Tuesday 28 March 2017
CCNP Routing
BRIEF
·
The first link-state
routing protocol was implemented and deployed in the ARPANET (Advanced Research
Project Agency Network), the predecessor to later link-state routing protocols.
·
Next, DEC (Digital
Equipment Corporation) proposed and designed a link-state routing protocol for
ISO’s OSI networks, IS-IS (Intermediate System-to-Intermediate System).
o Later, IS-IS was extended by the IETF to carry
IP routing information.
·
IETF working group
designed a routing protocol specifically for IP routing, OSPF (Open Shortest
Path First).
·
OSPF version 2,
current version, RFC 2328, John Moy
·
Uses the Dijkstra
algorithm to calculate a SPT (Shortest Path Tree)
Use Full Link for CCNP Certification-
Use Full Link for CCNA Certification-
Use Full Link for CCIE Certification-
Single Area OSPF
·
Configuration of OSPF
is easy.
·
The concepts and
theory that make it a robust and scalable protocol is a little more complex.
·
Information in this
presentation that goes beyond that which is presented in the CCNP 3.0
curriculum.
·
This information is
included to give you a better understanding of OSPF, to answer some of the
students’ questions, and to get an idea of the true operational features of
OSPF.
Preview of the OSPF Commands
Required Commands:
Rtr(config)# router ospf process-id
Rtr(config-router)# network address wildcard-mask area area-id
Optional Commands:
Rtr(config-router)# default-information originate (Send default)
Rtr(config-router)# area area authentication (Plain authen.)
Rtr(config-router)# area area authentication message-digest
(md5 authen.)
Rtr(config)# interface loopback number (Configure lo as RtrID)
Rtr(config)# interface type slot/port
Rtr(config-if)# ip ospf priority <0-255> (DR/BDR election)
Rtr(config-if)# bandwidth kbps (Modify default bandwdth)
RTB(config-if)# ip ospf cost cost (Modify inter. cost)
Rtr(config-if)# ip ospf hello-interval seconds (Modify Hello)
Rtr(config-if)# ip ospf dead-interval seconds (Modify Dead)
Rtr(config-if)# ip ospf authentication-key passwd
(Plain/md5authen)
Rtr(config-if)# ip ospf message-digest-key key-id md5 password
Advantages
of OSPF
·
OSPF
is link-state routing protocol
o
RIP,
IGRP and EIGRP are distance-vector (routing by rumor) routing protocols,
susceptible to routing loops, split-horizon, and other issues.
·
OSPF
has fast convergence
o
RIP
and IGRP hold-down timers can cause slow convergence.
·
OSPF
supports VLSM and CIDR
o
RIPv1
and IGRP do not
·
Cisco’s
OSPF metric is based on bandwidth
o
RIP
is based on hop count
o
IGRP/EIGRP
bandwidth, delay, reliability, load
·
OSPF
only sends out changes when they occur.
o
RIP
sends entire routing table every 30 seconds, IGRP every 90 seconds
o
Extra:
With OSPF, a router does flood its own LSAs when it age reaches 30 minutes (later)
·
OSPF
also uses the concept of areas to implement hierarchical routing
·
Two
open-standard routing protocols to choose from:
o RIP, simple but very limited, or
o OSPF, robust but more sophisticated to
implement.
·
IGRP
and EIGRP are Cisco proprietary
OSPF Terminology
·
Link: Interface on a router
·
Link
state: Description of
an interface and of its relationship to its neighboring routers, including:
o IP address/mask of the interface,
o The type of network it is connected to
o The routers connected to that network
o The metric (cost) of that link
·
The collection of all
the link-states would form a link-state database.
·
Router
ID – Used to identify the
routers in the OSPF network
o IP address configured with the OSPF router-id
command (extra)
o Highest loopback address (configuration coming)
o Highest active IP address (any IP address)
·
Loopback address has
the advantage of never going down, thus diminishing the possibility of having
to re-establish adjacencies. (more in a moment)
CCNA 3.0 covers Single Area OSPF as opposed to Multi-Area OSPF
·
All routers will be
configured in a single area, the convention is to use area 0
·
If OSPF has more than
one area, it must have an area 0
·
CCNP includes
Multi-Area OSPF
·
We will include a
brief introduction to Multi-Area OSPF so you can see the real advantages to
using OSPF
Link
State
1. Flooding of link-state information
·
The first thing that happens is that each node, router, on the
network announces its own piece of link-state information to other all other
routers on the network. This includes who their neighboring routers are and the
cost of the link between them.
·
Example: “Hi, I’m RouterA, and I can reach RouterB via a T1 link
and I can reach RouterC via an Ethernet link.”
·
Each router sends these announcements to all of the routers in
the network.
2. Building a Topological Database
·
Each router collects all of this link-state information from
other routers and puts it into a topological database.
3. Shortest-Path First (SPF), Dijkstra’s Algorithm
·
Using this information, the routers can recreate a topology
graph of the network.
·
Believe it or not, this is actually a very simple algorithm and
we highly suggest you look at it some time, or even better, take a class on
algorithms. (Radia Perlman’s book, Interconnections, has a very nice example of
how to build this graph – she is one of the contributors to the SPF and
Spanning-Tree algorithms.
4. Shortest Path First Tree
·
This algorithm creates an SPF tree, with the router making
itself the root of the tree and the other routers and links to those routers,
the various branches.
5. Routing Table
·
Using this information, the router creates a routing table.
Extra: Simplified Link State Example
·
In order to keep it simple, we will take some liberties with the
actual process and algorithm, but you will get the basic idea!
·
You are RouterA and you have exchanged “Hellos” with:
o RouterB
on your network 11.0.0.0/8 with a cost of 15,
o RouterC
on your network 12.0.0.0/8 with a cost of 2
o RouterD
on your network 13.0.0.0/8 with a cost of 5
o Have a
“leaf” network 10.0.0.0/8 with a cost of 2
·
This is your link-state information, which you will flood to all
other routers.
·
All other routers will also flood their link state information.
(OSPF: only within the area)
Link State information from RouterB
We now get the following link-state information from RouterB:
·
Connected to RouterA on network 11.0.0.0/8, cost of 15
·
Connected to RouterE on network 15.0.0.0/8, cost of 2
Have a “leaf” network 14.0.0.0/8, cost of 15
Link State information from RouterC
We now get the following link-state information from RouterC:
·
Connected to RouterA on network 12.0.0.0/8, cost of 2
·
Connected to RouterD on network 16.0.0.0/8, cost of 2
·
Have a “leaf” network 17.0.0.0/8, cost of 2
Link State information from RouterD
We now get the following link-state information from RouterD:
·
Connected to RouterA on network 13.0.0.0/8, cost of 5
·
Connected to RouterC on network 16.0.0.0/8, cost of 2
·
Connected to RouterE on network 18.0.0.0/8, cost of 2
·
Have a “leaf” network 19.0.0.0/8, cost of 2
Link State information from RouterE
We now get the following link-state information from RouterE:
·
Connected to RouterB on network 15.0.0.0/8, cost of 2
·
Connected to RouterD on network 18.0.0.0/8, cost of 10
·
Have a “leaf” network 20.0.0.0/8, cost of 2
Topology
·
Using the topological information we listed, RouterA has now
built a complete topology of the network.
·
The next step is for the link-state algorithm to find the best
path to each node and leaf network.
Simplified Link State Example
Choosing the Best Path
·
Using the link-state algorithm RouterA can now proceed to find
the shortest path to each leaf network.
·
Now RouterA knows the best path to each network, creating an SPT
(Shortest Path Tree).
SPT Results Get Put into the Routing Table
OSPF’s Metric is Cost
(Bandwidth)
·
“A cost is associated with the output side of each router
interface. This cost is configurable by the system administrator. The lower the
cost, the more likely the interface is to be used to forward data traffic.”
·
RFC 2328 does not specify any values for cost.
·
Bay and some other vendors use a default cost of 1 on all
interfaces, essentially making the OSPF cost reflect hop counts.
Cisco: Cost = Bandwidth
·
Cisco uses a default cost of 108/bandwidth
·
Default bandwidth of the interface (bandwidth command)
·
108(100,000,000) as the reference bandwidth: This is used so that
the faster links (higher bandwidth) have lower costs.
o Routing
metrics, lower the cost the better the route.
o i.e. RIP:
3 hops is better than 10 hops
o Extra:
The reference bandwidth can be modified to accommodate networks with links
faster than 100,000,000 bps (100 Mbps). See ospf auto-cost reference-bandwidth
command.
·
Cost of a route is the cumulative costs of the outgoing
interfaces from this router to the network.
CIsco default interface costs
56-kbps serial link = 1785
64-kbps serial link = 1562 128-kbps serial link = 781
T1 (1.544-Mbps serial link) = 64
E1 (2.048-Mbps serial link) = 48
4-Mbps Token Ring = 25
Ethernet = 10
16-Mbps Token Ring = 6
Fast Ethernet = 1
Problem: Gigabit Ethernet and faster = 1
Notes:
·
Cisco routers default to T1 (1.544 Mbps) on all serial
interfaces and require manual modification with the bandwidth command.
·
ospf auto-cost reference-bandwidth reference-bandwidth can be
used to modify the reference-bandwidth for higher speed interfaces.
Few final notes
·
For serial links, if it is not a T1 line, use the bandwidth
command to configure the interface to the right bandwidth
·
Both sides of the link should have the same bandwidth value
·
If you use the command ospf auto-cost reference-bandwidth
reference-bandwidth, configure all of the routers to use the same value.
OSPF Packet Types
OSPF Packet Type
|
Description
|
Type 1-Hello
|
Establishes and maintains adjacency
information with neighbors
|
Type 2-Database discription packet(DBD)
|
Describes the content of the link-state
database on an OSPF
|
Type 3-Link State Request(LSR)
|
Request specific pieces of a link-state
database
|
Link-state update(LSU)
|
Transports link-state advertisements(LSAs)
to neighbor routers
|
Link-state acknowledgement(LSAck)
|
Acknowledges receipt of a neighbor's LSA
|
Version
|
Type
|
Packet Length
|
Router ID
|
||
Area ID
|
||
Checksum
|
Authentication Type
|
|
Authentication Data
|
||
OSPF Hello Protocol
Network Mask
|
||
Hello Interval
|
Options
|
Router Priority
|
Dead Interval
|
||
Designated Router
|
||
Backup Designated
Router
|
||
Neighbor Router ID
|
||
Neighbor Router ID
|
||
(additional
Neighbor Router ID fields can be added to the end of the header,if necessary)
|
||
Hello subprotocol is intended to perform the following tasks within OSPF:
·
Dynamic neighbor discovery
·
Detect unreachable neighbors
·
Ensure two-way communications between neighbors
·
Ensure correctness of basic interface parameters between
neighbors
·
Provide necessary information for the election of the Designated
and Backup Designated routers on a LAN segment (coming)
Network Mask
|
||
Hello Interval
|
Options
|
Router Priority
|
Dead Interval
|
||
Designated Router
|
||
Backup Designated
Router
|
||
Neighbor Router ID
|
||
Neighbor Router ID
|
||
(additional
Neighbor Router ID fields can be added to the end of the header,if necessary)
|
||
·
OSPF routers send Hellos on OSPF enabled interfaces:
o Default
every 10 seconds on multi-access and point-to-point segments
o Default
every 30 seconds on NBMA segments (Frame Relay, X.25, ATM)
o Most
cases OSPF Hello packets are sent as multicast to ALLSPFRouters (224.0.0.5)
·
HelloInterval - Cisco default = 10 seconds or 30 seconds and
can be changed with the command ip ospf hello-interval.
·
RouterDeadInterval - The period in seconds that the router will
wait to hear a Hello from a neighbor before declaring the neighbor down.
o Cisco
uses a default of four-times the HelloInterval (4 x 10 sec. = 40 seconds, 120
secconds for NBMA) and can be changed with the command ip ospf dead-interval.
·
Note: For routers to become adjacent, the Hello,
DeadInterval and network types must be identical between routers or Hello
packets get dropped!
OSPF Network Types
Show IP OSPF interface
Network Type
|
Table Title
|
Broadcast multiaccess
|
Ethernet,Token Ring, or FDDI
|
NonBroadcast multiaccess
|
Frame Relay,X25,SMDS
|
Point-to-point
|
PPP,HDLC
|
Point-to-multipoint
|
Configured by an administrator
|
Unless you are configuring an NBMA network like Frame Relay, this won’t be an issue.
·
Many administrators prefer to use point-to-point or
point-to-multipoint for NMBA to avoid the DR/BDR and full-mesh issues.
OSPF packet types
Type
|
Description
|
1
|
Hello(stablishes and maintain adjacency
relationships with neighbors)
|
2
|
Database description packet (describes the
content of an OSPF router's link state)OSPF Type-2 (DBD
|
3
|
LInk-state request(requests specific pieces
of a neighbor router's link-state database)OSPF Type-3 (LSR)
|
4
|
LInk-state update(transport link-state
advertisement (LSAs) to neighbor routers)OSPF Type-4 (LSU)
|
5
|
LInk-state acknowledgement(Neighbor routers
acknowledge receipt of the LSAs)OSPF Type-5 (LSAck)
|
Steps to OSPF Operation
·
Establish router adjacencies
·
Elect a designated router and a backup designated router
·
Discover routes
·
Select appropriate route to use
·
maintain routing information
OSPF states
·
down
·
Init
·
Two-way
·
Ex-start
·
Exchange
·
Loading
·
full adjacency
Steps to OSPF Operation with States
·
Establishing router adjacencies (Routers are adjacent)
o Down
State – No Hello
received
o Init
State – Hello
received, but not with this router’s Router ID “Hi, my name is Carlos.” “Hi, my
name is Maria.”
o Two-way
State – Hello received, and with this router’s Router ID “Hi, Maria, my name is
Carlos.” “Hi, Carlos, my name is Maria.”
·
Electing DR and BDR – Multi-access (broadcast) segments only
o ExStart
State with DR and BDR
o Two-way
State with all other routers
·
Discovering Routes
o ExStart
State
o Exchange
State
o Loading
State
o Full
State (Routers are “fully adjacent”)
·
Calculating the Routing Table
·
Maintaining the LSDB and Routing Table
Establishing Adjacencies
·
Initially, an OSPF router interface is in the down state.
·
An OSPF interface can transition back to this state if it has
not received a Hello packet from a neighbor within the RouterDeadInterval time
(40 seconds unless NBMA, 120 seconds).
·
In the down state, the OSPF process has not exchanged
information with any neighbor.
·
OSPF is waiting to enter the init state.
·
An OSPF router tries to form an adjacency with at least one
neighbor for each IP network it’s connected to.
·
The process of establishing adjacencies is asymmetric, meaning
the states between two adjacent routers may be different as they both
transition to full state.
·
RTB perspective and assuming routers are configured correctly.
·
Trying to start a relationship and wanting to enter the init
state or really the two-way-state
·
RTB begins multicasts OSPF Hello packets (224.0.0.5,
AllSPFRouters), advertising its own Router ID.
224.0.0.5: All OSPF routers
should be able to transmit and listen to this address.
·
Router ID = Highest loopback address else
highest active IP address.
·
Loopback address has the advantage of never going down, thus
diminishing the possibility of having to re-establish adjacencies. (more in a
moment)
o Use
private ip addresses for loopbacks, so you do not inadvertently advertise a
route to a real network that does not exist on your router.
·
For routers to become adjacent, the Hello, DeadInterval and
network types must be identical between routers or Hello packets get dropped!
Down State - Init State – Two Way State
·
Down State - OSPF routers send Type 1 Hello packets at
regular intervals (10 sec.) to establish neighbors.
·
When a router (sends or) receives its first Hello packet, it
enters the init state, indicating that the Hello packet was received but did
not contain the Router ID of the receiving router in the list of neighbors, so
two-way communications is not yet ensured.
·
As soon as the router sends a Hello packet to the neighbor with
its RouterID and the neighbor sends a Hello packet packet back with that Router
ID, the router’s interface will transition to the two-way state.
·
Now, the router is ready to take the relationship to the next
level.
From Init state to the Two-way state
·
RTB receives Hello packets from RTA and RTC (its neighbors), and
sees its own Router ID (10.6.0.1) in the Neighbor ID field.
·
RTB declares takes the relationship to a new level, and declares
a two-way state between itself and RTA, and itself and RTC.
·
As soon as the router sends a Hello packet to the neighbor with
its RouterID and the neighbor sends a Hello packet packet back with that Router
ID, the router’s interface will transition to the two-way state.
·
Now, the router is ready to take the relationship to the next
level.
Two-way state
·
RTB now decides who to establish a “full adjacency” with
depending upon the type of network that the particular interfaces resides on.
·
Note: The term adjacency is used to both describe
routers reaching 2-way state and when they reach full-state. Not to go
overboard on this, but technically OSPF routers are adjacent when the FSM
reaches full-state and IS-IS is considered adjacent when the FSM reaches 2-way
state.
Two-way state to ExStart state
·
If the interface is on a
point-to-point link, the routers becomes adjacent with its sole link partner
(aka “soul mates”), and take the relationship to the next level by entering the
ExStart state. (coming soon)
Remaining in the two-way state
·
If the interface is on a
multi-access link (Ethernet, Frame Relay, …) RTB must enter an election process
to see who it will establish a full adjacency with, and remains in the two-way
state.
Electing the DR and BDR
·
On multi-access, broadcast links (Ethernet), a DR and BDR (if
there is more than one router) need to be elected.
·
DR - Designated Router
·
BDR – Backup Designated Router
·
DR’s serve as collection points for Link State Advertisements
(LSAs) on multi-access networks
·
A BDR back ups the DR.
·
If the IP network is multi-access, the OSPF routers will elect
one DR and one BDR
·
Without a DR, the formation of an adjacency between every
attached router would create many unnecessary LSA (Link State Advertisements),
n(n-1)/2 adjacencies.
·
Flooding on the network itself would be chaotic.
·
Router with the highest Router ID is elected the DR, next is
BDR.
·
But like other elections, this one can be rigged.
·
The router’s priority field can be set to either ensure that it
becomes the DR or prevent it from being the DR.
Rtr(config-if)# ip
ospf priority <0-255>
o Higher
priority becomes DR/BDR
o Default =
1
o 0 =
Ineligible to become DR/BDR
·
The router can be assigned a priority between 0 and 255, with 0
preventing this router from becoming the DR (or BDR) and 255 ensuring at least
a tie. (The highest Router ID would break the tie.)
·
All other routers, “DROther”, establish adjacencies with only
the DR and BDR.
·
DRother routers multicast LSAs to only the DR and BDR (224.0.0.6
- all DR routers)
·
DR sends LSA to all adjacent neighbors (DROthers) (224.0.0.5 -
all OSPF routers)
Backup Designated Router - BDR
·
Listens, but doesn’t act.
·
If LSA is sent, BDR sets a timer.
·
If timer expires before it sees the reply from the DR, it
becomes the DR and takes over the update process.
·
The process for a new BDR begins.
A new router enters the network:
·
Once a DR is established, a new router that enters the network
with a higher priority or Router ID it will NOT become the DR or BDR. (Bug in
early IOS 12.0)
·
Regardless of the priority or Router ID, that router will become
a DROther.
·
If DR fails, BDR takes over as DR and selection process for new
BDR begins.
Clarifications
·
Hello packets are still exchanged between all routers on a
multi-access segment (DR, BDR, DROthers,….) to maintain neighbor adjacencies.
·
OSPF LSA packets (coming) are packets which are sent from the
BDR/DROthers to the DR, and then from the DR to the BDR/DROthers. (The reason
for a DR/BDR.)
·
Normal routing of IP packets still takes the lowest cost route,
which might be between two DROthers.
Discovering Routes and
Reaching Full State
ExStart State
·
This state starts the LSDB (Link State Data Base)
synchronization process.
·
This will prepare for initial database exchange.
·
Routers are now ready to exchange routing information.
o Between
routers on a point-to-point network
o On a
multi-access network between the DRothers and the DR and BDR.
·
Formally, routers in ExStart state are characterized as
adjacent, but have not yet become “fully adjacent” as they have not exchanged
data base information.
But who goes first in the exchange?
·
ExStart is established by exchanging OSPF Type-2 DBD (Database
Description) packets (I believe the curriculum says LSA type 2 which is
something else).
·
Purpose of ExStart is to establish a “master/slave relationship”
between the two routers decided by the higher router id.
·
Once the roles are established they enter the Exchange state.
DBD Packet
OSPF Packet Type
|
Discription
|
Type 1-Hello
|
Establishes and maintains adjacency
information with neighbors
|
Type 2-Database discription packet(DBD)
|
Describes the content of the link-state
database on an OSPF
|
Type 3-Link State Request(LSR)
|
Request specific pieces of a link-state
database
|
Link-state update(LSU)
|
Transports link-state advertisements(LSAs)
to neighbor routers
|
Link-state acknowledgement(LSAck)
|
Acknowledges receipt of a neighbor's LSA
|
Exchange State
·
Routers exchange one or more Type-2 DBDs (Database Description)
packets, which is a summary of the link-state database
send LSAcks to verify
·
Routers compare these DBDs with information in its own database.
·
When a DBD packet is received the router looks through the LSA
(Link State Advertisement) headers and identifies LSAs that are not in the
router’s LSDB or are a different version from its LSDB version (older or
newer).
·
If the LSA is not in its LSDB or the LSA is a more recent
version, the router adds an entry to its Link State Request list.
·
This process ends when both routers stop have sent and received
acknowledgements for all their DBD packets – that is they have successfully
sent all their DBD packets to each other.
·
If a router has entries in its Link State Request list, meaning
that it needs additional information from the other router for routes that are
not in its LSDB or has more recent versions, then it enters the loading state.
·
If there are no entries in its Link State Request list, than the
router’s interface can transition directly to full state.
·
Complete routing information is exchanged in the loading state,
discussed next.
Loading State
·
If a router has entries in its Link State Request list, meaning
that it needs additional information from the other router for routes that are
not in its LSDB or has more recent versions, then it enters the loading state.
·
The router needing additional information sends LSR (Link State
Request) packets using LSA information from its LSR list.
·
The other routers replies by sending the requested LSAs in the
Link State Update (LSU) packet.
·
The receiving router sends LSAck to acknowledge receipt.
·
When all LSAs on the neighbors Link State Request list have been
received, the “neighbor FSM” transitions this interface to Full state.
Link State Requests (LSR)
Link State Advertisement (Update)
Full State - the explanation
·
Full state - after all LSRs have been updated.
·
At this point the routers should have identical LSDBs
(link-state databases).
Flooding LSAs
·
Once this interface transitions to or from Full state the router
originates a new version of a Router LSA (coming) and floods it to its
neighbors, distributing the new topological information – out all OSPF enabled
interfaces.
·
Broadcast networks:
o DR: If the
LSA was received on this interface, send it out this interface so DROthers
receive it (224.0.0.5 - all OSPF routers)
o BDR/DROther:
If the LSA was received on this interface, do not send out this interface
(received from DR).
Calculating the Routing
Table
·
The router now has a complete link-state database
·
Now the router is ready to create a routing table, but first
needs to run the Shortest Path First Algorithm on the link state database,
which will create the SPF tree.
·
Dijkstra’s algorithm is used to calculate the Shortest Path Tree
from the LSAs in the link state database.
·
SPF, Shortest Path First calculations places itself as the root
and creating a “tree diagram” of the network.
·
The LSAs that build the database contain three important pieces
of generic information: RouterID of the sender of the LSA, the NeighborID, and
cost of the link between the Router and the neighbor (I.e the state of the link
or link-state).
·
We will not go into the details here, but the books mentioned earlier
all some excellent examples on this process.
·
Also, remember the link-state exercise we did earlier!
SPF Holdtime
·
SPF algorithm is CPU intensive and takes some time depending
upon the size of the area (coming next week), the number of routers, the size
of the link state database.
·
A flapping link can cause an OSPF router to keep on recomputing
a new routing table, and never converge.
·
To minimize this problem:
o SPF
calculations are delayed by 5 seconds after receiving an LSU (Link State
Update)
o Delay between
consecutive SPF calculations is 10 seconds
·
You can configure the delay time between when OSPF receives a
topology change and when it starts a shortest path first (SPF) calculation
(spf-delay).
·
You can also configure the hold time between two consecutive SPF
calculations (spf-holdtime).
Router(config-router)# timers spf spf-delay spf-holdtime
RTB#show ip ospf 1
Routing Process "ospf 1" with ID 10.6.0.1
Area BACKBONE(0)
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm executed 5 times
Area ranges are
Number of LSA 4. Checksum Sum 0x1D81A
Number of opaque link LSA 0. Checksum Sum 0x0
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
·
OSPF areas are designed to keep issues like flapping links
within an area.
·
SPF is not recalculated if the topology change is in another
area.
·
The interesting thing is that OSPF distributes inter-area
(between areas) topology information using a distance-vector method.
·
OSPF uses link-state principles only within an area.
·
ABRs relay routing information between areas via distance vector
technique similar to RIP or IGRP.
Maintaining LSDB and
Routing Table Information
OSPF convergence time for intra-area routing is determined by the amount of time routers spend on:
·
Link-failure or neighbor unreachability detection
·
Origination of the new LSA
·
Flooding the new version of the LSA to all routers
·
SPF calculation on all routers
When inter-area routing is considered, installation or removal of a route in the routing table may trigger the need to send LSAs to other areas.
·
New inter-area routes may need to be calculated in the other
areas.
·
Remember, OSPF distributes inter-area (between areas) topology
information using a distance-vector method.
·
OSPF uses link-state principles only within an area, so changes
in other areas to not cause the router to re-run the SPF algorithm.
Link-failure or neighbor unreachability detection
·
In OSPF, link failure can be determined by:
o Physical
layer or data link layer – directly reporting a state change on a directly
connected interface.
o The Hello
subprotocol – The router’s interface has not received a Hello packet from an
adjacent neighbor within the OSPF RouterDeadInterval time (40 seconds or 120
seconds on NBMA links).
·
FYI: LSAs are not originated any faster than every 5 seconds
(MinLSInterval) to prevent flooding storms in unstable networks.
·
When the router wants to report a down link, it sets the LS Age
field to the MaxAge value (3,600 seconds), which tells routers to flush this
entry from their LSDB.
Periodic updates
·
Each LSA entry in the link-state database has its own age timer,
with a default of 60 minutes (3,600 seconds). – this is known as the MaxAge
value of the LSA entry.
·
When an LSA reaches MaxAge, it is flushed from the LSDB.
·
Before this happens the LSA has a Link State Refresh Time
(LSRefreshTimer), 30 minutes, (1,800 seconds) and when this time expires the
router that originated the LSA will floods a new LSA to all its neighbors, who
will reset the age of the LSA in its LSDB.
·
This is also known as the “paranoid update.” or “periodic
update.”
·
These updates do not trigger recalculation of the routing table.
Configuring Single Area
OSPF
Enabling OSPF
Rtr(config)# router ospf process-id
·
process-id: 1 - 65,535
·
Cisco feature, which allows you to run multiple, different OSPF
routing processes on the same router. (But don’t!)
·
Process-id is locally
significant, and does
not have to be the same number on other routers (they don’t care).
·
This is different than the process-id used for IGRP and EIGRP
which must be the same on all routers sharing routing information.
·
Extra: FYI - Cisco IOS limits the number of dynamic
routing processes to 30. This is because it limits the number of protocol
descriptors to 32, using one for connected route sources, one for static route
sources, and 30 for dynamic route sources.
Configuring the Network Command
Rtr(config)# router ospf process-id
Rtr(config-router)# network address wildcard-mask area area-id
·
Tells OSPF which interfaces to enable OSPF on (send and receive
updates), matching the address and wildcard mask.
·
Also, tells OSPF to include this network in its routing updates
·
Wildcard is necessary because OSPF supports CIDR and VLSM
·
Most of the time you can just use an inverse-mask (like
access-lists) as the network wildcard mask.
Rtr(config-if)#ip add 10.5.1.1 255.255.255.0
Rtr(config)# router ospf 10
Rtr(config-router)#network 10.5.1.0 0.0.0.255 area 0
Network Command and the Wildcard Mask
First three octets of the address must match 192.168.3.0 0.0.0.3
·
Last octet of the network address is 0 = 00000000
·
Last octet of the wildcard mask address is 3 = 00000011
·
Must match the first 6 bits of the address 000000
·
Don’t care about the last two bits of the address 11
·
‘Addresses’ that would match 00000000, 00000001, 00000010,
00000011
192.168.20.0, 192.168.20.1,
192.168.20.2, 192.168.20.3
·
‘Address’ that does NOT match: 00000101 or 192.168.20.5
Configuring a Loopback Address
Rtr(config)# interface loopback 0
Rtr(config-if)# ip add 10.1.1.1 255.255.255.0
·
Automatically are “up” and “up”
·
Very useful in setting Router IDs as they never go down.
·
RouterID is used to identify the routers in the OSPF network
o IP
address configured with the Router-ID command (extra)
o Highest
loopback address
o Highest
active IP address
·
Important for DR/BDR elections unless you use the ip ospf
priority command (next)
·
Extra: Also, useful to configure “virtual” networks that you can
ping and route as if they were attached networks.
DR/BDR Elections
·
Router with the highest Router ID is elected the DR, next is
BDR.
·
But like other elections, this one can be rigged.
Rtr(config)# interface fastethernet 0
Rtr(config-if)# ip ospf priority <0-255>
·
Higher priority becomes DR/BDR
·
Default = 1
·
Ineligible to become DR/BDR = 0
Modifying the Cost
Rtr(config-if)# bandwidth 64 = Rtr(config-if)# ip ospf cost 1562
bandwidth command
Rtr(config-if)# bandwidth kilobits
(ex: 64 = 64,000bps)
·
Changes the default bandwidth metric on a specific interface.
·
Used in the 108/bandwidth calculation for cumulating the cost of
a route from the router to the network on the outgoing interfaces.
·
Does not modify the actual speed of the link.
ip ospf cost command
RTB(config-if)# ip ospf cost value
(ex: 1562, same as bandwidth = 64kbps)
·
Configures the cost metric for a specific interface
·
Uses this value for the cost of this interface instead of the
108/bandwidth calculation
·
Common for multivendor environments.
Configuring Simple
Authentication
A
router, by default, trusts that routing information received, has come from a
router that should be sending it.
Rtr(config-if)# ip ospf authentication-key passwd
Rtr(config-if)# ip ospf authentication-key passwd
·
Configured
on an interface
·
password = Clear text
unless message-digest is used (next)
o Easily captured using a packet sniffer
o Passwords do not have to be the same
throughout an area, but they must be same between neighbors.
After a password is configured, you enable authentication for the area on all participating area routers with:
Rtr(config-router)# area area authentication
·
Configured for an OSPF
area, in ospf router mode.
Configuring
MD5 Encrypted Authentication
Rtr(config-if)# ip ospf
message-digest-key key-id md5 password
·
Key-id = 1 to 255, must match on each router to authenticate.
·
md5 = Encryption-type
·
password = encrypted
o Passwords
do not have to be the same throughout an area, but they must be same between
neighbors.
After a password is configured, you enable authentication for the area on all participating area routers with:
Rtr(config-router)# area area authentication [message-digest]
·
message-digest option must be used if using message-digest-key
·
If optional message-digest is used, a message digest, or hash,
of the password is sent.
MD5 Encryption
·
MD5 authentication, creates a message digest.
·
This is scrambled data that is based on the password and the
packet contents .
·
The receiving router uses the shared password and the packet to
re-calculate the digest.
·
If the digests match, the router believes that the source of the
packet and its contents have not been tampered with.
·
In the case of message-digest authentication, the authentication
data field contains the key-id and the length of the message digest that is
appended to the packet.
·
The Message Digest is like a watermark that can’t be faked.
MD5 Authentication (FYI)
Configuring OSPF Timers
Rtr(config-if)# ip ospf hello-interval seconds
Rtr(config-if)# ip ospf dead-interval seconds
·
Configured on an interface
·
For OSPF routers to be able to exchange information, the must
have the same hello intervals and dead intervals.
·
By default, the dead interval is 4 times the hello interval, so
the a router has four chances to send a hello packet being declared dead. (not
required)
·
In multi-vendor networks, Hello timers may need to be adjusted.
·
Do not modify defaults unless you have a compelling need to do
so.
Defaults
·
On broadcast networks hello interval = 10 seconds, dead interval
40 seconds.
·
On non-broadcast networks hello interval = 30 seconds, dead
interval 120 seconds.
·
Note: On some IOS’s, the deadinterval automatically
changes when the hellointerval is modified.
Configuring
and Propagating a Default Route
Router(config)# ip route 0.0.0.0 0.0.0.0 serial0
Router(config)# router ospf 1
Router(config-router)# default-information originate [always]
·
If the ASBR has a default route configured (ip route 0.0.0.0
0.0.0.0), the default-information originate command is necessary to advertise
0.0.0.0/0 to the other routers in the area.
·
If the default-information originate command is not used, the
default “quad-zero” route will not be propagated.
·
Important: The default route and the default-information
originate command are usually only be configured on your “Entrance” or
“Gateway” router, the router that connects your network to the outside world.
o This
router is known as the ASBR (Autonomous System Boundary Router)
·
Extra: The always option will propagate a default “quad-zero”
route even if one is not configured on this router.
Engineering and Marketing will have 0.0.0.0/0 default routes forwarding packets to the Entrance router.
show ip route
·
O = OSPF routes within the same area (intra-area
routes)
·
110/number = Administrative Distance/metric (cumulative
108/bandwidth)
·
E2 = Routes outside of the OSPF routing domain,
redistributed into OSPF.
o Default
is E2 with a cost of 20 and does not get modified within the OSPF
o O IA = OSPF routes from another area (inter-area
routes)
o E1 = Routes outside of the OSPF routing domain and
get additional cumulative costs added on by each router, just like other OSPF
routes.
show ip ospf
show ip ospf interface
show ip ospf neighbor
o In this
example, we are the DR
o DROTHER
may be in FULL or 2 WAY state, both cases are normal.
o Usually
if there are multiple DROTHERs, they will be in either FULL or 2WAY state but
not both.
debug ip ospf adj (adjacency)
o Displays
adjacency information including Hello processing, DR/BDR election,
authentication, and the “Steps to OSPF Operation.”
debug ip ospf events
o Shows
much of the same information as debug ip ospf adj in the previous slide
including, adjacencies, flooding information, designated router selection, and
shortest path first (SPF) calculation.
o This
information is also displayed with debug ip ospf events.
o R =
Received
o C =
Current (?)
OSPF
Configuration Commands – Review
Required Commands:
Rtr(config)# router ospf process-id
Rtr(config-router)# network address wildcard-mask area area-id
Optional Commands:
Rtr(config-router)# default-information originate (Send default)
Rtr(config-router)# area area authentication (Plain authen.)
Rtr(config-router)# area area authentication message-digest
(md5 authen.)
Rtr(config)# interface loopback number (Configure lo as RtrID)
Rtr(config)# interface type slot/port
Rtr(config-if)# ip ospf priority <0-255> (DR/BDR election)
Rtr(config-if)# bandwidth kbps (Modify default bandwdth)
RTB(config-if)# ip ospf cost cost (Modify inter. cost)
Rtr(config-if)# ip ospf hello-interval seconds (Modify Hello)
Rtr(config-if)# ip ospf dead-interval seconds (Modify Dead)
Rtr(config-if)# ip ospf authentication-key passwd
(Plain/md5authen)
Rtr(config-if)# ip ospf message-digest-key key-id md5 password
Router# show ip route
Router# show ip ospf
Router# show ip ospf interface
Router# show ip ospf neighbor
Router# show ip ospf database
Router# debug ip ospf adj
Router# debug ip ospf events
Configuring
OSPF over NBMA
NBMA Overview
·
NBMA networks can create problems with OSPF operation,
specifically with the exchange of multicast Hello packets.
·
NonBroadcast routers that belong to the same IP subnetwork and
will attempt to elect a DR and a BDR.
·
However, these routers cannot hold a valid election if they
cannot receive multicast Hellos from every other router on the network. Without
administrative intervention, a strange election takes place. As far as RTA is
concerned, RTC is not participating. Likewise, RTC goes through the election
process oblivious to RTA. This botched election can lead to problems if the
central router, RTB, is not elected the DR.
·
The Cisco IOS offers several options for configuring OSPF to
overcome NBMA limitations, including the OSPF neighbor command, point-to-point
subinterfaces, and point-to-multipoint configuration. The solutions that are
available depend on the current NBMA network topology.
NBMA Overview
·
NonBroadcast routers that belong to the same IP subnetwork and
will attempt to elect a DR and a BDR.
·
However, these routers cannot hold a valid election if they
cannot receive multicast Hellos from every other router on the network. Without
administrative intervention, a strange election takes place.
·
As far as RTA is concerned, RTC is not participating.
·
Likewise, RTC goes through the election process oblivious to
RTA.
·
This botched election can lead to problems if the central
router, RTB, is not elected the DR.
·
The Cisco IOS offers several options for configuring OSPF to
overcome NBMA limitations, including the OSPF neighbor command, point-to-point
subinterfaces, and point-to-multipoint configuration.
·
The solutions that are available depend on the current NBMA
network topology.
Hub and
Spoke
·
The hub-and-spoke topology is a cost effective WAN solution that
introduces a single point of failure, the hub router.
·
Organizations typically use Frame Relay because it is
inexpensive, not because it is fault tolerant.
·
Since dedicated leased lines typically carry mission critical
data, an economical Frame Relay topology, such as hub-and-spoke, makes sense.
·
Unfortunately, the neighbor command that worked with a full-mesh
topology does not work as well with the hub-and-spoke topology.
·
The hub router sees all the spoke routers and can send routing
information to them using the neighbor command, but the spoke routers can send
Hellos only to the hub. (no full mesh PVCs)
Hub and Spoke – Point-to-Point
·
To avoid the DR and BDR issue altogether by breaking the network
into point-to-point connections. Point-to-point networks will not elect a DR or
a BDR.
·
Although they make OSPF configuration straightforward,
point-to-point networks have major drawbacks when used with a hub-and-spoke
topology.
·
Subnets must be allocated for each link.
·
This can lead to WAN addressing that is complex and difficult to
manage.
·
The WAN addressing issue can be avoided by using IP unnumbered,
but many organizations have WAN-management policies that prevent using this
feature. Are there any possible alternatives to a point-to-point configuration?
Hub and Spoke – Point-to-multipoint
·
In a point-to-multipoint network, a hub router is directly
connected to multiple spoke routers, but all the WAN interfaces are addressed
on the same subnet.
·
This logical topology was seen earlier in the module.
·
However, it was also learned that OSPF does not work properly as
an NBMA OSPF network type.
·
By manually changing the OSPF network type to
point-to-multipoint, this logical topology can then work.
·
Routing between RTA and RTC will go through the router that has
virtual circuits to both routers, RTB.
·
Notice that it is not necessary to configure neighbors when
using this feature. Inverse ARP will discover them.
Point-to-multipoint networks have the following properties:
·
Adjacencies are established between all neighboring routers.
There is no DR or BDR for a point-to-multipoint network. No network LSA is
originated for point-to-multipoint networks. Router priority is not configured
for point-to-multipoint interfaces or for neighbors on point-to-multipoint networks.
·
When originating a router LSA, the point-to-multipoint interface
is reported as a collection of point-to-point links to all the adjacent
neighbors on the interface. This is together with a single stub link
advertising the IP address of the interface with a cost of 0.
Configuration
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment