The CCIE RS coaching is executed at CCIE coaching universities, that has tutors, lecturers, and boot camps. Within the CCIE, there's six tracks, specially, Storage Networking, Voice and Wireless, Routing & Switching, Service Provider, and Security. This examination is considered to be fairly tough and excellent one to clear, providing you with technical experience and dedication. This also makes you a member of an exclusive group of pros, makes your resume look grand, and will increase your credibility.

Moving forward in career would be the ambition of most IT specialists. CCIE RS coaching will provide the platform to supply a bonus within just the job market.  Once you begin in search of higher opportunities in or exterior your company, the CCIE certification will provide help to attain your objective simply on this aggressive entire world.

You'll have many reasons for taking CCIE RS coaching; getting excessive salary could possibly be considered one of them. Getting this certification will not be a simple work; it takes years, sometimes, to clear the exams. It takes eighteen months and a whole bunch of dollars to clear this test, which is why there's large marketplace for such licensed industry experts. The plus side to it truly is that, with such limited certified industry experts and high demand for them, the salaries furnished are extraordinarily high.

After receiving the CCIE RS coaching, you might be thought of to be an knowledgeable in the networking field. Subsequently, if a tough scenario arises, you might be at all times called in to settle the problem. When you will have this certification, you may be acknowledged worldwide for having high qualification within the networking and technology industry.

It's always essential to understand the general means of CCIE RS coaching examination, so that you will understand the form of training which can be needed. This examination consists of two principal elements, the written, and the lab test. The written half is of two hours size containing a number of-choice question. You'll be able to sit for the lab examination only if you are successful in the written test.  The lab examination is an eight-hour one that can take a look at your capacity to put collectively networking and software equipment and your troubleshooting ability.  Three years are provided for passing the lab examination, after which you will want to reappear for the written exam before continuing for the lab examination again.

A lot of the candidates showing for a CCIE RS teaching examination do not go on the first attempt. Nonetheless, there is fairly a high price of success within just the second attempt. To enhance the probabilities of success in this test, you should research the subjects that are exam specific. One essential issue to be kept in thoughts is that, after receiving this certificate, you should recertify each two years.

Consider studying concerning the expertise in every area as listed inside the Cisco blueprint. It will be recommended to have not less than four hundred hours of lab follow employing a simulated gear as a option to succeed within the CCIE security lab exam. Dedicate a part of your day in mastering every topic. You can find various study materials obtainable available in the market for better understanding of the subjects talked about within just the blueprint of Cisco. They assist you to in making ready yourself by way of the aid of structured software. You'll be able to spend money on a good workout plan, which lets you improve your amount of expertise.

You can go for online teaching packages from reputed corporations, which provide observe assessments and different helpful services to enhance your skills. CCIE safety can be utilized as a ladder in the direction of success. It can be accepted as a recognized certification plan within just the networking industry worldwide. A CCIE in security will open the gateway towards a shiny career.

Router1(config)#interface BRI0/0

Router1(config-if)#isdn switch-type basic-ni

Router1(config-if)#isdn spid1 800555123400 5551234

Router1(config-if)#isdn spid2 800555123500 5551235

This site is connected to a National ISDN switch. So we have defined the switch type to be basic-ni. If this had been a PRI rather than a BRI, we would have used primary-ni. And because it is a National ISDN switch, we also have to include the ISDN Service Profile Identifier (SPID) values. These define the telephone numbers associated with each of the two B channels in the BRI. Note that the syntax includes essentially the same number twice:

Router1(config-if)#isdn spid1 800555123400 5551234

The first argument is the whole telephone number including area code with 00 tacked on the end. These extra two digits vary between different telephone companies. Sometimes this needs to be a different code, such as 0101. The telephone company can tell you the correct value to include.

The second number is not always required. This is essentially the phone number that you would need to call this B channel from the other B channel. In this example, the telephone company uses seven-digit local dialing, so we can eliminate the area code.

There are several different kinds of ISDN switches, and it's important to find out what your carrier uses to ensure that you configure the router properly.

For telephone companies that use AT&T switches:

Router1(config-if)#isdn switch-type basic-5ess

For telephone companies that use Nortel DMS100 switches:

Router1(config-if)#isdn switch-type basic-dms100

Telephone companies outside of North America often use different kinds of ISDN switches. In France you would use the following command:

Router1(config-if)#isdn switch-type vn3

In Australia, the telephone company uses TS013 ISDN switches:

Router1(config-if)#isdn switch-type basic-ts013

In Norway and New Zealand:

Router1(config-if)#isdn switch-type basic-net3

In Germany:

Router1(config-if)#isdn switch-type basic-1tr6

And, in Japan:

Router1(config-if)#isdn switch-type ntt

Please contact the local telephone company supplying the BRI circuit to ensure that you have the right switch type. And be sure to ask them whether you need to configure SPIDs on your router. Some switches require them; others don't.

You can verify that you have your ISDN configuration working correctly with the show isdn status command:

Router1#show isdn status

Global ISDN Switchtype = basic-ni

ISDN BRI1/0 interface

    dsl 8, interface ISDN Switchtype = basic-ni

    Layer 1 Status:

    ACTIVE

    Layer 2 Status:

    TEI = 85, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED

    TEI = 86, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED

    TEI 85, ces = 1, state = 8(established)

        spid1 configured, spid1 sent, spid1 valid

    TEI 86, ces = 2, state = 8(established)

        spid2 configured, spid2 sent, spid2 valid

    Layer 3 Status:

    0 Active Layer 3 Call(s)

    Activated dsl 8 CCBs = 0

    The Free Channel Mask:  0x80000003

Total Allocated ISDN CCBs = 2

Router1#

In this case, you can see you have an "active" status at Layer 1, and both of the Terminal Endpoint Identifiers (TEI) are in a "MULTIPLE_FRAME_ESTABLISHED" state. This means that the router is talking with the telephone company's ISDN switch, and that both of the B channels are ready to go. This display also says that there are currently no active calls at Layer 3. As an aside, we should point out that this refers to the ISDN circuit's Layer 3, and not the IP network layer. When the router places a call, it will establish a PPP connection, which will support IP.

The actual dialing is done by the dialer map command:

Router1(config)#dialer-list 1 protocol ip list 101

Router1(config)#access-list 101 deny eigrp any any

Router1(config)#access-list 101 permit ip any any

Router1(config)#interface BRI0/0

Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212

Router1(config-if)#dialer-group 1

In this case, the dialer map says that to reach the IP address 10.1.99.1, it should dial the phone number 95551212 to reach the router called dialhost. Note that we have included a "9" at the start of this phone number. Again, you will need to ask your local telephone company whether there is a special code digit. We have seen places where we needed a 9, an 8, or nothing at all.

The broadcast keyword in this command allows both multicast and broadcast traffic to use this dialup link. This is extremely important for routing protocols such as EIGRP, RIPv2, and OSPF, which use multicasts for sending their updates between routers. This example uses EIGRP, so we need to include this keyword.

With this type of dialer configuration, you also need to define a dialer group. In this case, we have assigned this interface to dialer group number 1. You configure the behavior of this dialer group with the dialer-list statement, which defines what an interesting packet is for this network.

An interesting packet is one that will bring up the dialer, or keep it active if it is already up. If the circuit is up, then the router will reset the idle timer every time it sees an interesting packet. The result is that as long as there are interesting packets to send, the router will keep the dial session active. Otherwise, it will disconnect the call when the idle timer expires. This is particularly important when you are calling long distance numbers. If the wrong packets are considered interesting, it could mean an expensive phone bill.

So we have associated the dialer list with an access list that specifies what is interesting. In this case, all IP packets except EIGRP are interesting. It's important to remember that EIGRP packets will still pass through the dial link normally. But if the link is not active, an EIGRP packet is not sufficient to bring it up. And if the link is active, the presence of EIGRP packets alone won't prevent the router from dropping it.

However, sometimes you do want the link to remain active all the time. For example, the administrators of some small WANs like to keep ISDN sessions nailed up all the time (usually because they only pay an access charge, and not a usage or long distance charge). So if the session drops for any reasons, they want it to immediately dial up again. In this case, you could replace the access list with a new one that finds all traffic interesting:

Router1(config)#access-list 101 permit ip any any

It's easier still if you modify the dialer-list command to make all IP traffic interesting:

Router1(config)#dialer-list 1 protocol ip permit

When the router dials, it will use Point-to-Point Protocol (PPP) to carry Layer 3 protocols such as IP. So you need to define several PPP parameters:

Router1(config)#interface BRI0/0

Router1(config-if)#encapsulation ppp

Router1(config-if)#ppp authentication chap

Router1(config-if)#exit

Router1(config)#username dialhost password dialpassword

The encapsulation command simply tells the router to use PPP as its Layer 2 protocol. But because you don't want just anybody dialing into this dialhost router, it's a good idea to include some authentication. In this case, we have configured the router to use Challenge Handshake Authentication Protocol (CHAP) for authenticating PPP sessions. This basically means that both this router and the router it dials to will exchange usernames and passwords when they connect. The username for this router is the router's name. And we define the username and password for the other router with the username command.

We note in passing that Cisco supports another PPP authentication scheme called Password Authentication Protocol (PAP). CHAP is much more secure because it only passes passwords in encrypted form rather than clear text, as PAP does. CHAP is no more complex to set up, and presents no appreciable extra load on the router's resources. So we strongly recommend using CHAP rather than PAP.

Because this is an ISDN BRI interface, we would like to be able to use both of the B channels to increase the available bandwidth:

Router1(config)#interface BRI0/0

Router1(config-if)#dialer load-threshold 50 either

Router1(config-if)#ppp multilink

The command ppp multilink means that this PPP session can be split across several physical connections. This feature allows full load balancing and packet sequencing across all of the connections in the multilink bundle. In this case, we want to bond the two ISDN B channels into a single 128 Kbps PPP link. By default, the router will use only one of these channels, whichever one is available. The dialer load-threshold command specifies the rule that the router will use to bring up the second link. In this case, we have specified that if the traffic utilization in either direction (input or output) reaches ~20 percent (50/255 link utilization), then the router should bring up the second channel.

We have also modified the default idle timeout:

Router1(config)#interface BRI0/0

Router1(config-if)#dialer idle-timeout 300

By default, the router will drop the dial session if there have been no interesting packets for 120 seconds. We have increased this value to 300 seconds. Because ISDN dials so quickly, this is not vital. But with asynchronous modem dialup, it can take up to a full minute to establish a new session. You often need to increase the idle timer is to make sure that the primary connection is up and stable before disconnecting the backup circuit. It is a good idea to wait for the routing protocol to converge, and to ensure that the primary circuit isn't simply bouncing up and down. You also have to trade off between the time required to establish a new session and the cost of any long distance charges on this line. We generally recommend using an idle timeout period of 5 minutes, as shown in the example.

Finally, we come to one of the most important features of this configuration, the trigger condition. This router will dial whenever it has traffic to send to the IP address 10.1.99.1, which is the IP address of the dialhost router itself. User traffic will be directed to end devices such as servers, not to routers. The only way to bring up this dial interface is if this router needs to send an interesting packet to the dial router's IP address. This is where the floating static route comes in.

we discussed floating static routes. These are routes whose administrative distances are so high that any dynamically learned route to the same destination will be better. So the router will only install this static route if the dynamic routing protocol can't offer anything better:

Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180

In this particular case the routing protocol is EIGRP, which has an administrative distance of 90 by default for all internal routes and 170 for external routes. So, by creating this static default route with a metric of 180, we ensure that the router will never use it if it has anything better.

The net result is that if the primary link fails, EIGRP will lose all of its routes. So the router will install the floating static route to handle any user data packets that it needs to transmit. Since this route points to the far end of the dial link, this forces the router to bring up the dial connection.

The nice thing about this way of triggering dial backup is that it is extremely robust. Anything that causes you to lose connectivity for any reason will trigger the dial backup.

which uses the backup interface method to trigger dial backup, with the floating static configuration, you have the advantage that the interface remains up but not connected when the primary circuit is working. I

And one of the most useful features of this type of trigger mechanism is that you can test the dial backup easily. If you look at the dialer list, you will see that all the router needs to initiate a dial session is to have a packet to send to the far end that matches the dialer list. So, in this particular example, you could easily bring up a dial session for testing by just logging into the remote router and pinging the IP address of the dial backup router:

Router1#ping 10.1.99.1

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ipx routing AAAA.BBBB.0001

Router1(config)#interface Tunnel1

Router1(config-if)#ipx network AAA

Router1(config-if)#tunnel source 172.25.1.5

Router1(config-if)#tunnel destination 172.25.1.7

Router1(config-if)#exit

Router1(config)#end

Router1#

Then on the other router you must create a tunnel interface with a matching source and destination, as well as a matching IPX network number:

Router5#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router2(config)#ipx routing AAAA.BBBB.0002

Router5(config)#interface Tunnel3

Router5(config-if)#ipx network AAA

Router5(config-if)#tunnel source 172.25.1.7

Router5(config-if)#tunnel destination 172.25.1.5

Router5(config-if)#exit

Router5(config)#end

Router5#

Note that of all the supported tunnel modes mentioned in Table 12.1, only the default GRE will transport IPX, although there are several AppleTalk tunnel modes.

This book does not cover IPX, so we won't go into any detail on the IPX-specific commands here. This is merely intended as an example of how to use GRE tunnels for foreign protocols. For more information on IPX, please refer to Designing Large-Scale LANs by Kevin Dooley (O'Reilly).

To enable IPX on both of these routers, first you have to make sure that you are running an IOS release that supports IPX. The various "Desktop" IOS versions support this protocol, as do the "Enterprise" versions. Please consult the Cisco IOS feature matrices for more details. Assuming, then, that your router supports IPX, you can enable it with the ipx routing command, as shown. Naturally, you need to enable IPX routing on both routers. Then the only other important detail is to configure both ends of the GRE tunnel with matching IPX network numbers, as we have done in the example.

It's important to note that you can configure a GRE tunnel to support more than one protocol by simply specifying appropriate network numbers for each protocol using the tunnel.

Router1(config)#interface Tunnel1

Router1(config-if)#ip address 192.168.35.6 255.255.255.252

Router1(config-if)#ipx network AAA

Router1(config-if)#tunnel source 172.25.1.5

Router1(config-if)#tunnel destination 172.25.1.7

Router1(config-if)#exit

Router1(config)#end

Router1#

CCIE examination entails two assessments, which can be a CCIE composed investigate in addition to a CCIE lab examination. To be able to attempt the lab exam, you ought to apparent the authored test. For anyone who is not inside a situation to very clear the developed examination the 1st time, you might want to watch for just a hundred and eighty days for retaking it. Soon after clearing the developed test, it can be top to produce an experiment with for your CCIE lab test within eighteen months. It you happen to be incapable to very clear the lab examination, then you definately should re-try inside twelve months with a look at to take care of the composed examination end result valid.

It's a time restrict of two hrs and is also completed in various take a look at centers internationally. The subjects lined inside the developed exam rely on the specialization or track you end up picking. For company provider, chances are you'll pick out from classes like Cable, DSL, IP Telephony, Dial, Content material substance Networking, Optical, WAN switching, and Metro Ethernet. Each and every composed examination is crafted these days in the beta style at a value of $50 USD.

The CCIE lab test is unique in naturel, as it is really an eight-hour exam, which tests the power with the candidate to configure and troubleshoot networking equipment. Cisco has higher diploma of package in its CCIE labs to be used during the lab exams. The blue print on the lab exam is obtainable on its online site. The lab examination is not readily available at all Pearson VUE or Prometric testing centers.

A common CCIE R&S lab examination contains a two-hour hassle-taking pictures section by which you're presented a collection of tickets for preconfigured networks within the CCIE labs. It's best to have the ability to identify and resolve the faults. You can proceed towards the configuration part once you end the troubleshooting part.

A sound passing score is critical to try a CCIE Labs exam. Cisco uses the help of proctors to guage the candidates with the preliminary rounds in its CCIE labs located worldwide. Factors are awarded when a criterion is met and grading is carried out utilizing some computerized tools. The outcomes of a lab examination are mirrored in forty 8 hours. A move/fail is projected inside the end consequence and in case of a fail, the areas where you might be lacking behind are talked about so as to put together properly earlier than a re-try.

Cisco stands out in the industry of networking by providing a CCIE certification so that you can pursue your education as well as get acknowledged by a reputed organization. The CCIE lab examination can be utilized for a platform to challenge your capability in varied tracks provided by Cisco. Attempting a lab test requires rigorous coaching and substantial sense of understanding. The CCIE labs style step one to your higher potential career.

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip address 192.168.100.21 255.255.255.0

Router1(config-if)#ip rsvp bandwidth 128 56

Router1(config-if)#exit

Router1(config)#interface Serial0/0

Router1(config-if)#no ip address

Router1(config-if)#encapsulation frame-relay

Router1(config-if)#fair-queue 64 256 37

Router1(config-if)#ip rsvp bandwidth

Router1(config-if)#exit

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#ip address 192.168.55.9 255.255.255.252

Router1(config-subif)#frame-relay interface-dlci 904

Router1(config-fr-dlci)#ip rsvp bandwidth 128 56

Router1(config-subif)#exit

Router1(config)#ip rsvp sender 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.100.202 FastEthernet0/0 55 1

Router1(config)#end

Router1#

The second host is connected to the Ethernet0/0 interface on Router4, which is several hops away:

Router4# configure terminal

Router4(config)#interface Ethernet0/0

Router4(config-if)#ip address 192.168.9.3 255.255.255.0

Router4(config-if)#ip rsvp bandwidth 128 56

Router4(config-if)#exit

Router4(config)#interface Serial0/0

Router4(config-if)#no ip address

Router4(config-if)#encapsulation frame-relay

Router4(config-if)#fair-queue 64 256 37

Router4(config-if)#ip rsvp bandwidth

Router4(config-if)#exit

Router4(config)#interface Serial0/0.1 point-to-point

Router4(config-subif)#ip address 192.168.56.5 255.255.255.252

Router4(config-subif)#frame-relay interface-dlci 107

Router4(config-fr-dlci)#ip rsvp bandwidth 128 56

Router4(config-subif)#exit

Router4(config)#ip rsvp reservation 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.9.100 Ethernet0/0 FF RATE 55 1

Router4(config)#end

Router4#

It is worthwhile to review how RSVP works before looking at the mechanics of this recipe. A host that wants to send a data stream to a particular destination address or multicast group first makes an RSVP request to its first-hop router. This request asks for a particular set of QoS parameters, such as application bandwidth requirements, and specifies the destination IP address. Each router decides whether it can meet the requirement, accepting or rejecting the reservation. They then make the same request of the next hop router along the path to the destination. Once all of the routers between the source and destination have reserved the appropriate resources, the original host can begin transmitting application data, using the reserved resources along the entire data path.

The method is identical for unicast and multicast reservation requests, with each router relaying the request to a downstream peer until all of the destinations have been reached. Note that RSVP is inherently unidirectional. That is, it requests resources for sending data from a particular source to a particular destination or multicast group. If you want to reserve network resources to support a two-way unicast application, both the sender and the receiver must separately initiate requests.

RESV and PATH messages

There are two general message types in RSVP, PATH, and RESV. The initial request begins with a PATH message. The PATH message describes the specific flow that will use this reservation. So it includes the source and destination IP addresses, as well as the IP Protocol, such as TCP or UDP, and any port numbers. The PATH message also includes the requested average bit rate and burst size.

The PATH message is received by an upstream router, or perhaps the ultimate destination. If it is received by an intermediate router, this router must analyze the request and decide whether it can honor it. Ultimately, if the request is accepted, the router will create a new PATH message, requesting the same resource reservation from the next upstream router, but specifying itself as the source.

PATH messages always flow from the requester toward the destination.

RESV messages flow the opposite direction. The RESV CONFIRM messages describe the actual detailed bit rate and delay characteristics required to fulfill the PATH request. If an upstream router doesn't have the necessary resource to fulfill the request, it responds with an RESV ERROR message.

In Cisco router configuration, you can configure static PATH requests by using the ip rsvp sender and sender-host commands. And you can make static reservations, which will be described to upstream routers in RESV messages, using the ip rsvp reserveration and reservation-host commands. We will describe all of these commands below.

Two service types

There are two distinct types of service that a host can specify in an RSVP request. The first is called Controlled Load Service, which is specified in RFC 2211, and the second, called either Guaranteed Quality of Service or, more accurately, Guaranteed Bit Rate Service, is specified in RFC 2212.

Controlled Load Service, in a nutshell, means that the network behaves as if each segment were completely unloaded and therefore uncongested, but with bandwidth limited to the requested amount. Cisco routers implement this type of service by isolating the different flows and employing queuing mechanisms that mimic this type of response.

Guaranteed Bit Rate Service is somewhat more complicated. This service means that the network will mathematically guarantee the worst-case end-to-end queuing delay. There are two things to note about this description, however. First, it only guarantees the worst-case latency, not the average latency. The second is that, despite this, it is possible to make an estimate of the jitter, as this is governed by the worst-case latency. As long as the worst-case latency is small, then the jitter can be effectively minimized by employing small amounts of buffering on the end devices.

Controlled Load Service is well suited to many TCP applications, which tend to behave well until they encounter congestion and dropped packets. Conversely, Guaranteed Bit Rate Service tends to be a better choice for real-time voice and video applications.

The examples

Everything we have described so far implies that the source and destination host devices or applications are making the RSVP requests. However, this is not necessarily the case. In fact, many applications that require this type of QoS support do not have RSVP capabilities. So, in this recipe, we show how to configure the routers themselves to initiate requests on behalf of the hosts.

That recipe also contains information about the basic RSVP configurations used on the routers between Router1 and Router4 (which we have mysteriously decided to call Router2 and Router3).

The ip rsvp sender command tells the router to act as if it is periodically receiving RSVP PATH requests from the specified source device:

Router1(config)#ip rsvp sender 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.100.202 FastEthernet0/0 55 1

You use this command as a proxy for a real device that is unable to send real RSVP PATH requests. So it includes all of the information that appears in a PATH request packet.

The first several arguments of this command specify the IP flow that will be using this reservation. The first two arguments specify the source and destination IP addresses, respectively. Then we have stipulated that it will use the UDP protocol with source and destination ports both equal to 1300.

The next two arguments, 192.168.100.202 and FastEthernet0/0, specify the previous-hop IP address and interface, respectively. Because we put this command on the first hop router, they may seem redundant, but actually we could put this command anywhere in the network to simulate an upstream source device.

The last two arguments request an average bit rate of 55 kbps and a burst of 1 kbyte.

Then, on the other router, we have configured a corresponding command that simulates a device sending RSVP RESV messages back toward the source:

Router4(config)#ip rsvp reservation 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.9.100 Ethernet0/0 FF RATE 55 1

Many of the arguments of this command are identical to what we saw a moment ago for the sender command. We specified the same IP addresses and UDP port numbers to define the flow. And the last two arguments just duplicate the average bit rate and burst size from the previous discussion.

The differences are where the sender command specified the previous-hop IP address and interface, here we specify the next-hop IP address and interface. Then we have two new keywords, FF and RATE.

The FF keyword indicates that this is a Fixed Filter style reservation. There are three available styles of reservation. Fixed Filter means that this reservation is for a particular flow specification only. No other applications or sessions are permitted to use it. We could have instead specified either SE or WF.

SE indicates that the router will use a Shared Explicit filter for the reservation. This means that the receiving device is specifying a list of source devices and indicating that they may all share the same reservation.

And WF means that the reservation can be shared by a Wildcard Filter. This effectively means that any source can take part in this reservation.

Finally, the RATE keyword in the ip rsvp reservation command tells the network to use Guaranteed Bit Rate service type. The other option here is LOAD, which indicates a Controlled Load service type. The receiver makes this service type request, which is why it only appears in the ip rsvp reservation command, and not in the ip rsvp sender command.

There are several useful commands for looking at the RSVP reservations. You can look at the current status of any PATH and RESV messages passing through your network with the show ip rsvp sender and show ip rsvp reservation commands. These commands give the full details on every such RSVP exchange, whether it originates with a static command on the router, as in this recipe, or a dynamically generate request from a real host:

Router1#show ip rsvp sender

To              From            Pro DPort Sport Prev Hop        I/F      BPS

192.168.9.100   192.168.100.202 UDP 1300  1300  192.168.100.202 Fa0/0    55K

Router1#show ip rsvp reservation

To            From          Pro DPort Sport Next Hop      I/F      Fi Serv BPS

192.168.9.100 192.168.100.202 UDP 1300  1300  192.168.55.10 Se0/0.1  FF RATE 55K

Router1#

So if we go to another router in the path and enter these commands again, we see the same information:

Router2#show ip rsvp sender

To              From            Pro DPort Sport Prev Hop        I/F      BPS

192.168.9.100   192.168.100.202 UDP 1300  1300  192.168.55.9    Se0/0.1  55K

Router2#show ip rsvp reservation

To            From          Pro DPort Sport Next Hop      I/F      Fi Serv BPS

192.168.9.100 192.168.100.202 UDP 1300  1300  192.168.101.7 Fa0/0    FF RATE 55K

Router2#

CCIE Bootcamps give you in essence essentially the most simple procedure of passing out the checks of CCIE. There can be many different corporations fairly institutes which provide CCIE Bootcamp education similar to Cathay College. Which has a see to expand for being qualified for that bootcamps the institutes frequently existing a prerequisite. It will help to spice up the prospect belonging to the candidates to move the CCIE exams in a more significant way than others. This prerequisite is referred to as CCNP position.

The associated payment for taking the CCIE Safety exam is superior, so most candidates go for just a preparing course to cross it in one sitting. Some unbiased businesses and establishments provide you with courses and workshop to these picking CCIE Stability workout. Nonetheless, most candidates choose to make the most of the instructor-led and on-line workshops, which Cisco present, like a half of Approved Learning Companions system. The schooling methods are presented and also educators are accepted by Cisco.

For that CCIE Safety certification, you have got to sign up for the written examination in your area of specialization. The many exams are performed in the Cisco licensed facility, which also accepts expenditure for the examination. The price of taking a CCIE created examination is from $80 to $325. The penned exam is supervised and carried out on a laptop or computer. It's of one or two hours paper made up of a variety of choices, drag and drop problems and fill inside the blanks. Aside from white boards and markers for calculations, being a applicant for CCIE Security coaching examination, you aren't authorized to hold some other product to your test corridor.

CCIE Bootcamp is accompanied having a number of systems to deliver the most effective planning materials to your college students. They primarily provide you with some must-have books to organize them for your written CCIE get a look at collectively with some on line accessibility for the Lab examination. Relying on these two groups the CCIE Bootcamps is divided into two sections. The divisions are course building also, the Lab simulation. The class development consists of two phases and they're fingers-on coaching and lectured-based principally courses. In the category composition the college students are supplied considering the info of Bit splitting, VLSM and many others. However the lab simulation is significant half of CCIE Bootcamp. Here the students are subjected to cope with a number of real-life dilemmas and also troubleshooting talents are checked effectively. That is definitely the final phase of CCIE Bootcamps the location the scholars are nicely-prepared for that Blueprintv4, MPLS etcetera. These methodologies aid students to troubleshoot any real-life dilemmas and strengthen the ability to find out the correct remedies.

But you'll find couple of trusted institutes available offered with the industry which delivers comprehensive CCIE Bootcamps. One in every of lots of properly-renowned institutes is Cathay School which renders relatively good corporations in case of bootcamps for CCIE. They provide bootcamp amenities to extremely considerable quantity of higher education college students from various corners on the planet like Australia, Norway, United kingdom, Sweden, USA and numerous more. In accordance together with the data of this institute from 2005, they are sustaining document selection of proportion of passing rate in CCIE test. This file is alone a form of assure for them. There are various will cause to pick out Cathay Faculty for CCIE Bootcamps. The report variety of passing rate of nearly 90% is among the most desirable operate of it. Apart from it, a particular other exceptional attribute is definitely the one-to-one lab coaching which help the students to filter out most of the doubts relating to any draw back in the instructors.

The mandatory content associated with the bootcamp is obtainable towards the trustworthy company web site that is cathayschool.com. It is a fairly effortless web-site which will provide a variety of placing amenities like on-line Self-Study CCIE Lab Workbooks, one-on-one on the net coaching, Teacher Led schooling and many others. All the amenities as well as the class durations collectively along with the money are effectively-described here these that the visitors must not really have to experience any form of hassle regarding CCIE Bootcamps.

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip address 192.168.100.21 255.255.255.0

Router1(config-if)#ip rsvp bandwidth 128 56

Router1(config-if)#exit

Router1(config)#interface Serial0/0

Router1(config-if)#no ip address

Router1(config-if)#encapsulation frame-relay

Router1(config-if)#fair-queue 64 256 37

Router1(config-if)#ip rsvp bandwidth

Router1(config-if)#exit

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#ip address 192.168.55.9 255.255.255.252

Router1(config-subif)#frame-relay interface-dlci 904

Router1(config-fr-dlci)#ip rsvp bandwidth 128 56

Router1(config-subif)#exit

Router1(config)#ip rsvp sender 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.100.202 FastEthernet0/0 55 1

Router1(config)#end

Router1#

The second host is connected to the Ethernet0/0 interface on Router4, which is several hops away:

Router4# configure terminal

Router4(config)#interface Ethernet0/0

Router4(config-if)#ip address 192.168.9.3 255.255.255.0

Router4(config-if)#ip rsvp bandwidth 128 56

Router4(config-if)#exit

Router4(config)#interface Serial0/0

Router4(config-if)#no ip address

Router4(config-if)#encapsulation frame-relay

Router4(config-if)#fair-queue 64 256 37

Router4(config-if)#ip rsvp bandwidth

Router4(config-if)#exit

Router4(config)#interface Serial0/0.1 point-to-point

Router4(config-subif)#ip address 192.168.56.5 255.255.255.252

Router4(config-subif)#frame-relay interface-dlci 107

Router4(config-fr-dlci)#ip rsvp bandwidth 128 56

Router4(config-subif)#exit

Router4(config)#ip rsvp reservation 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.9.100 Ethernet0/0 FF RATE 55 1

Router4(config)#end

Router4#

It is worthwhile to review how RSVP works before looking at the mechanics of this recipe. A host that wants to send a data stream to a particular destination address or multicast group first makes an RSVP request to its first-hop router. This request asks for a particular set of QoS parameters, such as application bandwidth requirements, and specifies the destination IP address. Each router decides whether it can meet the requirement, accepting or rejecting the reservation. They then make the same request of the next hop router along the path to the destination. Once all of the routers between the source and destination have reserved the appropriate resources, the original host can begin transmitting application data, using the reserved resources along the entire data path.

The method is identical for unicast and multicast reservation requests, with each router relaying the request to a downstream peer until all of the destinations have been reached. Note that RSVP is inherently unidirectional. That is, it requests resources for sending data from a particular source to a particular destination or multicast group. If you want to reserve network resources to support a two-way unicast application, both the sender and the receiver must separately initiate requests.

RESV and PATH messages

There are two general message types in RSVP, PATH, and RESV. The initial request begins with a PATH message. The PATH message describes the specific flow that will use this reservation. So it includes the source and destination IP addresses, as well as the IP Protocol, such as TCP or UDP, and any port numbers. The PATH message also includes the requested average bit rate and burst size.

The PATH message is received by an upstream router, or perhaps the ultimate destination. If it is received by an intermediate router, this router must analyze the request and decide whether it can honor it. Ultimately, if the request is accepted, the router will create a new PATH message, requesting the same resource reservation from the next upstream router, but specifying itself as the source.

PATH messages always flow from the requester toward the destination.

RESV messages flow the opposite direction. The RESV CONFIRM messages describe the actual detailed bit rate and delay characteristics required to fulfill the PATH request. If an upstream router doesn't have the necessary resource to fulfill the request, it responds with an RESV ERROR message.

In Cisco router configuration, you can configure static PATH requests by using the ip rsvp sender and sender-host commands. And you can make static reservations, which will be described to upstream routers in RESV messages, using the ip rsvp reserveration and reservation-host commands. We will describe all of these commands below.

Two service types

There are two distinct types of service that a host can specify in an RSVP request. The first is called Controlled Load Service, which is specified in RFC 2211, and the second, called either Guaranteed Quality of Service or, more accurately, Guaranteed Bit Rate Service, is specified in RFC 2212.

Controlled Load Service, in a nutshell, means that the network behaves as if each segment were completely unloaded and therefore uncongested, but with bandwidth limited to the requested amount. Cisco routers implement this type of service by isolating the different flows and employing queuing mechanisms that mimic this type of response.

Guaranteed Bit Rate Service is somewhat more complicated. This service means that the network will mathematically guarantee the worst-case end-to-end queuing delay. There are two things to note about this description, however. First, it only guarantees the worst-case latency, not the average latency. The second is that, despite this, it is possible to make an estimate of the jitter, as this is governed by the worst-case latency. As long as the worst-case latency is small, then the jitter can be effectively minimized by employing small amounts of buffering on the end devices.

Controlled Load Service is well suited to many TCP applications, which tend to behave well until they encounter congestion and dropped packets. Conversely, Guaranteed Bit Rate Service tends to be a better choice for real-time voice and video applications.

The examples

Everything we have described so far implies that the source and destination host devices or applications are making the RSVP requests. However, this is not necessarily the case. In fact, many applications that require this type of QoS support do not have RSVP capabilities. So, in this recipe, we show how to configure the routers themselves to initiate requests on behalf of the hosts.

That recipe also contains information about the basic RSVP configurations used on the routers between Router1 and Router4 (which we have mysteriously decided to call Router2 and Router3).

The ip rsvp sender command tells the router to act as if it is periodically receiving RSVP PATH requests from the specified source device:

Router1(config)#ip rsvp sender 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.100.202 FastEthernet0/0 55 1

You use this command as a proxy for a real device that is unable to send real RSVP PATH requests. So it includes all of the information that appears in a PATH request packet.

The first several arguments of this command specify the IP flow that will be using this reservation. The first two arguments specify the source and destination IP addresses, respectively. Then we have stipulated that it will use the UDP protocol with source and destination ports both equal to 1300.

The next two arguments, 192.168.100.202 and FastEthernet0/0, specify the previous-hop IP address and interface, respectively. Because we put this command on the first hop router, they may seem redundant, but actually we could put this command anywhere in the network to simulate an upstream source device.

The last two arguments request an average bit rate of 55 kbps and a burst of 1 kbyte.

Then, on the other router, we have configured a corresponding command that simulates a device sending RSVP RESV messages back toward the source:

Router4(config)#ip rsvp reservation 192.168.9.100 192.168.100.202 UDP 1300 1300 192.168.9.100 Ethernet0/0 FF RATE 55 1

Many of the arguments of this command are identical to what we saw a moment ago for the sender command. We specified the same IP addresses and UDP port numbers to define the flow. And the last two arguments just duplicate the average bit rate and burst size from the previous discussion.

The differences are where the sender command specified the previous-hop IP address and interface, here we specify the next-hop IP address and interface. Then we have two new keywords, FF and RATE.

The FF keyword indicates that this is a Fixed Filter style reservation. There are three available styles of reservation. Fixed Filter means that this reservation is for a particular flow specification only. No other applications or sessions are permitted to use it. We could have instead specified either SE or WF.

SE indicates that the router will use a Shared Explicit filter for the reservation. This means that the receiving device is specifying a list of source devices and indicating that they may all share the same reservation.

And WF means that the reservation can be shared by a Wildcard Filter. This effectively means that any source can take part in this reservation.

Finally, the RATE keyword in the ip rsvp reservation command tells the network to use Guaranteed Bit Rate service type. The other option here is LOAD, which indicates a Controlled Load service type. The receiver makes this service type request, which is why it only appears in the ip rsvp reservation command, and not in the ip rsvp sender command.

There are several useful commands for looking at the RSVP reservations. You can look at the current status of any PATH and RESV messages passing through your network with the show ip rsvp sender and show ip rsvp reservation commands. These commands give the full details on every such RSVP exchange, whether it originates with a static command on the router, as in this recipe, or a dynamically generate request from a real host:

Router1#show ip rsvp sender

To              From            Pro DPort Sport Prev Hop        I/F      BPS

192.168.9.100   192.168.100.202 UDP 1300  1300  192.168.100.202 Fa0/0    55K

Router1#show ip rsvp reservation

To            From          Pro DPort Sport Next Hop      I/F      Fi Serv BPS

192.168.9.100 192.168.100.202 UDP 1300  1300  192.168.55.10 Se0/0.1  FF RATE 55K

Router1#

So if we go to another router in the path and enter these commands again, we see the same information:

Router2#show ip rsvp sender

To              From            Pro DPort Sport Prev Hop        I/F      BPS

192.168.9.100   192.168.100.202 UDP 1300  1300  192.168.55.9    Se0/0.1  55K

Router2#show ip rsvp reservation

To            From          Pro DPort Sport Next Hop      I/F      Fi Serv BPS

192.168.9.100 192.168.100.202 UDP 1300  1300  192.168.101.7 Fa0/0    FF RATE 55K

Router2#

The CCIESecurityTrainingschooling consists of a published examination to qualify and then the lab exam. You might be proposed to receive on the least 3-5 years of project expertise previously than trying this certification.

The examination for your CCIE Security is of two-hour size with a number of selections. This consists of hundred concerns, that will go over matters equal to software system protocols, functioning methods, basic safety technologies, protection protocols, and Cisco basic safety purposes. The examination supplies are furnished within the spot therefore you aren't permitted to usher in outdoors reference components.

Network engineers possessing a CCIE certificates are thought of as the expert inside local community engineering self-control also, the masters of CISCO products and solutions. The CCIE has brought revolution within the group industry regarding technically tricky assignments and choices while using mandatory instruments and methodologies. There is certainly a program which updates and reorganizes the instruments to provide fine quality company. There are different modes of CCIE Instruction like developed examination planning and performance based lab. This aids to reinforce the effectivity and natural with the community. CISCO has launched this certification coverage in 1993 which has a view to differentiate the highest professionals through the relaxation.

To be able to be certified, foremost created examination needs to be passed as a result of which has to cross the lab exam. CISCO at all times tries to apply absolutely different CCIE Coaching techniques for bigger efficiency. There are a variety of ways for the CCIE certification. The very first action for certification would be to pass a two hours lasting computer based largely MCQ oriented published test. For this examination essential payments must be completed by means of web-based. This examination is involved with exam vouchers and promotional codes. The authenticity on the voucher furnishing organization should be perfectly acknowledged into the candidates. The promotional code need to be accessed properly and in case of fraudulent vouchers coupled with promotional codes should not acceptable and CISCO won't repay the price. The candidates really need to wait 5 days for that composed examination immediately after fee and they can't sit for the exact same test for that following 100 eighty days in case of recertification.

Along with a watch to acquire certified and eligible for that CCIE Schooling some parts are to get remembered appropriately. Once passing the penned examination the candidates have got a almost all of 18 months time for seeking the lab examination. If the period of time exceeds then the authenticity on the developed test will be invalid. For that foremost timer applied to acquire CCIE certification the prepared exam is obtainable in the type of Beta examination with special discounts obtainable. While in the Beta interval the candidates can sit only the minute for the exam. The results will arrive within six to 8 weeks just after the examination is above.

The next action for that CCIE certification could be the Lab test. The shortlisted candidates in the written examination can exclusively use for that fingers-on lab examination. Though there are many created examination centers of CISCO still Lab examination facilities are minimal. It truly is an 8 hour fingers-on useful primarily based mainly examination whereby the ability of troubleshooting and configuring community mostly dependent challenges and software are checked. For that scheduling of Lab examination the shortlisted candidates from the before prepared examination have to existing the identification amount together with passing rating plus the date of passing.

The cost for Lab examination needs to be cleared previously than 90 days of your scheduled exam. With out the price the reservation will probably be cancelled. Subsequent to passing the Lab examination mixed using the penned check the candidates can implement for the CCIE certification. By considering

There need to be a little something that defines the various varieties of visitors you wish to prioritize. Usually, the simpler the distinctions are for making, the better. It's because every one of the exams take router resources and introduce processing delays. The most common principles for distinguishing concerning potential customers styles make use of the packet's input interface and uncomplicated IP header related information like as TCP port quantities. The next examples exhibit the best way to set an IP Precedence price of instant (two) for all FTP handle website traffic that arrives by way of the serial0/0 interface, and an IP Precedence of priority (one) for all FTP info customers. This distinction is possible as FTP command page views takes advantage of TCP port 21, and FTP info uses port 20.

The newest method for configuring this usages course maps. Cisco initial launched this feature in IOS Edition 12.0(five)T. This process earliest defines a class-map that specifies how the router will identify this type of targeted traffic. It then defines a policy-map that really makes the improvements to the packet's TOS area:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For earlier IOS variations, where exactly class-maps had been not on hand, you may have to work with policy-based routing to alter the TOS industry within a packet. Applying this policy into the interface tells the router to employ this coverage to check all incoming packets on this interface and rewrite the ones that match the route map:Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Earlier than you could tag a packet for amazing procedure, you've got to have an extremely distinct thought of what types of site visitors really want wonderful therapy, not to mention exactly what sort of specific cure they'll will need. In the example, we have decided to give a exceptional concern to FTP targeted traffic received on the certain serial interface. We display proven methods to try this using the two the aged and new configuration solutions.
This will show up to become a rather synthetic example. Following all, why would you treatment about tagging inbound site visitors that you have previously received from a low-speed interface? Genuinely, on the list of most important concepts for implementing QoS within a network is you should frequently tag the packet as early as possible, preferably for the edges belonging to the network. Then, as it passes throughout the network, each router only has to evaluate the tag, and will not want to do any additional classification. In cases like this, we might be certain the FTP targeted traffic returning inside other fonction publique is tagged by to start with router that receives it. And so the outbound potential customers has already been tagged, and it's a waste of router sources to reclassify the outbound packets.

A great many organizations ultimately take this concept of marking for the edges one move even further, and remark each received packet. This can help to make certain that people aren't requesting specific QoS privileges which they are not allowed to possess. Regardless, you ought to be mindful of this because it could actually usually disrupt genuine markings. For instance, a real-time software may very well use RSVP to reserve bandwidth in the network. It truly is important the packets for this software have the correct Expedited Forwarding (EF) DSCP marking or even the network might not deal with them appropriately. Still, you also don't choose to allow other non-real-time purposes from this very same source possess the similar EF priority level. So, should you be heading to configure your routers to remark all incoming packets with the edges, make sure you appreciate what incoming markings are reputable.

In that scenario, the routers are managing DLSw to bridge SNA website traffic by way of an IP network. And so the routers their selves truly create the IP packets. This produces an additional problem for the reason that there's no incoming interface. Making sure that recipe makes use of hometown policy-based routing. The very fact which the router generates the packets also gives it an important edge mainly because it does not have to think about any DLSw packets which may just come about to go through.

The advantages with the more recent class-map method aren't apparent in this instance, but one of the many to begin with great rewards seems if you want to make use of the more modern-day DSCP tagging scheme. As the more mature policy-based routing strategy does not instantly assistance DSCP, you have got to faux it by setting the two the IP Precedence as well as the TOS independently as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps will also be handy later on in this chapter when we talk about class-based weighted reasonable queuing and class-based potential customers shaping.
It is crucial to note that through this entire instance, we've only place a exceptional value in to the packet's TOS or DSCP field. This, by alone, would not have an impact on how the packet is forwarded by the network. To perform that, you must make certain that as just about every router inside the network forwards these marked packets, the interface queues will react appropriately to this details.

Finally, we must always notice that though this recipe reveals two practical techniques of marking packets, employing Committed Accessibility Fee (Car) functions. Car or truck tends to become a bit more reliable on increased pace interfaces.

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip route-cache

Router(config-if)#exit

Router(config)#end

Router#

If you are using policies, including policies for Class-based QoS, you also need to configure Fast Switching to handle them, using the ip route-cache policy command:

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip route-cache policy

Router(config-if)#exit

Router(config)#end

Router#

CEF, on the other hand, is not enabled by default. Unlike Fast Switching, which is enabled separately for each interface, you have to enable CEF globally for the entire router, as well as on each interface:

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#ip cef

Router(config)#interface FastEthernet0/0

Router(config-if)#ip route-cache cef

Router(config-if)#exit

Router(config)#end

Router#

The ip route-cache command used to enable Fast Switching has a couple of useful options. The second example demonstrates one of these options, the policy keyword, which allows Fast Switching of policy-based routing:

Router(config-if)#ip route-cache policy

Another useful option is the same-interface keyword, which instructs the router to allow Fast Switching of packets that come in and go back out through the same physical interface:

Router(config)#interface Serial0/0

Router(config-if)#ip route-cache same-interface

You should use this option when the router frequently needs to switch packets between different networks that all connect to the same port. This could be the case for Frame Relay networks, as well as for LANs that use subinterfaces or secondary IP addresses.

Cisco supplies three useful commands to look at CEF performance. The first is show cef interface:

Router#show cef interface FastEthernet0/0

FastEthernet0/1 is up (if_number 4)

  Corresponding hwidb fast_if_number 4

  Corresponding hwidb firstsw->if_number 4

  Internet address is 172.22.1.3/24

  ICMP redirects are always sent

  Per packet load-sharing is disabled

  IP unicast RPF check is disabled

  Inbound access list is 120

  Outbound access list is not set

  IP policy routing is disabled

  Hardware idb is FastEthernet0/1

  Fast switching type 1, interface type 18

  IP CEF switching enabled

  IP CEF Feature Fast switching turbo vector

  Input fast flags 0x0, Output fast flags 0x0

  ifindex 4(4)

  Slot 0 Slot unit 1 VC -1

  Transmit limit accumulator 0x0 (0x0)

  IP MTU 1500

Router#

The output of this command shows that CEF is enabled on the interface FastEthernet0/0, as well as information about inbound and outbound ACL's and policies. In this example, you can see that the interface has an access-group configured to use access-list number 120 to filter inbound traffic.

You can use the show cef drop and show cef not-cef-switched commands to see more detailed CEF forwarding statistics:

Router#show cef drop

CEF Drop Statistics

Slot  Encap_fail  Unresolved Unsupported    No_route      No_adj  ChkSum_Err

RP            71           0           0         105           0           0

Router#show cef not-cef-switched

CEF Packets passed on to next switching layer

Slot  No_adj No_encap Unsupp'ted Redirect  Receive  Options   Access     Frag

RP         0       0           0        0      572        0        0        0

These commands show you details of CEF's operation on the router. The first command shows how many packets CEF has had to drop, and the reasons for the drops. The Slot column in the output of both commands refers to the VIP slot where the packets were received. In this case, the router didn't have any VIP cards because it was a Cisco 2600. So all packets are received by the Route Processor, which is indicated by the RP in the leftmost column.

The Encap_fail column in the show cef drop output shows the number of packets that CEF has dropped because they were incomplete and there was no adjacency route in the CEF table. Unresolved indicates the number of packets dropped because CEF could not resolve the destination address prefix. If there had been any packets that could not be switched by CEF because of unsupported features, they would appear in the Unsupported column. The No_route column shows the number of packets dropped because CEF didn't have a route to the destination. Similarly, No_adj shows the number of packets for which CEF did not have an entry in its adjacency table, so it had to send an ARP query. And, finally, ChkSum_Err shows the number of times that CEF had to drop packets because they were corrupted.

The show cef not-cef-switched command has similar output. No_adj is the same here as it was in the show cef drop command, while Unsupp'ted is the same as the Unsupported column. The No_encap column counts the number of packets that could not be switched because they were encapsulated in another protocol. Redirect means that CEF has had to send these packets to another algorithm, usually process switching, to handle. And Receive lists the number of packets that were received from another internal switching algorithm. The remaining columns are rarely of interest in practice.

You can display the CEF version of the routing table with the show ip cef command:

Router#show ip cef

Prefix              Next Hop             Interface

0.0.0.0/0           172.25.1.1           FastEthernet0/0.1

0.0.0.0/32          receive

172.16.2.0/24       attached             FastEthernet0/1

                    attached             FastEthernet1/1

172.22.1.0/24       attached             FastEthernet0/1

172.22.1.0/32       receive

172.22.1.3/32       receive

172.22.1.4/32       172.22.1.4           FastEthernet0/1

<many lines deleted>

Router#

Notice in this output that there are actually two equal-cost routes to 172.16.2.0/24. CEF supports load balancing between these two paths.

You can expand the detail on these entries with the show ip cef detail command:

Router#show ip cef detail

IP CEF with switching (Table Version 31), flags=0x0

  31 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 1

  31 leaves, 21 nodes, 25560 bytes, 62 inserts, 31 invalidations

  0 load sharing elements, 0 bytes, 0 references

  universal per-destination load sharing algorithm, id 0697166A

  3(1) CEF resets, 0 revisions of existing leaves

  Resolution Timer: Exponential (currently 1s, peak 1s)

  0 in-place/0 aborted modifications

  refcounts:  5672 leaf, 5632 node

Adjacency Table has 5 adjacencies

0.0.0.0/0, version 27, cached adjacency 172.25.1.1

0 packets, 0 bytes

  via 172.25.1.1, FastEthernet0/0.1, 0 dependencies

    next hop 172.25.1.1, FastEthernet0/0.1

    valid cached adjacency

0.0.0.0/32, version 0, receive

172.16.2.0/24, version 21, attached, connected

0 packets, 0 bytes

  via FastEthernet0/0.2, 0 dependencies

    valid glean adjacency

172.16.2.0/32, version 10, receive

172.16.2.1/32, version 9, receive

172.16.2.255/32, version 11, receive

172.22.1.0/24, version 22, attached, connected

0 packets, 0 bytes

  via FastEthernet0/1, 0 dependencies

    valid glean adjacency

172.22.1.0/32, version 16, receive

<many lines deleted>

Router#