The purpose of routing protocols is to enable end-to-end network layer connectivity between endpoints. There is always a forward and reverse path selected between endpoints for each session. The routing table is comprised of multiple routes to different destination subnets that are learned from different route sources. The route source can be classified as either connected, static, default, or dynamic. The distinction is in how the local router learns of the route. For example, dynamic and connected routes are automatically learned, while static and default routes are manually configured.
Figure 1 Network Layer Forwarding Path
Static, default and connected routes are the most common route types since they are found on most routers. Static and default routes are explicitly configured and automatically added to the local routing table upon configuration. They have an administrative distance of 1 and path metric of zero (0). The static route has an administrative distance lower than any dynamically learned route, and preferred over dynamic routes to the same destination.
Static routes are NOT advertised to neighbors unless they are advertised through a dynamic routing protocol. Connected routes are automatically generated and added to the routing table when a network interface with an IP address is enabled. They have an administrative distance of zero and are preferred over all other route types.
There are various dynamic routing protocols that are designed to exchange route information with neighbors. The network administrator does not configure dynamic routes. Instead, they are learned from a connected neighbor so that each router installs and selects routes for best path selection.
The routes advertised are based on the routing protocol configuration. Common routing protocols such as OSPF, EIGRP, RIP, IS-IS, BGP, along with static and default routes support IPv4 and IPv6 address space. Network devices such as routers and Layer 3 switches support multiple dynamic routing protocols. Cisco ASA firewalls also support routing services with routed mode operation. The distinction between each routing protocol is how they learn, update, and advertise routes between neighbors.
Dynamic routing protocols can be classified as either link state or distance vector based on routing operation. The distinction between them is based on how neighbors communicate, send routing updates and converge. Originally, before internet connectivity, network domains were smaller and distance vector protocols such as RIP were adequate. There has been a paradigm shift to an IP-only internet connection model, with larger network domains and complex traffic routing. Distance vector routing protocols are being replaced with link state protocols for scalability and performance.
Distance vector routing protocols advertise their routing table to all connected neighbors at regular intervals. That occurs whether or not a topology change occurs or neighbor sends a request. Flooding of full routing tables occurs throughout the network domain when there is a link failure. That causes slower convergence that gets exponentially worse as the network domains become larger. There is also routing instability and flapping since routers do not have accurate updated route information.
Link state routing protocols are more sophisticated, since only event-triggered routing updates are sent to neighbors. That occurs when an interface goes down and a topology changes results. There is faster link failure detection, and only partial updates are sent for any missing route/s. The result is faster convergence and performance compared with distance vector protocols. Flooding occurs throughout the routing domain, however it is limited between areas to a single advertisement. SPF algorithm calculates shortest path based on an updated topology table.
Table 1 Distance Vector vs Link State Comparison
OSPF and IS-IS are considered link state protocols. RIP is really the only pure distance vector protocol left, and has been updated with RIPv2 enhancements. EIGRP is classified as an advanced distance vector protocol with characteristics of both distance vector and link state protocols. EIGRP only has a neighbor topology table instead of a complete network topology database. Similar to link state protocols, EIGRP does form neighbor adjacencies and sends event-triggered updates instead of periodic full routing table updates.
BGP is a path vector protocol that advertises the destination path comprised of single of multiple autonomous system numbers (ASN) with each route. There are some other path attributes that are advertised with each route as well. The routes advertised from BGP neighbors include vector (direction) information for each forwarding path with AS path attribute.
There are rules for route selection between different routing protocols and within the same routing protocol. The router first installs routes, and then selects the best path or route based on a route selection algorithm. Route sources include dynamic protocols (OSPF, EIGRP, IS-IS, BGP), static, default, and connected routes.
Figure 2 IP Routing Table
Sometimes there are multiple routes advertised from multiple route sources to the same destination. Each dynamic routing protocol maintains a separate routing table with best routes. The route with lowest administrative distance is installed in the global routing table when multiple routes exist to the same destination. For example, EIGRP has a lower administrative distance than OSPF or IS-IS. Conversely, static routes are preferred over all dynamic routes.
Table 2 Administrative Distance
The route with lowest metric is installed when multiple routes exist from the same routing protocol to the same destination. In addition, when multiple routes with equal metric exist from the same routing protocol to the same destination, they are all installed and load balancing is enabled. The number of routes installed in the routing table for load balancing purposes, is based on routing protocol support.
Figure 3 Address Resolution Protocol (ARP) Table
The destination IP address field of each inbound packet is examined and a routing table lookup occurs for the best route. Once a route is selected, that creates a next hop forwarding path. There is frame rewrite of next hop MAC address obtained from the ARP table, and the data message is sent.
Figure 4 Inbound Routing Lookup
For the purpose of installing routes in the routing table, the router considers different prefix lengths as different destinations. That is why multiple routes from the same and/or different routing protocols are installed in the routing table. Tie breaker is longest match rule, that selects the route with the longest subnet mask (prefix) from among routes already in the routing table.
1. Install route = lowest administrative distance –> multiple route sources
2. Install route/s = lowest metric –> same routing protocol only
3. Select route = longest match rule –> multiple routes and route sources
4. Select default route when no other route exists
5. Discard packet when no default route exists –> ICMP unreachable message
Anytime you have only a single routing protocol implemented on a router, then administrative distance applies only if static routes are configured. For example, you could have a static route and an OSPF route to the same destination. The static route would then be installed in the routing table for that destination subnet. The exception is if both routes have different prefix (subnet mask) lengths. At that point, longest match rule is in effect and router would select the route with longest prefix for packet forwarding.
Open Shortest Path First (OSPF) is a link-state routing protocol that routes IP-only. It is a scalable, open standard interior gateway protocol (IGP) that supports multivendor network devices. OSPF routers build and maintains a global topology database with the exchange of link-state advertisements (LSA). The purpose of LSAs are to advertise topology and routing information between OSPF enabled routers. There are event-triggered updates that are sent only when a topology change occurs (link failure) to conserve bandwidth.
OSPF is a hierarchical layered architecture that is defined with single or multiple areas. The single area design is often implemented with smaller network domains to enable faster convergence when a link failure occurs. The advantage of multiple areas is primarily within larger network domains. There are smaller routing tables on each router per area. Route summarization can be enabled at an area border router (ABR) to reduce the size of routing tables and amount of LSA flooding. Routing issues such as flapping are limited to each area with multi-area OSPF design.
Figure 5 OSPF Multi-Area Design
There is a mandatory common backbone area 0 only for multi-area OSPF. All other areas must connect to the OSPF backbone area. That is required to advertise routes between areas and prevent routing loops. The exception is when a virtual link is configured to tunnel through a normal area to the backbone area. OSPFv2 refers to the version of OSPF that only supports IPv4 addressing on network interfaces. It is the most widely deployed version of OSPF. The area number for single-area OSPF does not have to be numbered area 0.
Figure 6 OSPF Area Types
OSPF supports a variety of area types that are configured to advertise specific routes. The most common are normal areas and the backbone area where most LSAs are permitted. Stub areas are often implemented at remote and branch offices for default routing to a data center. OSPF not-so-stubby-area (NSSA) forwards redistributed routes from an external routing domain such as EIGRP.
OSPF router types are classified based on function and location. There are backbone routers, normal routers, area border routers (ABR), and autonomous system border router (ASBR). OSPF ABR routers have interfaces configured in more than one area. They are responsible for advertising routes between areas. OSPF ASBR is a redistribution point between OSPF and an external routing domain such as EIGRP or BGP.
OSPF LSA route types denote the route topology information and where it originated. Type 1 identifies a single router and referred to as Intra-Area (O). Type 2 is a network LSA since it is associated with a network segment (DR/BDR) and designated as Intra-Area (O) as well. Type 3 is a summary LSA generated only by an ABR and referred to as Inter-Area (IA). Type 4 LSA is a summary ASBR advertised only from an ABR, that advertises a route to the ASBR. Type 7 is an NSSA LSA that originates from an ASBR and is converted to Type 5 LSA at an ABR. They provide routes to external routing domains for OSPF routers.
Table 3 OSPF Areas and LSA Types
The primary characteristic of a link-state protocol is a global topology database created when link states are exchanged between all neighbors within an area. There are link states advertised between all areas as well, and routes are installed in the routing table.
OSPF runs Dijkstra SPF algorithm for shortest path (lowest cost) computation to each destination from the link state database and populates the routing table. This makes link state protocols extremely scalable, with optimized routing and fast convergence. After convergence when all OSPF tables are updated, there are only event-triggered routing updates that are sent to neighbors.
The correct order of operation for OSPF convergence initially starts with OSPF neighbors exchanging hello packets to form neighbor adjacency. Next all OSPF connected neighbors exchange LSA packets. OSPF neighbors then exchange database descriptor packets (DBD) to build the topology database. OSPF runs SPF algorithm for shortest path computation to all destinations, and that is used to build the routing table.
Neighbor Adjacency > Exchange LSAs > Build Topology Table > SPF Algorithm > Build Routing Table
OSPF link-state advertisements (LSA) are comprised of topology and route information. SPF calculates shortest (best) path to each destination based on route type and metric. Any router with an OSPF only deployment does not consider administrative distance unless there are static routes configured.
As a result, routes are installed based on route type first when there are multiple OSPF routes to the same destination. OSPF installs the route with lowest metric when there are multiple OSPF routes of the same route type. Finally, routes of the same route type with equal cost metric are installed and up to six equal cost paths are load balanced by default.
The order of preference starts with OSPF Intra-Area (O) route type. They represent any OSPF route that originates from within the same area and have the highest preference. OSPF Inter-Area (IA) routes are exchanged between areas and preferred next after Intra-Area (O) routes. Finally there are NSSA and external routes that originate from a different routing protocol through an OSPF ASBR redistribution router.
NSSA and external routes have a lower preference than other previously mentioned route types. LSA Type 7 originate from an ASBR and include NSSA Type 1 route (N1) and NSSA Type 2 route (N2). N1 and N2 routes are advertised from an ASBR and transit not-so-stubby-area (NSSA). They are converted to Type 5 LSA at an ABR and flooded throughout the OSPF domain. The cost assigned to N1 is a default metric cost (20) + internal path cost from ASBR to destination. The cost assigned to N2 is a default metric cost (20) only and added at ASBR router redistribution point.
LSA Type 5 originate from an ABR and include External Type 1 route (E1) and External Type 2 route (E2). They are flooded from an ABR throughout the OSPF routing domain. The cost assigned to E1 route is a default metric cost (20) + internal path cost from ASBR to destination. The cost assigned to E2 route is a default metric cost (20) only and does not include internal path cost from ASBR to destination. It is the least preferred route based on order of route type preference shown here.
Intra-Area (O) > Inter-Area (IA) > NSSA (N1) > External (E1) > NSSA (N2) > External (E2)
Each routing protocol has a unique method for calculating route metric. OSPF calculates a cost metric based on interface bandwidth. The default reference bandwidth of an OSPF enabled interface = 100 Mbps.
interface cost = 100 Mbps / interface bandwidth
OSPF only considers the cost of all outbound interfaces when computing path metric for a route. The lowest cost assignable to an OSPF link is 1. Any network interface that is 100 Mbps or faster has a default cost of 1 even though calculation could arrive at a lower number.
The reference bandwidth of OSPF is configurable to account for Ethernet interfaces that start at Gigabit speed (1000 Mbps) and faster. The reference bandwidth must match for all routers in the same OSPF routing domain. The following example modifies reference bandwidth to 10 Gbps so that faster interfaces are considered.
router ospf 1
auto-cost reference-bandwidth 10000
The alternative to reference bandwidth method is ip ospf cost command. It allows you to configure the cost metric manually on a network interface. The third option is to manually configure interface speed with the interface bandwidth command. That affects how OSPF calculates metric for that specific link only, and does not affect physical interface speed. You would have to configure the same bandwidth on neighbor interface to prevent negotiation of a lower speed. This method is not recommended since it could affect how other routing protocols calculate metric.
EIGRP is a Cisco proprietary routing protocol developed to route a variety of network layer protocols. More recently, there has been a shift to monolithic IP-only network architecture, with open standards for internet and cloud connectivity. OSPF has started to replace EIGRP since it is proprietary and less scalable. EIGRP is a complex routing protocol that is non-hierarchical and often difficult to troubleshoot.
EIGRP is classified as an advanced distance vector protocol with characteristics of both distance vector and link state protocols. For example, EIGRP only has a neighbor topology table instead of a complete network map. Similar to link state protocols, EIGRP does form neighbor adjacency and sends event-triggered updates instead of periodic full routing table updates. It is a classless protocol similar to OSPF, where subnet information is included in routing updates. That is an advantage since variable length subnet masks (VLSM) enable classless subnetting and route summarization on any bit boundary. Contrast that with distance vector protocols that support only classful subnetting. There is unequal cost path load balancing as well that is unique to EIGRP with the variance feature.
There is a flat topology architecture with EIGRP and no hierarchical levels as with OSFP or IS-IS. Instead you assign a router interface to an autonomous system (AS). EIGRP routes must be redistributed between different AS numbers. The advantage of multiple AS design is that query updates for a new route are not flooded outside the local autonomous systems. The smaller network domain size enables faster convergence time and less route flapping.
Figure 7 EIGRP Autonomous Systems
EIGRP routers first sends multicast hello packets to all neighbors on startup and builds a neighbor topology table. Then full routing tables are exchanged with each neighbor as unicast update packets to build a topology table. Routing updates are sent with Reliable Transport Protocol (RTP) for connection-oriented guaranteed delivery of packets. Neighbor adjacency occurs when neighbor routers have exchanged hello messages and update packets are sent to neighbors with full routing table.
DUAL algorithm calculates best path route to each destination from the topology table and populates EIGRP routing table with successor (best available) route for each destination. That is based on routes advertised from directly connected neighbors. The successor route is next hop to a destination with lowest feasible distance (FD). The feasible distance of a route is computed based on the reported distance (RD) + local distance to the advertising neighbor router. The reported distance is the path metric to a destination that a neighbor advertises with a route. The local distance is the metric from the local router querying for a route to the neighbor router. It represents the lowest (best path) metric to a destination and assigned to an EIGRP route.
Figure 8 EIGRP Feasible Distance Computation
The feasible successor is a backup route in the EIGRP topology table while the successor route is best route in routing table. EIGRP moves the feasible successor from topology table to routing table when successor route is not available. EIGRP routers will respond to a neighbor query, and notify them when there is no route to a destination. The first step is a query sent to neighbor/s with infinity metric set for a particular route. Next, there is a local lookup in the topology database for a feasible successor. The last step is marking the unavailable route as active.
EIGRP hold down timer affects how fast the network converges when there is a link failure. Each router interface enabled with EIGRP sends hello packets to its EIGRP neighbors. The default hold down timer value is equivalent to three hello packets not sent from a neighbor. That is the time interval that EIGRP waits before declaring the neighbor unreachable, sends a goodbye message, and EIGRP neighbor adjacency is dropped.
EIGRP selects the path between source and destination based on lowest metric when there are multiple routes to the same destination. The bandwidth and delay are the defaults used to calculate metric value. The delay is a fixed value based on interface speed and cumulative from source to destination. Link bandwidth is not cumulative with EIGRP. Each path between source and destination is comprised of multiple individual links. EIGRP examines the links and determines the lowest bandwidth link for each path. The path that has the highest bandwidth (lowest metric) from among all lowest bandwidth links is selected. That bandwidth value is used along with cumulative delay to calculate metric and assign to route.
EIGRP does support unequal cost load balancing across multiple links to the same destination with variance feature. The default for EIGRP is load balancing across four equal cost paths when available. Additional metrics include MTU, load, and reliability that can be configured with K values for granular metric calculation.
Routing Information Protocol (RIP) is an older routing protocol that pre-dates the internet era. It was designed for smaller network domains with basic routing and no subnetting. RIP is a distance vector protocol that is not scalable, with slow convergence, and classful addressing only. The advantages are ease of deployment and troubleshooting. As a purely distance vector protocol, the route metric is hop count. That is the number of hops (distance) from source to destination. The route with lowest number of router hops is selected as best path. There is no message authentication supported with RIPv1 making it less suitable to internet connectivity. Load balancing as with most interior gateway protocols except EIGRP is equal cost paths only.
Table 4 RIPv1 vs RIPv2 Comparison
RIPv2 is an enhancement to the protocol standard that was designed to fix some of the problems with RIPv1. The primary difference is that RIPv2 is a classless protocol that includes subnet mask information with routing updates. That enables the same classless subnetting that OSPF, EIGRP, IS-IS and BGP support. There is also support for authentication of messages between RIPv2 neighbors via text password or MD5 hash. That provides a minimum level of security across modern network domains.
Figure 9 RIP Routing Domain
RIPv2 sends routing updates to multicast 188.8.131.52 instead of the older 255.255.255.255 broadcast method where all routers would have to process messages. There is an option for RIPv2 routers to send broadcasts to RIPv1 routers for backward compatibility. The problem is that RIPv1 will summarize any classless routes on a classful boundary.
Intermediate System to Intermediate System (IS-IS) is a link state routing protocol with similarities to OSPF. It is an interior gateway protocol (IGP) that is implemented primarily for routing within large service provider network domains. Any routing across the public internet would require an exterior gateway protocol (BGP). Some of the advantages include scalability, fastest convergence and security. IS-IS packets are not vulnerable to IP spoofing and DDOS attacks since it is an OSI Layer 2 protocol and not IP-based. CLNS is the transport that supports any multiprotocol payload including IP packets.
IS-IS creates a complete topology database and calculates shortest path to each destination using Dijkstra algorithm. There are LSPs advertised that are similar to OSPF LSAs for building a topology table. IS-IS is a classless addressing protocol and calculates best path metric based on interface cost (bandwidth). The metric assigned to a route is cumulative of all costs between source and destination. IS-IS classifies all nodes as either end systems (ES) or intermediate systems (routers).
There is a two-level hierarchy with Level 1 routers (intra-area), Level 1/Level 2 routers (ABR), and Level 2 routers (backbone). In contrast to OSPF, each router can only be assigned to a single area, so the router is the boundary between areas and not an interface. There is no concept of an OSPF style backbone where all areas must connect. There are however Level 2 routers that can connect areas via L1/L2 routers based on routing design.
Figure 10 IS-IS Hierarchical Levels
Border Gateway Protocol (BGP) is the de facto internet routing protocol responsible for interdomain routing between private IGP routing domains. It is an exterior gateway protocol (EGP) that is considered a path vector protocol. BGP is essentially a distance vector protocol that advertises AS path information to neighbors with all routing updates.
Figure 11 BGP Private Range Autonomous Systems (ASN)
Load balancing is not supported, however load sharing is an option via path attribute policies. As a classless routing protocol, routes advertised are not automatically summarized by default. The architecture is non-hierarchical with autonomous system numbers (ASN) assigned to internal BGP (iBGP) or external (eBGP) connections. eBGP neighbor peers are assigned to different autonomous systems while iBGP peers are assigned to the same ASN.
BGP autonomous system numbers (ASN) are either private or public. Internet connectivity require assignment of public range ASN from a service provider. The designated public range is from 1 to 64511 for BGP internet routable connections. Private AS number range from 64512 to 65535 is for iBGP and/or eBGP network usage. There are some larger enterprise network domains that implement iBGP and/or eBGP autonomous systems.
There is a path selection algorithm that selects the best route based on path attribute policies. Each path attribute also has a default setting that is used when no policy is configured. BGP has a neighbor table that is created when adjacency is formed with BGP neighbors. There is a topology table as well that stores all BGP routes advertised from neighbors. Finally, the router builds the BGP routing table with only best path routes installed from the topology table. For example, when multiple paths exist to a destination, the path with highest weight is selected first. The route with highest local preference is selected if weight attributes are equal.
Table 5 BGP Best Path Selection Algorithm