This chapter describes how to use:
The Next Hop Resolution Protocol (NHRP) defines a method for a source station to determine the Non-Broadcast Multi-Access (NBMA) address of the "next hop" towards a destination. The NBMA next hop may be the destination itself or the egress router from the NBMA network that is "nearest" to the destination station. This "next hop" information is called a "cut-through" route or VC in the NHRP specification; the router uses the term "shortcut" instead of "cut-through". The source station can then establish an NBMA virtual circuit directly with the destination or the egress router and reduce the number of hops through the network.
Figure 26. Next Hop Resolution Protocol (NHRP) Overview
The 2216 can use NHRP to establish shortcuts for IP traffic over the ATM NBMA network for both RFC 1483 and Emulated LAN (ELAN) interfaces. The Internet draft does not address the use of NHRP in an ELAN environment, but the 2216 includes enhancements to allow using LANs. These enhancements are currently implemented using the vendor-private extensions included in the NHRP protocol definition.
The NHRP draft describes the basic protocol flow as follows: NHRP clients register their protocol addresses and their NBMA addresses with one or more NHRP servers. The servers are typically routers on the routed path through the NBMA network to the clients. When a client wants to establish a shortcut to a destination, it sends a Next Hop Resolution Request packet along the routed path. The request includes the destination protocol address. The routers (that are also NHRP servers) along the routed path first check to see if the destination protocol address is an address that it can serve.
If the router can satisfy the request, the router returns a Next Hop Resolution Reply with the NBMA address of the destination station. The originator can then establish a direct virtual circuit with the destination. If it cannot satisfy the request, the router forwards the request to the next-hop router. This forwarding continues until the request can be satisfied, or it is determined that the destination cannot be reached.
To use client/server terminology, a device may be both a client and a server. The client is the device that originates Next Hop Resolution Requests, and the server is the one that provides Next Hop Resolution Replies with NBMA address information. The 2216 is such a device; the client conceptually "registers" with the server function in the same machine, although no Registration Requests actually flow. The server also supports NHRP Registrations from remote NHRP clients.
The information provided by clients to their server, and by servers to requestors, must be refreshed periodically and may be purged if conditions dictate. Clients and Servers maintain caches of resolution information that they have sent and received; holding times are used to age out the entries or force refreshes.
In general, use of NHRP shortcuts can:
The IBM implementation of NHRP provides these additional benefits:
| Note: | A hop is an operation performed by a traditional router when forwarding packets from one subnet to another. In particular those operations are (1) doing a lookup on a Layer 3 subnet identifier (2) determining the outbound "next hop" for the packet (3) stripping and replacing the Layer 2 packet header, removing ingress link information and adding egress link information. So, for "one-hop" routing this operation happens once during transfer of a packet from its source to its destination. |
NHRP is used during initial contact from a source device to a destination. Once a shortcut VC has been established, NHRP is not involved in actual data transfer. Safeguards ensure that NHRP traffic is not retried for every packet. Also, the IBM implementation provides an option for NHRP shortcuts to be requested only when traffic to a certain destination exceeds a configurable data rate threshold. This can prevent, for example, the establishment of virtual circuits that would only be used for one SNMP trap frame that is generated by an IP host.
NHRP operation does not affect the performance of the router fastpath and will not significantly affect the slowpath. When shortcuts are available, the performance is improved by the elimination of extraneous hops over the ATM network. Also, the performance of intermediate routers that are bypassed by NHRP shortcuts should be improved, as they handle less traffic.
| Note: | If a configuration does not include a 1577 interface (that is, the router is configured only for ELANs), shortcut VCs can be established to the router only from clients that support the IBM extensions. This limitation can be avoided simply by defining a 1577 interface on the router. |
The following paragraphs give examples of NHRP configurations.
In this picture, the NHRP clients use RFC 1577 connections to communicate with the router. They use NHRP protocol to learn from the NHRP server about each other's ATM addresses. Then they establish a direct virtual circuit between them for IP traffic.
Figure 27. NHRP in a Classic IP Environment
This example shows how NHRP can be used between two 1577 devices. when one of them does not support NHRP. Here, Device2 provides the NHRP client with the ATM address of the non-NHRP device and the client can establish a shortcut for traffic to the non-NHRP host. However, when traffic flows from the non-NHRP device, it flows on the routed path to Device2; then Device2 acts as an NHRP client and establishes a shortcut to the destination.
Figure 28. NHRP in a Classic IP Environment with non-NHRP Device
In the LAN emulation case, routers use the IBM extensions to provide NBMA information for devices on their ELANs. When Device1 receives traffic from host A destined to host B, it originates a Next Hop Resolution Request and sends it on the routed path. Device2 replies to the request with NBMA information about host B, one of the stations that it serves because they are on the same ELAN. Device1 then can establish a data direct VCC to host B even though host B does not participate in or support the NHRP exchanges. Note that this VCC would be used only for traffic in the direction from A to B. Similarly when host B sends traffic to host A, Device2 generates a Next Hop Resolution Request, Device1 replies with addressing information about host A, and Device2 establishes a data direct VCC to A for traffic from B to A.
The LECs in this example are standard-compliant devices with no NHRP support. They must satisfy the LEC requirements described in "NHRP Implementation").
Nothing special has to be configured in these devices or in the NHRP servers. The NHRP traffic flows over the ELAN subnet with no additional VCs.
Figure 29. NHRP in an ELAN Environment
In this example, the source and destination stations are attached to legacy LANs and do not connect to the ATM net work. LAN switches operating as LAN Emulation Clients give ATM connectivity to the legacy LAN devices. The enhancements to NHRP and the IBM extensions allow the same kind of "one-hop routing" in this environment as described in the previous example. With the enhancements, the servers exchange the actual MAC addresses and routing information for the legacy-LAN devices. The 2216s can then establish data direct VCCs with the switches and pass the traffic directly. There is only one router "hop" in the path, although the traffic passes through two LAN switches.
This example also illustrates that the ELAN environment can be token-ring or Ethernet or any mixture of LAN types.
Figure 30. NHRP in an ELAN Environment with LAN Switches
The NHRP function in the router can operate with both Classic IP and ELAN interfaces in the same network. In this example, the NHRP client supports the IBM extensions and can shortcut directly to the LEC destination for traffic in that direction.
Figure 31. NHRP in a Mixed Classical IP and ELAN Environment
The source and/or destination stations of protocol traffic do not have to belong to subnets served by NHRP participants. They may access the ATM network via routers that communicate with the NHRP devices. In this case, the 2216 provides shortcuts through the ATM network to eliminate as many hops as possible.
Figure 32. NHRP to an Egress Router
NHRP interacts with the router function in the router. When the router function in the router is forwarding packets along the routed path and NHRP successfully obtains a shortcut VC, NHRP will update the router function to send the packet directly over the shortcut VC.
NHRP updates the routing function's forwarding table after the VC is up. This allows the switch from routed path to the shortcut path to occur without any packet loss.
When an NHRP shortcut is used, the router transmits frames to a next hop address on a subnetwork that the router itself is not a part of. So the NET, or interface, that provides the outbound path for the traffic is called a "virtual" network interface.
Normally, outbound packet flow from a router is constrained by the following:
The Virtual Network Interface (VNI) net-handler removes all of these constraints, which allows the router to forward packets directly to next hops obtained via NHRP (shortcut routes). It enables one-hop routing, where NHRP shortcut routes can be made directly to devices that do not support NHRP.
The VNI supports token-ring, Ethernet V2 and Ethernet DIX ELAN network interfaces and classic IP network interfaces. When the outbound path is to use a classic IP (1577) interface, the implementation actually uses the existing 1577 net-handler interface for the VNI. However, when the outbound path is to use a LANE shortcut, a unique interface is accessed. This is called the LANE Shortcut Interface (LSI). The LSI is different from a traditional LEC interface because it can provide more than one LAN encapsulation type; that is, one VC may be established using token-ring encapsulation while another uses Ethernet V2. Also the LSI provides connections to more than one Emulated LAN; a traditional LEC interface connects to only one ELAN.
When you enable NHRP, an LSI is created for each ATM adapter. The LSI is assigned the next available interface number, and will be listed when you invoke console functions that display information about the router interfaces.
The LANE shortcuts provided by the IBM extensions to NHRP are not compatible with some LAN Emulation Client (LEC) and end-station protocol stack implementations. This section describes how these incompatibilities can arise and, in some cases, how they can be overcome using configuration options.
Paranoid LECs are devices that use the LAN Emulation Flush Protocol to verify that clients setting up Data Direct VCCs to it are actually members of its ELAN. These devices will not work with NHRP shortcuts generated by LSIs since the LSI is not part of the target ELAN.
| Note: | The "Exclude List" configuration option can be used to prevent shortcuts to Paranoid LECs as described in "Exclude Lists". |
By default, the LSI will use the MAC address burned into the associated ATM adapter as the source MAC address of frames transmitted over the LANE shortcut VCCs. It is possible, though unlikely, that this could confuse some end-station protocol stack implementations, since the MAC address will not match that of the router that the end-station uses as a gateway to transmit packets to the associated IP address.
For this to happen, the end-station would have to learn router MAC addresses from unicast IP frames which is not normal (IP-to-MAC address mappings are normally learned from ARP packets). If this were to happen, the end-station might use the learned MAC address as the destination MAC address of frames that it transmits to the associated IP destination instead of using the MAC address of the router. Such frames would either be dropped or forwarded over the LANE shortcut VCC. Forwarding would only occur if the LEC learns MAC-to-ATM address binding from received frames (which is an optional implementation choice).
In either case, these frames will not reach the destination since the LSI discards frames received over a LANE shortcut VCC. Furthermore, the LSI releases the LANE shortcut VCC and no further shortcuts will be established to the associated ATM address. Traffic for destinations associated with that ATM address will follow the routed path thereafter. Note that ELS messages and console display for LANE shortcuts aid in identifying these destinations.
The LSI can be configured not to use the universally administered MAC address as the source MAC address. With this option, you have two choices for the source MAC address:
Using the last-hop router's MAC address as the source MAC address solves the problem of end-station protocol stack confusion but introduces another potential problem. It may confuse LECs that learn MAC-to-ATM address binding from received frames, and therefore should not be used with LECs that perform this type of learning. For example, the LEC in IBM's 8281 ATM-LAN bridge performs this type of learning.
The source MAC address can be configured to avoid the problem of duplicate MAC addresses seen on an ELAN because of inter-ELAN shortcuts. The MAC address should be configured for this LSI network when there are any disallowed LANE shortcut entries. See "LANE Shortcuts" for details on displaying disallowed LANE shortcut entries.
These configuration options are provided to maximize flexibility in achieving compatibility with the largest possible set of destinations in a given installation. See "Configuring the LANE Shortcuts Interface (LSI)" for further information and "Change" for a description of the change command.
This section describes some of the NHRP related configuration parameters and their recommended usage. See "NHRP Configuration Commands" for command syntax, command parameters, valid values and default values.
NHRP is enabled by default if IP is present in the box. It can be disabled by entering the disable NHRP command from the NHRP config> prompt. See "Accessing the NHRP Configuration Process" for additional information.
When using an existing configuration file, NHRP is enabled by default if it was not previously configured. The configuration file will be automatically updated at runtime to create NHRP shortcut interfaces. You need to save this updated configuration file and reboot in order for the NHRP client to use LANE shortcuts.
Configuration allows you to create a list of protocol addresses (and associated masks) that represent two types of devices:
The exclude list can be used to identify routers that are on the routed path but do not support NHRP server function.
The server responds to a Next Hop Resolution Request by providing the ATM address of the next-hop router when all of the following are true:
In processing the request, the router does not forward the Resolution Request on to the next-hop address, but responds to the client with addressing information that allows the client to establish a shortcut VC to the next-hop router.
| Note: | If the next-hop router is one of the Disallowed R2R Shortcuts, the router sends a NAK to the Resolution Request instead of a positive reply. |
In general, if the next-hop router is on the exclude list, the router does not send it any NHRP packets that would only be handled by an NHRP server.
The exclude list can also be used to prevent shortcut VCs to a given protocol address (for example, a device on a CIP or ELAN subnet that can support only a small number of VCs).
When processing a Next Hop Resolution Request for a destination device, the server responds to the client with addressing information that allows the client to establish a shortcut VC to the router itself when all of the following are true:
The NHRP protocol includes Extensions. Extensions are appended to NHRP packets. Extensions are used to request additional functions from the NHRP participants. The use of the extensions parameter lets you determine if the router sends certain extensions:
Three extensions are defined in NHRP to provide path information. These extensions can be used to help monitor the request itself, to determine the path taken by the request, to determine who generated the reply, and the path taken by the reply. The path information extensions are:
The router can be configured to send any or all of these extensions in Next Hop Resolution Request packets that it generates. The information received in the reply packets is displayed in the router's NHRP ELS messages.
To support NHRP in an Emulated LAN environment, the server adds vendor-unique extensions to NHRP packets. These extensions act as "queries"; the NHRP client places them in the Next Hop Resolution Request. If the server supports this function, it responds with three corresponding extensions containing ELAN address information (MAC address, ATM address and Routing information); these extensions are included in the Next Hop Resolution Reply.
The router can be configured so that it does not support the IBM-specific extensions. If the IBM specific extensions are not used, shortcuts directly to ELAN devices are not possible. Use the "Exclude List" option to disallow shortcuts selectively to certain ELAN devices.
Operation of NHRP may result in establishing transit paths across NBMA network between routers. However, establishing an NHRP shortcut across a boundary where information used in route selection is lost may result in a routing loop. Such situations include the loss of BGP path vector information, and the interworking of multiple routing protocols with dissimilar metrics. Under such circumstances, NHRP shortcuts between routers should be disallowed. This situation can be avoided if there are no "back door" paths between the entry and egress router outside the NBMA network.
The server allows router-to-router (R2R) shortcuts by default. However, by configuring disallowed R2R shortcuts, you can create a list of destination or router addresses for which the router does not allow shortcuts.
To create a disallowed R2R shortcut, you must specify both a protocol address and a mask. The protocol address is either the destination or a router, and the mask allows for a range of addresses.
To illustrate how to specify disallowed R2R shortcuts using protocol addresses and masks, consider the following network diagram:
Figure 33. Using Disallowed Router-to-Router Shortcuts
| Example 1: | An entry with address=9.9.9.1 mask=255.255.255.255 would cause the NHS to send a NAK to the sender of a Next Hop Resolution Request with destination protocol address 9.9.9.1 (HOST1). Since 9.9.9.1 is not directly attached to one of the device subnets, but is reached by another router, the router checks the Disallowed R2R Shortcuts List. |
| Example 2: | An entry with address=9.9.9.0 mask=255.255.255.0 would cause the router to send a NAK for any destination address 9.9.9.1 through 9.9.9.255. HOST1, HOST2, and ROUTER2 could not be reached using shortcuts to the router but devices on the other subnets serviced by ROUTER2 could be reached. |
| Example 3: | An entry with address=1.1.1.5 mask=255.255.255.255 would cause the router to respond negatively for any destination whose next-hop router is 1.1.1.5, ROUTER1. The router would respond negatively for any address on subnet 9.9.9 and for any address on the other IP subnets reached via router 9.9.9.3 because next hop is 1.1.1.5. |
| Example 4: | An entry with address=anything mask=0.0.0.0 would disable R2R shortcuts for all addresses. |
This parameter determines if the protocol layer access controls will be checked and, if so, how these controls will be applied to NHRP packets.
If this configuration parameter is set to its default value of none, the protocol layer access controls are not checked.
With the value of source and destination, when the NHRP requester is not a router, the NHRP client's IP address is assumed to be the source of all IP packets that will be transmitted by that client using the NHRP shortcut route. The router denies NHRP shortcut requests from a non-router NHRP client if any IP packets are being filtered for that IP destination/source address pair, where the source is the NHRP client's address.
Selecting the destination only option causes the router to deny shortcut requests from any NHRP client if any IP packets are being filtered to the destination address. If NHRP clients should not be trusted, destination only should be selected. destination only might be the best option when NHRP clients are non-routers with multiple IP addresses or non-router clients that transmit packet that originate from other sources.
NHRP clients that reside in the routers use the NHRP shortcut routes to forward packets from other sources: therefore, if source and destination is configured and the router receives a shortcut request from a router, the router applies the IP filters the same way as when destination only is selected.
NHRP access controls for denying shortcuts to certain IP addresses may be defined by adding those addresses to both the exclude list and disallowed-router-to-router shortcuts.
Since an server may have more than one ATM adapter, it may be connected to two different or unassociated networks. This must be considered when deciding when shortcut VCs should be allowed.
You can determine which interfaces should be treated as if they are connected to the same physical ATM network by assigning each ATM interface a Network-ID by using the set command at the ATM Interface Config> prompt as described in the "Using and Configuring ATM" chapter in Software User's Guide
ATM interfaces with the same Network-ID are considered to belong to the same network. By default, all ATM interfaces are assigned to Network-ID 0.
The NHRP LANE Shortcut Interface (LSI) is automatically created for each ATM adapter when NHRP is enabled for the router. The LSI uses default values for the following parameters.
The default values may be modified using the change command from the NHRP Advanced config>prompt. See "Change".
If you have a NHRP client/server and its configuration requires you to give the ATM address of the router NHRP server, you must select the proper ATM address. You must use an address associated with an "ATM interface" in the device, and an IP address must be assigned to this interface. The last two digits of the router ATM address, the selector, are assigned dynamically after the router is activated (and may change if the configuration of the router changes), unless you have configured a specific selector.
You can specify the ATM address, including selector, by entering prot arp at the talk 6 Config> prompt, followed by add atm, giving the desired IP address and then specifying a selector. This is the same procedure used to define an ATMARP client.
If you want to use NHRP on the device, you must configure all LECs with a unique locally administered MAC address (LAA). If you do not configure the LECs with unique LAAs, the NHRP shortcut capability to the corresponding switch or device will not work because:
| Note: | By default, the router enables LAN Emulation Extensions on NHRP, so you must either disable the extensions or configure the unique locally administered MAC address for each LEC. |