% Network Design Workshop % Basic Routing Lab \pagebreak # Introduction The purpose of this exercise is to: * Configure the basics of a Cisco router * Enable OSPF to exchange internal routing information * Configure static routing towards a service provider ![Physical Topology - Module 1](ex1-1.png) ![Physical Topology - Module 2](ex1-2.png) The network configuration is designed to be modular to allow the lab to grow as needed depending on the number of partipants. Each module will contain 1 ISP and 3 customer networks (universities, etc). Modules will be interconnected (see Fig. 3) ![Topology with 2 modules](ex1-3.png) # Logistics Each participant will be assigned to a network. Depending on the number of participants, either a single person or a group will be responsible for the configuration of a router. You may be asked to rotate and work on a different router so that you have the opportunity to understand the network from another point of view. As you go through the exercises, you will see examples of configurations for one or more routers. **Make sure to take those examples and adapt them to your own router, network topology and addressing scheme. Use the diagrams to guide you.** Refer to the *Lab Access Instructions* document for information about logging into the routers that have been assigned to you. # Address Space Allocation ## End networks (universities, etc) Group IPv4 IPv6 ASN ------- ------------ ------------- ------- 1 10.10.0.0/16 fd00:10::/32 10 2 10.20.0.0/16 fd00:20::/32 20 3 10.30.0.0/16 fd00:30::/32 30 *The list will continue in the same pattern if there are more groups.* Each group will then further partition their space as follows: IPv4 IPv6 Description --------------- --------------- -------------------- 10.X0.0.0/17 fd00:X0::/40 End user space 10.X0.254.0/24 fd00:X0:fe::/64 Point-to-point links 10.X0.255.0/24 fd00:X0:ff::/64 Router loopbacks Where X is your group number (1,2,3...) Prefixes for point to point links will be of length /30 for IPv4 and /127 for IPv6 (we will adopt the recommendations of RFC6164 for IPv6 inter-router links): IPv4 IPv6 Description --------------- ---------------- -------------------- 10.X0.254.0/30 fd00:X0:fe::/127 P2P #1 10.X0.254.4/30 fd00:X0:fe::2/127 P2P #2 10.X0.254.8/30 fd00:X0:fe::4/127 P2P #3 ... and so on. Router loopback addresses will be of size /32 for IPv4 and /128 for IPv6: IPv4 IPv6 Description --------------- ---------------- -------------------- 10.X0.255.1/32 fd00:X0:ff::1/128 RX1 Loopback 10.X0.255.2/32 fd00:X0:ff::2/128 RX2 Loopback ## Commercial Internet Service Providers (ISPs) ISP IPv4 IPv6 ASN ----- ------------ ------------- ------- 1 10.201.0.0/16 fd00:200::/32 201 2 10.202.0.0/16 fd00:201::/32 202 ... and so on. ## Internet Exchange Points (IXPs) IXP IPv4 IPv6 ----- ------------ --------------- 1 10.251.1.0/24 fd00:251:1::/64 # Basic Router Configuration 1. Name the router ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ enable config terminal hostname R11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2. Configure Authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ aaa new-model aaa authentication login default local aaa authentication enable default enable username nsrc secret nsrc enable secret nsrc service password-encryption line vty 0 4 transport preferred none line console 0 transport preferred none ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Configure logging ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ no logging console logging buffered 8192 debugging ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. Disable DNS resolution ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ no ip domain-lookup ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5. Make sure the router understands CIDR. This is the default setting in recent IOS versions, but just in case. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ip subnet-zero ip classless ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 6. Disable source routing ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ no ip source-route ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7. Activate IPv6 routing ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ipv6 unicast-routing ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8. Exit configuration mode and save ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ end write memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9. Configure your interfaces according to the diagram *Notice that for the links to the ISP we will use the ISP's addresses, while for internal links we use internal addresses.* On R11: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ interface GigabitEthernet2/0 ip address 10.10.254.1 255.255.255.252 description P2P Link to R12 ipv6 address fd00:10:fe::/127 no shutdown ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On R12: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ interface GigabitEthernet1/0 ip address 10.201.254.2 255.255.255.252 description P2P Link to ISP1 ipv6 address fd00:201:fe::1/127 no shutdown ! interface GigabitEthernet2/0 ip address 10.10.254.2 255.255.255.252 description P2P Link to R11 ipv6 address fd00:10:fe::1/127 no shutdown ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 10. Do some PING tests ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ R12# ping 10.10.254.1 <- R11 R12# ping fd00:10:fe::0 <- R11 R12# ping 10.201.254.1 <- ISP1 R12# ping fd00:201:fe::0 <- ISP1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ and then verify the output of the following commands: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ show arp : Show ARP cache show interface : Show interface state and config show ip interface : Show interface IP state and config show ipv6 neighbors : Show IPv6 neighbors show ipv6 interface : Show interface state and config show cdp neighbors : Show neighbors seen via CDP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 11. Create Loopback interface On R11: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ interface loopback 0 ip address 10.10.255.1 255.255.255.255 ipv6 address fd00:10:ff::1/128 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ do the same for R12 (obviously, using different addresses). 12. Verify and save the configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ show running-config write memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Routing ## OSPF 1. Try pinging the loopback addresses of your neighbor ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ R11# ping 10.10.255.2 <- R12 loopback R11# ping fd00:10:ff:2 <- R12 loopback ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is happening? 2. Configure a new OSPF routing process. Notice that we will use the numbrer "10" as the OSPF process number for routers R11 and R12. This number is local to the router, so it doesn't need to match the process number of a neighboring router. However, it is strongly recommended that you use the same number throughout your network. Most people use their Autonomous System number (although OSPF has nothing to do with the BGP AS). On R11 and R12: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ router ospf 10 log-adjacency-changes passive-interface default ! ipv6 router ospf 10 log-adjacency-changes passive-interface default area 0 authentication ipsec spi 256 md5 0123456789ABCDEF0123456789ABCDEF ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Now configure OSPF on the interfaces *where adjacencies need to be established, and also on any interface that needs to have its subnets advertised by OSPF* On R11 and R12: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ interface Loopback0 ip ospf 10 area 0 ipv6 ospf 10 area 0 ! interface GigabitEthernet2/0 ip ospf 10 area 0 ip ospf authentication message-digest ip ospf authentication-key N$RC ipv6 ospf 10 area 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Finally, since we have configured OSPF to make all interfaces passive by default (good idea!), we need to explicitly activate the BGP Hello function in the interfaces where adjacencies need to happen: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ router ospf 10 no passive-interface GigabitEthernet2/0 ! ipv6 router ospf 10 no passive-interface GigabitEthernet2/0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. STOP. Checkpoint Now try the following show commands: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sh ip ospf neighbor : show adjacencies sh ip route : show routes in routing table sh ip ospf : show general OSPF information sh ip ospf interface : show the status of OSPF in an interface show ipv6 ospf neighbor show ipv6 route show ipv6 ospf show ipv6 ospf interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Repeat the last ping tests. Can you ping the loopback address of the neighboring router now? ## Static default routes 1. Configure static default routes to reach the outside world. On R11: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ip route 0.0.0.0 0.0.0.0 10.10.254.2 ipv6 route ::/0 fd00:10:fe::1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On R12: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ip route 0.0.0.0 0.0.0.0 10.201.254.1 ipv6 route ::/0 fd00:201:fe:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Do some ping and traceroute tests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ R11# ping 10.20.255.1 R11# ping 10.30.255.1 R11# traceroute 10.20.255.1 R11# traceroute 10.30.255.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Can you reach the routers in other networks? Don't forget to save your configurations. \pagebreak # Appendix A - ISP1 Initial Configuration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ hostname ISP1 aaa new-model aaa authentication login default local aaa authentication enable default enable username nsrc secret nsrc enable secret nsrc service password-encryption line vty 0 4 transport preferred none line console 0 transport preferred none no logging console logging buffered 8192 debugging no ip domain-lookup ip subnet-zero ip classless no ip source-route ipv6 unicast-routing ! interface Loopback0 ip address 10.201.255.1 255.255.255.255 ipv6 address fd00:201:ff::1/128 ! interface GigabitEthernet1/0 description Link to IXP ip address 10.251.1.1 255.255.255.0 ipv6 address fd00:251:1::1/64 no shutdown ! interface GigabitEthernet3/0 description P2P Link to R12 ip address 10.201.254.1 255.255.255.252 ipv6 address fd00:201:fe::/127 no shutdown ! interface GigabitEthernet4/0 description P2P Link to R22 ip address 10.201.254.5 255.255.255.252 ipv6 address fd00:201:fe::2/127 no shutdown ! interface GigabitEthernet5/0 description P2P Link to R32 ip address 10.201.254.9 255.255.255.252 ipv6 address FD00:201:fe::4/127 no shutdown ! ip route 10.10.0.0 255.255.0.0 10.201.254.2 ipv6 route fd00:10::/32 fd00:201:fe::1 ! ip route 10.20.0.0 255.255.0.0 10.201.254.6 ipv6 route fd00:20::/32 fd00:201:fe::3 ! ip route 10.30.0.0 255.255.0.0 10.201.254.10 ipv6 route fd00:30::/32 fd00:201:fe::5 ! ip route 0.0.0.0 0.0.0.0 10.251.1.2 ipv6 route ::/0 fd00:251:1::2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \pagebreak # Appendix B - ISP2 Initial Configuration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ hostname ISP2 aaa new-model aaa authentication login default local aaa authentication enable default enable username nsrc secret nsrc enable secret nsrc service password-encryption line vty 0 4 transport preferred none line console 0 transport preferred none no logging console logging buffered 8192 debugging no ip domain-lookup ip subnet-zero ip classless no ip source-route ipv6 unicast-routing ! interface Loopback0 ip address 10.202.255.1 255.255.255.255 ipv6 address fd00:202:ff::1/128 ! interface GigabitEthernet1/0 description Link to IXP ip address 10.251.1.2 255.255.255.0 ipv6 address fd00:251:1::2/64 no shutdown ! interface GigabitEthernet3/0 description P2P Link to R42 ip address 10.202.254.1 255.255.255.252 ipv6 address fd00:202:fe::0/127 no shutdown ! interface GigabitEthernet4/0 description P2P Link to R52 ip address 10.202.254.5 255.255.255.252 ipv6 address fd00:202:fe::2/127 no shutdown ! interface GigabitEthernet5/0 description P2P Link to R62 ip address 10.202.254.9 255.255.255.252 ipv6 address FD00:202:fe::4/127 no shutdown ! ip route 10.40.0.0 255.255.0.0 10.202.254.2 ipv6 route fd00:40::/32 fd00:202:fe::1 ! ip route 10.50.0.0 255.255.0.0 10.202.254.6 ipv6 route fd00:50::/32 fd00:202:fe::3 ! ip route 10.60.0.0 255.255.0.0 10.202.254.10 ipv6 route fd00:60::/32 fd00:202:fe::5 ! ip route 0.0.0.0 0.0.0.0 10.251.1.1 ipv6 route ::/0 fd00:251:1::1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~