1. An enterprise network architect needs to prevent a link flap in a remote branch from triggering SPF recalculations across the entire OSPF domain. Which design approach most directly addresses this requirement?
Deploy BFD on all OSPF interfaces to detect failures faster
Place the branch in a separate OSPF area with route summarization at the ABR
Convert all areas to totally stubby areas
Increase SPF hold timers to delay recalculation
2. A branch office must redistribute locally connected partner routes into OSPF, but the design calls for minimizing the LSDB size within the branch area. Which OSPF area type should be used?
Standard area
Totally stubby area
Not-So-Stubby Area (NSSA)
Stub area
3. Why is IS-IS often preferred over OSPF for greenfield dual-stack (IPv4/IPv6) deployments at scale?
IS-IS supports more routers per area than OSPF
IS-IS handles both address families in a single instance with one SPF calculation
IS-IS has lower administrative distance than OSPF
IS-IS supports unequal-cost load balancing natively
4. An enterprise has 100 iBGP routers in a single AS. Without any scaling technique, how many iBGP peering sessions are required?
100
200
4,950
10,000
5. A route reflector selects and advertises only the best path to its clients. What BGP capability addresses this limitation by allowing multiple paths to be advertised?
BGP Confederations
BGP Add-Path
BGP Multipath
BGP Route Dampening
6. When performing mutual redistribution between OSPF and EIGRP on two boundary routers, what is the industry-standard technique to prevent routing loops?
Increase OSPF administrative distance above EIGRP external AD
Use distribute lists to block all external routes
Tag routes during redistribution and deny tagged routes from re-entering the origin protocol
Configure passive interfaces on all redistribution boundary routers
7. In BGP path selection, which attribute is evaluated first and is local to the router only (not propagated to peers)?
LOCAL_PREF
MED
AS_PATH length
Weight
8. What loop prevention mechanism does a route reflector use when it sees its own cluster ID in an incoming BGP update?
It sets the route's LOCAL_PREF to 0
It discards the route based on the CLUSTER_LIST attribute
It increments the AS_PATH to make the route less preferred
It marks the route as dampened
9. An architect wants to influence how inbound traffic enters the enterprise AS from multiple upstream providers. Which BGP technique is most appropriate?
Setting LOCAL_PREF on inbound routes
AS_PATH prepending on outbound advertisements
Setting Weight on inbound routes
Configuring iBGP multipath
10. EIGRP's Feasibility Condition guarantees loop-free alternate paths. What does this condition require?
The neighbor's feasible distance must be less than the local feasible distance
The neighbor's reported distance must be less than the local feasible distance
The neighbor must have a lower router-ID than the local router
The neighbor must be in the same EIGRP autonomous system
11. Which BGP community, defined in RFC 7999, signals upstream providers to null-route traffic destined for a prefix under DDoS attack?
NO_EXPORT
NO_ADVERTISE
BLACKHOLE
NO_PEER
12. What is the primary reason ABRs do NOT automatically summarize routes in OSPF?
OSPF does not support route summarization
Summarization must be explicitly configured by the administrator
Only ASBRs can perform summarization in OSPF
Automatic summarization is disabled by default but can be enabled globally
13. When deploying BFD alongside an IGP for sub-second convergence, what is the key advantage over simply tuning aggressive IGP hello timers?
BFD reduces the size of the routing table
BFD provides hardware-assisted millisecond failure detection without increasing IGP CPU load during flapping
BFD eliminates the need for an IGP entirely
BFD automatically reroutes traffic without waiting for SPF calculation
14. In a BGP confederation design, what happens to sub-AS numbers before routes are advertised to external eBGP peers?
Sub-AS numbers are converted to community values
Sub-AS numbers are stripped from the AS_PATH
Sub-AS numbers are prepended to increase path length
Sub-AS numbers replace the confederation AS number
15. When redistributing routes, why should explicit seed metrics always be configured?
Without seed metrics, redistributed routes are automatically assigned the highest possible metric
Each protocol uses a different metric system, and default values may create suboptimal or unreachable paths
Seed metrics are required by RFC standards for inter-protocol redistribution
Without seed metrics, the routes cannot be installed in the routing table
The Interior Gateway Protocol carries the weight of intra-domain reachability. Choosing the right IGP and tuning it correctly determines baseline convergence, CPU overhead, and operational complexity across the enterprise.
1.1 OSPF Area Design and LSA Management at Scale
OSPF uses a hierarchical two-level area structure to achieve scalability. All areas must connect to the backbone (Area 0), and Area Border Routers (ABRs) sit at the boundary between areas to control LSA propagation and enable route summarization. This hierarchy prevents a single link flap in a remote branch from triggering SPF recalculations across the entire enterprise.
| Design Parameter | Recommendation |
|---|
| Routers per normal area | Up to 50 |
| Routers in Area 0 | Up to 300 |
| ABRs per area | Minimize; each ABR generates Type 3 LSAs that multiply overhead |
| IP addressing | Use contiguous ranges within areas to enable summarization |
graph TD
A0["Area 0 Backbone"] --- ABR1["ABR 1"]
A0 --- ABR2["ABR 2"]
A0 --- ABR3["ABR 3"]
A0 --- ASBR["ASBR External Gateway"]
ABR1 --- A1["Area 1 Standard"]
ABR2 --- A2["Area 2 Totally Stubby"]
ABR3 --- A3["Area 3 NSSA"]
ASBR --- EXT["External Domain"]
style A0 fill:#2c3e50,color:#ecf0f1
style ABR1 fill:#2980b9,color:#ecf0f1
style ABR2 fill:#2980b9,color:#ecf0f1
style ABR3 fill:#2980b9,color:#ecf0f1
style ASBR fill:#8e44ad,color:#ecf0f1
style A1 fill:#27ae60,color:#ecf0f1
style A2 fill:#27ae60,color:#ecf0f1
style A3 fill:#e67e22,color:#ecf0f1
style EXT fill:#7f8c8d,color:#ecf0f1
Figure 12.1: OSPF Hierarchical Area Design -- ABRs connect each area to the Area 0 backbone, while ASBRs bridge to external routing domains.
Stub Area Types
| Area Type | Blocks | Allows | Injects | Use Case |
|---|
| Standard Stub | Type 4, Type 5 LSAs | Type 3 (inter-area) | Default route | Areas with no ASBRs needing inter-area visibility |
| Totally Stubby | Type 3, 4, 5 LSAs | Intra-area only | Default route | Single-exit areas where inter-area path selection is unnecessary |
| NSSA | Type 4, Type 5 LSAs | Type 3 + Type 7 | No default (unless configured) | Areas requiring local redistribution |
| Totally NSSA | Type 3, 4, 5 LSAs | Type 7 | Default route | Single-exit areas with local redistribution |
flowchart LR
PARTNER["Partner Network"] -->|"Static Routes"| ASBR["ASBR in NSSA"]
ASBR -->|"Type 7 LSA"| NSSA["NSSA Area"]
NSSA -->|"Type 7 LSA"| ABR["ABR"]
ABR -->|"Type 7 to Type 5 Translation"| AREA0["Area 0 Backbone"]
AREA0 -->|"Type 5 LSA Flooded"| OTHER["Other Areas"]
style PARTNER fill:#7f8c8d,color:#ecf0f1
style ASBR fill:#8e44ad,color:#ecf0f1
style NSSA fill:#e67e22,color:#ecf0f1
style ABR fill:#2980b9,color:#ecf0f1
style AREA0 fill:#2c3e50,color:#ecf0f1
style OTHER fill:#27ae60,color:#ecf0f1
Figure 12.2: NSSA LSA Translation Flow -- Type 7 LSAs generated by the ASBR within the NSSA are translated to Type 5 at the ABR before flooding into Area 0.
Animation: OSPF SPF recalculation blast radius -- link flap in Area 1 vs. summarized prefix stability at the ABR boundary
LSA Filtering and Route Summarization
ABRs do NOT automatically summarize routes -- administrators must configure summaries explicitly. Route summarization at ABRs serves two purposes: table reduction (fewer prefixes in remote areas) and stability isolation (a flapping /30 link summarized into a /16 does not trigger SPF in other areas).
1.2 IS-IS Design for Enterprise and Data Center Environments
IS-IS operates at Layer 2, running directly over the data link layer rather than over IP. A single IS-IS instance handles both IPv4 and IPv6 natively, whereas OSPF requires separate instances (OSPFv2 and OSPFv3) for dual-stack.
| Criterion | OSPF | IS-IS |
|---|
| Protocol layer | Layer 3 (runs over IP) | Layer 2 (runs over data link) |
| Dual-stack support | Two instances (OSPFv2 + OSPFv3) | Single instance for IPv4 and IPv6 |
| Convergence (dual-stack) | Slightly slower due to dual SPF | Faster; single topology computation |
| Extensibility | New LSA types require protocol changes | TLV-based; easily extended |
| Enterprise adoption | Dominant in medium-to-large enterprises | Preferred in SP, large DC, campus fabrics |
1.3 EIGRP Design Considerations
EIGRP occupies a unique position as a hybrid protocol combining distance-vector simplicity with link-state-like convergence through DUAL. Key design considerations include query scope management (use stub routing on spokes), the external route AD of 170 for built-in loop prevention, and bandwidth/delay tuning for traffic engineering. EIGRP Named Mode provides unified IPv4/IPv6 configuration under a single process.
1.4 IGP Convergence Tuning
Convergence speed is controlled by LSA generation timers, SPF delay timers, and failure detection mechanisms. The SPF delay mechanism allows multiple LSAs to batch-process in a single SPF run, reducing redundant calculations during flapping. For sub-second convergence, deploy BFD alongside the IGP for hardware-assisted millisecond failure detection.
Animation: BFD vs. IGP hello timer failure detection -- millisecond BFD intervals triggering rapid reconvergence while IGP timers remain conservative
2.1 iBGP Scaling: Route Reflectors and Confederations
Standard iBGP requires a full mesh of peerings: n*(n-1)/2 sessions. At 100 routers, that is 4,950 sessions. Route reflectors and confederations solve this scaling problem.
Route Reflectors
A route reflector breaks the iBGP split-horizon rule by reflecting routes between clients. All iBGP routers peer only with the RR instead of with each other.
| Route Learned From | Advertised To |
|---|
| Non-client iBGP peer | RR clients only |
| RR client | Both clients and non-clients |
| eBGP peer | All iBGP peers |
Loop Prevention: ORIGINATOR_ID identifies the route originator; CLUSTER_LIST tracks cluster IDs traversed. Always deploy at least two RRs per cluster for redundancy.
graph TD
subgraph FULL["iBGP Full Mesh n=4: 6 sessions"]
R1["Router 1"] --- R2["Router 2"]
R1 --- R3["Router 3"]
R1 --- R4["Router 4"]
R2 --- R3
R2 --- R4
R3 --- R4
end
subgraph RR_DESIGN["Route Reflector n=4: 3 sessions"]
RR["Route Reflector"] --- C1["Client 1"]
RR --- C2["Client 2"]
RR --- C3["Client 3"]
end
style R1 fill:#2c3e50,color:#ecf0f1
style R2 fill:#2c3e50,color:#ecf0f1
style R3 fill:#2c3e50,color:#ecf0f1
style R4 fill:#2c3e50,color:#ecf0f1
style RR fill:#e74c3c,color:#ecf0f1
style C1 fill:#2980b9,color:#ecf0f1
style C2 fill:#2980b9,color:#ecf0f1
style C3 fill:#2980b9,color:#ecf0f1
Figure 12.3: iBGP Full Mesh vs. Route Reflector -- eliminating the O(n^2) peering requirement.
Confederations
Confederations divide the AS into smaller sub-autonomous systems using private AS numbers (64512-65534). Sub-AS numbers are stripped before external advertisement. Confederations are primarily used in very large service providers or merger scenarios. The two techniques can be combined for maximum scalability.
| Criterion | Route Reflectors | Confederations |
|---|
| Complexity | Medium | High |
| Migration effort | Low to medium | High |
| Primary use case | Most enterprise and SP networks | Very large SPs, merger scenarios |
| Policy granularity | Medium | High (per sub-AS policy) |
Animation: iBGP full-mesh session explosion as routers scale from 5 to 50 -- contrast with route reflector linear growth
2.2 eBGP Peering Design
Enterprise eBGP design centers on upstream connectivity: single-homed (one provider, default route only), dual-homed (two links to same provider), or multi-homed (links to multiple providers for full redundancy and optimal path selection).
2.3 BGP Path Selection and Traffic Engineering
BGP evaluates attributes in a fixed order: Weight, LOCAL_PREF, locally originated, AS_PATH length, origin type, MED, eBGP over iBGP, IGP metric to next-hop, oldest route, lowest router-ID.
flowchart TD
START["Evaluate BGP Paths"] --> W{"1. Highest Weight?"}
W -->|"Tie"| LP{"2. Highest LOCAL_PREF?"}
LP -->|"Tie"| LO{"3. Locally Originated?"}
LO -->|"Tie"| ASP{"4. Shortest AS_PATH?"}
ASP -->|"Tie"| ORI{"5. Lowest Origin Type?"}
ORI -->|"Tie"| MED{"6. Lowest MED?"}
MED -->|"Tie"| EBGP{"7. eBGP over iBGP?"}
EBGP -->|"Tie"| IGP{"8. Lowest IGP Metric?"}
IGP -->|"Tie"| OLD{"9. Oldest Route?"}
OLD -->|"Tie"| RID["10. Lowest Router-ID"]
W -->|"Winner"| BEST["Install Best Path"]
LP -->|"Winner"| BEST
ASP -->|"Winner"| BEST
MED -->|"Winner"| BEST
EBGP -->|"Winner"| BEST
style START fill:#2c3e50,color:#ecf0f1
style BEST fill:#27ae60,color:#ecf0f1
style W fill:#2980b9,color:#ecf0f1
style LP fill:#2980b9,color:#ecf0f1
style ASP fill:#2980b9,color:#ecf0f1
style MED fill:#2980b9,color:#ecf0f1
style EBGP fill:#2980b9,color:#ecf0f1
Figure 12.4: BGP Best Path Selection Algorithm -- attributes evaluated in strict order; the first decisive attribute selects the best path.
Inbound traffic engineering: AS_PATH prepending, MED. Outbound traffic engineering: LOCAL_PREF, Weight.
2.4 BGP Communities for Policy
BGP communities are 32-bit tags enabling scalable policy without per-prefix configuration. Use cases include traffic engineering signals to providers, internal policy classification, blackhole routing (RFC 7999 BLACKHOLE community for DDoS mitigation), and NO_EXPORT/NO_ADVERTISE for propagation control.
3.1 Route Redistribution Design and Loop Prevention
Real enterprise networks rarely run a single routing protocol. Redistribution injects routes from one protocol into another and is simultaneously one of the most powerful and most dangerous tools available.
Fundamental Principles
- Minimize redistribution points -- every boundary is a potential source of loops
- Always filter -- never redistribute without explicit route maps
- Always tag -- embed loop prevention from day one
- Set appropriate seed metrics -- each protocol uses different metric systems
Route Tagging (Preferred Loop Prevention)
When redistributing from Protocol A into Protocol B, assign a tag. When redistributing from Protocol B into Protocol A, deny any route carrying that tag. Apply mirrored configurations on all boundary routers.
flowchart LR
subgraph OSPF_DOMAIN["OSPF Domain"]
OSPF_ROUTE["OSPF Route 10.1.0.0/16"]
end
subgraph R1_NODE["R1 Boundary Router"]
R1_OUT["Redistribute OSPF to EIGRP Set Tag 10"]
R1_IN["Redistribute EIGRP to OSPF Deny Tag 20"]
end
subgraph EIGRP_DOMAIN["EIGRP Domain"]
EIGRP_ROUTE["EIGRP Route 172.16.0.0/12"]
end
subgraph R2_NODE["R2 Boundary Router"]
R2_OUT["Redistribute EIGRP to OSPF Set Tag 20"]
R2_IN["Redistribute OSPF to EIGRP Deny Tag 10"]
end
OSPF_ROUTE --> R1_OUT -->|"Tag 10"| EIGRP_ROUTE
EIGRP_ROUTE --> R2_OUT -->|"Tag 20"| OSPF_DOMAIN
style OSPF_ROUTE fill:#2980b9,color:#ecf0f1
style EIGRP_ROUTE fill:#e67e22,color:#ecf0f1
style R1_OUT fill:#27ae60,color:#ecf0f1
style R1_IN fill:#e74c3c,color:#ecf0f1
style R2_OUT fill:#27ae60,color:#ecf0f1
style R2_IN fill:#e74c3c,color:#ecf0f1
Figure 12.5: Route Redistribution Loop Prevention via Tagging -- routes tagged on exit are denied re-entry into their origin protocol.
Animation: Mutual redistribution loop forming step-by-step, then route tagging breaking the feedback loop
Administrative Distance Tuning
| Routing Source | Default AD |
|---|
| Connected | 0 |
| Static | 1 |
| eBGP | 20 |
| EIGRP (internal) | 90 |
| OSPF | 110 |
| IS-IS | 115 |
| RIP | 120 |
| EIGRP (external) | 170 |
| iBGP | 200 |
3.2 Route Filtering and Summarization Strategies
Summarize at every major boundary (ABR, redistribution point, eBGP). Plan IP addressing with summarization in mind -- contiguous blocks make it possible, scattered addressing makes it impossible. Use prefix lists (not access lists) for filtering. At eBGP boundaries, always filter bogons inbound and advertise only allocated prefixes outbound.
3.3 IPv4/IPv6 Dual-Stack Routing Design
Two approaches: separate protocol instances (OSPFv2 + OSPFv3) providing independence but doubling overhead, or a single protocol with multi-AF support (IS-IS natively, OSPFv3 with RFC 5838, EIGRP Named Mode). For greenfield at scale, IS-IS provides the cleanest design.
graph TD
subgraph SEP["Approach 1: Separate Instances"]
OSPFv2["OSPFv2 IPv4 Only"] --> SPF_v4["SPF Calc IPv4"]
OSPFv3["OSPFv3 IPv6 Only"] --> SPF_v6["SPF Calc IPv6"]
SPF_v4 --> RIB4["IPv4 RIB"]
SPF_v6 --> RIB6["IPv6 RIB"]
end
subgraph UNI["Approach 2: Single Instance"]
ISIS["IS-IS IPv4 + IPv6"] --> SPF_SINGLE["Single SPF Calculation"]
SPF_SINGLE --> RIB_BOTH["IPv4 + IPv6 RIB"]
end
style OSPFv2 fill:#2980b9,color:#ecf0f1
style OSPFv3 fill:#8e44ad,color:#ecf0f1
style ISIS fill:#27ae60,color:#ecf0f1
style SPF_v4 fill:#2c3e50,color:#ecf0f1
style SPF_v6 fill:#2c3e50,color:#ecf0f1
style SPF_SINGLE fill:#2c3e50,color:#ecf0f1
style RIB4 fill:#7f8c8d,color:#ecf0f1
style RIB6 fill:#7f8c8d,color:#ecf0f1
style RIB_BOTH fill:#7f8c8d,color:#ecf0f1
Figure 12.6: Dual-Stack Routing Approaches -- separate OSPF instances vs. IS-IS single computation.
1. An enterprise network architect needs to prevent a link flap in a remote branch from triggering SPF recalculations across the entire OSPF domain. Which design approach most directly addresses this requirement?
Deploy BFD on all OSPF interfaces to detect failures faster
Place the branch in a separate OSPF area with route summarization at the ABR
Convert all areas to totally stubby areas
Increase SPF hold timers to delay recalculation
2. A branch office must redistribute locally connected partner routes into OSPF, but the design calls for minimizing the LSDB size within the branch area. Which OSPF area type should be used?
Standard area
Totally stubby area
Not-So-Stubby Area (NSSA)
Stub area
3. Why is IS-IS often preferred over OSPF for greenfield dual-stack (IPv4/IPv6) deployments at scale?
IS-IS supports more routers per area than OSPF
IS-IS handles both address families in a single instance with one SPF calculation
IS-IS has lower administrative distance than OSPF
IS-IS supports unequal-cost load balancing natively
4. An enterprise has 100 iBGP routers in a single AS. Without any scaling technique, how many iBGP peering sessions are required?
100
200
4,950
10,000
5. A route reflector selects and advertises only the best path to its clients. What BGP capability addresses this limitation by allowing multiple paths to be advertised?
BGP Confederations
BGP Add-Path
BGP Multipath
BGP Route Dampening
6. When performing mutual redistribution between OSPF and EIGRP on two boundary routers, what is the industry-standard technique to prevent routing loops?
Increase OSPF administrative distance above EIGRP external AD
Use distribute lists to block all external routes
Tag routes during redistribution and deny tagged routes from re-entering the origin protocol
Configure passive interfaces on all redistribution boundary routers
7. In BGP path selection, which attribute is evaluated first and is local to the router only (not propagated to peers)?
LOCAL_PREF
MED
AS_PATH length
Weight
8. What loop prevention mechanism does a route reflector use when it sees its own cluster ID in an incoming BGP update?
It sets the route's LOCAL_PREF to 0
It discards the route based on the CLUSTER_LIST attribute
It increments the AS_PATH to make the route less preferred
It marks the route as dampened
9. An architect wants to influence how inbound traffic enters the enterprise AS from multiple upstream providers. Which BGP technique is most appropriate?
Setting LOCAL_PREF on inbound routes
AS_PATH prepending on outbound advertisements
Setting Weight on inbound routes
Configuring iBGP multipath
10. EIGRP's Feasibility Condition guarantees loop-free alternate paths. What does this condition require?
The neighbor's feasible distance must be less than the local feasible distance
The neighbor's reported distance must be less than the local feasible distance
The neighbor must have a lower router-ID than the local router
The neighbor must be in the same EIGRP autonomous system
11. Which BGP community, defined in RFC 7999, signals upstream providers to null-route traffic destined for a prefix under DDoS attack?
NO_EXPORT
NO_ADVERTISE
BLACKHOLE
NO_PEER
12. What is the primary reason ABRs do NOT automatically summarize routes in OSPF?
OSPF does not support route summarization
Summarization must be explicitly configured by the administrator
Only ASBRs can perform summarization in OSPF
Automatic summarization is disabled by default but can be enabled globally
13. When deploying BFD alongside an IGP for sub-second convergence, what is the key advantage over simply tuning aggressive IGP hello timers?
BFD reduces the size of the routing table
BFD provides hardware-assisted millisecond failure detection without increasing IGP CPU load during flapping
BFD eliminates the need for an IGP entirely
BFD automatically reroutes traffic without waiting for SPF calculation
14. In a BGP confederation design, what happens to sub-AS numbers before routes are advertised to external eBGP peers?
Sub-AS numbers are converted to community values
Sub-AS numbers are stripped from the AS_PATH
Sub-AS numbers are prepended to increase path length
Sub-AS numbers replace the confederation AS number
15. When redistributing routes, why should explicit seed metrics always be configured?
Without seed metrics, redistributed routes are automatically assigned the highest possible metric
Each protocol uses a different metric system, and default values may create suboptimal or unreachable paths
Seed metrics are required by RFC standards for inter-protocol redistribution
Without seed metrics, the routes cannot be installed in the routing table