This chapter is from the book
This chapter is from the book
This chapter is from the book
Route Summarization
If subnetting is the process of lengthening the mask to create multiple smaller subnets from a single larger network, route summarization can be described as shortening the mask to include several smaller networks into one larger network address. As the network grows large, the number of individual networks listed in the IP route table becomes too big for routers to handle effectively. They get slower, drop packets, and even crash. This, of course, is an undesirable state of affairs. With more than 450,000 routes (at the time of this writing, anyway) known to major Internet routers, some way to reduce the number of entries is not only desirable, but also critical.
In the previous VLSM example, all the subnets for the branches and the WAN links were created from the 192.168.0.0 /24 Class C network. If we take that diagram and put it into context, we can see how route summarization can reduce the number of entries in the route table, as shown in Figure 3.13.
)
FIGURE 3.13 Simple route summarization example.
The Central Office router can either send a routing update with all the subnets it knows about listed individually, or it can send a single line in the update that essentially says, “Send anything that starts with 192.168.0 to me.” Both methods work; the issue is one of scalability. No router will ever collapse under the load of advertising six subnets, but make it 6,000 subnets and it makes a huge difference in performance if you summarize as much as possible.
Route summarization takes a set of contiguous networks or subnets and groups them together using a shorter subnet mask. The advantages of summarization are that it reduces the number of entries in the route table, which reduces load on the router and network overhead, and hides instability in the system behind the summary, which remains valid even if summarized networks are unavailable.
Summarization Guidelines
It is important to follow a few rules and guidelines when summarizing. Serious routing problems will happen otherwise—such as routers advertising networks inaccurately and possibly duplicating other routers’ advertisements, suboptimal or even totally incorrect routing, and severe data loss.
The first rule is to design your networks with summarization in mind, even if you don’t need it yet. This means that you will group contiguous subnets together behind the router that will summarize them—you do not want to have some subnets from a summarized group behind some other router. The summary is essentially saying, “I can reach the networks represented by this summary; send any traffic for them through me.” If one (or more) of the networks behind the summarizing router is unavailable, traffic will be dropped—but not by the summarizing router, because the individual routes to the networks that were summarized are still valid, and have a longer match entry than the summary. The packet will get routed to the router that connects to the dead network, and dropped there. Advance planning, including making plenty of room for future growth, will give you a solid, scalable network design that readily lends itself to summarizing. Figure 3.14 shows a badly designed network that will be almost impossible to summarize because the subnets are discontiguous, with individual subnets scattered all over the system.
)
FIGURE 3.14 Poor planning prevents proper performance.
The second rule is to summarize into the core of your network. The core is where the bigger, faster, busier routers are—like the Central Office router in the previous example. These routers have the job of dealing with high volumes of traffic headed for all different areas of the network, so we do not want to burden them with big, highly detailed route tables. The further you get from the core, the more detail the routers need to get traffic to the correct destination network. It’s much like using a map to drive to a friend’s house; you don’t need a great deal of detail when you are on the highway, but when you get into the residential areas, you need to know very precise information if you have a hope of finding the place.
Figure 3.15 illustrates the same network after your friendly neighborhood Cisco Certified Internetwork Expert has spent the afternoon re-addressing the network and configuring summarization. This network will scale beautifully and have minimal performance issues (at least because of route table and routing update overhead).
)
FIGURE 3.15 Proper planning prevents poor performance.
Following these rules will give you one of the additional benefits of summarization as well: hiding instability in the summarized networks. Let’s say that one of the branches is having serious spanning-tree problems because Sparky the Junior Woodchuck was allowed to configure a Cisco switch. (This is actually a felony in some states.) That route could be “flapping”—up, down, up, down—as spanning-tree wreaks havoc with your network. The router will be doing its job, sending out updates every time the route flaps. If we were not summarizing, those flapping messages would propagate through the entire corporate system, putting a totally unnecessary and performance-robbing load on the routers. Once you summarize, the summary is stable: It can’t flap because it is not a real network. It’s just like a spokesperson at a press conference: “The rumors of a fire at the Springfield plant have had no impact on production whatsoever.” Meanwhile, the Springfield plant could be a charred hulk. The summary is still valid, and traffic will still be sent to the router connected to the flapping network. This keeps people from asking any more questions about the Springfield fire. However, if someone were to send a shipment to Springfield, it would be hastily redirected to another site (or dropped). All we have done is hide the problem from the rest of the world so that we don’t flood the Internet with rapid-fire routing updates.
Determining Summary Addresses
When using routing protocols in classless configurations, creating summary addresses is a totally manual process. Classful routing protocols perform automatic summarization, but that is not as fancy as it sounds. They simply treat any subnet as the classful address from which it was created, which works if your networks are built with this in mind; however, in reality that is too simplistic and real networks need more customized summarization. The upshot of all this is that you need to understand how to determine the summary address given a set of networks to be summarized, and you also need to be able to figure out if a particular network is included in a given summary.
Remember that summarization is exactly the opposite of subnetting; in fact, another term for summarization is supernetting. (You might also see it called aggregation.) When we subnet, we lengthen the mask, doubling the number of networks each time we add an extra bit to the mask. Supernetting does the opposite: For each bit we retract or shorten the mask, we combine networks into groups that follow the binary increment numbers.
To illustrate this, let’s look at the private Class B address space. These networks are listed as follows:
- 172.16.0.0 /16
- 172.17.0.0 /16
- 172.18.0.0 /16
- 172.19.0.0 /16
- 172.20.0.0 /16
- 172.21.0.0 /16
- 172.22.0.0 /16
- 172.23.0.0 /16
- 172.24.0.0 /16
- 172.25.0.0 /16
- 172.26.0.0 /16
- 172.27.0.0 /16
- 172.28.0.0 /16
- 172.29.0.0 /16
- 172.30.0.0 /16
- 172.31.0.0 /16
If you look carefully, you will notice that the range of networks is identified in the second octet. The octet where the range is happening is referred to as the interesting octet. This is your first clue where to begin your summarization.
The next step is to figure out what the binary values of the network’s range are. The binary values for the interesting octet are shown in Figure 3.16.
){kind=link}
FIGURE 3.16 Binary values for Class B private range second octet.
You should see a pattern in the binary values: The first 4 bits are all the same. The range is actually happening in the last 4 bits in the second octet; those 4 bits range from 0000 through 1111; the first 4 bits are common for all 16 networks in the range.
The next step is to identify those common bits. While you are learning how to do this, it’s a good idea to write out the binary for the range and draw a line that represents the boundary between the common bits and the variable bits in the range. Remember, be absolutely sure that your boundary line is in the right place: For all the networks in the range, everything to the left of the line must be identical, and everything to the right will be the ranging values.
The next step is easy. We are about to summarize: All we need to do is to build a subnet mask that puts a 1 under all of the common bits in the range, and a 0 under everything else—1s to the left of the boundary, and 0s to the right, as shown in Figure 3.17.
)
FIGURE 3.17 Identifying and masking the common bits in a summary.
The last step is to actually create the summary statement. A summary is always an IP address plus a mask; the IP is usually a network ID, and it should be the first network in the range. In our example, the first network ID is 172.16.0.0 so that is the IP we will use. For the mask, the first octet is the same in the whole range, and we have figured out that the first four bits in the second octet are always the same. Remembering that a mask is always a string of 1s followed by a string of 0s, this means that we should mask all 8 bits in the first octet and the first 4 in the second octet, so our mask looks like this:
11111111.11110000.00000000.00000000
That can also be expressed as
255.240.0.0 or /12
So, our summary statement becomes
172.16.0.0 255.240.0.0
or
172.16.0.0 /12
Reverse engineering this is the same process. You are given a summary statement and asked what networks it includes. The octet in which the mask changes from 1s to 0s is the interesting one, where the range will be defined. Jot down the address and mask in that octet in binary and see what possible values are in the range. Then check the networks to see if those are in the range. Figure 3.18 gives an example.
)
FIGURE 3.18 Summary address analysis.
Cram Quiz
You are given the following ranges of subnets:
192.168.1.0/29
192.168.1.128/29
192.168.1.8/29
192.168.1.136/29
192.168.1.16/29
192.168.1.144/29
192.168.1.24/29
192.168.1.152/29
192.168.1.32/29
192.168.1.160/29
192.168.1.40/29
192.168.1.168/29
192.168.1.48/29
192.168.1.176/29
192.168.1.56/29
192.168.1.184/29
Your task is to summarize these two ranges of subnets. Do not include any subnets not named in the ranges in your summary. (Hint: You may use more than one summary address).
Your boss complains that manual route summarization is difficult and complex, and wonders if maybe you should not bother with it. What are the most compelling arguments in favor of route summarization? Choose all that apply.
A. Utilizes the full RAM and CPU performance capacity of the routers- B. Can suppress the effects of an unstable or “flapping” interface
- C. Advertises complete and detailed route tables
- D. Increases security by advertising “fake” networks
- E. Reduces the size of the route tables
- F. Reduces the load on RAM, CPU, and bandwidth of routers
Cram Quiz Answers
- Two summary statements are required. Because these two network ranges are discontiguous, we cannot use a single statement without including the ranges between and after, which is both not allowed in the question and not generally a good idea in practice. The two summary statements are 192.168.1.0/26 and 192.168.1.128/26. The /26 in each statement can also be expressed as 255.255.255.192.
- Answers B, E, and F are correct. Answer A is incorrect because summarization actually reduces the load on routers, and maxing out your router is not a good idea to begin with. Answer C is incorrect; summarization sends out summary routes that represent the detailed routes. Answer D is incorrect, but tricky: Summarization does in fact send out fake routes, but this does nothing to increase security.