and distance are equal, the highest IP address wins Result: The losing router will prune its interface and the winning router will continue to forward multicast traffic onto the LAN segment. Incoming Multicast Packets (Successful RPF Check) PIM Assert (distance, metric) Multicast Traffic Assert Message

''((51 D"( Normal Pruning Assert Mechanism Step 1: During the process of Asset mechanism, two routers exchange routing metric to determine which one has the best route to the source. Step 2: The Winning Router continues to forward traffic and Assert Loser prunes its interface and starts its prune timer. When the Assert Winner Fails The Losing Router does not know that the Winning Router has failed and wait for three minutes before sending time out to its pruned interface. There will be loss of traffic for three minutes (worst case) Multicast in D-Link Switching Environment Protocol Independent Multicast Multicast Traffic Assert Message AB CD F Loser E Winner Multi-Access Area 142 Traffic flow is cut off until prune times out on Assert Loser

4( Step 1: Router A learns its two downstream neighbors via Hello messages. Step 2: Router B sends Prune message. (No group member) Step 3: When Router A receives message, it does not prune its interface immediately. It sets a three-second timer. Step 4: Router C also receives prune message. It sees the Prune is for the group but it will continue to receive. Step 5: Router C sends the Join message to Router A. Result: Router C overrides the Prune message sent by Router B. For Client-1, there is no traffic interruption as long as Router A receives a Join message before the three-second timeout. 143 Multicast in D-Link Switching Environment Protocol Independent Multicast A CB Multi-Access Area Multicast Traffic (192.168.0.10 / 225.1.1.1) Prune Message (192.168.0.10 / 225.1.1.1) With 224.0.0.13 A CB Multi-Access Area Multicast Traffic (192.168.0.10 / 225.1.1.1) Join (192.168.0.10 / 225.1.1.1)

''% PIM-DM together with “flood-and-prune” mechanism can sometimes result in serious multicast route loops. Under stead-state conditions, traffic flows from the source via RPF interface. Multicast in D-Link Switching Environment Protocol Independent Multicast RPF Interface ABC Routers perform Asset process and one interface on one router is in the prune state Multicast Traffic S1 144 Multiple routers provide redundancy S0

''% When the first-hop router fails Multicast in D-Link Switching Environment Protocol Independent Multicast RPF Interface ABC Step 1: Assume that interface S0 of Router C fails Step 2: The unicast routing of Router A converges first and PIM computes the new RPF interface Step 3: Router B has not converged (forward multicast traffic using the old RPF interface Result: A multicast route loop appears until Router B finally converges and the correct new RPF is calculated. Note: If the router needs some bandwidth to complete this convergence (as in the case when EIGRP is active), this condition will never be resolved. Router A converges first S0 Multicast Traffic S1 145

%'( 1%( ' 146 A 192.168.0.2 B 192.168.0.1 C GF DE Multicast Client Multicast Server RPP Election PIM-Register Switchover mechanism Neighbor Discover Hello Message Designated Router (DR) The highest IP Address Rendezvous Point (RP) Election Rendezvous Points Bootstrap Router (BSR) Mechanism Static RP PIM-SIM Register / Join RPF Check Shared Tree Switchover Mechanism Shortest Path Tree Page is Animated Multicast Traffic PIM Register (S,G) Join Multicast in D-Link Switching Environment Protocol Independent Multicast PIM Sparse mode uses pull mode which only waits for multicast stream users to request for the multicast traffic. The routers do not flood the traffic to the entire network actively. This is the main difference compared to the Dense Mode. Routers running PIM-SM use Hello message to detect its neighbors. In a multi- access network, it must perform the Designated Router (DR) election in the segment. Rendezvous Point (RP) election is necessary in the entire network and RP can be generated automatically or set manually. RP is the meeting place where a server registers messages and clients join messages. Different multicast channels may have different RPs. After registering to RP, the multicast traffic will flow down from the Server to RP and finally to end users. In the diagram in the slide, from Router E to end user is called Shared Tree. Sometimes, Shared Tree is not the shortest path tree. Therefore, Router can uses the switchover feature to change the shared tree to be the shortest path tree. 146

147 %'( 1%( ' Application: Group members are sparsely distributed throughout the network RFC 2362 Support both source and shared trees PULL Model Assumption – No host want multicast traffic unless they specifically ask for it – Group members are sparsely distributed throughput the network (Flooding will consume network bandwidth) – Bandwidth is limited Use a Rendezvous Point (RP) to coordinate forwarding from senders to receivers When a sender wants to send data, it uses first multicast packet to register with the RP When a receiver wants to receive data, it registers with the RP Senders are “registered” with RP by their first-hop router Receivers are “joined” to the Shared Tree (rooted at the RP) by their local Designated Router (DR) in a multi-access network PIM-SM protocols begin with an empty distribution tree and add branches only as the result of explicit requests to join the distribution. SPT Switchover Shared tree mode can be switched to a source tree mode to have an optimal route to the source 147 Multicast in D-Link Switching Environment Protocol Independent Multicast

148 '' 25( PIM Neighbor Discover – Hello message Discover neighbor – PIMv2 routers sent Hello message periodically (eg. 30 seconds). Multicast to “All-PIM-Routers” (224.0.0.13) Designated Router election over a multi-access network Designated Router (DR) For multi-access network, a DR must be elected Functions of DR in PIM-SM – For multicast source – DR helps to send register message to RP – For multicast client – DR sends join message to RP Functions of DR in PIM-DM – PIM-DM does not require a DR – Exception: IGMPv1 in PIM-DM domain. DR must be elected as the IGMPv1 Querier on multi-access network 148 Multicast in D-Link Switching Environment Protocol Independent Multicast

(# Designated Router (DR) Election Step 1: Each PIM node over the multi-access network examines Hello messages from its neighbors Step 2: PIM Neighbor with the highest IP Address is elected as the DR Step 3: The DR election mechanism runs again when PIM node does not received PIM Hello message from the elected DR for a period of time. PIM Hello A PIM Hello B PIM Router 2 192.168.0.10 149 PIM Router 1 192.168.0.11 DR (highest IP address) PIM Hello Multicast in D-Link Switching Environment Protocol Independent Multicast

150 ' 25( 150 Multicast in D-Link Switching Environment Protocol Independent Multicast

' 0,( Rendezvous Point (RP) RP is an important concept in PIM-SM. Small-size and simple network topology – One RP is enough to cover all multicast information / traffic handling Large scale network environment – Need more RPs to share the loading and optimize the topological structure of the RPT(RP-rooted shared tree) Static RP Suitable for small-size network topology It must be configured on every router and all routers need to point to the same RP address Bootstrap Router (BSR) Mechanism Suitable for large scale network environment network topology Multicast in D-Link Switching Environment Protocol Independent Multicast 151 RP can be configured manually. It is called static RP. It is suitable for small scale network environment. Dynamic RP uses some election mechanism to find the mapping relationship between multicast channel and RP. BSR is a method to elect RP. 151

152 (7(%7!'( Candidate BSR (C-BSR) A network can contain one or more routers served as Candidate BSR. BSR will be elected from these Candidate BSR. Bootstrap Router (BSR) The BSR is elected from a collection of Candidate BSRs. If the current BSR fails, an BSR election is triggered to avoid service interruption. Bootstrap router collects all Candidate RPs (C-RPs) announcements and save them into a database (RP-set) and periodically sends the RP-set out to all other routers in the network. 152 BSR C-RP C-BSR C-RP C-BSR with highest priority C-BSR Multicast in D-Link Switching Environment Protocol Independent Multicast

153 ' 0 7(% Bootstrap Router Election Mechanism The C-BSR with the highest priority is elected as the BSR. The highest IP address of C-BSRs is used as a tie-breaker. If a new C-BSR with a higher priority joins the network, it triggers a new election. Candidate RP (C-RP) Send C-RP announcement directly to the BSR via unicast periodically (60 seconds) C-RP learns the BSR’s IP address via periodic BSR message Multicast to All-PIM-Routers (224.0.0.13) with TTL=1 BSR message (multicast) RP-Set consists of all C-RP announcements IP-Holdtime = 3 * IP Address of BSR (Allow C-RPs to know where to send their announcements) Candidate RP’s message (unicast) Group Range (eg. 224.0.0.0/4 All multicast group) C-RP address Holdtime = 3 * 153 2. 226.0.0.0/24 (226.0.0.1-226.0.0.255) RP2 1. 227.0.0.0/24 (227.0.0.1-227.0.0.255) 2. 228.0.0.0/24 (228.0.0.1-228.0.0.255) C-RP message example RP1 1. 225.0.0.0/24 (225.0.0.1-225.0.0.255) Multicast in D-Link Switching Environment Protocol Independent Multicast

154 7(% Client-1 192.168.40.100 E 192.168.40.1 Step 1: All candidate BSRs join the BSR election process by sending a PIM BSR message containing BSR priority to all interfaces. BSR message will be flooded throughout the entire network. Step 2: At the end of “BSR-Election-Interval”, the highest priority C-BSR is elected as active Bootstrap Router. Step 3: C-RPs learn IP of BSR from BSR message and unicast their C-RP Announcement message directly to the BSR. Step 4: The active BSR stores all incoming C-RP Announcements in its Group-to RP mapping (RP-Set) and floods the entire list of C-RP hop by hop. Step 5: Each router updates its RP-set table and elects the RP for particular group range using hash algorithm. Result: Every router in the network knows where is the RP to register. 192.168.60.2 BSR Message BSR Message C-RP Advertisement 192.168.60.1 C-BSR/C-RP C-RP Advertisement 192.168.10.2 Packet 2 BSR Message 192.168.50.1 192.168.10.1 192.168.90.2 192.168.30.1 D B 192.168.50.2 Multicast Server 192.168.70.100 192.168.70.1 C-BSR/C-RP 192.168.30.2 Page is Animated Multicast in D-Link Switching Environment Protocol Independent Multicast

155 7(% ' ((A )( 155 Bootstrap Message C-RP Message Packet 1 – BSR Message Packet 2 – C-RP Advertisement Multicast in D-Link Switching Environment Protocol Independent Multicast

156 Multicast constructs separate multicast trees for every multicast source. Routers forward packets from a particular source to a client. (eg.192.168.0.10/225.1.1.10) – Create by receiving (S,G) join – Remove by receiving (S,G) prune or interface expire timer counters down to 0 (*,G) Entry = (*, Group) used for Shared-Tree. Many multicast trees can share a single router within the network. The root of the tree is the rendezvous point and DRs are leaves of the tree. (eg. */225.1.1.10) – Step 1: When a client joins a multicast group G, it uses an IGMP message to inform the directly connected DR. – Step 2: After that, DR sends a join message to the RP corresponding to the multicast group G. – Step 3: The routers along the path from the DR to RP form an RPT tree. Each router on this branch generates a (*,g) entry in its forwarding table. “*” means any multicast sources. 156 Multicast in D-Link Switching Environment Protocol Independent Multicast ' In PIM-SM, the multicast traffic “forwarding” state are contained in the mroute table. Mroute table are composed of (*,G) and (S,G). (S,G) Entry = (Source, Group) used for Source-Tree.

Multicast in D-Link Switching Environment Protocol Independent Multicast ' Client-1 Multicast Server RP DR Source Tree Example Client-1 Multicast Server RP DR Shared Tree Example Traffic Flow Shared Tree Source Tree 157

158 ''!( PIM-SM Source Registration Step 1: When R2 receives the first packet to multicast group G from the multicast source, it encapsulates the multicast data from the source in a Register message and unicast to RP. When the RP receives the Register message Step 2: It de-encapsulates the multicast data packet inside the Register message and forward it to the Shared Tree. Step 3: The RP sends an (S,G) Join back to the source to create a branch of an (S.G) Shortest-Path Tree. This result in (S,G) state being created in all the routers along the SPT, including the RP. Step 4: SPT is built from Source router to RP. Multicast traffic begins to flow down. Step 5: RP sends a “Register Stop” to R2 (source’s first hop router) to inform that it can stop sending the unicast Register message. Result: Multicast traffic from source is flowing down the SPT to the RP and them down to the Shared Tree to the receiver. 158 Client-1 R2 R3 R1 RP (S,G) state creates only along the Source Tree Multicast Server Multicast Group: 225.1.1.10 (S,G) entry Page is Animated Multicast in D-Link Switching Environment Protocol Independent Multicast Traffic Flow Shared Tree Source Tree (S,G) Register (S,G) Join Unicast

159 '' C1 Step 1: R1 (DR) receives Client-1 IGMP Report. Step 2: There is no existing (*,G) state for Group “G” and R1 will create it. Step 3: R1 forwards PIM (*,G) Join towards PIM neighbor to R2 (RP) hop by hop. Step 4: R2 creates (*,G) state and the path from the DR to RP form an RPT tree. If R2 is not the RP, this behavior will continue Step 2 to 4 until back to RP. Result: Group “G” traffic can flow down the Shared Tree to the receiver. 159 Multicast Server 192.168.20.100 Client-1 192.168.60.100 192.168.20.1 192.168.10.1 Group: 225.1.1.10 192.168.30.1 192.168.30.2192.168.10.2 IGMP ReportPIM Join R1/DR 192.168.40.2 192.168.60.2 R2/RP 192.168.40.1 Group: 225.1.1.10 Shared Tree (*,G) Join Multicast in D-Link Switching Environment Protocol Independent Multicast

'' C1 Router-1 Client-1 160 Multicast in D-Link Switching Environment Protocol Independent Multicast

'' C1 Router-1 Client-1 161 Multicast in D-Link Switching Environment Protocol Independent Multicast

''1 Step 1: When R1 receives Client-1’s IGMP Leave and finds that Client-1 is the last host for the group. Step 2: R1 moves the outgoing interface to Client-1 and sends (*,G) prune to the shared tree towards RP (R2) 162 Multicast in D-Link Switching Environment Protocol Independent Multicast Multicast Server 192.168.20.100 192.168.60.100 192.168.20.1 192.168.10.1 Group: 225.1.1.10 192.168.30.1 192.168.30.2 R2/RP 192.168.10.2 R1/DR IGMP Leave 192.168.60.2 PIM Prune 192.168.40.2192.168.40.1 Group: 225.1.1.10 Client-1 Shared Tree (*,G) Prune

163 ''(! It can reduce network latency because SPT tree is the most optimal path. The last hop has capability to switch to the shortest-path tree and bypass the RP if the traffic rate exceed the threshold. Step 1: The last-hop router sends an (S,G) Join to first hop router and create (S,G) with the new part of SPT (R1,R3,R2). Step 2: All routers in the path have installed the (S,G) entries which means Shortest Path Tree is built and multicast traffic begins to flow along SPT. Step 3: (S,G) RP-bit Prune messages are sent to prune off the redundant (S,G) traffic from RP (Shared Tree). Step 4: RP no longer needs the flow of (S,G) and sends (S,G) prune back to the source to shutoff the flow of unnecessary (S,G) traffic to the RP. Result: After switching over (RPT to SPT), (S,G) traffic is now forwarded from the source to the receiver. 163 Client-1 Multicast Server The first hop The last hop R2 R3 R1 RP Last-hop router joins the Source Tree Traffic Flow Shared Tree RP-bit Prune Source Tree (S,G) Join (S,G) Prune Page is Animated Multicast in D-Link Switching Environment Protocol Independent Multicast

''(! When “SPT-Threshold” is configured as “immediately”, all sources are immediately switched to the Shortest Path Tree. The last-hop router sends an (S,G) join message towards the source as soon as the first packet arrives via (*,G) shared tree. When “SPT-Threshold” is configured as “never” (specified for a group), the sources will not be switched to Shortest Path Tree. Exceed the threshold When the Group’s SPT-Threshold exceeds in a last-hop router, the next packet for the group will cause an (S,G) join message to be sent and travelled hop-by-hop to the first-hop router to create another branch of the SPT. Last-hop router joins the Source Tree Multicast Server RP The first hop The last hop Traffic Flow Shared Tree Source Tree (S,G) Join Client-1 D-Link switches support “Never” or “Immediately” for “SPT-Threshold” 164 Multicast in D-Link Switching Environment Protocol Independent Multicast

165 Switch Module 11 Quality of Service (QoS)

B*B!4 Purpose Provide guaranteed services for a given Ethernet / IP packet Support various types of applications and specific business requirements. Traditional Packet Forwarding Best-effort policy without any quality assurance and guarantee for delivery delay, jitter, packet loss ratio New Emerging Application Video-on-Demand (VOD), VoIP, Video Conferencing Congestion Issues Network congestion is a key factor to degrade the service quality of a network Increase the delay and jitter of packet transmission and packet retransmission Solution Increase the bandwidth of network Quality of Service Overview Bottleneck 1G 100M Bottleneck 1G Bottleneck 1G + 1G = 2G LACP 166 The reason for implementing QoS is to ensure packets can arrive at the destination in time without packet loss due to heavy network traffic. Switches, with traditional packet forwarding, use best-effort mechanism to transfer data. This means that switches will try their best to forward packets according to their capability without assurance. Nowadays, end users use a lot of network applications, such as BT, VoIP, IPTV, Mail, etc. Some of these applications require more reliability, robustness, efficiency for packet forwarding. Therefore, QoS is required to ensure packets are forwarded to the destination under senders'expectation. The design of a network is also a key factor for network performance. In some cases, network congestion issue is due to improper design. For example, there are three Gigabit incoming connections to a router, however, there is only one outgoing path (1G bandwidth) connecting out of the router. Another example, delay sensitive applications are influenced by other applications. This congestion will result in loss of voice packet and voice communication is interrupted. 166

B'( Best Effort Connection without any guarantee Use first in, first out (FIFO) queue Integrated Services(IntServ) Hard QoS / Flow-based (Per-flow policy) Absolute reservation of resources IntServ is implemented through the use of Resource Reservation Protocol (RSVP). It is enabled at both endpoints and the network between them. Differentiated Services(DiffServ) Soft QoS / Class-based (Per-class policy) Provide multiple levels of services that satisfy different QoS requirements It reassigns bits in the Type of Service (ToS) field of an IP packet header Use L2 Class of Service (CoS) and L3 Differentiated Service Code Points (DSCP) as the QoS priority descriptor value. It supports seven levels for Layer 2 and 64 levels for Layer 3 classification. Quality of Service Overview 167 There are three types of models to implement QoS in the network. Best Effort – Devices use best-effort mechanism to transmit data. Integrated Services – It is also called Hard QoS. It guarantees the predictable network behavior for applications that require consistent and dedicated bandwidth for acceptable quality. IntServ model reserves enough bandwidth for these applications. Once the bandwidth is reserved, no other traffic can use that bandwidth. IntServ guarantees bandwidth, delay and packet-loss rates from end-to-end. It is flow-based and uses RSVP protocol which needs to be enable at both endpoints between the network devices. Differentiated Services – The differentiated services architecture provides different QoS levels to various services. In this architecture, each packet carries information (DS byte) used by each hop to provide a particular forwarding criteria. The DiffServ services define the standard layout of the DS byte to assign specific forwarding criteria, called per-hop behavior, to a certain number of patterns of the DS byte. 167

@>0E-% 3()(( *F)! Quality of Service Overview OffsetTTLProtoFCSIP SAIP DADataIDLen ToS Byte Version Length 4B Tag 6B SA 6B DA 2B L/T 4B FCS 46 to 1500B Data SADAL/TFCSData 6B 2B4B46 to 1500B Normal L2 Frame Three bits used for CoS (User Priority) L3 IPv4 Packet Add QoS L2 802.1Q Frame IP Precedence or DSCP (1 byte) IP Precedence: Three Most Significant Bits (MSBs) of ToS DSCP: Six MSBs of ToS 168 At Data Link Layer (L2), 802.1q tag field is used for QoS value assignment. At Network Layer (L3), ToS byte is used for QoS value assignment. There are two variations: IP Precedence (three bits for QoS level) DSCP (six bits for QoS level) 168

"(** ' Traffic Classification Switches or routers classify incoming packets by examining the QoS field contents. Differentiated service is based on traffic classification. Bandwidth Control Traffic Policing (Re-Phrase) – There is a counter to track the traffic flow through a switch or router. Restrictions will be given when the defined threshold exceeds. Traffic Shaping (Re-Phrase) – Traffic is limited by the desired rate limited. It can prevent excessive bursts and produce a steady flow of data. Congestion Control Congestion Management – The congestion management mechanism determines the packet sequence based on the priority value when network congestion occurs. Congestion Avoidance Quality of Service Overview – The switch / router achieves congestion avoidance by dropping packet using complex algorithm. If the congestion becomes worse, the policy will drop packets actively to resolve the overloading of the network. 169 When packets enter into a switch or a router, it will classify the priority of incoming packets first. Traffic classification is the basis of QoS. Implementing QoS mechanism with different ways can bring two major benefits. Bandwidth Control Traffic Policing and Traffic Shaping features belong to this category. These two mechanisms can help to decide whether to drop or forward packet or shape the bandwidth based on restriction set manually. Congestion Control Congestion Management and Congestion Avoidance provide solutions for congestion issue and reduce packet retransmission. 169

TT ** )(( *7) % Quality of Service Overview Egress PacketIngress Packet B T The system will put Tokens into the Bucket at a defined rate (eg. 10 bytes token per second) Token Drop! TT Marking 3 Buffer Traffic Shaping The traffic will be placed into a buffer or queue. When there are enough tokens in the Token Bucket, these stored packets will be sent out. Traffic Policing Give a punishment to excessive packets 2 1 Traffic Classification L3 IP Precedence / DSCP L2 CoS DSCP Value: 56 Higher priority DSCP Value: 48 Medium priority DSCP Value: 32 Low priority 170 Step 1. When a packet enters the switch, the switch will classify the packet according to the priority settings of incoming packet. Step 2. The switch uses token bucket mechanism to accomplish bandwidth control (Traffic Policing). The switch generates and put tokens into the token bucket at a defined rate. The volume of token bucket is limited. The excessive tokens spill from the bucket. The packets which pass through the switch will attach and consume tokens before forwarding them. If the token bucket is empty, the packets without attached tokens will be restricted by actions set manually (drop, allow or priority replacement). 170

)() )()(' Quality of Service Overview Egress Packet Sending Queue 2 Ingress Packet B 3 1 Traffic Classification L3 IP Precedence / DSCP L2 CoS DSCP Value: 56 Higher priority DSCP Value: 48 Medium priority DSCP Value: 32 Low priority Queue 1 Queue 2 Queue N Queue N-1 Drop! Congestion Avoidance Tail-Drop Random Early Detection (RED) WRED Congestion Management FIFO (First In, First Out) queuing (Best Effort) PQ (Priority Queuing) WFQ (Weighted Fair Queuing) 1G100M Bottleneck Congestion Issue 171 Step 1. When a packet enters the switch, the switch will classify the packet according to the priority of incoming packet. Step 2. The switch treats different packets with different actions when using different queuing theories. For example, the FIFO queue means that when first packet comes in, first packet goes out without any QoS mechanism. Another mechanism, Priority Queue, is that the packets with higher priority are placed in the high priority queue and are sent out first. The number of supported queues and queue mechanism may vary depending on the switch capacity. Step 3. When all queues are full, the switch must drop the last packets which are sent to the switch. It may cause TCP retransmission issue. The way how packets are dropped depends on the Congestion Avoidance mechanism. The Congestion Avoidance mechanism influences TCP traffic retransmission because of packet drop. 171

Classification ** )(( * The first task classifies a frame or packet by specific priority or predetermined criteria. The switch / router can distribute incoming packets into different service classes by examining the frame, packet and segment headers. (Eg. Place into which queue or drop packet policy). For example, when a switch receives a packet with DSCP value of 46, the switch accepts the ingress DSCP of the frame and use the DSCP value of 46 for internal DSCP Quality of Service Traffic Classification / Marking Network Data Link Physical Transport Application 321321 4 6 Presentation 5 Session 7 DiffServ QoS 802.1p Cos DSCP: 16 / CoS:2 DSCP: 0 / CoS:0 DSCP: 36 / CoS:4 DSCP: 48 / CoS:6 OSI Model 172

R1R3 Port 1 Marking Quality of Service Traffic Classification / Marking ** ' Marking provides the way for QoS component to change QoS bits (DSCP, CoS or IP Precedence) on ingress frames. It will affect how the switch handles the packets internally after altering DSCP values. Mark as close to the ingress edge of the network as possible. For example. Marking the voice traffic with DSCP value 40 at the ingress point. Next, the switch will handle this packet internally with higher priority. L2 frame with CoS value, R1 maps incoming CoS value to the Precedence or DSCP fields. L3 packet with DSCP/IP Precedence value will be remarked if required. R2 Port 10 L2 Switch: Change CoS value of incoming packets L3 Switch: Change DSCP value of incoming packets and enforce policies such as queuing, congestion avoidance and policing based on the marked values. 173

@>0E-% 3()(( *F)! Quality of Service Traffic Classification / Marking DataFCSL/TSADA 46 to 1500B4B2B6B Normal Packet DataFCSL/TSADA 46 to 1500B4B2B6B Tagged Packet Tag 4B 2B TPID (Tag Protocol Identifier) 2B TCI (Tag Control Information) 12 bits VID 3 bits Priority 1 bit CFI TPID: Tag Protocol Identifier, 802.1Q TPID = 0x8100 CFI: Canonical Format Indicator, always set to zero for Ethernet VID: VLAN ID, 4096 VLAN used by 802.1Q for VLAN identification Layer 2 802.1Q frame headers have two bytes tag control information (TCI) field that carries the CoS value in the three-significant bits, which are called User Priority bits. Layer 2 CoS value ranges from 0 for low priority to 7 for high priority. Different types of traffic are assigned with different CoS value. 174 Implementing QoS in a Layer 2 environment will bring QoS information into the tag field of Layer 2 frame. Tag is a four-byte information with two segments (one for TPID and another for TCI) TCI field is divided into three sub-fields. QoS uses first three bits to indicate priority. 174

CoS PriorityTypical Application 111 (7)(Reserved for network use) 110 (6)(Reserved for network use) 101 (5)Voice Bearer 100 (4)Video Conferencing 011 (3)Call Signaling 010 (2)High Priority Data 001 (1)Medium Priority Data 000 (0)Best Effort Data @>0E-%)(( ( Quality of Service Traffic Classification / Marking There are eight priority classes / levels available from three bits. They are assigned as follows. High Priority Low 175 802.1p Priority – It ranges from binary 000 (0) for low priority to binary 111 (7) for high priority. This maps to the IP precedence values in the ToS field. 175

VersionIHLType of ServiceTotal Length IdentificationFlagFragment Offset Time to LiveProtocolHeader Checksum Source Address Destination Address Option + Padding Data Ethernet802.1Q CoS IP Header ToS (IP Precedence) / DSCP Payload Quality of Service Traffic Classification / Marking 8 311915830 All switches and routers in the Internet rely on the class information to provide the forwarding treatment to packets. Packets with the same class information will be given the same forwarding treatment while packets with different class information will be given different treatment. 176 For Layer 3 QoS, ToS in the IP packet header is used. 176

76543210 IP PrecedenceUnused DiffServ Code Point (DSCP)Flow Control 87 Version Length ToS Byte LenIDOffsetTTLProtocolFCSIP SAIP DAData Layer 3 IP precedence value – the IP version 4 specification defines the three most significant bits of the one-byte ToS field as IP precedence. IP precedence values range from priority 0 to priority 7. Other bits are unused. DiffServ Code Print (DSCP) The default DSCP value of a frame is 0. Layer 3 differentiated services code point (DSCP) values – IETF has defined the six most significant bits of the 1 bytes IP ToS field as the DSCP. DSCP ranges from 0 to 63. DSCP is backward-compatible with IP Precedence. Remaining two bits are used for flow control Quality of Service Traffic Classification / Marking Standard IPv4 DiffServ Extension IP Precedence 177 There are two ways to implement L3 QoS by adding parameters into ToS byte. IP Precedence –adopt three bits, so seven level priorities DSCP – adopt six bits, so 64 level priorities 177

Queue N (High Priority) Queue 5 Queue 4 Queue 3 Queue 2 Queue 1 Queue 0 (Low Priority) **(+ % "7 Differentiated Service (DS) Definition DS field replaces the header field (ToS) of the packet Six bits of the DS field are used for DSCP to select the Per-Hop Behavior (PHB) at each interface. Per-Hop Behavior (PHB) 178 Quality of Service Traffic Classification / Marking RFC2475 defines PHB on a DS (DiffServ-compliant) node to a DiffServ Behavior Aggregate (BA). According to DSCP value, collections of packets with the same DSCP setting are sent in a particular direction and can be grouped in a BA. Packets from multiple sources or applications can belong to the same BA. PHB refers to packet scheduling, queuing, policing or shaping behavior of a node on any given packet belonging to a BA. Router 7 6 7 7 1 7 5 2 6 Incoming Traffic 1 2 5 6 6 7 7 7 7 Outgoing Traffic 178

"5+7( Quality of Service Traffic Classification / Marking Default PHB The default PHB specifies that packets marked with DSCP value of 000000 receive the traditional best-effort service from a DS-compliant node. Class-Selector PHB To preserve backward-compatibility with any IP precedence scheme. DiffServ has defined a DSCP value in the form xxx000, where x is either 0 or 1. PHB retains most of the forwarding behavior as nodes that implement IP Precedence-based classification and forwarding – Eg. Packets with a DSCP value of 110000 shows IP Precedence-based value of 110. Assured Forwarding (AF) (RFC2597) AF PHB is nearly equivalent to Controlled Load Service available in the integrated services model. Define a method by which BAs(Behavior Aggregate) can be given different forwarding assurances. AF defines classes by using DSCP values. AF is important in understanding how to relate DSCP AF terminology to DSCP values. AF has four AF classes, AF1x to AF4x (most important) Within each class, there are three drop probabilities. Expedited Forwarding (EF) (RFC2598) EF PHB should be reserved for only the most critical applications. EF service appears to the endpoints as a point-to-point connection. Eg. VoIP traffic. 179 Assured Forwarding values are part of the Per Hop Behavior (PHB) used by routers. This value is used to determine the degree of reliability of a packet in the DiffServ domain. Expedited Forwarding PHB is typically for mission critical applications which require guarantee transmission without delay and jitter. 179

IP Precedence01234567 DSCP08162432404856 CoS01234567 DSCP08162432404856 )' % Quality of Service Traffic Classification / Marking Default CoS-to-DSCP Mapping Table Default IP Precedence-to-DSCP Mapping Table 180 D-Link switches can be configured to trust DSCP, IP Precedence or CoS values of ingress packets. When trusting CoS or IP Precedence, switches map an ingress packet’s to a value based on the mapping table of CoS-DSCP or IP Precedence-internal DSCP. 180

Class 1Class 2Class 3Class 4 Low Drop 001010 (DSCP 10) AF 11 0100010 (DSCP 18) AF 21 011010 (DSCP 26) AF 31 100010 (DSCP 34) AF 41 Medium Drop 001100 (DSCP 34) AF 12 010100 (DSCP 34) AF 22 011100 (DSCP 34) AF 32 100100 (DSCP 34) AF 42 High Drop001110 (DSCP 34) (AF 13) 010110 (DSCP 34) AF 23 011110 (DSCP 34) AF 33 100110 (DSCP 34) AF 43 **)) ! 181 Quality of Service Traffic Classification / Marking 01234567 DSCP + % 7 Currently Unused Expedited Forwarding (EF) / Assured Forwarding (AF) ClassDrop PrecedenceUnused 01234567 001 01 0 define the class drop probability always 0 DSCP Example: 001010 181

### @>0E-% (EB' % A switch has eight priority queues. These priority queues are numbered from 7 (class 7: highest priority queue) to 0 (class 0: lowest priority queue). Eight priority tags specified in IEEE 802.1p are mapped to the switch’s priority queues as follows: Priority 0 is assigned to the switch’s Q2 queue Priority 1 is assigned to the switch’s Q0 queue Priority 2 is assigned to the switch’s Q1 queue Priority 3 is assigned to the switch’s Q3 queue Priority 4 is assigned to the switch’s Q4 queue Priority 5 is assigned to the switch’s Q5 queue Priority 6 is assigned to the switch’s Q6 queue Priority 7 is assigned to the switch’s Q6 queue Quality of Service Switch Configuration DES-3528:5#show 802.1p user_priority Command: show 802.1p user_priority QOS Class of Traffic Priority-0 -> Priority-1 -> Priority-2 -> Priority-3 -> Priority-4 -> Priority-5 -> Priority-6 -> Priority-7 -> 182

#$% &@>0E-% ) Objective Client-1 is running VoIP application and needs higher QoS than other stations running regular applications. Procedures Configure VoIP connected ports with 1p=7. Based on the default “1p to queue mapping” and “schedule”, the incoming VoIP packet will mapped to class 6 and will have higher priority than other packets coming from other ports (1p=0 and mapped to class 2) on DES-3528-1 and DES-3528-2. 183 Quality of Service Switch Configuration Client-1 VoIP Client-2 HTTP Client-3 VoIP DES-3528-1 DES-3528-2 P16 P18 183

)**@>0E-% ) DES-3528-1 Configuration Change the port connection DES-3528-1 and DES-3528-2 from “untagged” to “tagged” so that 802.1p information can be carried across the switch. config vlan default delete 1-6 config vlan default add tagged 1-6 Change the default priority of port 18 (VoIP device is connected), from 0 to 7. config 802.1p default_priority 18 7 The “User Priority” and “Scheduling” are using the default value. DES-3528-2 Configuration Change the port connecting DES-3528-1 and DES-3528-2 from “untagged” to “tagged” so that 802.1p information can be carried across the switch. config vlan default delete 1-6 config vlan default add tagged 1-6 Change the default priority of port 16 (VoIP device is connected), from 0 to 7. config 802.1p default_priority 16 7 The “User Priority” and “Scheduling” are using the default value. 184 Quality of Service Switch Configuration 184

TT A Router / Switch takes a specific action (Policing) for the different specified traffic rate. The difference between Traffic Shaping and Traffic Policing is that Policing does not delay or buffer any traffic. When the traffic exceeds a specified rate, the action taken is usually “dropped”. Other actions, such as re-marking is also available. Quality of Service Traffic Policing and Shaping ** Traffic Policing Time Without Traffic Policy Traffic Policing usually uses the leaky token bucket algorithm to achieve limiting traffic. Comparing with the bandwidth control feature (only exact for UDP packet), the leaky token bucket algorithm handles TCP flows more effectively. Traffic Traffic Rate Traffic Time With Traffic Policy Traffic Rate T T The system will place Tokens into the Bucket at a defined rate Token Meter TT 185 When traffic policing is enabled, the switch can set different thresholds at different output traffic limitation manually. When incoming traffic rate hits different rate limits, the switch will adopt different actions, such as Allow, Drop, Priority Replacement, according to manually configured actions. 185

TT '(**7 Mean Rate (Committed Information Rate, CIR) The rate of putting Token into Bucket. Average rate of allowing traffic to pass through the router interface. Burst size (Committed Burst Size, CBS) Token Bucket’s capacity. Maximum traffic size of every burst. Step 1: The system will put Tokens into the Token Bucket at a defined rate. Step 2: If the Token Bucket is full, the extra tokens will be dropped. Step 3: One token is associated to the forwarding ability of one bit. Step 4: If enough tokens are available for forwarding packets, traffic is regarded conforming the specification, otherwise, non-confirm or excess Quality of Service Traffic Policing and Shaping Egress PacketIngress Packet T Drop! Non-Conform Traffic Classification Token CBS The system will put tokens into the Bucket at a defined rate T T T Drop! Excess 186 Traffic policing is implemented based on Token bucket mechanism. The switch is able to allocate fixed size (CBS) of the token bucket and place tokens into bucket with fix rate (CIR). Packets which are sent out of the switch must attach tokens taken from the bucket. If token bucket is empty, packets will be dropped and treated with other actions. 186

TT ** % Traffic Shaping meters traffic rates and delays (buffers) excessive traffic so that the traffic rates stay within a desired rate limit. Shaping smoothes excessive bursts to produce a steady flow of data. Shortage: Shaping delays traffic is not suitable for delay-sensitive traffic, such as voice, video stream, but it is useful for typical, busty TCP flow. 187 Quality of Service Traffic Policing and Shaping Traffic Shaping Traffic Without Traffic Shaping Traffic Rate Time Traffic With Traffic Shaping Traffic Rate Time T The system will place Tokens into the Bucket at a defined rate T T T Buffer Token Meter Drop! (Original) / put it to buffer In the above diagram, when the incoming traffic rate exceeds the threshold, the traffic will be dropped. After enabling traffic shaping, the excessive traffic will be placed into the switch buffer. The switch will forward these packets which are stored in the buffer when the traffic is not heavy. Therefore, traffic shaping smoothes the traffic. 187

Weighted round robin (WRR) queuing Priority queuing Custom queuing Shared Round Robin (SSR) )(' 188 Quality of Service Congestion Management & Avoidance Both Congestion-Management and Congestion Avoidance use Multiple egress queues. Congestion avoidance is a per-queue feature and each queue may have its own configuration for congestion management and avoidance. Congestion Management includes several queuing mechanism, including the Queue 1 FIFO queuing Queue 2 Queue N Sending Queue Queue N-1 Congestion Management Drop! 188

)( Switch / Router achieves congestion avoidance through packet dropping using complex algorithms Tail-Drop Random Early Detection (RED) Weighted Random Early Detection (WRED) 189 Quality of Service Congestion Management & Avoidance 189

" (F" ( 4" "4!B 190 Quality of Service Congestion Management & Avoidance Tail-Drop FIFO queuing does not use classification and all packets are treated as if they belong to the same class. The switch schedules packets into the queue in the order which they are receive. Packet of size B FIFO Scheduler Sending Queue FIFO Queuing System 190

B Switch always schedules frames from the highest priority queue first. It will only service the other queues when there is no frames in the higher priority queue. Priority queuing is useful for voice applications where voice traffic occupies the priority queue. This type of scheduling may result in queue starvation in the non-priority queue. 191 Quality of Service Congestion Management & Avoidance 191

1 Quality of Service Congestion Management & Avoidance B High Priority Queue Medium Priority Queue 2 45 6 Normal Priority Queue 3 Low Priority Queue 192 Strict Priority Queue is strict and all traffic transmission must follow the queue priority to forward frames out. In the above example, the traffic in higher priority queue will be sent out of switch first. When high priority queue is empty, the switch starts to check next queue with second priority (medium priority queue in the above example) and sends the packets stored in it. It means that the packets stored in the lowest priority queue will wait till all other queues with higher priority to clear before the packets have chance to be forwarded out of the switch. Sometimes, it generates “starving” issue that the packets in the lowest priority queue have no chance to be sent out. 192

D5D!B WRR use weight value for each egress queue. This weight value determines the implied bandwidth of each queue. Quality of Service Congestion Management & Avoidance HW Queue Queue 1 (40%) Queue 2 (30%) Queue 3 (20%) Queue 8 (10%) WRR Weighted Round Robin Class 8 Tail-Drop WRED Class 3 Tail-Drop WRED Class 2 Tail-Drop WRED Class 1 Tail-Drop WRED Packet of size B WRR Queuing System 193 WRR is another queuing mechanism. The packets stored in different queues will be forwarded out in sequence as stated in the configured weight value. 193

D Quality of Service Congestion Management & Avoidance 5 High Priority Queue (40%) Low Priority Queue (10%) 1234 X X X XXXX X X X X X XXXX Medium Priority Queue (30%) 8 7 6 5 Normal Priority Queue (20%) 9101112 13141516 194 In the above example, the switch takes 40% packets from high priority queue, 30% packets from medium priority queue, and so on. After finishing sending out 10% packets from the low priority queue, the process will go back to check the high priority queue and repeat the whole process again. 194

1. 2 2 Switch Volume II D-Link Switching Advanced Technology.

Similar presentations

Presentation on theme: "1. 2 2 Switch Volume II D-Link Switching Advanced Technology."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

1. 2 2 Switch Volume II D-Link Switching Advanced Technology.

Similar presentations

Presentation on theme: "1. 2 2 Switch Volume II D-Link Switching Advanced Technology."— Presentation transcript:

Similar presentations

About project

Feedback