ospf - ipmasters · ospf features ospf is an open standards routing protocol this works by using...
TRANSCRIPT
OSPF FEATURES
OSPF is an open standards routing protocol
This works by using the Dijkstra algorithm
OSPF provides the following features:
Minimizes routing update traffic
Allows scalability (e.g. RIP is limited to 15 hops)
Has unlimited hop count
Supports VLSM/CIDR
Allows multi-vendor deployment (open standard)
Areas Reasons and Features
A larger topology database requires more memory on
each router.
Processing the larger topology database with the SPF
algorithm requires more processing power
A single interface status change, anywhere in the
internetwork forces every router to run SPF again.
A router can be a member of more than one area (ABR)
All routers in the same area have same topology database
When multiple areas exist, there must always be an area 0
(the backbone) to which other areas connect
ROUTER ID The Router ID (RID) is an IP address used to identify the
router
Cisco chooses the Router ID by using the highest IP
address of all configured loopback interfaces
If no loopback interfaces are configured with addresses,
OSPF will choose the highest IP address of all active
physical interfaces.
You can manually assign the router ID.
The RID interface MUST always be up, therefore loopbacks
are preferred
OSPF PACKETS Data Field of the OSPF packet contents depend on the OSPF
packet type:
• Hello packet: Contains a list of known neighbors.
• DBD packet: Contains a summary of the LSDB, which includes all known router IDs and their last sequence number, among several other fields.
• LSR packet: Contains the type of LSU needed and the router ID of the router that has the needed LSU.
• LSU packet: Contains the full LSA entries. Multiple LSA entries can fit in one OSPF update packet.
• LSAck packet: This data field is empty.
OSPF PACKETS
Hello: Discovers neighbors and builds adjacencies between them
Database Description (DBD):
Checks for database synchronization between routers
Link-state request (LSR): Requests specific link-state records from another router
LSU: Sends specifically requested link-state records
LSAck: Acknowledges the other packet types
Hello Packet Information • Router ID: 32-bit
• Hello and dead intervals: must be the same on neighboring routers (must match)
• Neighbors: list of adjacent routers
• Area ID: Contains the full LSA entries. Multiple LSA entries can fit in one OSPF update packet (must match)
• Router Priority: 8-bit
• DR and BDR IP Addresses
• Authentication Password: (must match)
• Stub Area Flag: (must match)
Network Types Point-to-point
Broadcast mutliaccess
Non-Broadcast Multiaccess (NBMA)
The contents of the LSA (excluding the LSA header) have changed
OSPF over L2 and L3 MPLS VPN
DR and BDR have been selected, any router added to the
broadcast network establishes full adjacencies with the DR
and BDR only
Neighbor Adjacency States
Router A send hello on LAN .
All connected routers add A on list of neighbors (init state)
All routers received Hello send unicast reply to A with corresp. Info and list on their neighbors inc. A
A adds the received neighbors IDs on table (2-way state)
Discovering Network Routes in BC domain
After DR and BDR selected:
Master-slave relationship higher RID is the Masters (Exstart state)
Master & slave exchange DBD packets (Exchange state)
DBD is LSA entries header (link-state type, Addr. Of Advertising router, link cost, Seq. No.)
Discovering Network Routes in BC domain
When receive DBD:
Router Ack the DBD using LSAck
Compare received info with its LSDB, send LSR for newest LSA (Loading state)
Other router replies with complete info about requested entry using LSU
Router Ack the received LSU
Router adds new LSAs into LSDB (Full state)
Attempt state for NBMA
Link-State Advertisement “LSA”
LSAs advertised to routers with split-horizon rule
Each LSA entry has aging timer in age field of LSA (def. 30min)
Router originated the entry resends the LSA with higher seq. no. in LSU to verify link still active
LSA discarded when LSA reach its maxage (60 min)
LS entry must be refreshed every 30 min
SPF Recalculation
SFP triggered when any of the following happen:
The LSA’s Options field has changed
The LSA’s LS age is set to maxage
The Length field in the LSA header has changed
The contents of the LSA (excluding the LSA header) have changed
An SPF calculation is performed separately for each area
in the topology database.
Adjacency for NBMA Network DR &BDR needs full L2 connectivity with routers in NBMA
Several OSPF configuration choices are available for FR network depending on network topology:
Nonbroadcast: B/DR are elected, neighbors are manually config
Point-to-multipoint: B/DR not req., multicast hello auto neighbors disc.
Point-to-multipoint nonbroadcast: B/DR not req, manual neighbors config
Broadcast: B/DR are elected, multicast hello auto neighbors disc.
Point-to-point: no B/DR, differ. IP subnets
Point-to-point needs less configuration, nonbroadcast less traffic
overhead
R(config-if)#ip ospf network {broadcast | non-broadcast | point-to-
multipoint [non-broadcast] | point-to-point}
NBMA Mode Configuration
Fully meshed topology DR & BDR are elected
Not Fully meshed DR & BDR are manually selected
DR & BDR should have full connectivity with all routers
LSUs are replicated for each PVC
Configure nonbroadcast mode by:
Manually configuring neighbors in DR and BDR
Define OSPF network type as nonbroadcast
neighbor ip-address [priority number] [poll-interval number] [cost
number] [database-filter all]
Point-to-multipoint Mode Configuration
Not full-mesh topology
OSPF treats this mode as several point-to-point links
No static neighbor configuration, multicast hello discover neighbors
Duplicated LSA packets
Hello interval 30 sec, and dead interval 120 sec
One IP subnet
Point-to-multipoint Nonbroadcast Mode Configuration
Used when no broadcast and multicast
OSPF treats this mode as several point-to-point links
No automatic neighbor discovery, so must use static neighbor configuration
Bandwidth for each neighbor can be defined
Hello interval 30 sec, and dead interval 120 sec
One IP subnet
OSPF over Frame Relay Subinterface Configuration
Point-to-point subinterface:
Each VC gets its own subinterface
No DR and BDR, automatic neighbor discovery
Point-to-multipoint subinterface:
Nonbroadcast id the default mode
LSA Types
LSA type 1: Router LSA
LSA type 2: Network LSA
LSA type 3 : Summary LSA
LSA type 4: ASBR
LSA type 5: AS External LSA
LSA type 6: Multicast OSPF LSA (not supported by Cisco)
LSA type 7: LSA for NSSA
LSA type 8: External Attributes for BGP (Not supp. by Cisco)
LSA type 9, 10, 11: Opaque LSA (future upgrades)
LSA Type 1 link type is defined by
(1,2,3, or 4)
Link ID: what is on the other end of the link which depends on link type
Link data: IP address of the link, or subnet mask in case of stub network
Type 1 LSA includes the OSPF cost for each link, and whether the router is an ABR or ASBR
Link ID Field Contents Decription
Link
Type
Neighbor RID Point-point 1
DR’s interface address Transit Network 2
IP network/subnet Stub network 3
Neighbor RID Virtual link 4
LSA Type 2
Transit Network has at least 2 directly attached OSPF routers
LSA type 2 list all attached routers, DR, and subnet mask
DR is responsible for advertising Network LSA
Link-state ID is the IP address of DR
LSA Type 3 Advertises networks for an area to the rest of areas
Type 3 summary LSA is advertised into the backbone area for every subnet defined in the originating area
Manual summarization at ABR should be considered
Receiving type 3 LSA does not cause router to run SPF
To summarize inter-area, IOS a creates summary route to null 0: area area-id range address mask [advertise | not-advertise] [cost
cost]
Link-state ID is destination network number (summary network)
LSA Type 4
Generated by an ABR only when an ASBR exists within an area
It identifies the ASBR and provide a route to it.
ASBR send type 1 LSA with external bit(e bit) is set
ABR generate type 4 LSA and floods it to backbone area and into their area
Link-state ID is ASBR ID
LSA Type 5 Describe a routes networks outside the OSPF AS
To reduce flooding of LSAs for external networks, summarization should be considered at ASBR
Link-state ID is the external network number
To manually summarize external routes:
summary-address ip-address mask [not-advertise] [tag tag]
Types of OSPF Routes
description Route Designator
Networks within the area advertised by
router and network LSAs OSPF intra-area (router
LSA) and network LSA O
Networks from outside area and within
AS advertised by summary LSAs OSPF interarea
(summary LSA) O IA
Networks from outside AS advertised
by way of external LSAs.) Type 1 external routes O E1
Networks from outside AS advertised
by way of external LSAs. Type 2 external routes O E2
E1: adding external cost to internal cost (when multiple ASBRs, E2 the cost in only the external cost
PROPAGATE DEFAULT ROUTE
default-information originate
when configured on a OSPF router it becomes an ASBR, the router already has a default route
When use always keyword to the command it advertise regardless whether the router already has default route
default-information originate [always] [metric metric-value] [metric-type
type-value] [route-map map-name]
The default metric value for type of interfaces is “1”
VIRTUAL LINKS A virtual link allows discontiguous area 0s to be connected, or a
disconnected area to be connected to area 0, via a transit area.
It cannot go through more than one area, nor through stub areas.
LSA on virtual link does not age out (DoNotAge DNA)
To configure virtual link: area area-id virtual-link router-id [authentication [message-digest | null]] [hello
interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-
interval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]]
SPECIAL AREA TYPES
Standard Area: Default area link updates, route summaries, and external routes
Backbone Area: area 0, all other areas connected to this area
Stub Area: don’t accept external routes
Totally Stubby Area: don’t accept external routes but can send a packet to external using a default route, no ASBR. (Cisco proprietary)
Not so-stubby area (NSSA): don’t accept external information but instead use default route, but can allow ASBR and use type 7 LSA
Totally Stubby NSSA: Allows ASBR and does not accept external routes or summary routes
STUB OR TOTALLY STUBBY AREA
There is a single exit point from that area; or if there are multiple exits, one or more ABRs inject a default route into the stub area and suboptimal routing paths are acceptable.
All OSPF routers inside the stub area, incl. ABRs, are configured as stub routers before they become neighbors and exchange routing information. Hello packets contains stub area flag
The area is not used as a transit area for virtual links, no ASBR is inside the area, and not a backbone area (area0)
Type 4 and 5 LSAs not permitted to flood into stub area
Type 3, 4 and 5 LSAs are not permitted to flood into totally stubby area
STUB OR TOTALLY STUBBY AREA
To configure stub area:
area area-id stub
area area-id default-cost cost “to change the default route cost, configured on ABR”
To configure totally stubby area:
area area-id stub [no-summary]
area area-id default-cost cost “to change the default route cost configured on internal routers”
NOT-SO-STUBBY AREA “NSSA”
ASBR exits on area generate type 7 LSA into area with propagate bit (P) to avoid propagation loop between NSSA and BB.
NSSA ABR translates the type 7 LSA to Type 5 LSA
ABR sends default route into NSSA instead of external routes
Routers in NSSA set N-bit to confirm the support for NSSA. This option checked during neighbor discovery
Type 7 LSA described in routing table by “O N1” or “O N2”
To configure the NSSA area
Area area-id stub nssa [no-redistribution] [default-information originate] [metric metric] [metric-type value] [no-summary]
When use keyword [no-summary] totally stubby NSSA is configured
ROUTE FILTERING
No route filtering permitted inside area due to LSDB convergence
Route filtering can be applied for:
Type 3 LSAs on ABR
Type 5 LSAs on ASBR “Route redistribution”
Filtering OSPF routes when adding to IP routing table
TYPE 3 LSA FILTERING
No route filtering permitted inside area due to LSDB convergence
area number filter-list prefix name in | out
ip prefix-list {name | number} {seq number} {deny | permit} netowrk/length [ge value] [le value]
Example:
ip prefix-list filter-into-area-34 seq 5 deny 10.16.3.0/24
ip prefix-list filter-into-area-34 seq 10 permit 0.0.0.0/0 le 32
router ospf 1
area 34 filter-list prefix filter-into-area-34 in
FILTERING OSPF ROUTES ADDED TO ROUTING TABLE
Don’t affect LSAs, LSDB flooding process, and SPF calculation
It is enabled by using “distribute-list in” in OSPF subcommand
It filter the routes from being added to router’s IP routing table
Routes match ACL statement with permit are added to routing table while that match deny are filtered
“interface interfaceNo” can be used to compare parameters to the route’s outgoing interface
Example:
ip prefix-list filter-1 seq 5 deny 10.16.1.0/24
ip prefix-list filter-1 seq 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix filter-1 in
OSPF Authentication
By default OSPF do not use authentication
Two methods: simple password, MD5
To configure simple authentication:
Router(config-if)# ip ospf authentication
Router(config-if)# ip ospf authentication-key password
Router(config-router)# area area-id authentication
To configure MD5 authentication:
Router(config-if)# ip ospf authentication [message-digest|null]
Router(config-if)# ip ospf message-digest-key key-id md5 key
You must configure:
service password-encryption
PLANNING FOR OSPF
IP Addressing Plan
IP subnets and addressing plan considering summarization
Network Topology
Detailed network topology include link types, backup links, stub areas, redistribution
OSPF Areas
LSDB table size should be considered when dividing networks into areas, ABR and ASBR routers should be identified
OSPF routing parameters (times, areas, authentication, RID, …) should be determined