Understanding IP Routing

Understanding IP Routing

The primary objective of this book is to provide elaborate guidance for troubleshooting Internet Protocol (IP) routing problems on Cisco routers. In this regard, the subsequent text covers well-known routing protocols such as the following:

  • Open Shortest Path First Protocol (OSPF)
  • Integrated Intermediate System-to-Intermediate System Protocol (IS-IS)
  • Border Gateway Protocol (BGP)
  • Protocol Independent Multicast (PIM) for multicast routing

This chapter presents an introduction to IP routing and provides insights to related con-cepts, such as IP addressing and various classifications of IP routing protocols. The chapter also provides a high-level overview of implementation and configuration concepts, such as route filtering and redistribution.

The Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols is the underlying technology for information exchange on the Internet. TCP/IP uses a layering approach for computer communications similar to the Open System Interconnection (OSI) reference model, but with fewer than seven layers. Figure 1-1 shows the OSI reference model and the TCP/IP stack side by side. Related layers between the two stacks are indicated in the figure.

Understanding IP Routingfig1.1

IP operates at the Internet layer of the TCP/IP suite, which corresponds to the network layer of the OSI reference model. IP provides connectionless data-delivery services, which involve transmission of information from one part of a network to another in units of data known as packets or datagrams. The essence of the datagram delivery service model is that a permanent pre-established end-to-end path is not required for data transfer between two points in a network. In a packet-based network, each router in the transmission path makes independent local decisions regarding the optimal forwarding path toward the destination for any transit packet. The decision-making is based on forwarding intelligence gathered either dynamically by means of a routing protocol or manually programmed static routes.

Addressing is an important aspect of the data-forwarding process. For any directed com-munication, there is a source and a destination. Addressing allows the target destination to be specified by the source and allows the destination node to also identify the source. Addressing is even more important in the datagram delivery mode of operation because, as in IP forwarding, the data path for any transmission is not nailed through the intermediate nodes between the source and destination.

As mentioned previously, within the IP datagram services infrastructure, information that is to be transmitted from one device to another first is broken down into packets. Each packet has an IP header, a transport layer (TCP or UDP) header, and a payload, which is a piece of the original information. Each IP packet is self-contained and independently is forwarded to the destination through the chain of intermediate devices that might be along the path of transmission.

The routers in the network depend on a routing protocol or static configuration to forward the datagrams in a stream to their intended destination. For any destination address, each node in the data path worries about only the outgoing interface or link along a locally determined optimal path to the destination (or as specified by a special forwarding policy). The IP for-warding process frequently is described as a hop-by-hop destination-based forwarding mechanism. This means that routers at each hop along the data path normally forward packets based on the destination address. However, modern routers also can use policy-based criteria, such as the source address in a packet to direct the forwarding.

At the destination, packets belonging to the same stream are reassembled into the original information. IP addressing is discussed in the next section, “IP Addressing Concepts.”

This process of forwarding a packet from one node to the other in a connectionless network based on the Layer 3 address (IP address, in this case) also is referred to as routing. Routers are specialized network devices with acquired routing intelligence.

So how do routers really decide where and how to forward packets traversing the inter-network? Well, this is done in a couple of ways. As alluded to previously, routers can be manually preprogrammed with predetermined path information known as static routes, or they can run applications that facilitate the learning and sharing of routing information automatically. Obtaining and propagating routing information by the latter method is re-ferred to as dynamic routing.

IP Addressing Concepts

IP addressing is central to the operation of the IP protocol. The TCP/IP stack shown in Figure 1-1 features a network interface to the underlying physical and data-link layers, which allow the IP protocol to be media independent. Media independence is probably one of the critical advantages of the IP protocol that has promoted its wide acceptance and ubiquity. IP uses a native addressing scheme, in line with its media-independent architecture, that has no bearing on the underlying local-area network (LAN) or wide-area network (WAN) media interconnect IP devices. Therefore, IP successfully operates over heterogeneous network infrastructures consisting of several kinds of different media technology. This flexibility, together with a simple protocol stack, is the most critical instigator of its popularity.

IP addressing assigns addresses to individual network interfaces of a device (link-based approach) instead of using a single address for the whole device (host-based approach). The various interfaces of a device are connected to network links that are designated as subnetworks (or subnets) and are assigned subnet addresses. An interface’s IP address is assigned from the subnet address space of the connecting link. The advantage of this link-based addressing approach is that it allows routers to summarize routing information by keeping track of only IP subnets in the routing tables instead of every host on the network. This is advantageous especially for broadcast links such as Ethernet that might have many devices connected at the same time. The Address Resolution Protocol (ARP) is used in IP networking for resolving the IP addresses of directly connected hosts to the corresponding data-link addresses.

Currently, two types of IP addresses exist: IP Version 4 addresses (IPv4) and IP Version 6 addresses (IPv6). IPv4 addressing, which was in place before IPv6 was adopted, uses 32 bits to represent each IP address. This 32-bit addressing scheme provides up to 232 (4,294,967,295) unique host addresses, mathematically speaking. With the ever increasing size of the global Internet, the 32-bit IPv4 addressing scheme has turned out to be insufficient for the foreseeable future, prompting the introduction of the 128-bit IPv6 addressing scheme. This book covers practical troubleshooting of IP routing protocols deployed in IPv4 environments. Therefore, the ensuing text discusses only the IPv4 addressing structure and related concepts, most of which are applicable to IPv6. The following IPv4 addressing topics are covered in the subsequent sections:

  • IPv4 address classes
  • Private IPv4 address space
  • IPv4 subnetting and variable-length subnet masking
  • Classless interdomain routing

IPv4 Address Classes

As explained in the previous section, the 32-bit IPv4 addressing scheme allows a large number of host addresses to be defined. However, the link-based addressing scheme adopted by IP requires network links to be associated with groups of addresses from which the connected hosts are assigned specific addresses. These address groups, described also as address prefixes, are referred to in classical IP terminology as IP network numbers.

Originally, IP network numbers were defined with rigid boundaries and grouped into ad-dress classes. The idea behind IP address classes was to enable efficient assignment of the IP address space by creating address groups that would support a varying number of hosts. Network links with fewer hosts then would be assigned an address from a class that sup-ports an appropriate number of attached hosts. Another benefit of address classes was that they helped streamline the address-allocation process, making it more manageable.

Five address classes—A, B, C, D, and E—were defined and distinguished by the setting of the most significant bits of the most significant byte in the IP address. Each address class embraced a set of IPv4 address subnets, each of which supported a certain number of hosts. Table 1-1 shows the five IPv4 classes.

Understanding IP Routingtb1.1

As Table 1-1 shows, a specific bit pattern in the first byte of an IP address corresponds to a range of addresses and maps to a specific address class.

Of the five address classes, three—Class A, B, and C—were designated for unicast single source–to–single destination communication. Addresses in Class D were reserved for IP Multicast applications, which allows one-to-many communication. Class E addresses were reserved for experimental purposes.

To make the addresses in each of the unicast address classes (A, B, and C) support a specific maximum number of hosts, the 32-bit address field was delineated into network identifier (network ID) bits and host identifier bits (host ID) as follows:

  • Class A— 8-bit network ID, 24-bit host ID
  • Class B— 16-bit network ID, 16-bit host ID
  • Class C— 24-bit network ID, 8-bit host ID

Figure 1-2 shows the assignment of the 32 bits in a Class A address. The highest-order bit has a fixed value of 0, and the whole of the first byte is the network ID. The last 3 bytes are designated as host bits.

Understanding IP Routingfig1.2

This notion of categorizing IP addresses into classes with rigid boundaries is also known as classful addressing. IP addresses use masks to delineate host bits from the network number bits. IP address structuring has evolved through various innovations, all geared toward mak-ing address allocation and actual assignment in real networks more efficient. You find out more about this in the section “Subnetting and Variable-Length Subnet Masks.”

To make it easier for humans to work with IP addresses, these addresses are represented in a format known as dotted-decimal notation. In the dotted-decimal representation, the bits are grouped into octets and are separated by dots. Each octet of binary bits then is converted into the decimal equivalent. The last column of Table 1-1 shows the dotted-decimal notations for the range of addresses in each of the address classes.

Even though classful addressing was introduced to facilitate efficient use of the IPv4 address space, the rigid classful boundaries left a lot more to be desired. Because of its rigidity and inefficiency, classful addressing has been abandoned for the more efficient and flexible notion of classless addressing.

In classless addressing, any IP network number is interpreted as a prefix of a certain length. This interpretation provides more flexibility and results in a more efficient use of the IPv4 address space. A large classful block of addresses such as a Class A address can be split into multiple smaller blocks for allocation to multiple organizations instead of being allocated to a single organization under the classful notions. Conversely, classless addressing allows multiple Class C addresses to be aggregated and advertised as a single larger block instead of being treated as separate addresses. Aggregating addresses in this manner for the purposes of conserving resource in routers connected to the Internet is referred to as classless interdomain routing (CIDR), which is further discussed in a later section, “Classless Interdomain Routing (CIDR).”

IPv4 Private Address Space

Some address blocks in the unicast space were set aside and designated as private addresses. The private address space was intended for networks that are not connected to the public Internet. The following addresses are specific in RFC 1918 as part of the IPv4 private address space:

  • to
  • to
  • to

RFC 1700 provides general information on reserved or allocated parameters, including reserved addresses. Private internets that have deployed addresses from the private IPv4 space still can connect to the public Internet by using address Network Address Translation (NAT).

Subnetting and Variable-Length Subnet Masks

Before CIDR, each classful network number could be allocated for use in only a single organization. However, within an organization, it was possible to use subnetting to break up a classful address into multiple smaller address groups that could be applied to different segments of the same network domain.

IP subnetting introduces another level of hierarchy into the structure of IP address classes by moving some of the host bits in a classful network number into the network ID field. The extended network ID is referred to as a subnetwork number or simply as an IP subnet. For example, one octet of the 2 octet host bits of a Class B address can be used to create 255 subnets, each with only an octet of host bits. This is illustrated in Figure 1-3

Understanding IP Routingfig1.3

When an IP address is subnetted, the address mask is adjusted to reflect the new demarcation between the network and host bits. Figure 1-4 shows the new mask and the corresponding subnets that are created from a Class B address. A string of ones in the mask represent the network bits, and the zeros represent the host bits. A common way of representing an IP address is to indicate its prefix length, which is the number of 1 bits in the mask. This also represents the number of network bits in the address. For example, can be represented as

Understanding IP Routingfig1.4

Even though classful addressing allows subnetting for more efficient assignment of addresses from a block, in a classful network environment only a consistent mask is allowed. VLSM extends the notion of subnetting to allow different masks to be applied to one network number, providing more flexibility in carving up an address into different block sizes for application to different segments in a network domain. This allows more efficient use of an allocated address block. For example, by using VLSM, the Class B address,, can be carved into smaller subnets with 24-bit subnet masks by using 8 host bits as subnet bits. You then can further subnet one of the first genera-tion subnets—for example,—by using another 4 of the remaining host bits. This will result in much smaller blocks such as,,, and so on. VLSM can be used only in classless network environments in which the routing protocols and related routing software support classless addressing. Figure 1-5 illustrates subnetting with VLSMs.

Understanding IP Routingfig1.5

Classless Interdomain Routing

VLSM helps improve the efficiency of IP address usage for an assigned address block; however, it does not solve challenges with inefficient allocation of addresses to organiza-tions. The imminent depletion of IP addresses as the result of inefficient use of classful blocks and the growing number of classful addresses in the global Internet routing tables as organizations were allocated multiples of a Class C address instead of a single Class B address led to the introduction of classless interdomain routing (CIDR).

CIDR allows an IP network number to be any length, abandoning completely the fixed boundaries associated with classful concepts. The two benefits of CIDR are illustrated in the examples provided in Figure 1-6. By eliminating the notions of address classes, a block of addresses such as to consisting of an individual Class C address can be considered a uniform block that can be conveniently represented as This essentially implies aggregation of 256 “old notion” Class C addresses into a single address block, referred to as a CIDR block or a supernet.

Understanding IP Routingfig1.6

CIDR also allows network numbers to be flexibly subnetted and allocated to different organizations for interdomain routing exchange. For example, can be divided into four subblocks (,,, and and allocated to four different organizations instead of one.

Static and Dynamic Routes

Static path information can be manually programmed into the router and simply force the router to utilize a particular interface or next-hop IP address for forwarding packets with matching destination addresses. Static routes potentially could match a broad range of network addresses. Yet another way to obtain routing information is to use distributed applications enabled on routers that allow automatic collection and sharing of routing infor-mation. These routing applications frequently are referred to as dynamic routing protocols because they are not only automated route-gathering tools; they also work in almost real time, tracking the state of connectivity in the network to provide routing information that is as current and as valid as possible.

Contrast this behavior with static routes, which are manual route entries and require manual intervention to reprogram the network routers in case of any path changes. Obviously, dynamic routing protocols provide more convenience to the network operator than static routes in managing routing information. The price for this convenience, however, is configuration and troubleshooting complexity. Operation of dynamic routing protocols also can be resource-intensive, requiring large amounts of memory and processing resources. Hence, working with dynamic routing protocols frequently requires advanced knowledge and sophisticated expertise for handling related network design, router configuration, tuning, and troubleshooting chores.

Even though static routing is less demanding on system resources and requires a lower level of technical skill to configure and troubleshoot, the sheer effort of manually entering routes for a sizeable network makes it a less attractive option. Obviously, static routing is not a good candidate for today’s large enterprise and Internet service provider (ISP) IP-based networks. Another drawback to static routing is that it is less flexible for implementation of complicated routing policies. When it comes to routing policy implementation, there is no better substitute for the intelligence and flexibility provided by dynamic routing protocols, such as BGP, OSPF, and IS-IS. The next section further discusses dynamic routing protocols.

Dynamic Routing

The last section discusses the essence of IP routing and indicates that dynamic automatic routing is very necessary for large network deployments. This section discusses the characteristics and classification of various IP routing protocols. Although all routing protocols have a common goal of gathering routing information to support packet-forwarding decisions, they can be classified into two broad categories, unicast and multicast, based on the type of data traffic they are designed to provide forwarding information for.

The previous section indicates that IP provides an addressing scheme for identifying various locations or subnets in the network. The destination IP address in an IP packet indicates the target address of the packet. The sender’s address is stored in the source address field. An important concept to understand about IP addressing is IP subnetworks. IP subnetworks—or subnets, for short—are mentioned earlier in the section on IP address-ing concepts. Physically, an IP subnet is a collection of interconnected network devices whose IP interface addresses share the same network ID and have a common mask.

The earlier section “IPv4 Address Classes” discusses unicast and multicast addresses. The unicast address space is used for addressing network devices, whereas addresses from the multicast space are used for specifying groups or users tuned in to receive information from the same multicast application.

For any IP unicast subnet, the last address, such as in, is known as the broadcast address. This address can be used to target all nodes on the subnet at the same time in what is referred to as a directed broadcast.

A unicast routing protocol is optimized for processing unicast network information and provides routing intelligence for forwarding IP packets to unicast destination addresses. Multicast forwarding is conceptually different and requires special routing applications to support forwarding of multicast packets.

Unicast Versus Multicast IP Routing

Two devices in an IP network normally communicate by sending unicast traffic to each other’s IP address. An IP node might have many active interfaces, each of which needs to be configured with an IP address from the unicast space. The address on an interface uniquely defines the device on the subnet directly connected to that interface.

Cisco routers also support the concept of secondary logical subnets, many of which can be configured on a router’s interface in addition to the primary address on that interface. Additionally, you can enable tunnel and loopback interfaces on a Cisco router, both of which provide it with unicast IP reachability. Packets with unicast addresses in their destination field are forwarded based on information in the IP routing table. The IP routing table on a Cisco router is displayed with the show ip route command.

If the address in the destination field of a packet is from the multicast address space (Class D), the packet is directed to a multicast group with potentially many receivers. Multicast forwarding uses special mechanisms that enable efficient utilization of network resources. If an application is designed for multidestination delivery, using unicast routing to forward packets of the application’s data stream would require unnecessary replication at the source, resulting in a waste of network resources. This can be avoided by using multicast propagation, which replicates multicast packets only when necessary at branches in the network toward the location of receivers.

Figure 1-7 illustrates a situation in which a packet is forwarded from SRC1 to two separate destinations, RCV1 and RCV2, by unicast forwarding.

Understanding IP Routingfig1.7
In this case, SRC1 generates two identical streams of packets with destination addresses and, respectively. Packets belonging to each stream are handled indepen-dently and are delivered through RT1 and RT2 to their respective destinations, consuming network resources (bandwidth and processing time) along the paths that they traverse. Contrast this scenario with that shown in Figure 1-8, where IP Multicast forwarding mechanisms are employed.

Understanding IP Routingfig1.8

Multicast forwarding provides a more efficient way to deliver information by replicating packets only at fork points of the network where paths to receivers follow divergent directions. Therefore, as shown in the Figure 1-8, SRC1 originates only a single stream, and packets in this stream are forwarded through RT1 to RT2. They are then replicated at RT2 and fanned out to RCV1 and RCV2.

Multicast routing protocols are functionally different from unicast routing protocols, in that they build multicast forwarding state in the multicast-enabled routers by using a concept known as reverse path forwarding (RPF). RPF is used to ensure that a multicast packet is received from the interface leading to the expected location of the multicast source, as dictated by the routing table in place.

RPF is discussed further in Chapter 12, “Understanding Protocol Independent Multicast (PIM),” which covers IP Multicast routing.

Table 1-2 shows a table of popular multicast and unicast routing protocols.

Understanding IP Routingtb1.2

All the listed unicast routing protocols are supported in Cisco IOS Software; however, from the listed multicast routing protocols, only Protocol Independent Multicast (PIM) sparse mode/dense mode (SM/DM), Multicast Source Discovery Protocol (MSDP), and Multiprotocol BGP are supported.

Multicast routing environments also need an additional protocol called the Internet Gateway Multicast Protocol (IGMP). Multicast OSPR (MOSPF) is not supported at all, but IOS provides special capabilities for interoperability with the Distance Vector Multicast Routing Protocol (DVMRP).

As of this writing, multicast routing protocols are not widely deployed on the Internet. However, this situation obviously will change in the near future as more multicast-oriented applications, such as radio broadcasting, video streaming, remote training, videoconferencing, and gaming, become more popular on the Internet.

Classless Versus Classful IP Routing Protocols

The concepts of classless and classful IP routing protocols have roots in the manner in which IP addresses originally were defined.

Under classful addressing rules, a network number was assumed to retain its natural mask unless explicitly specified when subnetted into smaller blocks. However, earlier-generation routing protocols, such as the Routing Information Protocol (RIP), could handle only a single mask for any address throughout a network domain—the natural mask or a single consistent subnet mask. Routing protocols such as RIP that cannot handle more than one type of mask, as in the case of VLSMs, are referred to as classful protocols (see Table 1-3). The reason that classful protocols do not support VLSMs is that, by design, they do not advertise or carry the associated subnet mask with routes and, therefore, use simple intuitive mechanisms to determine the mask associated with a learned route.

The significant growth of the Internet to global dimensions called for more efficient use of the limited IPv4 address space. Available addresses in the IP address space therefore attained the status of a scarce commodity. The classless notions of VLSM and CIDR, discussed earlier, were invented to make address allocation and use more efficient. Routing protocols also were enhanced to support classless addressing environments. Routing protocols that are designed for operation in classless environments and that can handle VLSM address and CIDR are referred to as classless routing protocols.

Table 1-3 features a list of routing protocols categorized as classful and classless. RIP-1 and IGRP are grouped under classful protocols, whereas the more recently developed RIP-2, EIGRP, OSPF, IS-IS, and BGP fall in the classless category. The Exterior Gateway Protocol (EGP), the predecessor of the Border Gateway Protocol (BGP), which currently is considered obsolete, is also a classful protocol.

Understanding IP Routingtb1.3

Interior Gateway Protocols Versus Exterior Gateway Protocols

Even though many unicast routing protocols were developed in the early days of the ARPANET (the predecessor to the Internet), Routing Information Protocol (RIP) emerged as the most popular. Many independent networks that were created at govern-ment research institutions and universities as a result of the remarkable success of the ARPANET also adopted RIP for dynamic routing operations. The evolution of the ARPANET into the Internet required the numerous island networks to be interconnected using a more robust routing protocol. The Exterior Gateway Protocol (EGP) was selected for this purpose. EGP provided an efficient mechanism for routing among the various RIP domains. Therefore, RIP and EGP were optimized for distinct functions in the network based on their capabilities. RIP was used for intradomain routing, and EGP was used for interdomain routing. EGP later morphed into the Border Gateway Protocol (BGP), and other more robust protocols optimized for intradomain routing emerged in place of RIP. In particular, the Open Shortest Path First (OSPF) Protocol was developed in the Internet Engineering Task Force to provide capabilities that RIP lacked, such as more intelligent routing metrics, faster convergence, and operation in classless environments. So, here we are again with yet another classification of routing protocols: interior gateway routing protocols (for intradomain routing) and exterior gateway protocols (for interdomain routing).

Figure 1-9 shows two routing domains, AS 65001 and AS 65002, and an overlapping (shaded) region depicting the interconnection between border routers from each domain. In more current routing terminology, a routing domain also is referred to as an autonomous system. An autonomous system is an independent routing domain under the control of a single administrative authority.

Understanding IP Routingfig1.9

As noted before, an exterior gateway protocol provides the capability for sharing routing information between the two domains. Currently at version 4, BGP is the only IP inter-domain protocol that is used for interconnecting the numerous autonomous systems in the global Internet. An interior gateway protocol provides routing intelligence within an autonomous system. Each of the autonomous systems in the Internet can run any suitable IGP. With the exception of EGP (the obsolete routing protocol) and BGP, all the other unicast protocols mentioned so far—IGRP, EIGRP, RIP, OSPF, and IS-IS—are IGPs (see Table 1-4).

Understanding IP Routingtb1.4

The Interior Gateway Routing Protocol (IGRP) was invented by Cisco Systems to offer better metrics than the simple hop count supported by RIP. IGRP introduced a composite metric that consists of several parameters:

  • Bandwidth
  • Delay
  • Reliability
  • Load
  • Maximum transmission unit (MTU)

Cisco evolved IGRP into the Enhanced Interior Gateway Routing Protocol (EIGRP). EIGRP provides faster convergence relative to IGRP by using backup routes, referred to as feasible successor routes, that are readily installed in the routing table when a preferred route is lost. Unlike IGRP, EIGRP supports VLSM.

OSPF and IS-IS are both popular IGPs used in very large IP networks. IS-IS originally was designed as a routing protocol for the Connectionless Network Protocol (CLNP) but later was adapted to route IP about the same time that the Open Shortest Path First (OSPF) proto-col was being standardized in the Internet Engineering Task Force (IETF). OSPF and IS-IS are both link-state protocols, whereas RIP, IGRP, and EIGRP are distance vector protocols.

Also, OSPF and IS-IS are link-state protocols that use the shortest path first (SPF) algorithm (named after Dijkstra) for route computation, making them converge relatively fast in re-sponse to network changes.

Both protocols also support a two-level hierarchical routing architecture. OSPF and IS-IS are very similar protocols with almost identical capabilities. However, they have some architectural differences that are beyond the scope of this book.

An interesting point to note, however, is that OSPF was designed entirely for IP only, and OSPF packets are encapsulated in IP packets. In contrast, IS-IS was designed for CLNP and was adapted to support IP additionally. IS-IS packets are not encapsulated in IP packets but rather directly by the data link protocol.

The next section of this chapter looks at yet another routing protocol classification: distance vector and link-state protocols.

Distance Vector Versus Link-State Protocols

This section takes a look at routing protocol from a different perspective. In the previous sections, we considered general classification such as classful versus classless and also IGP versus EGP. This section discusses classification based on design and operation. The second row in Table 1-4 places the protocols discussed so far into four different categories, two of which stand out—distance vector and link-state. These two broad categories actually apply to IGP as shown in the table.

EIGRP is essentially a distance vector protocol just like IGRP, except that it is rightfully considered in its own class as an advanced distance vector protocol because it has more modern characteristics, such as support of classless routing and fast convergence. BGP is also in its own category, path vector protocol because, as an interdomain routing protocol, it uses the AS path attribute, which is made up of the list of autonomous systems that a route has traversed as a key measure for route comparison and selection.

Versions 1 and 2 of RIP (RIP-1 and RIP-2) and IGRP are classified as distance vector protocols because they use route-computation algorithms based on the Bellman-Ford algorithm. The Bellman-Ford algorithm is used in graph theory for calculating the shortest distance between two vertices in a directed graph. A directed graph is a collection of points, interconnected with directional links, such as the nodes and links in an internetwork. Routers running distance vector routing protocols use the Bellman-Ford algorithm for determining the shortest paths to all known locations in the network.

OSPF and Integrated IS-IS are both link-state protocols and use the shortest path first algorithm (Dijkstra) for route computation. Just like the Bellman-Ford algorithm, the Dijkstra algorithm provides an alternate method for computing the shortest distance between two points in a directed graph.

EIGRP uses a Cisco Systems–patented algorithm known as the Diffusing Update Algorithm (DUAL) to optimize route calculation, breaking away from its predecessor, IGRP, which is based on the Bellman-Ford algorithm.

The type of algorithm used by a protocol for route computation goes a long way toward affecting the efficiency of the protocol and how fast it converges. The following sections examine the concepts and operational principles behind distance vector protocols and link-state protocols.

Distance Vector Routing Concepts

This section reviews key concepts that underlie the operation of distance vector routing protocols, such as metrics, count to infinity, split horizon, holddowns, and triggered updates. These concepts are evaluated in terms of general routing functionality, such as stability and speed of convergence and loop avoidance.

Distance Vector Metrics

In the Bellman-Ford algorithm, each router advertises the best paths to all known des-tinations, from its perspective, to all neighbors. The links between routers are assigned a measure known as cost or metric. The metric can be determined from characteristics of the links, such as hop count, bandwidth, delay, reliability, monetary value, and so on. The hop count associated with a link between two directly connected nodes is usually 1, even though arbitrary values can be administratively assigned. The metric associated with a specific path to a known destination from any router is the sum of all the metrics of links along that path. Usually, the path with the lowest metric is the best. A router might have many neighbors and, therefore, might receive multiple paths for the same destination. It then computes the metric associated with each of these paths and selects the best path by a criterion such as the lowest metric.

RIP uses hop count for metric, with the maximum possible number of hops to any reachable destinations being 15. A metric of 16 hops or more is considered to be infinity. Hence, a hop count of 15 defines the maximum width of reachability in a RIP network. This imposes a limit on the size of RIP-based networks, which also implies that RIP is suitable for only small, flat networks. Hop count actually pertains to the node count from a specific source to a destination and has no consideration for actual network characteristics, such as bandwidth, delay, or monetary costs.

IGRP, which is also a distance vector protocol, uses a metric system that takes into consider-ation relevant characteristics of the network, such as bandwidth, associated maximum trans-mission unit, reliability of links, and also path delay. The metric assigned to each link in the outgoing direction is calculated from a formula that takes into consideration all these char-acteristics. This sort of multifaceted metric is called a composite metric.

The Bellman-Ford algorithm uses a vector (distance vector), consisting of cost (metric) and next-hop information for each known route to determine best paths in the network from any standpoint. An iterative procedure calculates the cost of all paths for any received route and selects the vector with the best cost for each route. Hence, routing protocols that are based on the Bellman-Ford algorithm commonly are referred to as distance vector protocols (see Table 1-4).

Routing Convergence

When there is a topology change, a router might invalidate some of the previously known best paths. The router then uses new or existing information to determine an alternate best path for each affected destination. Recalculating routes to rediscover alternate routes as a result of network topology changes is referred to as routing convergence. Routing convergence may be triggered by events such as router failures, link failures, or even administrative metric adjustments.

Distance vector protocols such as RIP and IGRP are relatively simple compared to their link-state counterparts. However, this simplicity comes with a price. Because each router bases its best-path determination on the best paths advertised by neighbors, such protocols are very prone to routing loops. A routing loop occurs when two nodes point to each other as the next hop along the path to the same destination. The most obvious effect of routing loops is that they prolong the time it takes for a router to determine a route is no longer available or to select an alternate path. Routing loops adversely impact convergence times. Therefore, it is desirable that unusable routes be removed from the network as soon as possible. The following sections discuss various methods employed by distance vector protocols to prevent or limit the effect of routing loops and improve convergence. The following is discussed:

  • Counting to infinity
  • Using holddown
  • Using split horizon and poison reverse
  • Using triggered updates

Loop Avoidance

Routers running distance vector protocols determine best paths for routes relative to neigh-bors that have advertised those routes to them. The mechanics of operation of distance vector protocols, specifically the way routes are advertised by distance vector protocols, makes such environments very susceptible to routing loops—for example, when a router running a distance vector protocol broadcasts routing updates over all interfaces activated for the protocol. When a router broadcasts all known routes in this manner, it may advertise a route back to the source it was heard from. Consequently, when there is a failure, it is possible for two neighboring nodes to think that the other is the next hop along the best path to a specific destination. This situation, which results in a routing loop, is elaborated in Figure 1-10.

Understanding IP Routingfig1.10

In Figure 1-10, RT1, RT2, RT3 are connected serially, and hop count is used as the measure for metric. A route associated with the destination link (Dest3) is advertised by RT3 to RT2, with a hop count of 1. RT2 assigns Dest3 a hop count of 2 and then advertises it to RT1. RT1 stores Dest3 with a hop count of 3 and with RT2 as the next hop. RT1 then might advertise Dest3 back to RT2. This route is not used by RT2 because it has a worse metric (four hops) than the original that came from RT3 (two hops). However, if the connection between RT2 and RT3 is broken, RT2 will remove the original route and install an alternate route to Dest3 with a metric of 4 and RT1 as the next hop. Meanwhile, RT1 has the same route pointing back to RT2 as the next hop. Thus, a loop situation is created and any packets from RT1 or RT2 to Dest3 will be caught up in a “ping pong” between the two routers for some time until their Time To Live (TTL) counters in the packets expire. Routing loops disrupt routing, and it is desirable to curtail them as quickly as they appear. To limit the effect of routing loops, distance vector protocols use a method known as counting to infinity. This principle is elaborated in the next section.

Counting to Infinity

To prevent routing loops of indefinite duration, distance vector protocols enforce limits on route metrics that allows routers to declare routes as unreachable after the associated metrics reach a certain value. In the loop situation described in Figure 1-10, RT1 and RT4 might advertise Dest3 to each other, each time increasing the associated hop count received from the other by 1 and before readvertising the route. Consequently, the metric associated with Dest3 will continue to increase. Counting to infinity places an upper bound on the metric beyond which it is considered infinity and the route is declared unusable. For RIP, this upper bound is 15.


Holddown is used to dampen a route’s response action to finding an alternate route when a primary route is no longer usable. When a router determines that a route is no longer avail-able, it places the route in holddown state for a duration called the holddown time, during which it doesn’t select an alternate route, even if available. The route in holddown state is advertised with a metric or value of infinity in an attempt to purge it from the network. Purging unusable routes helps reduce the incidence of routing loops.

To illustrate this using Figure 1-10, RT2 places Dest3 in holddown when it invalidates routes heard from RT3 because of the failure of the connection between them. With Dest3 in holddown state, RT2 does not use the alternate route from RT1; instead, it advertises Dest3 to RT1 again with a metric. This allows RT1 to withdraw Dest3 from its tables. By the expiration of the holddown time, both RT1 and RT2 are expected to have removed Dest3 from their routing tables, thus avoiding a potential routing loop.

Another benefit to using holddowns is that it prevents unnecessary reactions to equipment-related glitches that cause the link to flap. The downside is that it contributes significantly to the higher convergence times associated with distance vector routing protocols.

Split Horizon and Poison Reverse

Routing loops are primarily the result of routes being leaked back to their sources. For example, in Figure 1-10, the loop between RT1 and RT2 is caused by feedback of Dest3 back to RT2 by RT1, misleading RT2 to think that RT1 is the next hop on an alternate path to Dest3.

Split horizon prevents a router from advertising a route back out the interface through which it was received. With split horizon in effect, RT1 cannot advertise Dest3 back to RT3 over the link between them (see Figure 1-10).

Poison reverse is similar in principle to split horizon, except that it allows routes to be advertised back out the interfaces on which they were received as unreachable (metric of infinity assigned). That is, routes are “poisoned” in the reverse direction. Referring to Figure 1-10, with poison reverse enabled, RT1 advertises Dest3 back to RT2, but with a metric value of infinity (16 hops, in the case of RIP).

The approach adopted by poison reverse can result in undue waste of bandwidth if many poisoned routers must be advertised back out. However, this approach speeds up route convergence by eliminating the need for holddowns. In this case, the alternate route would have an obvious infinite metric when fed back to the source, hence simplifying the search for an alternative path, when the primary route is lost.

Periodic and Triggered Updates

Routers running distance vector routing protocols, such as RIP and IGRP, advertise all the contents of their routing tables at regular intervals. Periodic broadcasts of large routing tables are a major concern in large networks. For example, RIP broadcasts all known routes out of every active interface every 30 seconds, by default, even if there are no changes. IGRP uses a default update interval of 90 seconds.

If updates are advertised only periodically, changes in the network might not be communi-cated fast enough, impacting convergence times. Also, the holddown time typically is tied to the update interval. So a larger interval might result in less bandwidth consumption by routing updates yet might introduce higher convergence times.

Triggered (or flash) updates remove delays in convergence caused by periodic updates by sending updates immediately following a network change instead of waiting for the periodic update timer. Flash updates trickle through the network from one node to the other, resulting in an overall time gain in network-wide convergence, even if not very significant. Complicity between periodically scheduled updates and triggered changes can result in unpredictable behavior.

Link-State Protocols

Link-state protocols are relatively more modern and, therefore, incorporate capabilities into their design to overcome some of the shortcomings of distance vector protocols discussed previously. Hence, they are more sophisticated and require more memory and processing resources to operate effectively. By virtue of characteristics such as faster convergence, incremental updates, and a hierarchical architecture, link-state protocols are more suitable for deployment in large internetworks. Two popular link-state protocols used in IP networks are OSPF and IS-IS.

Unlike distance vector protocols, which share best-known routing information, link-state protocols allow routers to exchange topology (link-state) information that allows them to draw out the layout of the internetwork’s topology. Routers in a link-state network converge relatively faster than their distance vector counterparts by responding immediately to changes in the topology, without the need for loop avoiding or limiting holddowns and counting to infinity. For example, RIP and IGRP typically feature convergence times in minutes, whereas OSPF and IS-IS converge in the order of seconds for comparable network changes.

Link-state protocols support hierarchy for scaling purposes by carving out a network into areas (see Figure 1-11). Routing within areas fall in the first level of the routing hierarchy. The areas are interconnected over a backbone area, and routing within the backbone consti-tutes the second level of the hierarchy.

Understanding IP Routingfig1.11

Routers in the same area or the backbone share link-state information that is assembled into a link-state database. The topology of the area or the backbone is discerned by running the shortest path first algorithm over the respective databases. This procedure also generates the best routes that are used in the IP routing and forwarding tables. Chapter 8, “Understanding Open Shortest Path First (OSPF),” and Chapter 10, “Understanding Intermediate System-to-Intermediate System (IS-IS),” describe the operation of the link-state routing protocols and their respective protocols in more detail.

Metrics in Link-State Protocols

Both OSPF and IS-IS use metrics, which are measures of link bandwidth. OSPF goes a step further, to provide autoconversion of the bandwidth on interface to a link cost. IS-IS metrics are 10, by default, on all interfaces. In both cases, the metric or cost associated with a link can be manually configured. The metric associated with a route is the sum of all the metrics on the outgoing links to the associated destination.

Chapters 8 and 10 provide more information on metrics in OSPF and IS-IS, respectively.

Routing Protocol Administrative Distance

The previous sections in this chapter provide a high-level overview of IP routing protocols from the perspectives of design, architecture, and operation. The section discusses briefly generic implementation-related issues that impact operation of these protocols on Cisco routers. Details of operation and configuration of each protocol are covered in the protocol-specific chapters.

Cisco IOS Software provides common command resources for configuring and enabling the capabilities of IP routing protocols. Commands such as distance, distribute-list, redistribute, route-map, policy-map, access-list, prefix-list, offset-list, and so forth frequently are referred to as protocol-independent commands because they can be used in diverse ways to enable many features in Cisco IOS Software, including routing protocol capabilities. In their application to routing protocols, protocol-independent commands are used for filtering routes, enabling redistribution, configuring default routes, and imple-menting various routing policies. You can find more detail on these commands online at www.cisco.com; however, this section discusses the distance command and the feature that it supports—administrative distance.

All the IP routing protocols discussed so far can operate concurrently and yet independently on Cisco routers if enabled together. Usually, only one IGP (OSPF or IS-IS) is required to run alongside BGP in an IP network. However, depending on the situation and the history of a network, more than one IGP might be operation to support routing requirements.

Administrative distance is a Cisco-specific method of distinguishing between routes obtained from different routing sources in the same network. It provides a simple mech-anism to differentiate believability of routing information sources. Cisco IOS Software assigns numeric values to routing sources that allow routes from one routing source to be preferred over similar routes from another source. Sources with lower administrative distance values are preferred. When multiple protocols supply the same route, only the route from the source with the lower administrative distance will make it into the routing table. Table 1-5 lists the default administrative distances of IP routing sources. The distance command can be used to modify any of the defaults.

Understanding IP Routingtb1.5

Fast Forwarding in Routers

Even though this book is about routing protocols and how to troubleshoot routing-related problems, we would like to briefly mention in this introductory chapter that the high-speed forwarding requirements in today’s networks have led to ingenious ways of packet processing on routers that extend beyond basic decision-making based on the IP routing table. The routing table remains critical for routing guidance, but instead of using the contents of the routing table directly, routers transform the routing information in the routing table for storage in data structures, optimized for high-speed packet forwarding. Cisco provides various high-speed forwarding mechanisms, such as fast switching, optimum switching, and Cisco Express Forwarding (CEF).

Frequently, troubleshooting routing problems requires investigation into the fast-forwarding tables, such as the CEF Forwarding Information Base (FIB) and the Adjacency Database. Detailed discussions of these fast-forwarding mechanisms are outside the scope of this book. More information on this subject matter is available at the Cisco site, www.cisco.com.

About the author


Leave a Comment