Exploring Downstream and Node-protecting IP LFAs using OSPFv2

Exploring Downstream and Node-protecting IP LFAs using OSPFv2

This blog is the second in a series covering IP Loop Free Alternate (LFA) paths using OSPFv2. In the previous blog we covered the fundamentals of LFA computation and configuration, including a detailed review of Inequality 1. This …

Author: Nicholas Russo


This blog is the second in a series covering IP Loop Free Alternate (LFA) paths using OSPFv2. In the previous blog, we covered the fundamentals of LFA computation and configuration, including a detailed review of Inequality 1. This inequality is used to determine whether a candidate next-hop router (N) is an LFA towards a destination prefix (D) from the perspective of a source router (S). Here’s the topology, which has not changed from the previous blog.

Exploring Downstream and Node-protecting IP LFAs using OSPFv2

We’ve already confirmed that R1 (S) can use R3 (N) as an LFA path towards 10.0.0.6/32 (D), which is R6’s loopback prefix. R2 (E) is R1’s primary next-hop router along the shortest path. Here’s the Inequality 1 math from the previous blog to refresh your memory:

dist(N,D) < dist(S,D) + dist(N,S)
dist(R3,R6) < dist(R1,R6) + dist(R3,R1)
21 < 21 + 10
21 < 31

Inequality 1 simply answers a yes or no question: Is N an LFA from S to D? It doesn’t tell us anything about the characteristics or protective quality of that LFA. At a minimum, all LFAs are link-protecting. If the R1-R2 (S-E) link fails, we know that R3 (N) can be used as a fast backup from R1 (S) to 10.0.0.6/32 (D). What if R2 suffers a node failure? Also, is R3 closer to R6 than R1 is? Finally, does the LFA rely on the same broadcast network that the primary path does? These are important questions that we can answer by examining three more inequalities in turn. This blog focuses on Inequalities 2 and 3 specifically.

Inequality 2 determines whether an LFA is downstream. More specifically, it determines whether N is closer to D than S is.

Inequality 2 for downstream LFAs: dist(N,D) < dist(S,D)

Those familiar with Cisco’s EIGRP may recall the term feasible successor or FS. An alternate path has FS status if its reported distance (RD) is strictly less than the source node’s feasible distance (FD). This isn’t an EIGRP blog, so I won’t dig into the details (this course covers them), but suffice it to say that this is effectively a downstream test. EIGRP will allow fast failover to an alternate path only if that router is closer to the final destination than the source is. That guarantees loop-free forwarding.

Because distance-vector protocols like EIGRP lack the topological vision that link-state protocols have, there is no concept of Inequality 1. However, the logic of Inequality 2 is identical to EIGRP’s feasibility condition and provides more robust LFAs, even in link-state environments. Let’s examine the same example from earlier using S=R1, N=R3, and D=10.0.0.6/32. This LFA is not downstream because R1 and R3 are equidistant from 10.0.0.6/32. Said another way, R3 is not closer to 10.0.0.6/32 than R1 is as both have a path cost of 20 to reach the R6 router, plus 1 more for the loopback prefix.

dist(N,D) < dist(S,D)
dist(R3,R6) < dist(R1,R6)
21 < 21

Exploring Downstream and Node-protecting IP LFAs using OSPFv2

Inequality 3 determines whether an LFA is node-protecting. If the primary next-hop router (E) of R2 suffers a failure, will the LFA still continue to forward traffic from S to D via N?

Inequality 3 for node-protecting LFAs: dist(N,D) < dist(N,E) + dist(E,D)

At last, we introduce E in our evaluations. This inequality ensures that the LFA path’s does not traverse E by measuring the sum of N’s distance to E, and E’s distance to D. If this inequality is satisfied, the network is guaranteed to avoid E, the primary next-hop router, which implies node protection. Our example LFA is not node-protecting because R3’s (N) shortest path to R6’s loopback (D) traverses R2 (E). You may have noticed that behavior in the previous blog; this particular LFA is only link-protecting and would not be useful if R2 failed entirely.

dist(N,D) < dist(N,E) + dist(E,D)
dist(R3,R6) < dist(R3,R2) + dist(R2,R6)
21 < 10 + 11
21 < 21

Exploring Downstream and Node-protecting IP LFAs using OSPFv2

Next, let’s explore the LFA flags in some detail. Here’s a reminder of what R1’s OSPF RIB entry looks like for 10.0.0.6/32. We don’t see any indication of the downstream or node protection attributes here.

R1#show ip ospf rib 10.0.0.6 255.255.255.255

*>  10.0.0.6/32, Intra, cost 21, area 0
     SPF Instance 80, age 00:10:08
     Flags: RIB, HiPrio
      via 10.1.2.2, GigabitEthernet2
       Flags: RIB
       LSA: 1/10.0.0.6/10.0.0.6
       Source: 10.0.0.6 (area 0)
      repair path via 10.1.3.3, GigabitEthernet1 cost 31
       Flags: RIB, Repair, IntfDj, BcastDj
       LSA: 1/10.0.0.6/10.0.0.6

Let’s examine another case that introduces downstream LFAs, node-protecting LFAs, and routers that have multiple LFAs to a single destination. Starting on R4 (S), let’s compute the path to 10.0.0.6/32 (D), which is R6’s loopback prefix. The shortest path is via R2 (E) using the broadcast network per the routing table.

R4#show ip route ospf | include 10.0.0.6/32
O        10.0.0.6/32 [110/21] via 10.0.234.2, 03:26:29, GigabitEthernet3

Here are the variable assignments for reference; notice that there are multiple values for N. R4 has multiple options other than the R2-R3-R4 broadcast network to reach 10.0.0.6/32 per the topology.

S = R4
E = R2
N = R5 or R7
D = R6's loopback0 prefix of 10.0.0.6/32

As a quick note, we won’t evaluate R8 as a candidate next-hop (N) because R4 is the primary next-hop (E) for 10.0.0.6/32 (D) from R8 (S). Quickly checking R8’s routing table confirms this; we can save ourselves a few minutes by ignoring the N=R8 evaluation.

R8#show ip route | include 10.0.0.6/32
O        10.0.0.6/32 [110/26] via 10.4.8.4, 00:00:06, GigabitEthernet1

We’ll move more rapidly through these examples as you’ve probably picked up the logic by now. Using R5 as N, we’ll examine all three inequalities in sequence. R5 is an LFA thanks to Inequality 1 but is not downstream because R4 and R5 are equidistant to R6’s loopback (D). However, the LFA is node-protecting because if R4’s primary next-hop (E) of R2 fails, the LFA via R5 is unaffected. R5 doesn’t rely on R2 (E) to reach 10.0.0.6/32 (D).

let N=R5

ineq1: dist(N,D) < dist(S,D) + dist(N,S)
       dist(R5,R6) < dist(R4,R6) + dist(R5,R4)
       21 < 21 + 10 --> TRUE, it is an LFA

ineq2: dist(N,D) < dist(S,D)
       dist(R3,R6) < dist(R4,R6)
       21 < 21 --> FALSE, it is not downstream

ineq3: dist(N,D) < dist(N,E) + dist(E,D)
       dist(R5,R6) < dist(R5,R2) + dist(R2,R6)
       21 < 15 + 11 --> TRUE, it is node protecting

Don’t be afraid to use simple diagnostic tools like “traceroute” to validate your assumptions. Tracing from R5 (N) to R6’s loopback (D) confirms that R2 (E) is not traversed in this LFA path. This proves that the node-protection has been achieved with this LFA.

R5#traceroute 10.0.0.6 source 10.0.0.5
Type escape sequence to abort.
Tracing the route to 10.0.0.6
VRF info: (vrf in name/id, vrf out name/id)
  1 10.5.7.7 3 msec 1 msec 1 msec
  2 10.6.7.6 3 msec 1 msec 1 msec

Exploring Downstream and Node-protecting IP LFAs using OSPFv2

Let’s repeat the process for R7, another candidate next-hop (N). Just by looking at the diagram, we notice a few interesting characteristics. R7 (N) is one hop closer to R6’s loopback (D) than either R4 (S) or R5 (other N). This placement makes it likelier to satisfy Inequality 2, the downstream condition. Furthermore, R7 does not traverse R2 (E) en route to 10.0.0.6/32 (D) as confirmed by the traceroute from earlier. This LFA satisfies all three inequalities as shown below.

let N=R7

ineq1: dist(N,D) < dist(S,D) + dist(N,S)
       dist(R7,R6) < dist(R4,R6) + dist(R7,R4)
       11 < 21 + 15 --> TRUE, it is an LFA

ineq2: dist(N,D) < dist(S,D)
       dist(R7,R6) < dist(R4,R6)
       11 < 21 --> TRUE, it is downstream

ineq3: dist(N,D) < dist(N,E) + dist(E,D)
       dist(R7,R6) < dist(R5,R2) + dist(R2,R6)
       11 < 15 + 11 --> TRUE, it is node protecting

Exploring Downstream and Node-protecting IP LFAs using OSPFv2

Examining the OSPF RIB for 10.0.0.6/32 (D) from the perspective of R4 (S), we see that R5 was chosen as the preferred LFA. That’s because it has a lower total cost than R7. When multiple LFAs exist, a series of tie-breakers are evaluated to select the best one, and lowest metric is relatively high on the list. The “CostWon” flag indicates this preference. Note that R5 is node-protecting but not downstream, while R7 is both node-protecting and downstream. The first LFA we evaluated in the previous blog was neither.

R4#show ip ospf rib 10.0.0.6 255.255.255.255

*>  10.0.0.6/32, Intra, cost 21, area 0
     SPF Instance 76, age 00:11:16
     Flags: RIB, HiPrio
      via 10.0.234.2, GigabitEthernet3
       Flags: RIB
       LSA: 1/10.0.0.6/10.0.0.6
       Source: 10.0.0.6 (area 0)
      repair path via 10.4.5.5, GigabitEthernet2, cost 31
       Flags: RIB, Repair, IntfDj, BcastDj, CostWon, NodeProt
       LSA: 1/10.0.0.6/10.0.0.6
      repair path via 10.4.7.7, GigabitEthernet4, cost 36
       Flags: Ignore, Repair, IntfDj, BcastDj, NodeProt, Downstr
       LSA: 1/10.0.0.6/10.0.0.6

The command below will reveal the default tie-break evaluation process whereby the lower numbered items are processed first. Notice that node-protecting and downstream LFAs are not evaluated by these criteria at all, by default.

R4#show ip ospf fast-reroute

            OSPF Router with ID (10.0.0.4) (Process ID 1)

Loop-free Fast Reroute protected prefixes:

           Area        Topology name   Priority   Remote LFA Enabled     TI-LFA Enabled
              0                 Base       High                   No                 No

  Repair path selection policy tiebreaks (built-in default policy):
      0  post-convergence
     10  primary-path
     20  interface-disjoint
     30  lowest-metric
     40  linecard-disjoint
     50  broadcast-interface-disjoint
    256  load-sharing

That’s easily changed using the “tie-break” option. Be sure to specify all the tie-breaks relevant to your design or else the prioritized list will be overwritten. We’ll retain the existing list and insert the “downstream” condition at index 25 so that it is evaluated before the “lowest-metric” condition.

R1(config-router)#fast-reroute per-prefix tie-break ?
  broadcast-interface-disjoint  Interface protection attribute
  downstream                    Downstream repair path attribute
  interface-disjoint            Interface protection attribute
  linecard-disjoint             Line card protection attribute
  lowest-metric                 Lowest metric repair path attribute
  node-protecting               Node protecting repair path attribute
  primary-path                  Equal cost multipath attribute
  secondary-path                Not-equal cost multipath attribute
  srlg                          Shared risk link group attribute

# R4 configuration
router ospf 1
 fast-reroute per-prefix tie-break primary-path index 10
 fast-reroute per-prefix tie-break interface-disjoint index 20
 fast-reroute per-prefix tie-break downstream index 25
 fast-reroute per-prefix tie-break lowest-metric index 30
 fast-reroute per-prefix tie-break linecard-disjoint index 40
 fast-reroute per-prefix tie-break broadcast-interface-disjoint index 50

Now, R4 chooses R7 instead of R5 because it is downstream, despite having a higher cost. This can be dangerous because when OSPF reconverges after a failure, R4 must use the shortest path in the network, likely switching traffic to R5 (depending on the nature of the failure, of course). This customized tie-breaking mechanism may lead to additional churn, and in most production networks, adjusting LFA tie-breaks is detrimental.

R4#show ip ospf rib 10.0.0.6 255.255.255.255

*>  10.0.0.6/32, Intra, cost 21, area 0
     SPF Instance 78, age 00:53:24
     Flags: RIB, HiPrio
      via 10.0.234.2, GigabitEthernet3
       Flags: RIB
       LSA: 1/10.0.0.6/10.0.0.6
       Source: 10.0.0.6 (area 0)
      repair path via 10.4.7.7, GigabitEthernet4, cost 36
       Flags: RIB, Repair, IntfDj, BcastDj, NodeProt, Downstr
       LSA: 1/10.0.0.6/10.0.0.6
      repair path via 10.4.5.5, GigabitEthernet2, cost 31
       Flags: Ignore, Repair, IntfDj, BcastDj, NodeProt
       LSA: 1/10.0.0.6/10.0.0.6

In summary, not all LFAs are created equal. All LFAs will provide link protection between the source router (S) and the primary next-hop router (E), but node-protecting LFAs protect against a total failure of the primary next-hop. Downstream LFAs are closer to the final destination (D) than the source (S), eliminating any possibility of micro-loops during the convergence process. Sometimes downstream LFAs can even tolerate multiple upstream failures at once. Some LFAs may exhibit both of these characteristics while others exhibit neither. Be sure to evaluate all three inequalities to test for these conditions during your studies.


In This Series:

  1. Introducing IP Loop Free Alternates (LFA) with OSPFv2
  2. Exploring Downstream and Node-protecting IP LFAs using OSPFv2 (this article)
  3. Examining Broadcast Disjointedness and IP LFA Coverage with OSPFv2
  4. Improving IP LFA Coverage using Remote LFA with MPLS and OSPFv2
  5. Maximizing IP LFA Coverage using Topology-independent LFA and Segment Routing

Reference Configurations:

# R1
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.1.3.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.1.2.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
ip access-list standard 6
 10 permit 10.0.0.6
!
!
!
end
# R2
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.2.7.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.1.2.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.2 255.255.255.0
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.2.6.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
ip access-list standard 4
 10 permit 10.0.0.4
!
!
end
# R3
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.1.3.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.3.8.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.3 255.255.255.0
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
end
# R4
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.4 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.4.8.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.4.5.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.0.234.4 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.4.7.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 25
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute per-prefix tie-break primary-path index 10
 fast-reroute per-prefix tie-break interface-disjoint index 20
 fast-reroute per-prefix tie-break downstream index 25
 fast-reroute per-prefix tie-break lowest-metric index 30
 fast-reroute per-prefix tie-break linecard-disjoint index 40
 fast-reroute per-prefix tie-break broadcast-interface-disjoint index 50
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
ip ssh version 2
!
!
!
end
# R5
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
interface Loopback0
 ip address 10.0.0.5 255.255.255.255
!
!
interface GigabitEthernet2
 ip address 10.4.5.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 10.5.7.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
ip ssh version 2
!
!
!
end
# R6
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
interface Loopback0
 ip address 10.0.0.6 255.255.255.255
!
!
interface GigabitEthernet4
 ip address 10.2.6.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 10.6.7.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
end
# R7
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
interface Loopback0
 ip address 10.0.0.7 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.2.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
!
interface GigabitEthernet3
 ip address 10.5.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 ip address 10.4.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 25
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet5
 ip address 10.6.7.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
!
end
# R8
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R8
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
interface Loopback0
 ip address 10.0.0.8 255.255.255.255
!
interface GigabitEthernet1
 ip address 10.4.8.8 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 5
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 ip address 10.3.8.8 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 10
 negotiation auto
 no mop enabled
 no mop sysid
!
router ospf 1
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute keep-all-paths
 network 0.0.0.0 255.255.255.255 area 0
!
!
ip ssh version 2
!
!
!
end


Related tags:

it-ops   networking   cisco  
About the author

Nicholas (Nick) Russo, CCDE #20160041 and CCIE #42518, is an internationally recognized expert in IP/MPLS networking and design. To grow his skillset, Nick has been focused advancing Network DevOps via automation for his clients. Recently, Nick has been sharing his knowledge through online video training and speaking at industry conferences. Nick also holds a Bachelor’s of Science in Computer Science from the Rochester Institute of Technology (RIT). Nick lives in Maryland, USA with his wife, Carla, and daughter, Olivia.

10-day free trial

Sign Up Now