OSPF:
· Uses it’s
own transport protocol 89.
· OSPF
multicast packets use TTL of 1.
· Sees
secondary networks as stub networks. no adjacencies will form using secondary
network.
· if the network
statement matches the IP address of
primary interface, the primary interface and IP unnumbered will have OSPF
enabled.
· Elects DR
and BDR on broadcast and NBMA networks.
· To
establish adjacencies the following values must match:
o Area ID.
o Authentication.
o Network
mask, point-to-point links are exception.
o Hello and
Dead Intervals.
o MTU.
o Options.
· Hello Intervals
for broadcast network 10 seconds,
non-broadcast networks 30 seconds.
· Hello Intervals
can be configured per interface basis with ip ospf hello-interval
· Dead Interval
is 4 times the Hello Interval and
configured with ip ospf dead-interval command.
· Changing Hello Interval
automatically adjusts the Dead Interval to 4 times the new
value.
· Fast Hello,
multiple Hellos in less than 1 second.
#ip ospf dead-interval min hello-multiplier 5 # 5 hellos in 1 second, 200 msec interval.
·
Three ways to
advertise routes using OSPF
o Network Area command. It serves two purposes
–
defines the interfaces on which OSPF runs
–
defines the area membership of the interface.
–
configured with network {IP} {wildcard} area {area
id} under OSPF process.
–
The IP address and wildcard arguments together allow
you to define one or more interfaces to advertise.
–
The matched interfaces’ IP/subnet is advertised by
OSPF, not the IP/wildcard of network command.
o Interface
command. does the same thing as network command.
–
switches do not support this command.
–
configured with ip ospf {ID} area {area-id} under the interface.
o redistribution command. see
REDISTRIBUTION: section for detailed
info.
·
Network Types.
OSPF defines 6 network types.
o Broadcast Network
–
default network type on Ethernet and elects DR/BDR.
Hello 10 seconds, Dead Interval 40 seconds.
–
uses 224.0.0.5 (0100.5E00.0005), AllSPFRouter and 224.0.0.6 (0100.5E00.0006,) AllDRouters
–
no next-hop modification. it remains
the IP address of the originating router.
–
layer 3 to 2 resolution is required.
–
can NOT configure neighbor command.
o Non-Broadcast Network
[NBMA Needs Neighbor]
–
can connect multiple routers, but has no broadcast
capability. Hello 30 sec, Dead
interval 120 seconds.
–
defaults to NBMA network type on
multipoint frame-relay interface, same as main Serial interface.
–
elects DR, BDR by using unicast
between configured neighbors.
–
next-hop IP is not changed and
remains the IP address of the originating
router.
–
default priority is 1, disabled 0, should be zero on all spokes, to prevent black-hole; becoming
DR/BDR.
o Point-to-Point Network
–
Default on T1 and DS-3, SONET links and on P2P
sub-interface on frame-relay
–
no DR/BDR
election, uses multicast to AllSPFRouters, 224.0.0.5, except
retransmitted LSAs uses unicast.
–
OSPF ignores subnet mask mismatch on P2P links, Hello
10 seconds and Dead interval 40 seconds.
o Point-to-multipoint Network
–
Cisco proprietary, not a default but best
solution for NBMA networks.
–
special configuration of NBMA, networks treated like
a collection of P2P links.
–
no DR/BDR election and OSPF packets use multicast
224.0.0.5 to reach neighbor.
–
next-hop is that of the advertising
neighbor, and end points of the link is advertised as /32, host route.
–
L3 to L2 resolution is only needed for
directly connected neighbors.
–
Non directly connected neighbors use
recursive L3 routing to reach each other.
–
Hellos 30
seconds, Dead intervals 120 seconds.
o Point-to-multipoint NON-BROADCAST Network
–
Cisco proprietary, same as P2M, but configured with
additional non-broadcast keyword.
–
no DR/BDR, uses unicast to reach each manually
configured neighbor.
–
It’s adequate to configure neighbor
only one side, but configure it on both sides of the link.
–
the next-hop is that of advertising neighbor and IP
routing is used to reach L2 non-adjacent neighbors.
–
was created to allow cost per
neighbor rather than interface cost.
–
cost is based on the incoming interface bandwidth and not the bandwidth of neighbor’s
interface.
–
Hello 30
seconds, Dead interval 120 seconds.
o Virtual Links
–
used to link an area to the backbone through
non-backbone, transit area. or disjointed backbone areas.
–
must be configure between 2 ABRs, one of them must connect to area 0
–
transit area must not be a stub network, and must
have full routing information.
–
virtual link is seen as an interface in
area 0, transitions to a full P2P interface when neighbor ABR is in RIB
–
area 0 attributes are inherited by
virtual-link routers, including
authentication and summarization.
–
virtual-link cost is the cost of route
to the neighbor’s interface via transit area.
o OSPF over GRE
–
OSPF virtual-link may not
transit stub areas.
–
If a virtual-link over a stub area is
required, the only solution is GRE tunnel.
–
the tunnel interface must have an IP address with a
matching network statement in area 0.
o Stub/Loopback Network
–
default for loopback interfaces.
–
assumes only a single attached router. OSPF
advertises stub network as host /32 network.
–
NOT a stub area.
· DR and BDR
o Addressing
–
will be elected on broadcast and NBMA networks.
–
broadcast link itself is a pseudo-node, same concept as in ISIS.
–
the cost from an attached router to the
pseudo-node is the outgoing cost of that interface to broadcast link.
–
the cost from the pseudo-node to any
attached router is zero.
–
the DR is a property of a router’s
interface and NOT the entire router.
–
on broadcast segments traffic doesn’t flow through DR, only
updates are sent to DR and BDR.
–
DR/BDR must have layer2
connectivity to all neighbors.
o Router Interface Priority
–
influences the election process between DR and BDR, but will
not override an active DR or BDR.
–
OSPF elections
do not support pre-emption. Highest priority, 255, wins. Default priority is 1. No DR/BDR
participation 0.
–
can be changed per multi-access interface with ip ospf priority.
o Router ID
–
will be used as tie-breaker when router priorities
are equal.
–
Is the highest loopback IP in an UP state. If
no loopbacks are configured, highest interface IP in UP state.
–
can be statically set.
·
OSPF State
Machine
o Down
–
initial state that indicates no hellos are seen
from the neighbor in the last dead-interval.
–
link state retransmission, database summary, and link-state
request list is cleared.
o Attempt
–
only applies to NBMA networks
where neighbors are manually configured.
o Init
–
Hello packets are seen from the neighbor, however,
2-way communication has not been setup yet.
o 2-way
–
Router has seen it’s own router-id in the hello packets
coming from the neighbor.
–
on multi-access networks, the routers must be in this
state or higher to participate in DR/BDR election.
o ExStart
–
the router and it’s neighbor will
establish master/slave
relationship & exchange Data Descriptor Packets.
–
The neighbor with the higher router-ID becomes
master.
o Exchange
–
the router sends DDP describing in summary it’s entire
link state database.
–
the router may also send link state request packets, requesting
more recent LSAs.
o Loading
–
the router sends link state request, asking
for more LSAs that it has not received yet.
o Full
–
routers are fully adjacent and adjacencies appear in router LSA and network LSA.
·
OSPF Packet
Types.
The adjacency building process uses four
OSPF packet types.
o DDP (type 2) Database
Description Packet
–
carry a summary description of each LSA in the
originating router’s link state database.
–
these descriptions are not
complete LSA.
–
I-bit, initial bit, when the bit
is set, indicates the first DDP is sent.
–
M-bit, more bit, when the bit is
set, indicates this is not the last DDP; more to come.
–
MS-bit, master/slave bit,
indicates which router is master.
o LSR (type 3) Link State
Request packet.
o LSU (type 4) Link State
Update packet.
o LSAck (type 5) Link State
acknowledgement packets.
·
LSA types,
Link State Advertisement
o LSA is the
OSPF data structure used to describe topology information.
o MaxAge, 1 hour, the LSA is
flushed from the database if not updated.
o LSARefreshTime,
30 minutes, originating router will flood a new copy of it’s LSA with
an age of zero.
o Router LSA, type 1
-
generated by each router for ALL it’s own connected interfaces, links, state and outgoing cost
of each link and any known OSPF neighbors on the link
-
have intra-area flooding
scope. displayed as O in RIB and describes intra-area
routes.
-
show ip ospf database router.
o Network LSA, type 2.
-
generated by DR on
multi-access networks.
-
lists all attached routers including the DR itself.
-
have intra-area flooding
scope.
-
identifies the designated
router on a segment.
-
show ip ospf database network.
o Network Summary LSA, type 3.
-
generated by ABR and are flooded into a single area
to advertise destination outside that area, in same AS.
-
advertises default routes external
to the area, still in the same AS though.
-
have inter-area flooding
scope, displayed by O*IA in the RIB.
-
show ip ospf database summary.
o ASBR Summary LSA, type 4.
-
generated by ABR and are
identical to Network Summary LSA, except
the destination they advertise is an ASBR
route/router and not a network.
-
have inter-area flooding
scope, and describes which router is doing the redistribution.
-
show ip ospf database asbr-summary.
o AS External LSA, type 5.
-
generated by ASBR, and are the only LSAs that are not associated with a particular area.
-
advertise either a destination external to the OSPF
AS or default
route external to the AS.
-
an OSPF external route can
not use another OSPF external route as it’s next hop.
-
have Autonomous System-wide flooding scope.
-
show ip ospf database external.
o MOSPF, type 6.
-
Cisco doesn’t support it, generates syslog message,
and to ignore, configure ospf ignore lsa mospf.
o NSSA External LSA, type 7.
-
generated by ASBR within NSSA areas, similar to
External LSA, except flooded only within originating NSSA.
-
describes redistributed routes within a NSSA area.
-
show ip ospf database nssa-external.
o Opaque LSA, type 10.
-
used for traffic engineering parameters for MPLS
network interaction.
·
Area Types.
o Stub Area. (single
area could be 0 or 1000, only 2 or more areas need to have backbone, area 0 attached).
-
no type 4 or 5 LSAs are
allowed to flood in this area.
-
receives type 3
LSA and ABR generates it to advertise a single default route into Stub area with AD 1.
-
default cost can be change with area
default-cost command.
-
is configured on ALL routers in the stub area with area stub command.
-
All routers in the stub area must agree. If E
bit in hello packets is
set to 0, then stub
else rejects E=1.
-
No redistribution can occur in stub area including static and connected.
o Totally Stubby Areas.
-
uses default-route to reach external as well as
outside the area.
-
ABR of totally stubby area will block all type 3 LSA
except single LSA 3 advertising default route, 0/0.
-
Configured with area stub no-summary on the
ABR, internal routers in stub area use stub configuration.
o NSSA, Not So Stubby Area.
-
Area that allows redistribution while
retaining the characteristics of a stub area to the rest of AS.
-
Type 4 and 5 are not allowed, but redistributed
AS-external are allowed; type 7.
-
ASBR generates type 7, flooded into the NSSA area,
and highest IP ABR converts them to type 5.
-
If ABR
receives type 7 and P-bit is set to 1, then translation to
type 5 takes place.
-
If ABR receives type 7 and p-bit is set to 0, then no
translation and no advertisement outside of NSSA.
-
Configured with area nssa on all
routers in that area.
-
ABR does not
originate default-route as in stub/totally stub area automatically.
-
To inject default-route into NSSA area, on ABR
configure area
nssa default-originate.
o Totally NSSA.
-
Same as NSSA
area but also block type 3 summary LSA, so types 3, 4, 5 not allowed, but type
7 is.
-
ABR defines NSSA as totally
stubby and originates a default as O*IA.
-
Configured with area nssa no-autosummary on ABR and
internal routers follow NSSA configuration.
-
When an ABR is
also an ASBR AND connected to NSSA, the default behavior is to advertise
redistributed routes into NSSA. This can
be turned off with area
nssa no-redistribution command.
-
Suppressing OSPF Forwarding
Address in translated type 5 LSA, used when
an NSSA ABR translates type 7 to type 5 LSA. 0.0.0.0/0 must be
used as Forwarding
Address instead of address specified in the type 7 LSA.
-
Routers which are configured not to
advertise Forwarding
Addresses into backbone will directly forward traffic to
the translating NSSA ASBRs.
-
·
Filtering OSPF
prefix advertisement.
o ABR
filtering type 3 LSA into or out of the area.
-
In-Lists filter LSAs before they are
sent into an Area.
-
Out-Lists filter LSAs leaving an area
to prevent those LSAs entering any other areas attached to the router.
o Distribute-list Filtering.
-
Only prevents the prefixes entering the RIB and has
no effect on LSA propagation.
-
Distribute-list
out has no effect since
all routers in that area must have the same database.
-
Using route-map, the match-route-type can be
used with OSPF.
§ External type E1
and E2.
§ Internal inter and intra routes.
§ Local locally generated route on the router.
§ NSSA-external types N1
and N2.
·
Summarization.
o Inter-Area Route Summarization.
-
Used on ABR to summarize inter-area prefixes.
-
A route to NULL0 will get
created automatically, but can be
disabled with no discard-route.
-
Area range command
specifies the area to which the summary address belongs.
-
Default behavior for area range is to
advertise more specific routes along with summary route
and can be suppressed with no-advertise keyword.
-
Summarizes type 3 LSAs.
o External Route Summarization.
-
Summarizes external routes at ASBR, redistributed
into OSPF, configured with summary-address CLI.
-
Summarizes type 5 and 7 LSAs and more specific routes will not be advertised.
· Stub Router Advertisement (max-metric).
Two benefits:
o Router
injected into OSPF domain will not immediately route traffic.
o Router
reload is graceful since other routers will route around the reloaded unit as
it marks max-metric
high.
Advertises a maximum metric for all the
routes that the particular router does not originate.
Also is used to allow BGP to converge.
Typical scenario for use is when multiple links exists
between 2 areas and one of the link should be used as last resort.
#router ospf 1
#max-metric router-lsa on-startup {sec} #advertises maximum
metric on startup, no default value.
#max-metric
router-lsa on-startup {sec} wait-for-bgp
# lets
BGP decide when to generate LSA with normal metric. default 600
seconds.
#router ospf 1
#max-metric router-lsa
#
configure OSPF to advertise it, so other neighbors to route around it. Sets it
for self originated router LSAs.
#max-metric
router-lsa [summary-lsa | include-stub | external-lsa | onstart-up]
#
overrides summary-lsa metric with max-metric.
# sets
max-metric for stub-links in router LSAs.
#
overrides external-lsa metric with max-metric value.
# sets
maximum metric on start-up; booting, rebooting.
·
Passive Interface
o No hello packets on
configured interface in passive mode, no adjacency or neighbor-ship forms.
o This is
different from vector protocols like RIP
which will still receive routes, but not send any.
o To simulate the same behavior as RIP use ip ospf database-filter all out under interface.
·
Originating default-route
o Default-route is
announced as an IP prefix 0.0.0.0/0 in OSPF.
o Unlike
other protocols, default-route can not be
redistributed, needs manual configuration in OSPF.
o Default-route can be
inserted into OSPF only as an external or inter-area
summary, no intra-area route.
o Methods to
originate a default route within OSPF:
-
Unconditional
default-route.
§ Inject the route regardless of local router being able to reach
the areas outside of OSPF domain or not.
§ Advertised as E2,
metric 1, configured with default-information originate always under OSPF process.
-
Conditional
default-route.
§ Advertises a default-route into OSPF domain only if the
advertising router has a non-ospf default-route in its routing
table.
§ Non-ospf default
route could be a static default route with next-hop pointing outside of OSPF domain.
§ Non-ospf default
route could be a static route based on IP SLA
measurements.
§ Non-ospf default
route could be a BGP advertised default route.
§ Configured with default-information originate.
#ip route 0.0.0.0 0.0.0.0 serial1.1 # static default route
via serial 1.1 which is non-ospf route.
#router ospf 1
#default-information originate metric 10
# ospf advertises default route with metric of if
the route 0.0.0.0/0 is up and reachable else withdraws.
-
Conditional
default-route with a route-map.
§ Route-map can check IP prefix,
next-hop and metrics
to inject default-route into OSPF.
§ Configured with default-information originate route-map
<NAME>.
-
OSPF stub area
default-route.
§ ABR injects default-route into stub area as inter-area summary route with OSPF metric of 1.
§ When multiple exit point out of the stub area exits, the nearest one will be chosen.
§ Inter-area default-route for stub can be changed with default-cost command.
#router ospf 1
#area 1 stub
#area
1 default-cost 300 #change
stub default-route cost to 300.
-
OSPF NSSA
default-route.
§ Cisco routers do not advertise external default-routes into NSSA area even when configured with default-information
originate always.
§ ABR can be configured to
do so either with manual advertisement, type
7, NSSA external default-route by area nssa default-information-originate OR configure the NSSA area as
totally NSSA area and generate inter-area, type
3, default route by area
nssa no-summary.
·
Path
Selection:
o OSPF routes
are classified according to a destination type; network or router.
o show ip route
ospf displays these routes
o show ip ospf
border-routers displays the ABR and ASBR router entries.
o Route lookups:
-
O Intra-area paths are destinations within one of route’s attached Areas.
-
OIA inter-area paths are destinations in
another Area, but within the same OSPF AS.
-
E1(N1) paths are external to the AS; external cost + cost to ASBR
-
E2(N2) paths are external to the AS; external cost only; default type.
-
Use E1 metrics
when packet should exit from the closest exit point in the network
-
Use E2 metrics
when packet should exit from the closest exit to the external destination.
-
Lowest cost
metric, unless ECMP exists.
o Default Cost is OSPF
metric calculated from 10^8/int. bandwidth, between
1-65535 can be modified:
-
Interface bandwidth
-
Interface ip ospf cost
-
Process auto-cost reference-bandwidth
-
Process neighbor 1.2.2.1 cost on P2M
non-broadcast areas.
·
Authentication:
o if area
authentication is configured, it must be configured for ALL the routers in the
area.
o Don’t
forget virtual-links, one leg
is in area 0.
o Interface
passwords do not have to match, but neighbors do, default is NULL and types
are:
-
type 0, null authentication
-
type 1, clear-text password
-
type 2, MD5 cryptographic checksum.
o Authentication
keys are locally significant to an interface, so can be different for each
interface.
o when doing
keychain changes, first remove it from the interface.
#router ospf 20
#area 10
authentication # type 1
auth clear-text password for area 10
#area 20
authentication {message-digest} # type 2 MD5 authentication for area 20
#area 30 virtual-link 1.1.1.10 auth {key} # type 1 authentication for virtual-link
#area 40 virtual-link 2.2.2.20 message-digest-key {key-id} md5 {key} # type 2 MD5 auth.
o
By default routes redistributed into OSPF flagged E2 with the
cost of 20, except
EBGP which is 1.
o
Order of preference: O, O*IA, E1, E2 and subnet keyword required if
classless desired, else will be classfull.
o
O Intra-area,
O*IA
inter-area, E1 internal
and external cost, E2 external
cost only.
o
E1 used for
multi-exit out of AS, E2 used for
single exit.
o
Router
bit set, show
ip ospf datab means the routes are sent to rib, but may not be installed
due to another best path.
o P = 0 ->
this router is an NSSA ABR+ASBR; no translation or advertisement outside of the
NSSA area.
o P = 1 ->
this router is an NSSA ASBR; ABR will do type 7 translation
·
Miscallaneous:
o Backbone type 1, 2, 3,
4, 5 LSAs
o Non-Backbone
type 1, 2, 3,
4, 5 LSAs
o Stub Area type 1, 2, 3, 4
LSAs
o Totally
Stubby Area type 1, 2
LSAs
o Not So
Stubby Area type 1, 2,
3, 4, 7 NO type 5 LSAs
o Totally Not
So Stubby Area type 1, 2, 7 NO Type 3, 4, 5 LSAs
o
OSPF cost of an Interface == (Ref bandwidth)100Mbs / bandwidth.
o Paranoid or periodic update interval == 30
minutes.
o area range translated
by ABR uses type 5 LSA.
o summary-address translated
by ASBR injects type 7 LSA
o default-information-originate on ASBR
injects type 7 LSA; default route must exist unless always is used.
o
Periodic LSA
refreshes that take place every 30 minutes do not occur with OSPF demand
circuit. When a demand circuit link is established a unique option
bit (the DC bit) is exchanged between neighboring routers. If two routers
negotiate the DC bit successfully they make a note of it and set a specific bit
in the LSA Age called the DoNotAge bit (DNA). The DNA bit is the most
significant bit in the LS Age field. By setting this bit the LSA stops aging,
and no periodic updates are sent.
ECMP:
Per destination load
balancing using fast switching:
Router(config)# interface Ethernet 0
Router(config-if)# ip route-cache
Per packet load
balancing using process switching:
Router(config)# interface Ethernet 0
Router(config-if)# no ip route-cache
· Newer
switching schemes such as Cisco Express Forwarding (CEF) allow you to do
per-packet and per-destination load-balancing more quickly. However, it does
imply that you have the extra resources to deal with maintaining CEF entries
and adjacencies.
· The OSPF Forwarding Address Suppression
in Translated Type-5 LSAs feature causes a not-so-stubby area (NSSA) area border router (ABR) to translate
Type-7 link state advertisements (LSAs) to Type-5 LSAs, but use the address 0.0.0.0 for the forwarding address
instead of that specified in the Type-7 LSA. This feature causes routers that
are configured not to advertise forwarding addresses into the backbone to
directly forward traffic to the translating NSSA ABRs.
·
The OSPF Inbound Filtering Using Route Maps with a Distribute List
feature allows users to define a route map to prevent Open Shortest Path First
(OSPF) routes from being added to the routing table. In the route map, the user
can match on any attribute of the OSPF route; distribute-list route-map
tag-filter in. This
feature can be useful during redistribution if the user tags prefixes when they
get redistributed on ASBRs and later uses the tag to filter the prefixes from being
installed in the routing table on other routers.
· Users can
define a route map to prevent OSPF routes from being added to the routing
table. This filtering happens at the moment when OSPF is installing the route
in the routing table. This feature has no effect on LSA flooding. In the route
map, the user can match on any attribute of the OSPF route. That is, the route
map could be based on the following match options: match
interface, match ip address, match ip next-hop, match ip route-source, match
metric, match route-type and match tag.
