Igp Summary of the VPN gateway using the kernel-VPN Protocol

Igp-Summary: an advanced distance vector routing protocol, which features both distance vector and link status routing protocols. China site, applletalk and other network layer protocols. VPN is an efficient routing protocol. It has the following features: 1. control layer: Different igp protocols, small AD (AD can be used to manage the distance and the advertised distance of VPN, this refers to the Management Distance) for different igp protocols, using metric small path data layer: the target ip address and the mask can match the route entry with the operation query route entry. 2. Create and maintain the neighbor relationship by sending and accepting the hello packet, and exchange route information. 3. Use multicast (224.0.0.10) or unicast route update; 4. The Management Distance of the network is 90 internal or 170 external; 5. Trigger update to reduce bandwidth usage; 6. Supports the variable-length Subnet Mask (VLSM) and automatic aggregation is enabled by default. 7. Supports multiple network layer protocols, such as IP, IPX, and ApplleTalk. 8. For each network protocol, all nodes in the network maintain independent neighbor tables, topology tables, and route tables. 9. the diffusing update algorithm (DUAL) is used to achieve fast convergence and ensure that no routing loops exist; 10. store information about the entire network topology to quickly adapt to network changes. 11 Supports equivalent and non-equivalent load balancing. 12. Use the Reliable Transport Protocol (RTP) to ensure the reliability of route information transmission. 13. seamlessly connect to the data link layer protocol and topology, do not require special configuration for the OSI Reference Mode layer-2 protocol. 14. Build the necessary similarities of the neighbors AS number, authentication password, K value, mtuvpn Protocol Working principle: by sending and receiving five kinds of packets, the neighbor table and Topology table are generated, and the DUAL (dispersion update algorithm) is used) algorithm obtained route table: * hello packet forms a neighbor relationship --- neighbor table -- topology table -- route table * update (update packet) sends route update * query (query packet) when a route is lost, send a query packet to the neighbor. * When the router receives the query packet, it must make a reply. * ACK (confirmation packet) must confirm the router that receives the update packet. Update package, query package, replay package is a reliable package, that is, there must be a response, otherwise re-release note: Red is a reliable packet # show ip: the time interval between reliable packets and ACK reception. RTO: Retransmission timeout time. After an update is sent, if ack is not received, the uodate will be sent after RTO. The default value is 16 times, if you have not received the request, the focus of rebuilding the neighbor relationship is to Query the packet: ① send hello packets to each other and establish a neighbor relationship ② when the first neighbor relationship is established, all route entries are exchanged; otherwise, incremental updates, after receiving the message, send ack confirmation # show ip VPN topology // view the topology table # debug ip subnet 65001? The two routers need to form a neighbor relationship, depending on each other's hellovpn HELLO clock * The hello packet is sent every 5 seconds on the network link with a bandwidth greater than T1 * The hello packet is sent every 60 seconds on the link with a bandwidth less than T1 * hold time it is three times the hello time. Key Terms in the OSPF route selection Protocol 1. Neighbor table: bidirectional communication between direct connection neighbors. 2. Route table: Optimal Route 3. Topology table (identical) 4. FD: feasible distance, total link overhead of the destination network 5. AD: Report distance, the total link overhead of the route from the neighboring router to the destination network is not equivalent to the load balancing: The AD value of the successor that is feasible in the necessary conditions <FD of the successor (four are supported by default, and a maximum of six are supported) in the routing mode, maximum, and then variance is feasible to successor FD <successor FD * variance, you can change the bandwidth and latency of the Load Balancing path on the interface. 6. successer: the best route in the route table. 7. feasible successer: Backup route, save the topology table. (Equivalent to the redundant route of the successor) if the AD value of the sub-optimal path is <FD value of the optimal path, the sub-optimal path is the calculation of feasible successer 8 and metric value: bandwidth k1: Load k2: delay k3: Reliability K4: MTU K5: Default K1 and K3 are set to 1, others are 0 Metric = (10 ^ 7/bandwidth kbps delay/10 microseconds) * 256 Add the metric value of the ingress interface, the metric9 of the ring port must be calculated, and the default IP address Hello-interval VPN 100 hello time must be modified. (the time when the ospf hello parameter is modified does not affect the establishment of the neighbor relationship, but the ospf hello time is different, in this case, no neighbor relationship can be established, while the as numbers of the ospf must be the same, and the as numbers of ospf must not be the same. They are only used to differentiate process numbers.) 10. Route injection redistribution: first, set 0.0.0.0 on the border route, and the next hop points to the Internet (its own outbound Interface), and then redistribut static injection to the 0.0.0.0 public network. Route, set on the border route, and the routes in the as can be received, the management distance is 170 default route: first set 0.0.0.0 on the border route, next Hop points to the Internet (its own outbound Interface) Network 0.0.0.0 Ip default-network: On the VBR, the Ip default-network points to the primary ip address of the Internet (its outbound interface, the primary ip address is the default route (not only 0.0.0.0 is the default route, but * is the default route) if the route table does not have the CIDR Block of the primary route, you must manually add the static route to the route table. For example: ① ip route 0.0.0.0 0.0.0.0 f0/0 Router VPN 100 Redistribute static metric 1544 100 255 1 1500 ② ip route 0.0.0.0 0.0.0.0 s0/0 Router VPN 100 Network 0.0.0.0 ③ ip default-network 192.168.1.0 Router VPN 100 Network 192.168.1.0Ip route 192.168.1.0 255.255.255.0 s1/011, manual summary: ip summary-address: the sum route entry of the OSPF route entry is used to obtain the minimum overhead value of the route entry. After the last route entry is down, the summary route will disappear. The summary route will be automatically directed to null012, And the VPN gateway will be used to authenticate the NAT Gateway. Only MD5 authentication is supported. In Global mode, Key chain XXX # defines the Key string name xxx, the password of the locally valid Key 1Key-string cisco # key 1. You can define multiple keys. The passwords at both ends must be consistent. 13. passive interface (usually used for optimization). You do not need to send the password back to the ring. After a passive interface is set up in the loose to send packets, the route still sends the announcement of the directly connected route after it does not send the OSPF Packet (used in the routing process): 1. Network Segment announcement: it is not in the subnet mask and is in the format of A, B, and C. 2. subnetwork Declaration: carries the subnet mask (Anti-mask) in the format of the actual number of network bits. Route aggregation is required.