The Basics
There are four types of router memory – all are permanent (non-volatile) except DRAM. Volatile memory is erased upon power-off, non-volatile holds it’s data indefinitely through the use of a small battery
Non-volatile (ROM, Flash, NVRAM) memory retains it’s data when powered off. Volatile (RAM) memory is erased upon power-off. NVRAM, like RAM can be written to directly by the IOS. Flash can be written to but only by a special process where the data is “burned” into the EEPROM (Electrically Erasable Programmable ROM) :
ROM (Read-Only Memory) – contains four sections of microcode:
1. bootstrap – a routine to bring up the router during boot, and load the IOS
2. POST – check basic router functions and find out which interfaces are present
3. ROM Monitor (rommon) - used for manufacturing testing and troubleshooting, and can be used to for password recovery.
4. Mini-IOS - also called RXBOOT - a basic IOS that can bring up an interface and load the IOS into Flash, as well as a few other maintenance operations. NOTE: the 7000 and 7500 router series have a full version of the IOS stored in ROM.
RAM (or DRAM) – volatile memory - this is the main working memory that stores :
· Running-config
· IOS
· Routing Tables
· ARP cache
· Buffers
· Access-Lists
· etc.
Data is quickly transferred between RAM and CPU, such as the paging in and out of operating data, packet buffers, ARP cache, the running config, and routing tables. For the CCNA only the config and routing table need be considered. Upon bootup, info from both NVRAM (config) and Flash (IOS) is copied into DRAM for the duration (until the router is turned off). As you enter commands and make changes to the config, the changed config is stored in DRAM and is called the “running config”. Make sure to copy the running config to the “startup config” in the permanent storage (NVRAM) so that if you need to reboot, your changes are not lost !!! (copy run start)
NVRAM – non-volatile memory – permanently stores the initial startup config, which will become the same as the running config if the “copy run start” command is issued. The NVRAM insures that even if power is lost, the router can reboot and load the configuration (which is lost in DRAM during a power outage). This is a very unusual type of memory, since all other tyes of RAM lose their data when powered off.
Flash – this is non-volatile memory (EEPROM) and stores the IOS. In 7500 routers, it can also store several config files.
ROM - bootstrap
- the system bootstrap routine starts from ROM and tells the router to run the POST and then look for an IOS in Flash memory
- router runs the POST (Power-On Self Test)
- looks for a compressed IOS image in Flash Memory
· if an IOS is found, it is decompressed and loaded into DRAM
· if no IOS is found the bootstrap routine can either load an image from a TFTP server or from the included CD that come with the router
- the router looks to NVRAM for a startup config
· if a startup config is found in NVRAM it is loaded into DRAM
· if there is no startup config in NVRAM, then the router goes into *setup mode
DRAM (ARP cache and routing tables)
- the DRAM is now loaded with the IOS and config, and the router sends out ARP’s and Routing protocol broadcasts to build it’s ARP cache and routing tables and store them in DRAM. This is now the operating memory of the router. All other types of memory are fairly dormant from this point on.
* setup mode is an interactive, step-by-step process with only very basic global commands. You can enter setup mode at any time from priviledged mode by typing “setup”. There are two versions: Basic Management and Extended Setup
Cisco has several different terms for interfaces, depending on the router:
|
Router |
Interface |
|
2500/2600 |
Module or WIC (WAN Interface Card) |
|
3600 |
Network Module or WIC |
|
4500 |
Network Processor Modules |
|
7200 |
Port Adapters and Service Adapters |
|
7500 |
Interface Processors and VIP (Versatile Interface Processor) with Port Adapters |
CLI (Command Line Interface)
The CLI is simply the text-based interface that allows someone to configure the router by issuing commands, line-by-line, and hitting <Enter> after each command. There are 3 ways to access the CLI : console, auxiliary, and telnet. Console is the most common, and is accessed by a laptop with a 9-pin serial cable connected to the console port of the router. Auxiliary is a modem RJ11 port, used to dial in from a PC running terminal emulation software – the auxiliary port is also used for the router to dial out for dial backup. Telnet is remote access through an IP network (Internet or Intranet), and requires that a password is set via the console CLI first.
Syslog – these are the system messages that are sent to the monitor by the router, and give various types of info.
Debug – this command increases the amount of syslog messages, and is useful if there is a problem that needs debugging. Debug messages are not seen with Telnet sessions, but they can be seen by issuing the terminal monitor command.
no debug all - command to turn off debugging
CAUTION: Debug can cause so many messages that it can crash the router
Logging – since the debug messages are so volumnious, they can become frustrating, and it is best to simply log them.
logging buffered – Telnet Command that tells the router to buffer the syslog messages
logging synchronous – console command that tells the router to hold the syslog messages until after the command is completed
show logging – dump the buffer of syslog messages onto the screen
logging host-ip and snmp-server enable trap - to send syslog messages to another device (such as a “syslog server”). The first command tells the router what ip address the syslog host has (replace host-ip with the ip address), and the second command enables snmp so that the messages are sent by forwarding the traps to the syslog server. You need to type in both commands.
Router images are stored either in flash or on a TFTP server, and they use a .bin extension – switch images can only be stored on a tftp server and are stored with a .cfg extension. This is not the config !!!
OSI Model
Buffering – buffers allow the router to receive more than it can process – for a while, and then it begins discarding packets
ICMP Source Quench messages – congestion avoidance – the receiving router sends these to the souirce router each time it discards a packet due to congestion. The sending router slows down transmission but does not stop transmitting. When the source quench messages stop, the sending router gradually increases transmission speed
Windowing – both routers agree on a window size, “n”, prior to transmission – then the sender sends the window size of “n” segments and waits for an ack. When it receives an ack again it sends n segments.
from Top to bottom:
Core Layer – reliable transport to all users. Designed for high-speed and fast convergence.
Distribution Layer – (workgroup layer) provides routing, filtering (access lists, security, etc.), and WAN access, and is a communication point between the access and core layers.
Access Layer – (desktop layer) provides user and workgroup access to the network. Ethernet switching, collision domains (segments), and connectivity into the Distribution layer.
NAT (Network Address Translation) and PAT (Port Address Translation)
Private IP addresses (illegal on the Internet) can be translated to legal, routable Internet IP addresses by a NAT device (router, or dedicated NAT/firewall box such as the Cisco PIX). NAT does address translation and also “many-to-one” address translation (“PAT” – Port Address Translation).
|
Routing Protocol |
Type |
Loop Prevention |
Subnet Mask sent in Updates? |
|
RIP-1 |
Distance Vector |
Holdown Timer, Split Horizon |
No |
|
RIP-2 |
Distance Vector |
Holdown Timer, Split Horizon |
Yes |
|
IGRP |
Distance Vector |
Holdown Timer, Split Horizon |
No |
|
EIGRP |
Balanced Hybrid |
DUAL and Feasible Successors |
Yes |
|
OSPF |
Link-state |
Dijkstra SPF algorithm and full topology knowledge |
Yes |
Learns routes, notices failed routes and takes action (adds the new route in), and prevents loops. This also called “Routing by Rumor”, since the router simply believes route updates sent from other routers to be true but does not find out the info by itself.
NOTE: to verify both RIP and IGRP, in priviledged mode: #sh ip route
to see debug messages in syslog:
#debug ip rip or
#debug ip igrp events or #debug ip igrp transactions
to turn off debug syslog messages: #undebug all
Routing Updates – occur every n seconds and include the entire routing table. Upon booting a router, it initially loads it’s own interfaces into it’s routing table – each will have a metric of 0 since they are directly connected. Then the updates are both sent and received, until the routing table has “converged” (learned and recorded all routes).
Administrative Distance (AD) - a value (0 to 255) assigned to a route based on that route’s routing protocol, that is used to judge the trustworthiness of that route. 0 is the most trustworthy. 255 means that no traffic will be sent via that route. AD is simpler than metrics and therefore, if there are multiple routing protocols, the AD of a route is looked at first when there is more than one route to reach a particular host. The route with the lowest AD is accepted and placed in the routing table. Of course, typically there is only one routing protocol and therefore all routes have the same AD, and in the metric is the deciding factor.
|
Route Source |
Default AD |
|
Directly Connected Interface |
0 |
|
Static Route |
1 |
|
EIGRP |
90 |
|
IGRP |
100 |
|
OSPF |
110 |
|
RIP |
120 |
|
External EIGRP |
170 |
|
Unknown |
255 |
NOTE: if multiple routes exist with the same AD, then the routing metric is used. RIP or IGRP will then be used, and will use a load-balancing algorithm to send data along all routes. RIP uses a simple round-robin method, which unfortunately does not take into account the bandwidth. For example, if a 56k path and a T1 path could both be used to reach a destination, RIP would send half the packets one way, and half the other way, failing to take advantage of the faster T1 route.
Metric - each route advertised has a metric, which by default is the hop count for RIP, and bandwidth delay for IGRP (but can also include reliability, load &MTU)..
Hops – the number of routers “hopped” over. Between two routers is a network ID. If there are only two routers, this network is 0 hops away since it is directly connected to both routers. see the diagram below
Routing Table – the routing table is a series of records that can be shown as rows, like a spreadsheet. Each record is comprised of three things: Network number, the interface, and the metric to that network. The network number is the IP address of the network formed on that particular interface.
Once all routing tables in all routers of a network are converged by the routing updates, provided each router has a path to every other router - then each router will have the same number of records – one for every interface, including it’s own. For example, with RIP the metric is the number of hops :
Before Convergence
RIP Routing Table upon Initial Bootup
After Convergence
Update Timer - with RIP-1 and IGRP, the directly connected subnets (not the masks) are advertised with broadcasts every 30 secs for RIP and 90 secs for IGRP
Invalid Timer – if no update is received for 90 secs for RIP and 180 secs for IGRP, the route is considered invalid and the router will send an update to all other routers letting them know that it has made that conclusion
Flush Timer – the time between when a route is considered invalid and when it is actually purged from the routing table. If, once the Invalid timer limit has been reached, a router continue to fail to receive an update within 240 secs for RIP, 630 secs for IGRP, the routing info learned from that neighbor is removed from the routing table.
Holdown Timer – used to keep the network stable when a route is going up and down (route flapping) due to a bad serial link or some other problem. The default period is 180 for RIP and 280 for IGRP. The holdown period will not allow the new route to instantly be accepted and copied into the table. When a router receivs an update from a neighbor indicating that a route is no longer available, the holdown timer starts. At this point, until the timer stops, as updates for new replacement routes are received:
if the new route has a lower metric, it is accepted and the holdown timer stopped
if the new route has a lower or same metric, it is ignored
Route Poison - failed routes are advertised as having a metric of infinity. RIP’s max distance is 15 hops, so infinity is 16.
Split Horizon means that a router will only advertise routes learned elsewhere. It will not advertise a route to a router that it learned the route from. If router B is connected to routers A and C, then router B will send A routes learned from C, but it will not send A routes learned from A.
RIP-1 vs IGRP
- both do not send the subnet mask in their updates. The receiving router simply assumes that the mask is the same as it’s own mask that is used for it’s own interface connected to the link that the two routers have in common
- both have auto-summarization on by default, and it cannot be turned off
|
Feature |
RIP |
IGRP |
|
Update Timer |
30 secs |
90 secs |
|
Holdown Timer |
180 secs |
280 secs |
|
Infinity metric |
16 hops |
4,294,967,295 delay and bandwidth |
Has several additional improvements over RIP-1. RIP-1 is a classful protocol, because all devices must use the same subnet mask, and therefore no masks are sent out in the updates. RIP is classless, and therefore must send the subnet mask. The features are :
transmits subnet mask with route (so it supports VLSM)
provides authentication and MD5 encryption
can advertise a different route on the same subnet if anotherf router has a better route
uses external route tags
provides multicast routing updates
can turn off auto-summarization
16-bit register stored in NVRAM with flags that control router functions. Default is 0x2102 which tells the router upon boot to look for IOS in flash and the config in NVRAM. :
Bit# 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Binary 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
Hex 2 1 0 2
Bits 0-3 (Boot field), 6 (ignore NVRAM upon boot if set to 1), 7 (OEM bit), 8 (break disabled), 10 (IP broadcast with all 0’s), 11-12 (console line speed), 13 (boot from ROM if network boot fails), 14 (IP broadcasts do not have net numbers), 15 (enable diag messages and ignore NVM contents)
Boot Field:
0 boot into ROM (rommon) - set reg to 2100
1 boot IOS from ROM - set reg to 2101
2-F use the regular boot commands in NVRAM
Bit 6 is used for password recovery !!! Set the reg tp 2142 to set it.
Check the config reg contents: sh ver
boot router and hit break key in 60 secs to bypass NVRAM startup-config (you will be taken to rommon mode with the > prompt
change config reg to 0x2142: confreg 0x2142
or (for 2500 routers) o/r 0x2142
reload router: for 2600 routers: reset for 2500 routers: I
answer “no” when router asks you if you want to goto setup mode
goto priviledged mode: enable
copy start run
now – you can’t see the password, but you can reset it:
config t
enable secret password
change the config reg back to default: config-register 0x2142
copy run start
