Add to collection(s) Add to saved
  1. No category
Uploaded by yousef alagel

01-05 OSPF Configuration

advertisement 
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5
OSPF Configuration
5.1 Overview of OSPF
5.2 Understanding OSPF
5.3 Configuration Precautions for OSPF
5.4 Default Settings for OSPF
5.5 Configuring Basic OSPF Functions
5.6 Configuring an OSPF Hostname
5.7 Configuring Network Types for OSPF Interfaces
5.8 Configuring an OSPF Stub Area
5.9 Configuring an OSPF NSSA
5.10 Configuring an OSPF Virtual Link
5.11 Setting a Cost for an OSPF Interface
5.12 Configuring OSPF Load Balancing
5.13 Setting the Convergence Priority for OSPF Routes
5.14 Configuring a Stub Router
5.15 Suppressing an Interface from Sending and Receiving OSPF Packets
5.16 Configuring OSPF to Import External Routes
5.17 Configuring OSPF to Advertise a Default Route
5.18 Configuring OSPF Route Summarization
5.19 Configuring OSPF to Filter LSAs
5.20 Configuring OSPF to Filter Routes
5.21 Setting the Maximum Number of External Routes Allowed in the OSPF LSDB
5.22 Controlling the Establishment of OSPF Neighbor Relationships
5.23 Controlling OSPF Route Calculation
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
114
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.24 Configuring OSPF Neighbor Relationship Flapping Suppression
5.25 Configuring Routing Loop Detection for Routes Imported to OSPF
5.26 Suppressing the Advertisement of Interface IP Addresses
5.27 Disabling OSPF CPU Overload Control
5.28 Configuring OSPF-BGP Synchronization
5.29 Configuring BFD for OSPF
5.30 Configuring OSPF IP FRR
5.31 Configuring OSPF GR
5.32 Configuring OSPF Authentication
5.33 Configuring OSPF GTSM
5.34 Configuring the Network Management Function of OSPF
5.35 Maintaining OSPF
5.36 Troubleshooting OSPF
5.1 Overview of OSPF
Definition
Open Shortest Path First (OSPF) is a link-state Interior Gateway Protocol (IGP)
developed by the Internet Engineering Task Force (IETF).
OSPF version 2 (OSPFv2) is intended for IPv4, and OSPF version 3 (OSPFv3) is
intended for IPv6.
NOTE
Unless otherwise stated, OSPF refers to OSPFv2 in this document.
Purpose
Before the emergence of OSPF, the Routing Information Protocol (RIP) was the
most widely used IGP. RIP is a distance-vector routing protocol which is gradually
being replaced with OSPF, due to the former's slow convergence, tendency to form
routing loops, and poor scalability. The most common IGPs are RIP, OSPF, and
Intermediate System to Intermediate System (IS-IS). Table 5-1 describes the
differences between these IGPs.
Table 5-1 Differences between IGPs
Item
RIP
OSPF
IS-IS
Protocol
type
IP layer protocol
IP layer protocol
Link layer protocol
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
115
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Item
RIP
OSPF
IS-IS
Applicab
le scope
Applies to small
networks with simple
architectures, such as
campus networks.
Applies to mediumsized networks with
several hundred
devices, such as
small- and mediumsized enterprise
networks.
Applies to large
networks, such as
large-scale Internet
service provider (ISP)
networks.
Routing
algorith
m
Uses the distancevector (D-V)
algorithm to
calculate routes.
Uses the shortest
path first (SPF)
algorithm to
calculate a shortest
path tree (SPT) to all
destinations based
on the network
topology
information, which is
advertised through
link state
advertisements
(LSAs).
Uses the SPF
algorithm to
generate an SPT
based on the
network topology
and calculate
shortest paths to all
destinations.
In IS-IS, the SPF
algorithm runs
independently in
Level-1 and Level-2
databases.
Route
converg
ence
speed
Slow
Fast, less than 1
second.
Fast, less than 1
second.
Scalabili
ty
Not supported
Supported by
partitioning a
network into areas.
Supported by
defining device levels.
Benefits
OSPF offers the following benefits:
●
Wide application scope: OSPF is suitable for medium-sized networks featuring
several hundred devices, such as small- and medium-sized enterprise
networks.
●
Mask support: As OSPF packets carry mask information, OSPF is not subject
to natural masks. Instead, OSPF can process variable length subnet masks
(VLSMs).
●
Fast convergence: If the network topology changes, OSPF immediately sends
link state update (LSU) packets to synchronize the changes to the link state
databases (LSDBs) of all devices in the same autonomous system (AS).
●
Loop-free routing: OSPF uses the SPF algorithm to calculate loop-free routes
based on the collected link status.
●
Area partitioning: OSPF allows an AS to be partitioned into areas, leading to
simplified management. In this way, routing information transmitted between
areas can be summarized, reducing network bandwidth consumption.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
116
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
Equal-cost routes: OSPF supports multiple equal-cost routes to the same
destination.
●
Route classification: OSPF uses intra- and inter-area routes, as well as Type 1
and Type 2 external routes, listed here in descending order of priority.
●
Authentication: OSPF supports area-based and interface-based packet
authentication, ensuring packet exchange security.
5.2 Understanding OSPF
5.2.1 Basic Concepts of OSPF
Router ID
A router ID is a 32-bit unsigned integer and uniquely identifies a device in an AS.
A router ID must exist before a device runs OSPF.
A router ID can be generated manually or automatically. If no router ID has been
manually configured, the device automatically selects the system ID or the IP
address of the current interface as the router ID.
In any of the following situations, router ID reselection may be triggered:
●
The system router ID is reconfigured, and the OSPF process is restarted.
●
The OSPF router ID is reconfigured, and the OSPF process is restarted.
●
The system ID or IP address that is selected as the router ID is deleted, and
the OSPF process is restarted.
Areas
When a large number of devices run OSPF, LSDBs increase in size and often
require a significant amount of storage space. Large LSDBs also complicate SPF
computation and can overload the devices. As the network scale expands, there is
an increasing probability that the network topology changes, causing the network
to change continuously. In this case, a large number of OSPF packets are
transmitted on the network, leading to a decrease in bandwidth utilization
efficiency. Every time the topology changes, each device on the network must
recalculate routes.
OSPF resolves this problem by partitioning an AS into different areas, each of
which is regarded as a logical group and identified by an area ID. A device, not a
link, resides at the border of an area, and a network segment or link can belong
to only one area. An area must be specified for each OSPF interface.
OSPF areas include common areas, stub areas, and not-so-stubby areas (NSSAs).
Table 5-2 describes these in more detail.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
117
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-2 OSPF areas
Area
Type
Function
Notes
Common
area
By default, OSPF areas are defined as
common areas, and these include:
● The backbone area
must have all its
devices connected.
● Standard area: transmits intra-area,
inter-area, and external routes.
● Backbone area: area 0, which connects
to all other OSPF areas and transmits
inter-area routes. Routes between nonbackbone areas must be forwarded
through the backbone area.
Stub area
A stub area is a non-backbone area with
only one area border router (ABR) and
generally resides at the border of an AS.
The ABR in a stub area does not transmit
received AS external routes, significantly
decreasing the number of entries in the
routing table on the ABR and the amount
of routing information to be transmitted.
To ensure the reachability of AS external
routes, the ABR in the stub area generates
a default route and advertises it to nonABR devices in the stub area.
A totally stubby area allows only intraarea routes and ABR-advertised Type 3
link state advertisements (LSAs) carrying
the default route information to be
advertised within the area. The totally
stubby area does not allow AS external
routes or inter-area routes to be
advertised.
NSSA
An NSSA is similar to a stub area. An
NSSA does not advertise Type 5 LSAs but
can import AS external routes. ASBRs in
an NSSA generate Type 7 LSAs to carry
information about the AS external routes,
and these Type 7 LSAs are advertised only
within the NSSA. When the Type 7 LSAs
reach an ABR in the NSSA, the ABR
translates them into Type 5 LSAs, which
are then flooded to all the other OSPF
areas.
● All non-backbone
areas must remain
connected to the
backbone area.
● The backbone area
cannot be
configured as a stub
area.
● An autonomous
system boundary
router (ASBR)
cannot exist in a
stub area. As such,
AS external routes
cannot be
advertised within
the stub area.
● A virtual link cannot
pass through a stub
area.
● An ABR in an NSSA
advertises Type 7
LSA default routes
within the NSSA.
● All inter-area routes
are advertised by
ABRs.
● A virtual link cannot
pass through an
NSSA.
A totally NSSA allows only intra-area
routes to be advertised within the area.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
118
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Device Roles
Devices are classified into internal routers, ABRs, backbone routers, and ASBRs by
location in an AS. Figure 5-1 shows the layout of the four device roles, and Table
5-3 lists their descriptions.
Figure 5-1 Device roles in an AS
Table 5-3 Device roles in an AS
Device Role
Description
Internal router
All interfaces on an internal router belong to the
same OSPF area.
ABR
An ABR is a device that can belong to two or more
areas, one of which must be the backbone area.
An ABR connects the backbone area and nonbackbone areas, and it can connect to the backbone
area either physically or logically.
Backbone router
A backbone router is a device that has at least one
interface belonging to the backbone area.
Backbone routers include internal routers in the
backbone area and all ABRs.
ASBR
An ASBR exchanges routing information with other
ASs.
An ASBR may be an internal router or an ABR, and
therefore may not necessarily reside at the border
of an AS.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
119
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
LSAs
OSPF encapsulates routing information into LSAs for transmission. Table 5-4
describes different types of LSAs and their functions.
Table 5-4 Different types of LSAs and their functions
LSA Type
LSA Function
Router-LSA (Type 1)
Describes the link status and cost of a device. RouterLSAs are generated by each device and advertised
within the area to which the devices belong.
Network-LSA (Type 2)
Describes the link status of all devices on the local
network segment. Network-LSAs are generated by a
designated router (DR) and advertised within the
area to which the DR belongs.
Network-summary-LSA
(Type 3)
Describes routes to an area's network segment.
Network-summary-LSAs are generated by an ABR
and advertised to other areas, excluding the totally
stubby area and totally NSSA. For example, an ABR
belongs to both area 0 and area 1, area 0 has a
network segment 10.1.1.0, and area 1 has a network
segment 10.2.1.0. In this case, the ABR generates
Type 3 LSAs destined for the network segment
10.2.1.0 for area 0, and Type 3 LSAs destined for the
network segment 10.1.1.0 for area 1.
ASBR-summary-LSA
(Type 4)
Describes routes of an area to the ASBRs of other
areas. ASBR-summary-LSAs are generated by an ABR
and advertised to other areas, excluding the stub
area, totally stubby area, NSSA, totally NSSA, and the
area to which the ASBR of the route generation ABR
belongs.
AS-external-LSA (Type
5)
Describes AS external routes, which are advertised to
all areas, excluding the stub area, totally stubby area,
NSSA, and totally NSSA. AS-external-LSAs are
generated by an ASBR.
NSSA-LSA (Type 7)
Describes AS external routes. NSSA-LSAs are
generated by an ASBR and advertised only within an
NSSA.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
120
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
LSA Type
LSA Function
Opaque-LSA (Type 9/
Type 10/Type 11)
Provides a general mechanism for OSPF extension.
Different types of LSAs are described as follows:
● Type 9 LSAs are advertised only on the network
segment where the interface advertising the LSAs
resides. Grace LSAs used in graceful restart (GR)
are Type 9 LSAs.
● Type 10 LSAs are advertised within an OSPF area.
LSAs that are used to support traffic engineering
(TE) are Type 10 LSAs.
● Type 11 LSAs are advertised within an AS but
have not been used in practice.
Table 5-5 describes whether a type of LSA is supported in an area.
Table 5-5 Support status of LSAs in different types of areas
Area Type
Router
-LSA
(Type
1)
Netwo
rk-LSA
(Type
2)
Netwo
rksumm
aryLSA
(Type
3)
ASBRsumma
ry-LSA
(Type
4)
ASextern
al-LSA
(Type
5)
NSSALSA
(Type
7)
Common area
(including standard
and backbone
areas)
Suppor
ted
Suppor
ted
Suppor
ted
Suppor
ted
Support
ed
Not
support
ed
Stub area
Suppor
ted
Suppor
ted
Suppor
ted
Not
support
ed
Not
support
ed
Not
support
ed
Totally stubby area
Suppor
ted
Suppor
ted
Not
support
ed
Not
support
ed
Not
support
ed
Not
support
ed
NSSA
Suppor
ted
Suppor
ted
Suppor
ted
Not
support
ed
Not
support
ed
Suppor
ted
Totally NSSA
Suppor
ted
Suppor
ted
Not
support
ed
Not
support
ed
Not
support
ed
Suppor
ted
Packet Types
OSPF packets are encapsulated into IP packets, and the OSPF protocol number is
89. OSPF packets are classified as Hello, database description (DD), link state
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
121
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
request (LSR), link state update (LSU), or link state acknowledgment (LSAck)
packets, as described in Table 5-6.
Table 5-6 OSPF packets and their functions
Packet Type
Function
Hello packet
Hello packets are sent periodically to discover
and maintain OSPF neighbor relationships.
DD packet
DD packets contain the summaries of LSAs in
the local LSDB, and are used for LSDB
synchronization between two devices.
LSR packet
LSR packets are sent to OSPF neighbors to
request required LSAs.
A device sends LSR packets to its OSPF
neighbor only after DD packets have been
successfully exchanged.
LSU packet
LSU packets are used to transmit required LSAs
to OSPF neighbors.
LSAck packet
LSAck packets are used to acknowledge
received LSAs.
Route Types
Routes are classified into intra-area, inter-area, and AS external routes. Intra-area
and inter-area routes describe the network structure of an AS, and AS external
routes describe how to select routes to destinations outside an AS. AS external
routes imported by OSPF are classified as Type 1 or Type 2 external routes.
Table 5-7 describes OSPF routes in descending order of priority.
Table 5-7 OSPF route types
Route Type
Description
Intra-area route
Routes transmitted within an OSPF area.
Inter-area route
Routes transmitted between OSPF areas.
Type 1 external route
Type 1 external routes offer higher reliability than
Type 2.
Cost of a Type 1 external route = Cost of the route
from the local device to an ASBR + Cost of the
route from the ASBR to the destination
If multiple ASBRs exist, the cost of each Type 1
external route is calculated based on the preceding
equation. The obtained cost is used for route
selection.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
122
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Route Type
Description
Type 2 external route
Because a Type 2 external route offers low
reliability, its cost is considered to be much greater
than the cost of any internal route to an ASBR.
Cost of a Type 2 external route = Cost of the route
from an ASBR to the destination
If multiple ASBRs have routes to the same
destination, the route with the lowest cost from
the corresponding ASBR to the destination is
selected and imported. If the routes to be imported
have the same cost from their ASBRs to the
destination, the route with the lowest cost from
the local device to the corresponding ASBR is
selected and then imported.
Network Type
Networks are classified as broadcast, non-broadcast multiple access (NBMA),
point-to-multipoint (P2MP), or point-to-point (P2P) networks by link layer
protocol. Table 5-8 describes the network types.
Table 5-8 OSPF network classification
Network Type
Link Layer Protocol
Broadcast
● Ethernet
Graph
● Fiber distributed
data interface
(FDDI)
NBMA
Issue 04 (2023-09-22)
X.25
Copyright © Huawei Technologies Co., Ltd.
123
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
Network Type
Link Layer Protocol
P2MP
Regardless of the link
layer protocol, OSPF
does not default the
network type to P2MP.
Instead, P2MP is
forcibly changed from
another type of
network. In most
cases, a non-fully
meshed NBMA
network is changed to
a P2MP network.
P2P
● PPP
5 OSPF Configuration
Graph
● Link Access
Procedure Balanced
(LAPB)
OSPF Multi-Process
OSPF multi-process allows multiple OSPF processes to independently run on the
same device. Route exchange between different OSPF processes is similar to that
between different routing protocols, and a device interface can belong to only one
OSPF process.
5.2.2 OSPF Packet Format
OSPF packets are encapsulated into IP packets, and the OSPF protocol number is
89. OSPF packets are classified into Hello packets, DD packets, LSR packets, LSU
packets, and LSAck packets.
●
Hello packet
●
DD packet
●
LSR packet
●
LSU packet
●
LSAck packet
Packet Header Format
All five types of OSPF packets have the same packet header format, and the
header of each type of packet is 24 bytes long. Figure 5-2 shows an OSPF packet
header.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
124
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-2 OSPF packet header format
Table 5-9 OSPF packet header fields
Field
Length
Description
Version
8 bits
OSPF version number. For OSPFv2, the value is 2.
Type
8 bits
OSPF packet type. The values are as follows:
● 1: Hello packet
● 2: DD packet
● 3: LSR packet
● 4: LSU packet
● 5: LSAck packet
Packet
length
16 bits
Length of the OSPF packet with the packet header, in
bytes.
Router ID
32 bits
ID of the device that sends the OSPF packet.
Area ID
32 bits
ID of the area to which the device that sends the
OSPF packet belongs.
Checksum
16 bits
Checksum of the OSPF packet, excluding the
Authentication field.
AuType
16 bits
Authentication type. The values are as follows:
● 0: non-authentication
● 1: simple authentication
● 2: message digest algorithm 5 (MD5)
authentication
NOTE
The MD5 algorithm is insecure and poses security risks.
Authenticat
ion
64 bits
This field has different meanings for different AuType
values:
● 0: This field is not defined.
● 1: This field defines password information.
● 2: This field contains the key ID, MD5
authentication data length, and sequence number.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
125
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
NOTE
MD5 authentication data is added after an OSPF packet and is not included in the
Authentication field.
Hello Packet
Hello packets are commonly used packets, which are periodically sent by OSPF
interfaces to establish and maintain neighbor relationships. A Hello packet
includes information about the DR, backup designated router (BDR), timers, and
known neighbors. Figure 5-3 shows the format of a Hello packet.
Figure 5-3 Format of a Hello packet
Table 5-10 Hello packet fields
Field
Length
Description
Network
Mask
32 bits
Mask of the network on which the interface that
sends the Hello packet resides.
HelloInterv
al
16 bits
Interval at which Hello packets are sent.
Options
8 bits
Optional OSPF capabilities:
● E: AS-external-LSAs can be flooded.
● N/P: Type 7 LSAs can be processed.
● DC: Demand circuits can be processed.
Rtr Pri
8 bits
DR priority. The default value is 1.
NOTE
If the DR priority of a device interface is set to 0, the
interface cannot participate in a DR or BDR election.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
126
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Field
Length
Description
RouterDea
dInterval
32 bits
Dead interval. If a device does not receive any Hello
packets from its neighbors within a specified dead
interval, the neighbors are considered to be down.
Designated
Router
32 bits
Interface address of the DR.
Backup
Designated
Router
32 bits
Interface address of the BDR.
Neighbor
32 bits
Router ID of a neighbor.
Table 5-11 lists the address types, interval types, and default intervals used when
Hello packets are transmitted on different networks.
Table 5-11 Hello packet characteristics for various network types
Networ
k Type
Address
Type
Interval Type
Default Interval
Broadca
st
Multicast
address
HelloInterval
10 seconds for
HelloInterval
NBMA
Unicast
address
● HelloInterval is used by
the DR, BDR, and any
device that can become
a DR.
30 seconds for
HelloInterval
● PollInterval is used if
neighbors go down, and
HelloInterval is used in
other cases.
120 seconds for
PollInterval
P2P
Multicast
address
HelloInterval
10 seconds for
HelloInterval
P2MP
Multicast
address
HelloInterval
30 seconds for
HelloInterval
NOTE
To establish neighbor relationships between devices on the same network segment, set the
same HelloInterval, PollInterval, and RouterDeadInterval values for the devices. PollInterval
applies only to NBMA networks.
DD Packet
During adjacency initialization between two devices, DD packets are used to
describe their LSDBs for synchronization. A DD packet contains the header of each
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
127
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
LSA in an LSDB. An LSA header uniquely identifies an LSA, and occupies only a
small portion of the LSA, which reduces the amount of traffic transmitted between
devices. In addition, a neighbor can use the LSA header to check whether it
already has the LSA. When two devices exchange DD packets, one functions as the
master, and the other as the slave. The master defines a start sequence number
and increments it by one each time it sends a DD packet. After the slave receives a
DD packet, it uses the sequence number carried in the DD packet for
acknowledgment.
Figure 5-4 shows the format of a DD packet.
Figure 5-4 Format of a DD packet
Table 5-12 DD packet fields
Field
Length
Description
Interface
MTU
16 bits
Maximum size of an IP packet that an interface can
send without fragmenting the packet.
Options
8 bits
Optional OSPF capabilities:
● E: AS-external-LSAs can be flooded.
● N/P: Type 7 LSAs can be processed.
● DC: Demand circuits can be processed.
I
1 bit
If the DD packet is the first among multiple
consecutive DD packets sent by a device, this field is
set to 1. Otherwise, this field is set to 0.
M (More)
1 bit
If the DD packet is the last among multiple
consecutive DD packets sent by a device, this field is
set to 0. Otherwise, this field is set to 1.
M/S
(Master/
Slave)
1 bit
When two OSPF devices exchange DD packets, they
negotiate a master/slave relationship. The device with
a larger router ID becomes the master. If this field is
set to 1, the DD packet is sent by the master.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
128
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Field
Length
Description
DD sequence
number
32 bits
Sequence number of the DD packet. The master and
slave use sequence numbers to check the reliability
and integrity of DD packets.
LSA Headers
-
LSA header information included in the DD packet.
LSR Packet
After two devices exchange DD packets, they then send LSR packets to request
each other's LSAs for update. These LSR packets contain the summaries of the
requested LSAs. Figure 5-5 shows the format of an LSR packet.
Figure 5-5 Format of an LSR packet
Table 5-13 LSR packet fields
Field
Length
Description
LS type
32 bits
Type of the LSA.
Link State
ID
32 bits
This field, together with the LS type field, uniquely
identifies each LSA in an OSPF area.
Advertising
Router
32 bits
Router ID of the device that generates the LSA.
NOTE
The LS type, Link State ID, and Advertising Router fields can uniquely identify an LSA. If two
LSAs have the same LS type, Link State ID, and Advertising Router fields, the two LSAs are
considered to be the same, with one being old and the other being new. In this case, a
device uses the LS sequence number, LS checksum, and LS age fields to determine which
LSA is newer.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
129
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
LSU Packet
A device uses an LSU packet to transmit LSAs requested by its neighbors or to
flood its own updated LSAs. The LSU packet contains all LSAs involved. For
multicast and broadcast networks, LSU packets are multicast to flood LSAs. To
ensure reliable LSA flooding, a device uses an LSAck packet to acknowledge the
LSAs contained in an LSU packet that is received from a neighbor. If an LSA fails to
be acknowledged, the device retransmits the LSA to the neighbor. Figure 5-6
shows the format of an LSU packet.
Figure 5-6 Format of an LSU packet
Table 5-14 LSU packet field
Field
Length
Description
Number of
LSAs
32 bits
Number of LSAs contained in the LSU packet
LSAck Packet
A device uses an LSAck packet to acknowledge the LSAs contained in a received
LSU packet. The LSAs can be acknowledged using LSA headers. LSAck packets can
be transmitted in unicast or multicast mode, and the transmission mode is
determined by the link type. Figure 5-7 shows the format of an LSAck packet.
Figure 5-7 Format of an LSAck packet
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
130
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-15 LSAck packet field
Field
Length
Description
LSAs
Headers
Determin
ed by the
header
length of
the LSA
to be
acknowle
dged.
This field is used to acknowledge an LSA.
5.2.3 OSPF LSA Format
Each device in an AS generates one or more types of LSAs, depending on the
device's role, and multiple LSAs form an LSDB. OSPF encapsulates routing
information into LSAs for transmission. Commonly used LSAs include:
●
Router-LSAs
●
Network-LSAs
●
Summary-LSAs, including network-summary-LSAs and ASBR-summary-LSAs
●
AS-external-LSAs
LSA Header Format
All LSAs have the same header. Figure 5-8 shows an LSA header.
Figure 5-8 LSA header
Table 5-16 LSA header fields
Field
Length
Description
LS age
16 bits
Time elapsed since an LSA is generated, in seconds.
The value of this field continually increases regardless
of whether the LSA is transmitted over a link or saved
in an LSDB.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
131
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Field
Length
Description
Options
8 bits
Optional OSPF capabilities, which include:
● E: AS-external-LSAs can be flooded.
● N/P: Type 7 LSAs can be processed.
● DC: Demand circuits can be processed.
LS type
8 bits
Type of the LSA. The values are as follows:
● Type1: Router-LSA
● Type2: Network-LSA
● Type3: Network-summary-LSA
● Type4: ASBR-summary-LSA
● Type5: AS-external-LSA
● Type7: NSSA-LSA
Link State
ID
32 bits
This field, together with the LS type field, uniquely
identifies each LSA in an OSPF area.
Advertising
Router
32 bits
Router ID of the device that generates the LSA.
LS
sequence
number
32 bits
Sequence number of the LSA. Neighbors can use this
field to identify the latest LSA.
LS
checksum
16 bits
Checksum of all fields except the LS age field.
length
16 bits
Length of the LSA including the LSA header, in bytes.
Router-LSA
A router-LSA (Type 1) describes the link status and cost of a device. Router-LSAs
are generated by a device and advertised within the area to which the device
belongs. Figure 5-9 shows the format of a router-LSA.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
132
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-9 Format of a router-LSA
Table 5-17 Router-LSA fields
Field
Length
Description
Link State
ID
32 bits
Router ID of the device that generates the LSA.
V (Virtual
Link)
1 bit
If the device that generates the LSA is located at one
end of a virtual link, this field is set to 1. Otherwise,
this field is set to 0.
E
(External)
1 bit
If the device that generates the LSA is an ASBR, this
field is set to 1. Otherwise, this field is set to 0.
B (Border)
1 bit
If the device that generates the LSA is an ABR, this
field is set to 1. Otherwise, this field is set to 0.
# links
16 bits
Number of links described in the LSA, including all
links in the area to which the device belongs.
Link ID
32 bits
Entity that is on the other end of the link. The value
varies according to the link type:
● 1: router ID
● 2: interface IP address of the DR
● 3: network segment or subnet number
● 4: router ID of the neighbor on a virtual link
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
133
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Field
Length
Description
Link Data
32 bits
Link data. The value varies according to the link type:
● Unnumbered P2P: interface index
● Stub network: subnet mask
● Other types of connections: IP address of the
device interface.
Type
8 bits
Type of the device link. The values are as follows:
● 1: The device is connected to a neighbor in P2P
mode.
● 2: The device is connected to a transit network.
● 3: The device is connected to a stub network.
● 4: The device is connected to a neighbor over a
virtual link.
# ToS
8 bits
Number of types of service (ToSs).
metric
16 bits
Cost of the link.
ToS
8 bits
Type of service.
ToS metric
16 bits
Metric for the specified ToS.
Network-LSA
A network-LSA (Type 2) describes the link status of all devices on the local
network segment. Network-LSAs are generated by the DR on a broadcast or
NBMA network and advertised within the area to which the DR belongs. Figure
5-10 shows the format of a network-LSA.
Figure 5-10 Format of a network-LSA
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
134
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-18 Network-LSA fields
Field
Length
Description
Link State
ID
32 bits
Interface IP address of the DR
Network
Mask
32 bits
Mask of the broadcast or NBMA network
Attached
Router
32 bits
Router IDs of all devices on the broadcast or NBMA
network, including the router ID of the DR
Summary-LSA
A network-summary-LSA (Type 3) describes routes to a network segment in an
area. The routes are advertised to other areas.
An ASBR-summary-LSA (Type 4) describes routes to the ASBR in an area. The
routes are advertised to all areas except that to which the ASBR belongs.
Type 3 and Type 4 LSAs have the same format and are generated by ABRs. Figure
5-11 shows the format of a summary-LSA.
Figure 5-11 Format of a summary-LSA
Table 5-19 Network-summary-LSA fields
Field
Length
Description
Link State
ID
32 bits
Advertised network address
Network
Mask
32 bits
Mask of the broadcast or NBMA network
metric
24 bits
Cost of the route to the destination address
ToS
8 bits
Type of service
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
135
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Field
Length
Description
ToS metric
24 bits
Metric for the specified ToS
NOTE
When default routes are advertised, both the Link State ID and Network Mask fields are set
to 0.0.0.0.
Table 5-20 ASBR-summary-LSA fields
Field
Length
Description
Link State
ID
32 bits
Router ID of the ASBR.
Network
Mask
32 bits
This field is not meaningful and must be set to 0.0.0.0.
metric
24 bits
Cost of the route to the destination address.
ToS
8 bits
Type of service.
ToS metric
24 bits
Metric for the specified ToS.
AS-External-LSA
An AS-external-LSA (Type 5) describes AS external routes, and is generated by an
ASBR. Among the five types of LSAs, only AS-external-LSAs can be advertised to
all areas except stub areas and NSSAs. Figure 5-12 shows the format of an ASexternal-LSA.
Figure 5-12 Format of an AS-external-LSA
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
136
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-21 AS-external-LSA fields
Field
Length
Description
Link State
ID
32 bits
Advertised network address.
Network
Mask
32 bits
Mask of the advertised destination address.
E
1 bit
Type of the external route. The values are as follows:
● 0: Type 1 external route
● 1: Type 2 external route
metric
24 bits
Cost of the route to the destination address.
Forwarding
Address
32 bits
Packets destined for the advertised destination
address are forwarded to the address specified by this
field.
External
Route Tag
32 bits
Tag added to the external route. This field is not used
by the OSPF protocol itself. It can be used to manage
external routes.
ToS
8 bits
Type of service.
ToS metric
24 bits
Metric for the specified ToS.
NOTE
If Type 5 LSAs are used to advertise default routes, both the Link State ID and Network
Mask fields are set to 0.0.0.0.
5.2.4 OSPF Route Calculation
OSPF route calculation involves the following processes:
1.
2.
Adjacency establishment. Local and remote devices establish an adjacency
through the following process:
a.
Exchange Hello packets using OSPF interfaces to establish a neighbor
relationship.
b.
Negotiate a master/slave relationship and exchange DD packets.
c.
Exchange LSAs to synchronize LSDBs.
Route calculation. OSPF uses the shortest path first (SPF) algorithm to
calculate routes, implementing fast route convergence.
OSPF Neighbor States
To exchange routing information on an OSPF network, neighbor devices must
establish adjacencies. The differences between neighbor relationships and
adjacencies are described as follows:
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
137
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
Neighbor relationship: After the local device starts, it uses an OSPF interface
to send a Hello packet to the remote device. After the remote device receives
the packet, it checks whether the parameters carried in the packet are
consistent with its own. If they are consistent, the remote device establishes a
neighbor relationship with the local device.
●
Adjacency: After the local and remote devices establish a neighbor
relationship, they exchange DD packets and LSAs to establish an adjacency.
OSPF has eight neighbor states: Down, Attempt, Init, 2-way, Exstart, Exchange,
Loading, and Full, as shown in Figure 5-13. Down, 2-way, and Full are stable
states. Attempt, Init, Exstart, Exchange, and Loading are unstable states, each of
which lasts only several minutes.
Figure 5-13 OSPF neighbor states
Table 5-22 OSPF neighbor states and their meanings
OSPF
Neighbo
r State
Description
Down
This is the initial state of a neighbor conversation, and indicates that
a device has not received any Hello packets from its neighbors within
a dead interval.
Attempt
In the Attempt state, a device periodically sends Hello packets to
manually configured neighbors.
NOTE
The Attempt state applies only to non-broadcast multiple access (NBMA)
interfaces.
Init
Issue 04 (2023-09-22)
This state indicates that a device has received Hello packets from its
neighbors but the neighbors did not receive Hello packets from the
device.
Copyright © Huawei Technologies Co., Ltd.
138
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
OSPF
Neighbo
r State
Description
2-way
This state indicates that each device has received Hello packets from
its neighbors and that neighbor relationships have been established
between the devices.
If no adjacency needs to be established, the neighbors remain in the
2-way state. If adjacencies need to be established, the neighbors
enter the Exstart state.
Exstart
In the Exstart state, devices establish a master/slave relationship to
ensure that DD packets are sequentially exchanged.
Exchang
e
In the Exchange state, devices exchange DD packets. A device uses a
DD packet to describe its own LSDB and sends the packet to its
neighbors.
Loading
In the Loading state, a device sends LSR packets to its neighbors in
order to request their LSAs for LSDB synchronization.
Full
In the Full state, the local LSDB is synchronized with the other
LSDBs, and adjacencies are established between the local device and
neighbors.
NOTE
The neighbor state of the local device may be different from that of a remote device. For
example, the neighbor state of the local device is Full, but the neighbor state of the remote
device is Loading.
DR and BDR
On a broadcast or NBMA network, routing information is transmitted between
any two devices. As shown in Figure 5-14, n devices are deployed on the network,
and n x (n – 1)/2 adjacencies are established in normal cases. Any route change
on a device is transmitted to the other devices, which wastes bandwidth resources.
OSPF resolves this problem by defining a DR and a BDR. After a DR is elected, all
other devices send routing information only to the DR, which then broadcasts
LSAs. Devices other than the DR and BDR are called DR others. The DR others
establish adjacencies only with the DR and BDR and not with each other. The DR
and BDR mechanism reduces the number of adjacencies on a broadcast or NBMA
network.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
139
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-14 Network topologies before and after a DR election
If the original DR fails, devices must reelect a DR and all devices (except the new
DR) must synchronize routing information with the new DR. This is a lengthy
process, during which route calculations may be incorrect. A BDR, which is a
backup for a DR, is used to shorten the process. A BDR is elected together with a
DR, establishes adjacencies with all devices on the network segment where the
BDR resides, and exchanges routing information with them. If the DR fails, the
BDR immediately becomes a new DR. Although it still takes a long time for the
devices to reelect a new BDR, this process does not affect route calculation.
The DR and BDR on a network segment are automatically elected, not manually
assigned, and the DR priority of a device interface determines its qualification for
DR and BDR elections. The device interfaces with DR priorities greater than 0 are
eligible. Hello packets are used in the election, with each device adding
information about the elected DR to a Hello packet and sending it to the other
devices on the same network segment. When two device interfaces on the same
network segment declare that they are DRs, the device interface with a higher DR
priority is elected as the DR. If the two device interfaces have the same DR
priority, the device interface with a larger router ID is elected as the DR. If the DR
priority of a device interface is 0, the device cannot be elected as a DR or BDR.
Adjacency Establishment
Adjacencies can be established in either of the following situations:
●
Two devices have established a neighbor relationship and communicate for
the first time.
●
The DR or BDR on a network segment changes.
The adjacency establishment process varies according to the network type.
Adjacency establishment on a broadcast network
Figure 5-15 shows the adjacency establishment process on a broadcast network.
On a broadcast network, the DR and BDR establish adjacencies with each device
on the same network segment, but DR others establish only neighbor
relationships with each other.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
140
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-15 Adjacency establishment process on a broadcast network
The adjacency establishment process on a broadcast network is as follows:
1.
Neighbor relationship establishment
a.
DeviceA uses the multicast address 224.0.0.5 to send a Hello packet
through the OSPF interface connected to a broadcast network. In this
case, DeviceA does not know which router is the DR or which device is a
neighbor. Therefore, the DR field is 0.0.0.0, and the Neighbors Seen field
is 0.
b.
After DeviceB receives the packet, it returns a Hello packet to DeviceA.
The returned packet carries a DR field of 2.2.2.2 (ID of DeviceB) and a
Neighbors Seen field of 1.1.1.1 (DeviceA's router ID). DeviceA has been
discovered but its router ID is smaller than that of DeviceB. As a result,
DeviceB regards itself as a DR and its state then changes to Init.
c.
After DeviceA receives the Hello packet from DeviceB, DeviceA sets the
neighbor state to 2-way. The two ends will start to exchange information
about their LSDBs.
NOTE
The following procedures are not performed for DR others on a broadcast network.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
141
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
2.
5 OSPF Configuration
Master/Slave negotiation and DD packet exchange
a.
DeviceA sends a DD packet to DeviceB, declaring itself a master by
setting the MS field in the packet to 1 and the Seq field to x, indicating
the sequence number. In addition, DeviceA sets the I field to 1, indicating
that the packet is the first DD packet, which is used to negotiate a
master/slave relationship and does not carry LSA summaries. DeviceA
sets the M field to 1, indicating that the packet is not the last DD packet.
To improve transmission efficiency, DeviceA and DeviceB determine which
LSAs in each other's LSDB need to be updated. If one party determines
that an LSA of the other party is already in its own LSDB, it does not send
an LSR packet for updating the LSA to the other party. Instead, DeviceA
and DeviceB first send DD packets, which carry summaries of LSAs in
their own LSDBs, with each summary uniquely identifying an LSA. To
ensure packet transmission reliability, a master/slave relationship must be
determined during DD packet exchange. One party serving as a master
uses the Seq field to define a sequence number, and increments the
sequence number by one each time it sends a DD packet. When the other
party, serving as a slave, sends a DD packet, it adds the sequence number
carried in the last DD packet received from the master to the Seq field of
the packet.
b.
After DeviceB receives the DD packet, DeviceB's state changes to Exstart,
and DeviceB returns a DD packet to DeviceA. The returned packet does
not carry LSA summaries, and because DeviceB's router ID is greater than
DeviceA, DeviceB declares itself a master and sets the Seq field to y.
c.
After DeviceA receives the DD packet, it agrees that DeviceB is a master,
and DeviceA's state changes to Exchange. DeviceA sends a new DD
packet carrying the sequence number (Seq=y) set by DeviceB to transmit
LSA summaries. In the packet, the MS field set by DeviceA is 0, indicating
that DeviceA is the slave device.
d.
After DeviceB receives the packet, it sets the state of the neighbor
relationship to Exchange and sends a new DD packet containing its own
LSA summaries to DeviceA. The value of the Seq field carried in the new
DD packet is changed to y + 1.
The preceding process continues. DeviceA uses the same sequence number as
DeviceB to confirm that it has received the packet from DeviceB. DeviceB uses
the sequence number plus one to confirm that it has received DD packets
from DeviceA. When DeviceB sends the last DD packet, it sets the M field of
the packet to 0.
3.
LSDB synchronization (through LSA requests, transmission, and response)
a.
After DeviceA receives the last DD packet, it finds that many LSAs in
DeviceB's LSDB do not exist in its own LSDB, so DeviceA's state changes
to Loading. After DeviceB receives the last DD packet from DeviceA,
DeviceB's state immediately changes to Full, as DeviceB's LSDB already
contains all DeviceA's LSAs.
b.
DeviceA sends an LSR packet for updating LSAs to DeviceB, which then
returns an LSU packet to DeviceA. After DeviceA receives the packet, it
sends an LSAck packet for acknowledgment.
The preceding procedures continue until the LSAs in DeviceA's LSDB are the
same as those in DeviceB's LSDB. DeviceA's state then changes to Full. An
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
142
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
adjacency is established after DeviceA and DeviceB exchange DD packets and
update all LSAs.
OSPF adjacency establishment on an NBMA network
The adjacency establishment process on an NBMA network is different from that
on a broadcast network only before DD packets are exchanged, as marked in blue
in Figure 5-16.
On an NBMA network, all devices establish adjacencies only with the DR and BDR.
Figure 5-16 Adjacency establishment process on an NBMA network
Figure 5-16 shows the process of OSPF adjacency establishment on an NBMA
network.
1.
Issue 04 (2023-09-22)
Neighbor relationship establishment
a.
After DeviceB sends a Hello packet to a down interface of DeviceA,
DeviceB's state changes to Attempt. The packet carries a DR field of
2.2.2.2 (router ID of DeviceB) and a Neighbors Seen field of 0. A neighbor
device has not been discovered, and DeviceB regards itself as a DR.
b.
After DeviceA receives the packet, DeviceA's state changes to Init, and
DeviceA returns a Hello packet. The returned packet carries a DR and
Neighbors Seen fields of 2.2.2.2. DeviceB has been discovered but its
Copyright © Huawei Technologies Co., Ltd.
143
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
router ID is greater than that of DeviceA, and therefore DeviceA agrees
that DeviceB is a DR.
NOTE
The following procedures are not performed for DR others on an NBMA network.
2.
The procedures for negotiating a master/slave relationship and for
exchanging DD packets on an NBMA network are the same as those on a
broadcast network.
3.
The procedure for synchronizing LSDBs (through LSA requests, transmission,
and response) on this type of network is the same as that on a broadcast
network.
Adjacency establishment on a P2P/P2MP network
The adjacency establishment process on a P2P/P2MP network is similar to that on
a broadcast network. On a P2P/P2MP network, however, no DR or BDR needs to
be elected and DD packets are transmitted in multicast mode.
Route Calculation
OSPF uses the SPF algorithm to calculate routes, implementing fast route
convergence.
OSPF uses LSAs to describe the network topology. A router LSA describes the
attributes of a link between devices. A device transforms its LSDB into a weighted,
directed graph, which reflects the topology of the entire AS. All devices have the
same directed graph, as shown in Figure 5-17.
Figure 5-17 Weighted, directed graph generated based on the LSDB
Based on the graph, each device uses the SPF algorithm to calculate an SPT with
itself as the root. The SPT shows routes to nodes in the AS. Figure 5-18 shows
SPTs with different roots.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
144
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-18 SPTs
If a device's LSDB changes, the device recalculates the shortest path. However,
frequent SPF calculations consume a large number of resources and this can affect
the overall efficiency of the device. Changing the interval between SPF calculations
can prevent the resource consumption caused by frequent LSDB changes. The
default interval between SPF calculations is 5 seconds.
The route calculation process is as follows:
1.
A device calculates intra-area routes.
The device uses the SPF algorithm to calculate shortest paths to the other
devices in the same area. Router-LSAs and network-LSAs accurately describe
the network topology in an area. Based on the network topology described by
a Router LSA, the device calculates paths to the other devices in the area.
NOTE
If multiple equal-cost routes are produced during route calculation, the SPF algorithm
retains all these routes in the LSDB.
2.
The device calculates inter-area routes.
For devices in the same area, the network segment of the routes in an
adjacent area is directly connected to the ABR. As the shortest path to the
ABR has already been calculated in the previous step, the devices can directly
check a network-summary-LSA to obtain the shortest path to the network
segment. The ASBR can also be considered connected to the ABR. As a result,
the shortest path to the ASBR can also be calculated in this phase.
NOTE
● If the device performing SPF calculation is an ABR, the device only needs to check
Network Summary LSAs in the backbone area.
● If there are multiple paths to an ASBR, check whether the rules for selecting a path
to the ASBR among intra-area and inter-area paths on different types of devices
are the same. If the rules are different, routing loops may occur.
The RFC 1583 compatibility mode and RFC 1583 non-compatibility mode may
affect path selection rules. Even in the same mode, the path selection rules on
devices from different vendors may be slightly different. In this case, the rules used
in RFC 1583 compatibility mode or RFC 1583 non-compatibility mode for selecting
a path to an ASBR can be adjusted, preventing loops to some extent.
3.
The device calculates AS external routes.
AS external routes can be considered to be directly connected to the ASBR. As
the shortest path to the ASBR has already been calculated in the previous
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
145
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
phase, the device can check each AS external LSA to obtain the shortest paths
to other ASs.
PRC
Partial route calculation (PRC) only calculates routes that have been altered due
to network topology changes.
When a node changes on the network, the SPF algorithm is used to recalculate all
routes on the network. This calculation takes a long time and consumes a large
number of CPU resources, which affects the convergence speed. Incremental SPF
(I-SPF) improves the algorithm. While the algorithm still calculates routes using
all nodes on the network the first time it is run, only nodes that have changed are
used in subsequent calculations. The SPT generated using I-SPF is the same as
that generated using the SPF algorithm. This significantly decreases CPU usage
and speeds up network convergence.
Similar to I-SPF, PRC calculates only routes that have changed. PRC, however, does
not calculate the shortest path. Instead, it updates routes based on the SPT
calculated by I-SPF. In route calculation, a leaf represents a route, and a node
represents a device. Either an SPT change or a leaf change causes a routing
information change. The SPT change is irrelevant to the leaf change. PRC
processes routing information as follows:
●
If the SPT changes, PRC processes the routing information of all leaves on a
changed node.
●
If the SPT remains unchanged, PRC does not process the routing information
on any node.
●
If a leaf changes, PRC processes the routing information for that leaf only.
●
If a leaf remains unchanged, PRC does not process the routing information for
any leaf.
For example, if OSPF is newly enabled on an interface of a node, the SPT
calculated on the entire network remains unchanged. In this case, PRC updates
only the routes of this interface, consuming less CPU resources.
PRC working with I-SPF further improves the network convergence performance.
As a result of these improvements, PRC and I-SPF have replaced the SPF
algorithm.
5.3 Configuration Precautions for OSPF
Licensing Requirements
OSPF is not under license control.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
146
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Hardware Requirements
Table 5-23 Hardware requirements
Series
Models
AR5700 series
AR5710-H8T2TS1/AR5710-H8T2TS1-T
AR8000 series
AR8140-12G10XG/AR8140-T-12G10XG
AR6700 series
AR6710-L26T2X4/AR6710-L26T2X4-T/AR6710L50T2X4/AR6710-L50T2X4-T/AR6710-L8T3TS1X2/
AR6710-L8T3TS1X2-T
Feature Requirements
Table 5-24 Feature requirements
Feature Requirements
Series
Models
OSPF checks whether a neighbor in the full
state exists in the backbone area before
advertising a default route to the stub area.
AR5700
series
AR5710-H8T2TS1/
AR5710-H8T2TS1T
AR8000
series
AR6700
series
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
AR8140-12G10XG
/AR8140T-12G10XG
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
147
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Feature Requirements
Series
Models
When a device in an NSSA generates an NSSA
LSA based on an imported external route, the
device preferentially uses the IP address of a
loopback interface in the NSSA as the
forwarding address (FA). If no loopback
interfaces exist in the NSSA, the device selects
the IP address of a non-loopback interface. As
a result, the downstream device may fail to
implement load balancing using routes even
when links with the same cost exist.
AR5700
series
AR5710-H8T2TS1/
AR5710-H8T2TS1T
OSPF advertises default routes to an NSSA
only when neighbor relationships in the Full
state exist in the backbone area or default
routes of another protocol or of another OSPF
process exist in the same VPN instance on the
device, and the nssa default-route-advertise
command is run.
AR5700
series
OSPF broadcast networks support association
between link BFD and cost values
AR5700
series
1) When only one neighbor relationship is
established and BFD goes Down, the neighbor
relationship is not deleted, and the OSPF LSDB
component is notified that the neighbor
relationship enters the BFD-associated cost
state.
AR6700
series
AR8000
series
AR6700
series
AR8000
series
AR6700
series
AR8000
series
2) This function is not supported when there
are multiple neighbors.
When the number of neighbors changes from
one to multiple, the OSPF LSDB component is
notified of the deletion of the neighbor in the
BFD Down state.
It is recommended that only one neighbor
relationship be established on an OSPF
broadcast network.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
AR8140-12G10XG
/AR8140T-12G10XG
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
AR5710-H8T2TS1/
AR5710-H8T2TS1T
AR8140-12G10XG
/AR8140T-12G10XG
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
AR5710-H8T2TS1/
AR5710-H8T2TS1T
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
AR8140-12G10XG
/AR8140T-12G10XG
148
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Feature Requirements
Series
Models
OSPF loop detection does not support router
ID conflicts, including intra-AS and inter-AS
router ID conflicts. A router ID conflict may
trigger incorrect detection.
AR5700
series
AR5710-H8T2TS1/
AR5710-H8T2TS1T
AR8000
series
AR6700
series
OSPF loop detection depends on the Opaque
capability of OSPF in a process. If the Opaque
capability is not enabled, loop detection does
not take effect. In this case, you need to
manually enable the Opaque capability of
OSPF
AR5700
series
AR6700
series
AR8000
series
AR8140-12G10XG
/AR8140T-12G10XG
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
AR5710-H8T2TS1/
AR5710-H8T2TS1T
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
AR8140-12G10XG
/AR8140T-12G10XG
After the device is restarted, if the BFD session
of the local device or its neighbor is in Admin
Down state, the OSPF status is not affected.
When the BFD session is renegotiated, if the
BFD detection status reported by BFD is Down
(used to be Up), the OSPF neighbor is set to
Down. In other cases, the OSPF status is not
affected.
Issue 04 (2023-09-22)
AR5700
series
AR8000
series
AR6700
series
Copyright © Huawei Technologies Co., Ltd.
AR5710-H8T2TS1/
AR5710-H8T2TS1T
AR8140-12G10XG
/AR8140T-12G10XG
AR6710-L26T2X4/
AR6710-L26T2X4T/AR6710L50T2X4/AR6710L50T2X4-T/
AR6710L8T3TS1X2/
AR6710L8T3TS1X2-T
149
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.4 Default Settings for OSPF
Table 5-25 describes the default settings for OSPF.
Table 5-25 Default settings for OSPF
Parameter
Default Setting
OSPF
Disabled.
Interval at which Hello
packets are transmitted
10 seconds on P2P and broadcast interfaces; 30
seconds on P2MP and NBMA interfaces
Dead interval after which
OSPF neighbor relationships
fail
40 seconds on P2P and broadcast interfaces; 120
seconds on P2MP and NBMA interfaces
Period during which a
device acts as a stub router
500 seconds
Bandwidth reference value
used to calculate a link cost
100 Mbit/s
5.5 Configuring Basic OSPF Functions
5.5.1 Enabling OSPF
Prerequisites
Before enabling OSPF, you have completed the following task:
●
Configure IP addresses for interfaces to ensure that neighboring nodes are
reachable at the network layer.
Context
A router ID must exist before a device runs OSPF. The router ID is a 32-bit
unsigned integer that uniquely identifies the device in an AS. To ensure OSPF
stability, plan router IDs properly during network planning and manually set the
router ID of each device during network deployment.
OSPF partitions an AS into different areas to prevent the LSDB size from
unexpectedly growing. An area is regarded as a logical group, and each group is
identified by an area ID. The border of an area is a device rather than a link. A
network segment (or a link) belongs to only one area, and the area to which each
OSPF interface belongs must be specified.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
150
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Create an OSPF process and enter the OSPF view.
ospf process-id [ router-id route-id | vpn-instance vpname ]
*
process-id specifies the ID of an OSPF process, and the default value is 1.
The device supports OSPF multi-process. Processes can be classified by service
type. Devices exchange packets regardless of process IDs. Therefore, packets can
also be exchanged between devices with different process IDs.
router-id router-id specifies the router ID of a device.
By default, a device automatically selects the IP address of an interface as the
router ID. When configuring a router ID, ensure that the router ID is unique in an
AS. You can configure the IP address of a device interface as the device's router ID.
NOTE
Each router ID in an OSPF process must be unique. Otherwise, an OSPF neighbor
relationship cannot be established, and routing information is incorrect. Manually setting a
unique router ID for each device is recommended.
If a router ID conflict occurs, perform either of the following operations:
●
●
Manually configure a new router ID.
ospf router-id router-id
Enable the router ID automatic recovery function to ensure that the device
can automatically allocate a new router ID.
undo ospf router-id auto-recover disable
NOTE
If the automatic recovery function is enabled and a router ID conflict occurs between
indirectly connected devices in one OSPF area, the conflicting router ID is replaced
with a newly calculated one, regardless of whether the conflicting router ID was
manually configured or automatically generated.
If a router ID conflict persists, a device can replace a router ID for a maximum of three
attempts.
Step 3 (Optional) Configure a description for the OSPF process.
description description
To easily identify a specific process, you can add a description for the process.
Step 4 Create an OSPF area, and enter the OSPF area view.
area area-id
OSPF areas are classified as either a backbone area (with area ID 0) or nonbackbone area. The backbone area forwards inter-area routing information, and
routing information exchanged between non-backbone areas must be forwarded
through the backbone area.
Step 5 (Optional) Configure a description for the OSPF area.
description description
To easily identify a specific area, you can add a description for the area.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
151
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 6 To configure OSPF, configure the network segments included in an area or enable
OSPF on an interface.
●
Configure the network segments included in an area.
network address wildcard-mask [ description text ]
description text specifies the description for a network segment.
OSPF runs on an interface only when both of the following conditions are
met:
a.
The mask length of the interface's IP address is greater than or equal to
that specified in the network command.
NOTE
If the wildcard-mask in the network command is all zeros and the IP address of
the interface is the same as the IP address specified in the network address
command, OSPF is also enabled on the interface.
b.
The interface's primary IP address belongs to the network segment
specified in the network command.
By default, OSPF uses a host route with a 32-bit mask to advertise the IP
address of a loopback interface, regardless of the mask length configured for
the IP address. Therefore, to allow a loopback interface to advertise networksegment routes, its network type must be set to NBMA or broadcast in the
interface view. For details on how to set the network type, see 5.7.2 Setting
the Network Type to Broadcast.
●
Enable OSPF on an interface.
a.
Exit the area view.
quit
b.
Enter the interface view.
c.
Switch the interface working mode from Layer 2 to Layer 3. Determine
whether to perform this step based on the current interface working
mode.
interface interface-type interface-number
undo portswitch
Determine whether to perform this step based on the current interface
working mode.
d.
Enable OSPF on the interface.
ospf enable [ process-id ] area area-id
The area ID specified using area-id can be either a decimal integer or in
the format of an IPv4 address. Regardless of the format, the area ID is
displayed as an IPv4 address.
----End
Follow-up Procedure
If a router ID is changed, run the following command for the new router ID to
take effect:
reset ospf [ process-id ] process
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
152
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.5.2 (Optional) Configuring an Interface to Fill in DD Packets
with Its Own MTU
Context
To improve compatibility with a non-Huawei device, an OSPF-enabled Huawei
device adds the MTU 0 in DD packets to be sent and does not check the MTUs in
received DD packets, thereby allowing an OSPF neighbor relationship to be set up
even if the two ends have different MTU settings.
However, under the default configuration, the non-Huawei device may discard a
DD packet received from the Huawei device if the packet's actual MTU is greater
than the MTU of the non-Huawei device. If an LSU is discarded, an OSPF neighbor
relationship can still be set up, but the routing information carried in the LSU fails
to be learned, causing service interruption.
To resolve this issue, you are advised to enable an interface to add its actual MTU
in DD packets to be sent and check whether the MTU in a received DD packet is
greater than the local MTU. If the interface MTU settings of the local and remote
ends are different, an OSPF neighbor relationship cannot enter the Full state. By
doing this, MTU inconsistency can be identified in a timely manner.
NOTICE
Enabling an interface to fill in DD Packets with its actual MTU will cause the
involved neighbor relationship to be re-established.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Enable the interface to fill in DD packets to be sent with its actual MTU and check
whether the MTU in a DD packet received from a neighbor exceeds the local MTU.
ospf mtu-enable
By default, the MTU value is 0 when an interface sends DD packets. That is, the
actual MTU value of the interface is not filled in DD packets.
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
153
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.5.3 (Optional) Configuring a Device to Comply with Route
Selection Rules Defined in a Standard Protocol
Context
RFC 2328 and RFC 1583 define route selection rules differently. After enabling
OSPF on a device, you can configure the device to comply with route selection
rules defined in either standard protocol as required. By default, a device complies
with the route selection rules defined in RFC 1583. If you want the device to
comply with the other protocol, you need to configure the device to comply with
the rules defined in RFC 2328. Such configurations ensure that all OSPF-enabled
devices in an AS comply with the same route selection rules defined in the same
standard protocol.
If both intra-area and inter-area paths to an ASBR exist on a network, the default
rules for selecting a path to the ASBR are as follows:
1.
2.
In RFC 1583 compatibility mode:
–
If the area IDs of the intra-area and inter-area paths to the ASBR are the
same, intra-area paths are preferred.
–
If the area IDs of intra-area and inter-area paths to the ASBR are
different, the path with the smallest cost is preferred; if their costs are the
same, the path with the largest area ID is preferred.
In RFC 1583 non-compatibility mode:
–
If the area IDs of the intra-area and inter-area paths to the ASBR are the
same and the paths belong to non-backbone areas, intra-area paths are
preferred.
–
If the area IDs of the intra-area and inter-area paths to the ASBR are the
same and the paths belong to the backbone area, the path with the
smallest cost is preferred; if their costs are the same, load balancing is
supported.
–
If the area IDs of the intra-area and inter-area paths to the ASBR are
different, intra-area paths that belong to non-backbone areas are
preferred; if intra-area paths belong to the backbone area, the path with
the smallest cost is preferred; if their costs are the same, the path with
the largest area ID is preferred.
NOTE
If devices of different vendors or different series of devices of the same vendor are deployed
on the same network, the rules for selecting a path to an ASBR among intra-area and interarea paths may vary according to the mode (RFC 1583 compatibility mode or RFC 1583
non-compatibility mode). In this case, routing loops may occur. To prevent the routing
loops, you can set the path selection rules to the default ones.
To prevent routing loops, ensure that all devices on the network use the same path
selection rules. If adjustment is performed only on some devices, the adjustment fails to
meet expectations. Therefore, exercise caution when adjusting path selection rules.
Procedure
Step 1 Enter the system view.
system-view
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
154
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 (Optional) Configure the device to comply with the default rules used in RFC 1583
compatibility mode for selecting a path to an ASBR. That is, if the area IDs of
intra-area and inter-area paths to the ASBR are different, the path with the
smallest cost is preferred; if their costs are the same, the path with the largest
area ID is preferred.
rfc1583 compatible different-area-path prefer lower-cost
Step 4 Configure the device to comply with the route selection rules defined in RFC 2328,
rather than RFC 1583.
undo rfc1583 compatible
By default, a device complies with the route selection rules defined in RFC 1583.
Step 5 (Optional) Configure the device to comply with the default rules used in RFC 1583
non-compatibility mode for selecting a path to an ASBR. That is, if the area IDs of
the intra-area and inter-area paths to the ASBR are the same and the paths
belong to the backbone area, intra-area paths are preferred.
rfc1583 non-compatible backbone-area-path prefer intra
----End
5.5.4 (Optional) Setting the OSPF Preference
Context
Routing protocols may share and select the same routing information if a device
runs multiple dynamic routing protocols at the same time. Therefore, the system
sets a preference for each routing protocol. Then, when multiple routing protocols
discover the same route, the route discovered by the routing protocol with the
highest preference is selected.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Set the OSPF preference.
preference [ ase | inter | intra ] { preference | route-policy route-policy-name }
*
The default OSPF preference is 10. Parameters in this command are described as
follows:
●
ase: indicates the AS external routes for which a preference is set. If ase is
specified, the default preference of AS external routes is 150.
●
inter: indicates the inter-area routes for which a preference is set.
●
intra: indicates the intra-area routes for which a preference is set.
●
preference: specifies a preference value for OSPF routes. The smaller the
value, the higher the preference.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
155
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
route-policy-name: specifies a route-policy to filter routes so that the preset
preference is applied to the filtered routes.
----End
5.5.5 (Optional) Configuring the Maximum Number of Packet
Retransmission Attempts
Context
By enabling retransmission and setting the maximum number of packet
retransmission attempts on a device, infinite loops caused by repeated
transmissions when the device receives no response to DD, LSU, or LSR packets are
prevented. If no response is received when the maximum number of packet
retransmission attempts is reached, the neighbor relationship will be disconnected.
By default, the retransmission mechanism is disabled.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Set the maximum number of OSPF packet retransmission attempts.
retransmission-limit [ max-number ]
max-number specifies the maximum number of packet retransmission attempts.
The default value is 30.
----End
5.5.6 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] abr-asbr [ router-id ] command to check
information about the ABRs and ASBRs.
●
Run the display ospf [ process-id ] cumulative command to check OSPF
statistics.
●
Run the display ospf [ process-id ] peer command to check information
about OSPF neighbors.
●
Run the display ospf [ process-id ] nexthop command to check information
about OSPF next hops.
●
Run the display ospf [ process-id ] error [ lsa | interface interface-type
interface-number ] command to check information about OSPF errors.
●
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about the
OSPF interface.
●
Run the display ospf [ process-id ] routing command to check information
about the OSPF routing table.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
156
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
Run the display ospf [ process-id ] topology [ area area-id ] [ statistics |
verbose ] command to check information about the topology based on which
OSPF routes are calculated.
●
Run the display ospf [ process-id ] spf-statistics [ verbose ] command to
check route calculation statistics in an OSPF process.
●
Run the display ospf [ process-id ] request-queue [ interface-type interfacenumber ] [ neighbor-id ] command to check information about an OSPF
request list.
●
Run the display ospf [ process-id ] statistics updated-lsa [ originate-router
adv-rtr-id | history ] command to check information about the frequent
updates of the LSAs that the LSDB receives.
●
Run the display ospf [ process-id ] router-id conflict command to check
information about router ID conflicts (if any).
----End
5.5.7 Example for Configuring Basic OSPF Functions
Networking Requirements
On the network shown in Figure 5-19, all devices run OSPF, and the entire AS is
divided into three areas. DeviceA and DeviceB function as ABRs to forward interarea routes.
After the configuration is complete, each device should learn the routes to all
network segments in the AS.
Figure 5-19 Network diagram of basic OSPF functions
NOTE
In this example, interface 1 and interface 2 represent 10GE0/0/1 and 10GE0/0/2,
respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
157
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Device
Router ID
Process ID
IP Address
DeviceA
1.1.1.1
1
Area 0: 192.168.0.0/24
Area 1: 192.168.1.0/24
DeviceB
2.2.2.2
1
Area 0: 192.168.0.0/24
Area 2: 192.168.2.0/24
DeviceC
3.3.3.3
1
Area 1: 192.168.1.0/24
and 172.16.1.0/24
DeviceD
4.4.4.4
1
Area 2: 192.168.2.0/24
and 172.17.1.0/24
DeviceE
5.5.5.5
1
Area 1: 172.16.1.0/24
DeviceF
6.6.6.6
1
Area 2: 172.17.1.0/24
Precautions
The following should be noted:
●
●
Issue 04 (2023-09-22)
The backbone area is responsible for forwarding inter-area routes. In addition,
the routing information between non-backbone areas must be forwarded
through the backbone area. OSPF defines the following rules for the
backbone area:
–
Connectivity must be available between non-backbone areas and the
backbone area.
–
Connectivity must be available over the backbone area.
The intervals at which Hello, Dead, and Poll packets are sent on the local
interface must be the same as those intervals on the remote interface.
Otherwise, the OSPF neighbor relationship cannot be established.
Copyright © Huawei Technologies Co., Ltd.
158
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on each involved device.
2.
Specify network segments in different areas.
3.
Configure ciphertext authentication mode for the OSPF area.
Procedure
Step 1 Assign an IP address to each interface. For detailed configurations, see the
configuration scripts.
Step 2 Configure basic OSPF functions.
# Configure DeviceA.
[DeviceA] router id 1.1.1.1
[DeviceA] ospf 1
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0]
[DeviceA-ospf-1-area-0.0.0.0]
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1]
[DeviceA-ospf-1-area-0.0.0.1]
[DeviceA-ospf-1] quit
network 192.168.0.0 0.0.0.255
quit
network 192.168.1.0 0.0.0.255
quit
# Configure DeviceB.
[DeviceB] router id 2.2.2.2
[DeviceB] ospf 1
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0]
[DeviceB-ospf-1-area-0.0.0.0]
[DeviceB-ospf-1] area 2
[DeviceB-ospf-1-area-0.0.0.2]
[DeviceB-ospf-1-area-0.0.0.2]
[DeviceB-ospf-1] quit
network 192.168.0.0 0.0.0.255
quit
network 192.168.2.0 0.0.0.255
quit
# Configure DeviceC.
[DeviceC] router id 3.3.3.3
[DeviceC] ospf 1
[DeviceC-ospf-1] area 1
[DeviceC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.1] quit
[DeviceC-ospf-1] quit
# Configure DeviceD.
[DeviceD] router id 4.4.4.4
[DeviceD] ospf 1
[DeviceD-ospf-1] area 2
[DeviceD-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.2] quit
[DeviceD-ospf-1] quit
# Configure DeviceE.
[DeviceE] router id 5.5.5.5
[DeviceE] ospf 1
[DeviceE-ospf-1] area 1
[DeviceE-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
159
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
[DeviceE-ospf-1-area-0.0.0.1] quit
[DeviceE-ospf-1] quit
# Configure DeviceF.
[DeviceF] router id 6.6.6.6
[DeviceF] ospf 1
[DeviceF-ospf-1] area 2
[DeviceF-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[DeviceF-ospf-1-area-0.0.0.2] quit
[DeviceF-ospf-1] quit
Step 3 Configure ciphertext authentication mode for the OSPF area.
# Configure DeviceA.
[DeviceA] ospf 1
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] ospf 1
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
NOTE
Device B and Device A must be configured with the same password. Otherwise, the
neighbor relationship cannot be established.
----End
Verifying the Configuration
# Check OSPF neighbor information on DeviceA.
[DeviceA] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Area 0.0.0.0 interface 192.168.0.1(10GE0/0/1)'s neighbors
Router ID: 2.2.2.2
Address: 192.168.0.2
State : Full
Mode : Nbr is Master Priority: 1
DR
: 192.168.0.2 BDR : 192.168.0.1
MTU
:0
Dead timer due (in seconds) : 32
Retrans timer interval
:5
Neighbor up time
: 00h04m14s
Neighbor up time stamp
: 2020-06-08 01:41:57
Authentication Sequence
:0
Area 0.0.0.1 interface 192.168.1.1(10GE0/0/2)'s neighbors
Router ID: 3.3.3.3
Address: 192.168.1.2
State : Full
Mode : Nbr is Master Priority: 1
DR
: 192.168.1.2 BDR : 192.168.1.1
MTU
:0
Dead timer due (in seconds) : 32
Retrans timer interval
:5
Neighbor up time
: 00h04m14s
Neighbor up time stamp
: 2020-06-08 01:41:57
Authentication Sequence
:0
# Check information about the OSPF routes on DeviceA.
[DeviceA] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
160
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Routing for Network
-----------------------------------------------------------------------------Destination
Cost
Type
NextHop
AdvRouter
Area
172.16.1.0/24
2
Transit
192.168.1.2
3.3.3.3
0.0.0.1
172.17.1.0/24
3
Inter-area 192.168.0.2
2.2.2.2
0.0.0.0
192.168.2.0/24
2
Inter-area 192.168.0.2
2.2.2.2
0.0.0.0
Total Nets: 3
Intra Area: 1 Inter Area: 2 ASE: 0 NSSA: 0
# Check the LSDB of DeviceA.
[DeviceA] display ospf lsdb
OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.0
Type
LinkState ID AdvRouter
Age Len Sequence
Router 1.1.1.1
1.1.1.1
93 48 80000004
Router 2.2.2.2
2.2.2.2
92 48 80000004
Sum-Net 172.16.1.0
1.1.1.1
1287 28 80000002
Sum-Net 192.168.1.0
1.1.1.1
1716 28 80000001
Sum-Net 172.17.1.0
2.2.2.2
1336 28 80000001
Sum-Net 192.168.2.0
2.2.2.2
87 28 80000002
Area: 0.0.0.1
Type
LinkState ID AdvRouter
Age Len Sequence
Router 1.1.1.1
1.1.1.1
1420 48 80000002
Router 3.3.3.3
3.3.3.3
1294 60 80000003
Router 5.5.5.5
5.5.5.5
1296 36 80000002
Network 172.16.1.1
3.3.3.3
1294 32 80000001
Sum-Net 172.17.1.0
1.1.1.1
1325 28 80000001
Sum-Net 192.168.0.0
1.1.1.1
1717 28 80000001
Sum-Net 192.168.2.0
1.1.1.1
1717 28 80000001
1
1
Metric
2
1
2
1
Metric
1
1
1
0
3
1
2
# Check the routing table of DeviceD.
[DeviceD] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing for Network
-----------------------------------------------------------------------------Destination
Cost
Type
NextHop
AdvRouter
Area
172.16.1.0/24
4
Inter-area 192.168.2.1
2.2.2.2
0.0.0.2
192.168.0.0/24
2
Inter-area 192.168.2.1
2.2.2.2
0.0.0.2
192.168.1.0/24
3
Inter-area 192.168.2.1
2.2.2.2
0.0.0.2
Total Nets: 3
Intra Area: 0 Inter Area: 3 ASE: 0 NSSA: 0
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
161
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
authentication-mode hmac-sha256 1 cipher %^%#c;\wJ4Qi8I1FMGM}KmIK9rha/.D.!$"~0(Ep66z~%^
%#
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
authentication-mode hmac-sha256 1 cipher %^%#c;\wJ4Qi8I1FMGM}KmIK9rha/.D.!$"~0(Ep66z~%^
%#
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
#
interface 10GE0/0/2
ip address 172.16.1.1 255.255.255.0
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
●
DeviceD
#
sysname DeviceD
#
router id 4.4.4.4
#
interface 10GE0/0/1
ip address 192.168.2.2 255.255.255.0
#
interface 10GE0/0/2
ip address 172.17.1.1 255.255.255.0
#
ospf 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
●
DeviceE
#
sysname DeviceE
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
162
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
#
router id 5.5.5.5
#
interface 10GE0/0/2
ip address 172.16.1.2 255.255.255.0
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
return
●
DeviceF
#
sysname DeviceF
#
router id 6.6.6.6
#
interface 10GE0/0/2
ip address 172.17.1.2 255.255.255.0
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
5.6 Configuring an OSPF Hostname
Prerequisites
Before configuring an OSPF hostname, you have completed the following task:
●
Configure basic OSPF functions.
Context
To facilitate network planning, configure hostnames to identify devices. Either
dynamic or static OSPF hostnames can be configured. In dynamic mode, a
hostname is configured on and advertised by the local device. The mapping
between the local device's router ID and hostname can be queried on the remote
device that has successfully learned this dynamic hostname.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Enable the opaque LSA capability.
opaque-capability enable
By default, the opaque LSA capability is disabled.
Step 4 Configure a dynamic OSPF hostname.
hostname [ host-name ]
If the host-name parameter is specified, the value of host-name is advertised as
the dynamic hostname. If only the hostname command is run and host-name is
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
163
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
not specified, the device name specified in the sysname command is advertised as
the dynamic hostname.
----End
Verifying the Configuration
Run any of the following commands to check dynamic OSPF hostnames:
●
display ospf [ process-id ] hostname-table
●
display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase |
nssa | opaque-link | opaque-area ] [ link-state-id ] [ originate-router
[ advertising-router-id ] | self-originate | hostname hostname ] [ age { minvalue min-age-value | max-value max-age-value } * ]
●
display ospf [ process-id ] lsdb [ router | network | summary | asbr | ase |
nssa | opaque-link | opaque-area ] [ link-state-id ] [ originate-router
[ advertising-router-id ] | self-originate ] [ age { min-value min-age-value |
max-value max-age-value } * ] [ resolve-hostname ]
5.7 Configuring Network Types for OSPF Interfaces
5.7.1 Understanding the Network Types Supported by OSPF
You can configure different network types to flexibly construct OSPF networks. As
shown in Table 5-26, OSPF classifies networks into four types based on the types
of link layer protocols. This section only describes the differentiated OSPF
configurations that are specific to network types. The OSPF configurations not
described in this section are applicable to all four types of networks.
Table 5-26 Network types supported by OSPF
Network Type
Characteristics
Default Configuration
Broadcast
On a broadcast network,
Hello, LSU, and LSAck
packets are multicast; DD
and LSR packets are unicast.
If the link layer protocol is
either Ethernet or Fiber
Distributed Data Interface
(FDDI), OSPF regards the
network as a broadcast
network by default.
NBMA
On an NBMA network, Hello,
DD, LSR, LSU, and LSAck
packets are unicast.
-
The NBMA network must be
fully meshed. That is, any
two devices on the network
must be directly reachable.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
164
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Network Type
Characteristics
Default Configuration
P2P
On a P2P network, Hello, DD,
LSR, LSU, and LSAck packets
are multicast.
If the link layer protocol is
either Point-to-Point Protocol
(PPP) or LAPB, OSPF regards
the network as a P2P
network by default.
P2MP
On a P2MP network, Hello
packets are multicast; DD,
LSR, LSU, and LSAck packets
are unicast.
OSPF does not regard a
network as a P2MP network
by default regardless of any
link layer protocol. Instead, a
P2MP network must be
forcibly changed from
another type of network.
The mask lengths of the
devices on the P2MP network
must be the same.
As shown in the preceding table, OSPF sends packets in different ways depending
on the specific type of network. Therefore, the difference between OSPF
configurations on different networks lies in the different packet sending
configurations. You can configure the network type for an OSPF interface to
forcibly change its original network type. Generally, the network types on both
interfaces of a link must be the same; otherwise, an OSPF neighbor relationship
cannot be established.
NOTE
OSPF does not support the network type configuration for a Null interface.
5.7.2 Setting the Network Type to Broadcast
Prerequisites
Before setting the network type to broadcast, you have completed the following
task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set the network type of the OSPF interface to broadcast.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
165
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
ospf network-type broadcast
By default, the network type of an Ethernet interface is broadcast.
If a network is fully meshed (any two devices on the network are directly
reachable) and all devices on the network support multicast, you can change the
network type of a non-Ethernet interface to broadcast, thereby eliminating the
need to manually specify neighbors.
Step 5 (Optional) Set a DR priority for the interface.
ospf dr-priority priovalue
By default, the DR priority of an interface is 1. A larger value indicates a higher
priority.
The priority of an interface determines whether the interface is qualified to be a
DR or BDR. The interface with the highest priority is elected as the DR. However, if
the priority of an interface on a device is 0, the device cannot be elected as a DR
or BDR. On a broadcast network, you can set the DR priority of an interface to
control the DR or BDR election. When the DR and BDR are elected on a network
segment, they send DD packets to all neighboring nodes and set up adjacencies
with all neighboring nodes.
Step 6 (Optional) Set a wait interval for the OSPF interface.
ospf timer wait interval
By default, the wait interval is 40 seconds.
If no Backup Seen event is received within the specified interval, the DR election
starts. Setting a proper interval for the wait timer can slow down changes of the
DR and BDR on the network, reducing network flapping. The interval of the wait
timer cannot be greater than that of the Dead timer (set using the ospf timer
dead command).
----End
Verifying the Configuration
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about OSPF
interfaces.
5.7.3 Setting the Network Type to P2P
Prerequisites
Before setting the network type to P2P, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
166
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set the network type of the OSPF interface to P2P.
ospf network-type p2p [ peer-ip-ignore ]
If only two devices run OSPF on the same network segment, you are advised to
change the network type of the OSPF interfaces to P2P.
peer-ip-ignore is used to disable network segment check when an OSPF neighbor
relationship is established on a P2P interface that is changed from a broadcast
interface and for which IP address unnumbering is not configured. By default,
peer-ip-ignore is not specified, and OSPF checks the network segments of the two
ends between which an OSPF neighbor relationship is to be established.
Specifically, OSPF performs an AND operation between the local subnet mask and
the local IP address as well as the local subnet mask and the remote IP address.
An OSPF neighbor relationship can be established only when the results on the
two ends are identical.
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about OSPF
interfaces.
●
Run the display ospf [ process-id ] peer command to check information
about OSPF neighbors.
5.7.4 Setting the Network Type to NBMA
Prerequisites
Before setting the network type to NBMA, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set the network type of the OSPF interface to NBMA.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
167
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
ospf network-type nbma
The default network type of an Ethernet interface is broadcast. If a device that
does not support multicast exists on the broadcast network, you can change the
network type of the device interface to NBMA.
NOTE
The NBMA network must be fully meshed. That is, any two devices on the NBMA network
must be directly reachable. In most cases, however, this requirement cannot be met. To
address this issue, change the network type to P2MP.
Step 5 (Optional) Set the interval at which Hello packets for polling are sent by the
NBMA interface.
ospf timer poll interval
The default interval is 120 seconds.
After the neighbor relationship on the NBMA network becomes invalid, the device
sends Hello packets at the interval set using this command.
Step 6 (Optional) Set a DR priority for the interface.
ospf dr-priority priovalue
By default, the DR priority of an interface is 1. A larger value indicates a higher
priority.
The priority of an interface determines whether the interface is qualified to be a
DR or BDR. The interface with the highest priority is elected as the DR. However, if
the priority of an interface on a device is 0, the device cannot be elected as a DR
or BDR. On an NBMA network, you can set the DR priority of an interface to
control the DR or BDR election. When the DR and BDR are elected on a network
segment, they send DD packets to all neighboring nodes and set up adjacencies
with all neighboring nodes.
Step 7 (Optional) Set a wait interval for the OSPF interface.
ospf timer wait interval
By default, the wait interval is 120 seconds.
If no Backup Seen event is received within the specified interval, the DR election
starts. Setting a proper interval for the wait timer can slow down changes of the
DR and BDR on the network, reducing network flapping. The interval of the wait
timer cannot be greater than that of the Dead timer (set using the ospf timer
dead command).
Step 8 Exit the interface view.
quit
Step 9 Enter the OSPF view.
ospf [ process-id ]
Step 10 Set an IP address and a DR priority for a neighbor on the NBMA network.
peer ip-address [ dr-priority priority ]
An NBMA interface cannot broadcast Hello packets to discover neighboring
devices. Therefore, the IP address of a neighboring device must be configured in
the OSPF process, and a DR priority must be set to determine whether the
neighboring device can participate in DR election.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
168
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
If dr-priority priority is not specified in the command, the default DR priority 1 is
used.
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about OSPF
interfaces.
●
Run the display ospf [ process-id ] peer command to check information
about OSPF neighbors.
●
Run the display ospf brief command to check the interval at which Hello
packets for polling are sent on the NBMA network.
5.7.5 Setting the Network Type to P2MP
Prerequisites
Before setting the network type to P2MP, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set the network type of the OSPF interface to P2MP.
ospf network-type p2mp
A P2MP network can be obtained only by changing a network type to P2MP. For
an interface with the NBMA network type, if the network is not fully meshed,
change the network type of the interface to P2MP. By doing this, two indirectly
connected devices can communicate through a third device that can directly reach
both devices. After the network type of the interface is changed to P2MP, there is
no need to manually specify a neighbor.
Step 5 (Optional) Disable OSPF from checking the network mask.
ospf p2mp-mask-ignore
By default, OSPF checks the network mask of Hello packets on a P2MP network.
Devices with different network mask lengths cannot establish a neighbor
relationship. After devices are configured not to check the network masks in Hello
packets, OSPF neighbor relationships can be established.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
169
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 6 (Optional) Configure the device to filter the LSAs to be sent on the P2MP network.
1.
Return to the system view.
quit
2.
Create an ACL and enter the ACL view.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-acl-number }
3.
Configure an ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny } [ fragment-type fragment | source { source-ipaddress { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpninstance-name | logging ] *
When the rule command is used to configure a filtering rule for a named
ACL, only the configurations specified by source and time-range take effect.
The following table lists the strategies that can be taken when an ACL is used
for filtering.
Table 5-27 ACL strategies
4.
Condition
Result
The action in an ACL
rule is permit.
The matched LSAs will be advertised.
The action in an ACL
rule is deny.
The matched LSAs will not be advertised.
The network segment
of a route is beyond
the range specified in
an ACL rule.
The LSA carrying the route information will not be
advertised by default.
The ACL does not
contain rules.
Any LSAs matched against the filtering policy
based on this ACL will not be advertised.
If the configuration
order is used as the
ACL rule matching
order, LSAs are
matched against the
ACL rules based on the
configuration order by
default. If the ACL
rules are numbered
with IDs, LSAs are
matched against the
ACL rules in ascending
order of their IDs.
In this case, LSAs can be filtered using a blacklist
or whitelist:
Filtering using a blacklist: Configure a rule with a
smaller ID and specify the action deny in this rule
to filter out the unwanted LSAs. Then, configure
another rule with a larger ID in the same ACL and
specify the action permit in this rule to advertise
the other LSAs.
Filtering using a whitelist: Configure a rule with a
smaller ID and specify the action permit in this
rule to permit the LSAs to be advertised. Then,
configure another rule with a larger ID in the
same ACL and specify the action deny in this rule
to filter out unwanted LSAs.
Enter the OSPF view.
ospf [ process-id ]
5.
Issue 04 (2023-09-22)
Configure the device to filter the LSAs to be sent to a specified neighbor.
Copyright © Huawei Technologies Co., Ltd.
170
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
filter-lsa-out peer peer-addr { all | { ase [ acl { ase-acl-num | ase-acl-name } ] | nssa [ acl { nssa-aclnum | nssa-acl-name } ] | summary [ acl { sum-acl-num | sum-acl-name } ] } * }
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about OSPF
interfaces.
●
Run the display ospf [ process-id ] peer command to check information
about OSPF neighbors.
5.7.6 Example for Configuring OSPF DR Election
Networking Requirements
On the network shown in Figure 5-20, DeviceA has the highest priority (100) on
the network and is elected as the DR; DeviceC has the second highest priority and
is elected as the BDR. DeviceB has the priority of 0 and cannot be elected as a DR
or a BDR; no priority is configured for DeviceD, and therefore, and DeviceD uses
the default value (1).
Figure 5-20 Configuring OSPF DR election
NOTE
In this example, interface 1 represents 10GE 0/0/1.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
171
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
DeviceA
interface1
192.168.1.1/24
DeviceB
interface1
192.168.1.2/24
interface1
192.168.1.3/24
DeviceC
5 OSPF Configuration
interface1
192.168.1.4/24
DeviceD
Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
172
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a router ID, enable OSPF, and specify a network segment on each
device.
2.
Check the DR/BDR status of each device when the default priority is used.
3.
Configure DR priorities for interfaces and check the DR/BDR status.
Procedure
Step 1 Assign an IP address to each interface. For detailed configurations, see the
configuration scripts.
Step 2 Configure basic OSPF functions.
# Configure DeviceA.
[DeviceA] router id 1.1.1.1
[DeviceA] ospf 1
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] router id 2.2.2.2
[DeviceB] ospf 1
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
# Configure DeviceC.
[DeviceC] router id 3.3.3.3
[DeviceC] ospf 1
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.1] quit
[DeviceC-ospf-1] quit
# Configure DeviceD.
[DeviceD] router id 4.4.4.4
[DeviceD] ospf 1
[DeviceD-ospf-1] area 0
[DeviceD-ospf-1-area-0.0.0.2] network 192.168.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.2] quit
[DeviceD-ospf-1] quit
# Check the DR/BDR status.
[DeviceA] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.1.1(10GE0/0/1)'s neighbors
Router ID: 2.2.2.2
Address: 192.168.1.2
State: 2-Way Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 00:04:21
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3
Address: 192.168.1.3
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
173
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:04:06
Authentication Sequence: [ 0 ]
Router ID: 4.4.4.4
Address: 192.168.1.4
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:03:53
Authentication Sequence: [ 0 ]
Check information about the neighbors of DeviceA, including DR priorities and
neighbor status. By default, the DR priority is 1. DeviceD functions as the DR, and
DeviceC functions as the BDR.
NOTE
When the priorities are the same, the device with the highest router ID is elected as the DR.
If a new device is added after the DR and BDR are elected, the new device cannot
immediately become the new DR on the network segment even if it has the highest DR
priority.
Step 3 Set DR priorities for interfaces.
# Configure DeviceA.
[DeviceA] interface 10GE0/0/1
[DeviceA-10GE0/0/1] ospf dr-priority 100
[DeviceA-10GE0/0/1] quit
# Configure DeviceB.
[DeviceB] interface 10GE0/0/1
[DeviceB-10GE0/0/1] ospf dr-priority 0
[DeviceB-10GE0/0/1] quit
# Configure DeviceC.
[DeviceC] interface 10GE0/0/1
[DeviceC-10GE0/0/1] ospf dr-priority 2
[DeviceC-10GE0/0/1] quit
# Check the DR/BDR status.
[DeviceD] display ospf peer
OSPF Process 1 with Router ID 4.4.4.4
Neighbors
Area 0.0.0.0 interface 192.168.1.4(10GE0/0/1)'s neighbors
Router ID: 1.1.1.1
Address: 192.168.1.1
State: Full Mode:Nbr is Slave Priority: 100
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 31 sec
Retrans timer interval: 5
Neighbor is up for 00:11:17
Authentication Sequence: [ 0 ]
Router ID: 2.2.2.2
Address: 192.168.1.2
State: Full Mode:Nbr is Slave Priority: 0
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:11:19
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3
Address: 192.168.1.3
State: Full Mode:Nbr is Slave Priority: 2
DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
174
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Dead timer due in 33 sec
Retrans timer interval: 5
Neighbor is up for 00:11:15
Authentication Sequence: [ 0 ]
Step 4 Restart an OSPF process.
Run the reset ospf 1 process command in the user view of each device to restart
the OSPF process.
----End
Verifying the Configuration
# Check OSPF neighbor information on DeviceD.
[DeviceD] display ospf peer
OSPF Process 1 with Router ID 4.4.4.4
Neighbors
Area 0.0.0.0 interface 192.168.1.4(10GE0/0/1)'s neighbors
Router ID: 1.1.1.1
Address: 192.168.1.1
State: Full Mode:Nbr is Slave Priority: 100
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:07:19
Authentication Sequence: [ 0 ]
Router ID: 2.2.2.2
Address: 192.168.1.2
State: 2-Way Mode:Nbr is Master Priority: 0
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:07:19
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3
Address: 192.168.1.3
State: Full Mode:Nbr is Slave Priority: 2
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:07:17
Authentication Sequence: [ 0 ]
# Check the status of OSPF interfaces on DeviceA.
[DeviceA] display ospf interface
OSPF Process 1 with Router ID 1.1.1.1
Interfaces
Area: 0.0.0.0
IP Address Type
State Cost Pri DR
BDR
192.168.1.1 Broadcast DR
1
100 192.168.1.1 192.168.1.3
OSPF Process 1 with Router ID 1.1.1.1
# Check the status of OSPF interfaces on DeviceB.
[DeviceB] display ospf interface
OSPF Process 1 with Router ID 2.2.2.2
Interfaces
Area: 0.0.0.0
IP Address
Type
State Cost Pri DR
BDR
192.168.1.2
Broadcast DROther 1
0 192.168.1.1 192.168.1.3
If the neighbor is in the Full state, an adjacency has been established with the
neighbor. If the neighbor remains in the 2-Way state, it is not the DR or BDR, and
the two ends do not need to exchange LSAs.
If the status of an OSPF interface is DROther, it indicates that the interface is
neither a DR nor a BDR.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
175
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
interface 10GE0/0/1
ip address 192.168.1.1 255.255.255.0
ospf dr-priority 100
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
ospf dr-priority 0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceB
#
router id 3.3.3.3
#
interface 10GE0/0/1
ip address 192.168.1.3 255.255.255.0
ospf dr-priority 2
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
●
DeviceD
#
sysname DeviceB
#
router id 4.4.4.4
#
interface 10GE0/0/1
ip address 192.168.1.4 255.255.255.0
ospf dr-priority 0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
176
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.8 Configuring an OSPF Stub Area
5.8.1 Understanding the OSPF Stub Area
The number of LSAs can be reduced by partitioning an AS into different areas.
This can be achieved by configuring a non-backbone area on the border of the AS
as a stub area to reduce the number of entries in the routing table, as well as the
number of LSAs to be transmitted in the non-backbone area.
Configuring a stub area is optional. A stub area generally resides on the border of
an AS. For example, a non-backbone area with just one ABR can be configured as
a stub area. In a stub area, the number of entries in the routing table and the
amount of routing information to be transmitted greatly decrease.
Figure 5-21 shows two OSPF areas: area 0 and area 2. The ASBR in area 0 has
imported AS external routes. To ensure route reachability, all routes on the
network are advertised into the OSPF process. In this situation, network expansion
will increase the number of devices as well as the number of routing entries on
each device. As a result, a large number of CPU and memory resources are
required to maintain these entries. Devices in some border areas may already offer
low performance, and maintaining a large number of routing entries greatly
increases the burden on these devices.
Figure 5-21 Stub area and totally stubby area
Area 2
Area 0
External
network
ABR
ASBR
To optimize network performance, minimize the size of the routing table to reduce
the number of flooded LSAs without compromising network reachability. If area 2
is a common area, Type 1, Type 2, Type 3, Type 4, and Type 5 LSAs may all exist in
this area. A device in area 2 must be able to reach the ABR before it can reach any
external network. In this case, the other devices in area 2 do not need routes to
the external network. To meet this requirement, area 2 can be configured as a
stub area.
It is not necessary to know specific inter-area routes for devices in area 2. Instead,
only one egress (ABR) is required to allow data packets on these devices to be
sent. In this case, area 2 can be configured as a totally stubby area. AS external
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
177
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
routes or inter-area routes cannot be transmitted within a totally stubby area, and
this minimizes the number of LSAs to be transmitted within this area.
The following should be noted when configuring a stub area:
●
The backbone area (area 0) cannot be configured as a stub area.
●
If an area needs to be configured as a stub area, all devices in this area must
have the stub command configuration.
●
A device in a stub area cannot be used as an ASBR, and AS external routes
cannot be transmitted in the stub area.
●
Virtual links cannot exist in the stub area.
5.8.2 Configuring a Stub Area
Prerequisites
Before configuring a stub area, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Enter the OSPF area view.
area area-id
Step 4 Configure the area as a stub area.
stub
NOTE
● All devices in a stub area must have the stub command configuration.
● Running the stub command or canceling the configuration may cause the stub area to
be updated. The stub command configuration on a device can be canceled or the
configuration can be performed on new devices in the stub area only after the last area
update is complete.
Step 5 (Optional) Stop the ABR from sending network-summary-LSAs (Type 3) to the
stub area.
stub no-summary
Step 6 (Optional) Stop the ABR from checking the neighbor status in the backbone area
when it generates a default route and advertises it to the stub area.
stub default-route-advertise backbone-peer-ignore
Step 7 (Optional) Set a cost for the default route advertised to the stub area.
default-cost cost
By default, the cost of the default route advertised to the stub area is 1.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
178
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
To ensure the reachability of AS external routes, the ABR in the stub area
generates a default route and advertises it to non-ABR devices in the stub area.
----End
5.8.3 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] lsdb command to check information
about the OSPF LSDB.
●
Run the display ospf [ process-id ] peer command to check information
about OSPF neighbors.
●
Run the display ospf [ process-id ] routing command to check information
about the OSPF routing table.
If the device resides in a common area, AS external routes exist in the routing
table. After the common area is configured as a stub area, AS external routes
no longer exist in the routing table, and the ASE field is displayed as 0 in the
command output.
----End
5.8.4 Example for Configuring an OSPF Stub Area
Networking Requirements
Figure 5-22 shows a network where all devices run OSPF, and the entire AS is
divided into three areas. DeviceA and DeviceB function as ABRs to advertise interarea routes, and DeviceD functions as the ASBR to import external routes (static
routes).
To reduce the number of LSAs advertised to area 1 without compromising route
reachability, configure area 1 as a stub area.
Figure 5-22 Network diagram of configuring an OSPF stub area
NOTE
In this example, interface 1 and interface 2 represent 10GE 0/0/1 and 10GE 0/0/2,
respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
179
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Device
Router ID
Process ID
IP Address
DeviceA
1.1.1.1
1
Area 0: 192.168.0.0/24
Area 1: 192.168.1.0/24
DeviceB
2.2.2.2
1
Area 0: 192.168.0.0/24
Area 2: 192.168.2.0/24
DeviceC
3.3.3.3
1
Area 1: 192.168.1.0/24
and 172.16.1.0/24
DeviceD
4.4.4.4
1
Area 2: 192.168.2.0/24
and 172.17.1.0/24
DeviceE
5.5.5.5
1
Area 1: 172.16.1.0/24
DeviceF
6.6.6.6
1
Area 2: 172.17.1.0/24
Precautions
When configuring an OSPF stub area, note the following rules:
●
The backbone area cannot be configured as a stub area.
●
A device in a stub area cannot be used as an ASBR. As such, AS external
routes cannot be transmitted in the stub area.
●
A virtual link cannot pass through a stub area.
●
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see 5.5.7 Example for
Configuring Basic OSPF Functions.
Configuration Roadmap
The configuration roadmap is as follows:
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
180
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
1.
Configure basic OSPF functions on each device to ensure routing reachability.
2.
Configure a static route on DeviceD, and configure DeviceD to import the
route into the OSPF process.
3.
Configure area 1 as a stub area by running the stub command on all devices
in area 1, and check the OSPF routing information on DeviceC.
4.
Stop DeviceA from advertising Type 3 LSAs to the stub area, and check the
OSPF routing information on DeviceC.
Procedure
Step 1 Assign an IP address to each interface. For detailed configurations, see
Configuration Scripts.
Step 2 Configure basic OSPF functions. For details, see 5.5.7 Example for Configuring
Basic OSPF Functions.
Step 3 Configure DeviceD to import a static route.
[DeviceD] ip route-static 10.0.0.0 8 null 0
[DeviceD] ospf 1
[DeviceD-ospf-1] import-route static type 1
[DeviceD-ospf-1] quit
# Check the ABR and ASBR information on DeviceC.
[DeviceC] display ospf abr-asbr
OSPF Process 1 with Router ID 3.3.3.3
Routing Table to ABR and ASBR
Type
Destination
Intra-area 1.1.1.1
Inter-area 4.4.4.4
Area
0.0.0.1
0.0.0.1
1
3
Cost NextHop
192.168.1.1
192.168.1.1
RtType
ABR
ASBR
# Check information about the OSPF routing table on DeviceC.
NOTE
If DeviceC resides in a common area, AS external routes exist in the routing table.
[DeviceC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
Type
172.17.1.0/24
192.168.0.0/24
192.168.2.0/24
Inter-area 192.168.1.1
Inter-area 192.168.1.1
Inter-area 192.168.1.1
4
2
3
Routing for ASEs
Destination
Cost
10.0.0.0/8
4
NextHop
Type
Type1
Tag
1
AdvRouter
1.1.1.1
1.1.1.1
1.1.1.1
NextHop
192.168.1.1
Area
0.0.0.1
0.0.0.1
0.0.0.1
AdvRouter
4.4.4.4
Total Nets: 4
Intra Area: 0 Inter Area: 3 ASE: 1 NSSA: 0
Step 4 Configure area 1 as a stub area.
# Configure DeviceA.
[DeviceA] ospf 1
[DeviceA-ospf-1] area 1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
181
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
[DeviceA-ospf-1-area-0.0.0.1] stub
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
# Configure DeviceC.
[DeviceC] ospf 1
[DeviceC-ospf-1] area 1
[DeviceC-ospf-1-area-0.0.0.1] stub
[DeviceC-ospf-1-area-0.0.0.1] quit
[DeviceC-ospf-1] quit
# Configure DeviceE.
[DeviceE] ospf 1
[DeviceE-ospf-1] area 1
[DeviceE-ospf-1-area-0.0.0.1] stub
[DeviceE-ospf-1-area-0.0.0.1] quit
[DeviceE-ospf-1] quit
# Check information about the routing table on DeviceC.
NOTE
After the area where DeviceC resides is configured as a stub area, a default route rather
than AS external routes exists in the routing table.
[DeviceC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
0.0.0.0/0
2
172.17.1.0/24
4
192.168.0.0/24
2
192.168.2.0/24
3
Type
NextHop
Inter-area 192.168.1.1
Inter-area 192.168.1.1
Inter-area 192.168.1.1
Inter-area 192.168.1.1
AdvRouter
1.1.1.1
1.1.1.1
1.1.1.1
1.1.1.1
Area
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
Total Nets: 4
Intra Area: 0 Inter Area: 4 ASE: 0 NSSA: 0
Step 5 # Stop DeviceA from advertising Type 3 LSAs to the stub area.
[DeviceA] ospf
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1] stub no-summary
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
----End
Verifying the Configuration
# Check information about the OSPF routing table on DeviceC.
[DeviceC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
Type
NextHop
0.0.0.0/0
2
Inter-area 192.168.1.1
AdvRouter
Area
1.1.1.1
0.0.0.1
Total Nets: 1
Intra Area: 0 Inter Area: 1 ASE: 0 NSSA: 0
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
182
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
NOTE
After the advertisement of summary LSAs to the stub area is disabled, the number of
routing entries on devices in the stub area further decreases, and only the default route to a
destination beyond the stub area is reserved.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
stub no-summary
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
#
interface 10GE0/0/2
ip address 172.16.1.1 255.255.255.0
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
stub
#
return
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
183
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
DeviceD
#
sysname DeviceD
#
router id 4.4.4.4
#
interface 10GE0/0/1
ip address 192.168.2.2 255.255.255.0
#
interface 10GE0/0/2
ip address 172.17.1.1 255.255.255.0
#
ospf 1
import-route static type 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
ip route-static 10.0.0.0 255.0.0.0 NULL0
#
return
●
DeviceE
#
sysname DeviceE
#
router id 5.5.5.5
#
interface 10GE0/0/2
ip address 172.16.1.2 255.255.255.0
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
stub
#
return
●
DeviceF
#
sysname DeviceF
#
router id 6.6.6.6
#
interface 10GE0/0/2
ip address 172.17.1.2 255.255.255.0
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
5.9 Configuring an OSPF NSSA
5.9.1 Understanding the OSPF NSSA
An NSSA is a special type of OSPF area. Neither the NSSA nor the stub area
transmits routes learned from other areas over the OSPF network. However, unlike
the stub area, the NSSA does allow AS external routes to be imported and
forwarded throughout the entire AS.
If you want to import AS external routes to an area and prevent these routes from
consuming resources, configure the area as an NSSA.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
184
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Type 7 LSAs are used in the NSSA to carry information about the imported AS
external routes. Type 7 LSAs are generated by ASBRs of NSSAs, and are only
flooded in the NSSAs where ASBRs reside. The ABR in an NSSA selects Type 7 LSAs
from those received, and translates them into Type 5 LSAs in order to advertise
external routes to other areas over the OSPF network.
On the OSPF network shown in Figure 5-23, area 2 is a stub area, through which
an external network requires access to the OSPF network. In this case, AS external
routes need to be imported and advertised within the entire AS. One method is to
enable DeviceA to import AS external routes into the OSPF AS. DeviceA then
becomes an ASBR, indicating that area 2 is no longer a stub area. Another method
is to configure an NSSA.
Figure 5-23 NSSA and totally NSSA
RIP
Area 2
DeviceA
Area 0
ASBR
外部网络
ABR
ASBR
An NSSA differs from a stub area in that it allows AS external routes to be
imported and advertised within the entire OSPF AS without learning routes from
other areas on the OSPF network.
To ensure the reachability of AS external routes, the ABR in an NSSA generates a
default route and advertises it to the other devices in this NSSA.
Multiple ABRs may be deployed in an NSSA. To prevent routing loops caused by
default routes, ABRs do not calculate the default routes advertised by each other.
The same area type must be configured for all devices in an area, and each device
uses the N-bit carried in a Hello packet to identify the area type it supports. If
devices have different area types, they cannot establish OSPF neighbor
relationships. However, devices from some vendors do not comply with the OSPF
implementation. These devices also have the N-bit set in DD packets. To enable a
Huawei device to interwork with such devices, run the nssa command with the
set-n-bit parameter specified on the Huawei device to set the N-bit in DD packets.
Similar to a totally stub area, OSPF defines the totally NSSA to further reduce the
number of LSAs transmitted within an NSSA.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
185
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.9.2 Configuring an NSSA
Prerequisites
Before configuring an NSSA, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Enter the OSPF area view.
area area-id
Step 4 Configure the area as an NSSA.
nssa [ default-route-advertise [ backbone-peer-ignore ] | no-import-route | no-summary | set-n-bit |
suppress-forwarding-address | translator-always | translator-interval interval-value | zero-addressforwarding ] *
NOTE
● All devices in an NSSA must have the nssa command configuration.
● Running the nssa command or canceling the configuration may cause the NSSA to be
updated and neighbor relationships to be disconnected. The nssa command
configuration on a device can be canceled or the configuration can be performed on
new devices in the NSSA only after the last area update is complete.
Step 5 (Optional) Set the cost of the default route information carried in Type 3 LSAs
that are transmitted by the ABR to the NSSA.
default-cost cost
To ensure the reachability of AS external routes, the ABR in the NSSA generates a
default route and advertises it to the other devices in the NSSA. Setting a cost for
the default route advertised to an NSSA adjusts the route selection result.
By default, the cost of the default route that is sent by the ABR to the NSSA is 1.
----End
5.9.3 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] lsdb command to check the OSPF LSDB
information.
●
Run the display ospf [ process-id ] routing command to check information
about the OSPF routing table.
By comparing the routing tables before and after the NSSA is configured, you
can reach the following conclusions:
–
Issue 04 (2023-09-22)
After an area is configured as the NSSA, the number of entries in the
routing table is reduced.
Copyright © Huawei Technologies Co., Ltd.
186
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
–
●
5 OSPF Configuration
AS external routes are imported into the NSSA.
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about OSPF
interfaces.
----End
5.9.4 Example for Configuring an OSPF NSSA
Networking Requirements
An excessive number of entries in a routing table wastes network resources and
leads to high CPU usage. To solve this problem, a non-backbone area on the
border of an AS can be configured as an NSSA, which does not transmit routes
learned from other areas in the AS, and instead imports AS external routes. This
reduces bandwidth and storage resource consumption.
On the network shown in Figure 5-24, OSPF runs on all devices and the entire AS
is divided into two areas. DeviceA and DeviceB function as ABRs to forward interarea routes, and DeviceD functions as an ASBR and imports the external static
route 10.0.0.0/8. To import AS-external routes, but reduce the number of LSAs
advertised to area 1 without compromising route reachability, configure area 1 as
an NSSA and DeviceA as an LSA translator in the NSSA.
Figure 5-24 Network diagram of configuring an OSPF NSSA
NOTE
In this example, interface 1, interface 2, and interface 3 represent 10GE 0/0/1, 10GE 0/0/2,
and 10GE 0/0/3, respectively.
Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
187
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on each device and configure basic OSPF functions to ensure
that the devices can communicate with each other using OSPF.
2.
Configure area 1 as an NSSA.
3.
Configure DeviceD to import the static route 10.0.0.0/8.
4.
Configure DeviceA in the NSSA as an LSA translator.
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 5-24. For detailed
configurations, see the configuration scripts.
Step 2 Configure basic OSPF functions.
For detailed configurations, see the configuration scripts.
Step 3 Configure area 1 as an NSSA.
# Configure DeviceA.
[DeviceA] ospf
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1] nssa
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] ospf
[DeviceB-ospf-1] area 1
[DeviceB-ospf-1-area-0.0.0.1] nssa
[DeviceB-ospf-1-area-0.0.0.1] quit
[DeviceB-ospf-1] quit
# Configure DeviceD.
[DeviceD] ospf
[DeviceD-ospf-1] area 1
[DeviceD-ospf-1-area-0.0.0.1] nssa
[DeviceD-ospf-1-area-0.0.0.1] quit
[DeviceD-ospf-1] quit
NOTE
All devices in the NSSA must have the nssa command configuration.
Step 4 Configure static route 10.0.0.0/8 on DeviceD, and configure the device to import
the route into the OSPF process.
[DeviceD] ip route-static 10.0.0.0 8 null 0
[DeviceD] ospf
[DeviceD-ospf-1] import-route static
[DeviceD-ospf-1] quit
# Check information about the OSPF routing table on DeviceC.
[DeviceC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
188
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
Routing for Network
Destination
Cost
192.168.3.0/24
2
192.168.4.0/24
2
192.168.0.0/24
1
192.168.1.0/24
2
192.168.1.0/24
2
192.168.2.0/24
1
Type
NextHop
Inter-area 192.168.0.1
Inter-area 192.168.2.1
Stub
192.168.0.2
Inter-area 192.168.0.1
Inter-area 192.168.2.1
Stub
192.168.2.2
Routing for ASEs
Destination
Cost
Type
10.0.0.0/8
1
Type2
1
5 OSPF Configuration
AdvRouter
Area
1.1.1.1
0.0.0.0
2.2.2.2
0.0.0.0
3.3.3.3
0.0.0.0
1.1.1.1
0.0.0.0
2.2.2.2
0.0.0.0
3.3.3.3
0.0.0.0
Tag NextHop
192.168.2.1
AdvRouter
2.2.2.2
Total Nets: 7
Intra Area: 2 Inter Area: 4 ASE: 1 NSSA: 0
The command output shows that the router ID of the AS external route imported
into the NSSA is 2.2.2.2, meaning that DeviceB functions as an LSA translator. This
is because OSPF selects the ABR with the larger router ID as an LSA translator.
Step 5 Configure DeviceA as an LSA translator.
[DeviceA] ospf
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary translator-always
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
----End
Verifying the Configuration
# Check information about the OSPF routing table on DeviceC.
[DeviceC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination
Cost
192.168.3.0/24
2
192.168.4.0/24
2
192.168.0.0/24
1
192.168.1.0/24
2
192.168.1.0/24
2
192.168.2.0/24
1
Type
NextHop
Inter-area 192.168.0.1
Inter-area 192.168.2.1
Stub
192.168.0.2
Inter-area 192.168.2.1
Inter-area 192.168.0.1
Stub
192.168.2.2
Routing for ASEs
Destination
Cost
Type
10.0.0.0/8
1
Type2
1
AdvRouter
Area
1.1.1.1
0.0.0.0
2.2.2.2
0.0.0.0
3.3.3.3
0.0.0.0
2.2.2.2
0.0.0.0
1.1.1.1
0.0.0.0
3.3.3.3
0.0.0.0
Tag NextHop
192.168.0.1
AdvRouter
1.1.1.1
Total Nets: 7
Intra Area: 2 Inter Area: 4 ASE: 1 NSSA: 0
The command output shows that DeviceC has imported an AS external route, and
that the router ID of the device that advertises this route is 1.1.1.1, indicating that
DeviceA functions as an LSA translator.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
189
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
#
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.3.1 255.255.255.0
#
interface 10GE0/0/3
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
nssa default-route-advertise no-summary translator-always
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
interface 10GE0/0/3
ip address 192.168.4.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
nssa
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
●
DeviceD
#
sysname DeviceD
#
router id 4.4.4.4
#
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
190
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
interface 10GE0/0/1
ip address 192.168.3.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.4.1 255.255.255.0
#
ospf 1
import-route static
area 0.0.0.1
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
nssa
#
ip route-static 10.0.0.0 255.0.0.0 NULL0
#
return
5.10 Configuring an OSPF Virtual Link
5.10.1 Understanding OSPF Virtual Links
Context
All non-backbone areas must be connected to the backbone area during OSPF
deployment to ensure that all areas are reachable. However, in real-world
applications, some areas may be unable to connect to the backbone area due to
limitations.
For example, on the network shown in Figure 5-25, area 2 is not connected to
area 0 (backbone area), and DeviceB is not an ABR. Consequently, DeviceB does
not generate routing information about network 1 in area 0, and DeviceC does not
have a route to network 1.
Figure 5-25 Non-backbone area not connected to the backbone area
In this case, you can configure an OSPF virtual link to resolve this issue.
Related Concepts
A virtual link refers to a logical channel established between two ABRs over a nonbackbone area.
●
A virtual link must be configured at both ends of the link.
●
The area that provides a non-backbone area internal route for both ends of
the virtual link is called transit area.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
191
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
A virtual link is similar to a P2P connection established between two ABRs. As with
physical interfaces, it is possible to configure interface parameters, such as the
interval at which Hello packets are sent, at both ends of the virtual link.
Fundamentals
On the network shown in Figure 5-26, two ABRs use a virtual link to directly
transmit OSPF packets, while the OSPF device between them only forwards
packets. Because the device is not the destination of the OSPF packets, it
transparently transmits them as common IP packets.
Figure 5-26 OSPF virtual link
5.10.2 Creating an OSPF Virtual Link
Prerequisites
Before creating an OSPF virtual link, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Enter the OSPF area view.
area area-id
Step 4 Create and configure a virtual link.
vlink-peer router-id [ dead dead-interval | hello hello-interval | retransmit retransmit-interval | transdelay trans-delay-interval | [ simple [ [ plain ] plain-text | cipher cipher-text ] | { md5 | hmac-md5 | hmacsha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ] | authentication-null | keychain keychainname ] | smart-discover ] *
The virtual link must also be configured on the neighbor.
The default parameter values are recommended when a virtual link is configured;
however, you can modify the parameter values as needed. Suggested parameter
configurations are as follows:
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
192
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
Set a proper hello hello-interval value based on actual network conditions.
The smaller the value, the faster the device detects network topology
changes, but the more network resources are consumed.
●
If retransmit retransmit-interval is set to too small a value, unnecessary LSA
retransmission may occur. Therefore, setting the parameter to a large value is
recommended on a low-speed network.
●
The authentication modes of a virtual link and the backbone area must be
the same.
●
As MD5 is insecure, you are advised to use a more secure authentication
mode, such as keychain authentication.
----End
5.10.3 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] vlink command to check OSPF virtual link
information.
●
Run the display ospf routing command to check OSPF routing information.
----End
5.10.4 Example for Configuring an OSPF Virtual Link
Networking Requirements
As shown in Figure 5-27, area 2 is not directly connected to the backbone area
(area 0). Area 1 serves as a transit area to connect area 2 and area 0, and a virtual
link is configured between DeviceA and DeviceB.
Figure 5-27 Network diagram of OSPF virtual link configuration
NOTE
In this example, interface 1 and interface 2 represent 10GE 0/0/1 and 10GE 0/0/2,
respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
193
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Device
Router ID
Process ID
IP Address
DeviceA
1.1.1.1
1
Area 0: 10.0.0.0/8
Area 1: 192.168.1.0/24
DeviceB
2.2.2.2
1
Area 1: 192.168.1.0/24
Area 2: 172.16.0.0/16
DeviceC
3.3.3.3
1
Area 0: 10.0.0.0/8
DeviceD
4.4.4.4
1
Area 2: 172.16.0.0/16
Configuration Precautions
The default parameter values are recommended when a virtual link is configured;
however, you can modify the parameter values according to the actual scenario:
●
The smaller the hello value, the faster the device detects network topology
changes, but the more network resources are consumed.
●
If retransmit is set to too small a value, unnecessary LSA retransmission may
occur. Therefore, setting the parameter to a large value is recommended on a
low-speed network.
●
The authentication modes of a virtual link and the backbone area must be
the same.
●
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for
Configuring Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions on each device.
2.
Configure a virtual link between DeviceA and DeviceB to connect a nonbackbone area to the backbone area.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
194
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface according to Figure 5-27. For detailed
configurations, see Configuration Scripts.
Step 2 Configure basic OSPF functions.
For detailed configurations, see the configuration scripts.
Step 3 Check information about the OSPF routing table on DeviceA.
[DeviceA] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination
Cost
10.0.0.0/8
1
192.168.1.0/24
1
Type
NextHop
AdvRouter
Area
Transit 10.1.1.1
3.3.3.3
0.0.0.0
Transit 192.168.1.1
1.1.1.1
0.0.0.1
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
The routing table on DeviceA contains no route in area 2, because area 2 is not
directly connected to area 0.
Step 4 Configure a virtual link.
# Configure DeviceA.
[DeviceA] router id 1.1.1.1
[DeviceA] ospf 1
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] router id 2.2.2.2
[DeviceB] ospf 1
[DeviceB-ospf-1] area 1
[DeviceB-ospf-1-area-0.0.0.1] vlink-peer 1.1.1.1
[DeviceB-ospf-1-area-0.0.0.1] quit
[DeviceB-ospf-1] quit
----End
Verifying the Configuration
# Check the OSPF virtual link information on DeviceA.
[DeviceA] display ospf vlink
OSPF Process 1 with Router ID 1.1.1.1
Virtual Links
Virtual-link Neighbor-id -> 2.2.2.2, Neighbor-State: Full
Interface: 192.168.1.1 (10GE0/0/1)
Cost: 1 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
The preceding command output shows that the OSPF virtual link neighbor
relationship is in Full state, indicating that the virtual link is configured
successfully.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
195
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
# Check information about the OSPF routing table on DeviceA.
[DeviceA] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination
Cost
172.16.0.0/16
2
10.0.0.0/8
1
192.168.1.0/24
1
Type
NextHop
AdvRouter
Area
Inter-area 192.168.1.2
2.2.2.2
0.0.0.2
Transit 10.1.1.1
1.1.1.1
0.0.0.0
Transit 192.168.1.1
1.1.1.1
0.0.0.1
Total Nets: 3
Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0
After the virtual link is configured, the routing table on DeviceA contains the route
in area 2.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
interface 10GE0/0/1
ip address 192.168.1.1 255.255.255.0
#
interface 10GE0/0/2
ip address 10.1.1.1 255.0.0.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
vlink-peer 2.2.2.2
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
#
interface 10GE0/0/2
ip address 172.16.1.1 255.255.0.0
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
vlink-peer 1.1.1.1
area 0.0.0.2
network 172.16.0.0 0.0.255.255
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
196
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
interface 10GE0/0/2
ip address 10.1.1.2 255.0.0.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
#
return
●
DeviceD
#
sysname DeviceD
#
router id 4.4.4.4
#
interface 10GE0/0/2
ip address 172.16.1.2 255.255.0.0
#
ospf 1
area 0.0.0.2
network 172.16.0.0 0.0.255.255
#
return
5.11 Setting a Cost for an OSPF Interface
Prerequisites
Before setting a cost for an OSPF interface, you have completed the following
task:
●
Configure basic OSPF functions.
Context
You can adjust and optimize route selection by setting OSPF interface costs. After
the OSPF interface costs are set, the interface with the lowest cost is selected to
transmit routing information. The OSPF interface cost can be set or calculated
based on the interface bandwidth.
Procedure
●
Manually set a cost for an OSPF interface.
a.
Enter the system view.
system-view
b.
Enter the interface view.
interface interface-type interface-number
c.
Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface
working mode.
d.
Set a cost for the OSPF interface.
ospf cost value
By default, the OSPF interface cost is calculated using the Interface cost
= Bandwidth reference value/Interface bandwidth formula, in which
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
197
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
the bandwidth reference value can be changed using the bandwidthreference command.
●
Set a bandwidth reference value to implement automatic OSPF interface cost
calculation.
a.
Enter the system view.
system-view
b.
Enter the OSPF view.
ospf [ process-id ]
c.
Set a bandwidth reference value.
bandwidth-reference value
By default, the bandwidth reference is 100 Mbit/s. Therefore, the
interface cost equals 100 Mbit/s (100,000,000 bit/s) divided by the
interface bandwidth (in bit/s).
The calculation formula is as follows: Interface cost = Bandwidth
reference value/Interface bandwidth. The integer of the calculation
result is used as the cost of the interface. If the result is smaller than 1,
the cost is 1.
----End
Verifying the Configuration
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about the OSPF
interface. You can view the interface cost from the Cost field in the command
output.
5.12 Configuring OSPF Load Balancing
5.12.1 Configuring OSPF Load Balancing
Prerequisites
Before configuring OSPF load balancing, you have completed the following task:
●
Configure basic OSPF functions.
OSPF Load Balancing Conditions
When the number of OSPF routes allowed to participate in load balancing and the
number of routes on the device that are allowed to participate in load balancing
are both greater than 1 and multiple OSPF routes with the same prefix exist on
the device, these OSPF routes work in load balancing mode if the following
conditions are met:
●
The OSPF route types (intra-area, inter-area, Type 1 external, or Type 2
external) are the same.
●
The direct next hops are different.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
198
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
The costs are the same.
●
In the case of Type 2 external routes, the costs of the paths to the ASBR/
forwarding address must be the same.
●
If OSPF selects routes according to the rules defined in related standards, the
area IDs must be the same.
Context
You can set the maximum number of OSPF equal-cost routes and preferences to
implement load balancing and adjust route selection. If the destinations and costs
of the multiple routes discovered by a routing protocol are the same, load
balancing can be implemented among the routes.
On the network shown in Figure 5-28, three routes between DeviceA and DeviceB
that run OSPF have the same cost. The three routes are equal-cost routes and are
used for load balancing.
Figure 5-28 Network diagram of equal-cost routes
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Set the maximum number of equal-cost routes that can be used for load
balancing.
maximum load-balancing number
If the number of equal-cost routes is greater than the number specified in the
maximum load-balancing number command, valid routes are selected for load
balancing based on the following criteria:
1.
Issue 04 (2023-09-22)
Next-hop preference: OSPF selects the routes with higher next-hop
preferences for load balancing. For details about the configuration of nexthop preferences, see Step 4.
Copyright © Huawei Technologies Co., Ltd.
199
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
2.
Index of the outbound interface corresponding to a next hop: If the next-hop
preferences of the candidate routes are the same, OSPF compares the indexes
of the outbound interfaces corresponding to the next hops and selects the
routes with larger outbound interface indexes for load balancing.
3.
Next-hop IP address: If the candidate routes have the same next-hop
preference and outbound interface index, the routes with larger next-hop IP
addresses are selected for load balancing.
Step 4 (Optional) Set a preference for the next hop of an equal-cost route.
nexthop ip-address weight value
You can run the nexthop command to set a preference for the next hop of each
OSPF equal-cost route so that OSPF selects routes with higher next-hop
preferences for load balancing.
●
ip-address specifies the next-hop IP address of an equal-cost route.
●
value specifies a weight value for the next hop. The smaller the weight value,
the higher the preference. The default weight value is 255.
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] routing command to check information
about the OSPF routing table. The command output shows information about
equal-cost routes.
●
Run the display ospf [ process-id ] ecmp-group command to check
information about OSPF ECMP groups.
5.12.2 Example for Configuring OSPF Load Balancing
Networking Requirements
As shown in 5.12.2 Example for Configuring OSPF Load Balancing:
●
DeviceA, DeviceB, DeviceC, DeviceD, and DeviceE run OSPF to implement IP
network interworking.
●
DeviceA, DeviceB, DeviceC, DeviceD, and DeviceE belong to area 0.
●
Load balancing needs to be configured so that the traffic of DeviceA can be
sent to DeviceE through DeviceC and DeviceD.
Figure 5-29 Configuring OSPF load balancing
NOTE
In this example, interface1, interface2, interface3, and interface4 represent 10GE 0/0/1,
10GE 0/0/2, 10GE 0/0/3, and 10GE 0/0/4, respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
200
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions on each device to ensure routing reachability.
2.
# Configure load balancing on DeviceA.
3.
Set a weight for the next hop of each equal-cost route on DeviceA.
4.
Configure per-packet load balancing on DeviceA.
Data Preparation
To complete the configuration, you need the following data:
●
Data of DeviceA, including the router ID (1.1.1.1), OSPF process ID (1), and
network segments of area 0 (10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24)
●
Data of DeviceB, including the router ID (2.2.2.2), OSPF process ID (1), and
network segments of area 0 (10.1.1.0/24 and 192.168.0.0/24)
●
Data of DeviceC, including the router ID (3.3.3.3), OSPF process ID (1), and
network segments of area 0 (10.1.2.0/24 and 192.168.1.0/24)
●
Data of DeviceD, including the router ID (4.4.4.4), OSPF process ID (1), and
network segments of area 0 (10.1.3.0/24 and 192.168.2.0/24)
●
Data of DeviceE, including the router ID (5.5.5.5), OSPF process ID (1), and
network segments of area 0 (192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24,
and 172.17.1.0/24)
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
201
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
Number of routes for load balancing on DeviceA: 2
●
Next hop weights of the routes from DeviceA to DeviceB, DeviceC, and
DeviceD (2, 1, and 1, respectively)
Procedure
Step 1 Assign an IP address to each interface. For detailed configurations, see the
configuration scripts.
Step 2 Configure basic OSPF functions. For details, see 5.5.7 Example for Configuring
Basic OSPF Functions.
Step 3 Check the routing table of DeviceA.
The default maximum number of equal-cost routes is greater than 3. Therefore,
DeviceA has three valid next hops: DeviceB (10.1.1.2), DeviceC (10.1.2.2), and
DeviceD (10.1.3.2).
[DeviceA] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
---------------------------------------------------------------------------Routing Table: _public_
Destinations : 15
Routes : 15
Destination/Mask
Proto Pre Cost Flags
10.1.1.0/24 Direct 0 0
10.1.1.1/32 Direct 0 0
10.1.1.2/32 Direct 0 0
10.1.2.0/24 Direct 0 0
10.1.2.1/32 Direct 0 0
10.1.2.2/32 Direct 0 0
10.1.3.0/24 Direct 0 0
10.1.3.1/32 Direct 0 0
10.1.3.2/32 Direct 0 0
127.0.0.0/8
Direct 0 0
127.0.0.1/32 Direct 0 0
192.168.0.0/24 OSPF 10
192.168.1.0/24 OSPF 10
192.168.2.0/24 OSPF 10
172.17.1.0/24 OSPF 10
OSPF 10 3
OSPF 10 3
2
2
2
3
D
D
D
D
D
D
D
D
D
D
D
D
D
NextHop
Interface
10.1.1.1
10GE0/0/1
127.0.0.1
10GE0/0/1
10.1.1.2
10GE0/0/1
10.1.2.1
10GE0/0/2
127.0.0.1
10GE0/0/2
10.1.2.2
10GE0/0/2
10.1.2.1
10GE0/0/3
127.0.0.1
10GE0/0/3
10.1.2.2
10GE0/0/3
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
10.1.1.2
10GE0/0/1
D
10.1.2.2
10GE0/0/2
D
10.1.2.2
10GE0/0/3
D
10.1.1.2
10GE0/0/1
10.1.2.2
10GE0/0/2
10.1.3.2
10GE0/0/3
Step 4 Set the maximum number of routes for load balancing to 2 on DeviceA.
[DeviceA] ospf 1
[DeviceA-ospf-1] maximum load-balancing 2
[DeviceA-ospf-1] quit
# Check the routing table of DeviceA. The command output shows that DeviceA
has two routes for load balancing. The maximum number of equal-cost routes is
set to 2. Therefore, the next hops 10.1.1.2 (DeviceB) and 10.1.2.2 (DeviceC) are
valid.
[DeviceA] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
---------------------------------------------------------------------------Routing Table: _public_
Destinations : 15
Routes : 15
Destination/Mask
Proto Pre Cost Flags
10.1.1.0/24 Direct 0
10.1.1.1/32 Direct 0
Issue 04 (2023-09-22)
0
0
D
D
NextHop
10.1.1.1
127.0.0.1
Interface
10GE0/0/1
10GE0/0/1
Copyright © Huawei Technologies Co., Ltd.
202
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
10.1.1.2/32 Direct 0 0
10.1.2.0/24 Direct 0 0
10.1.2.1/32 Direct 0 0
10.1.2.2/32 Direct 0 0
10.1.3.0/24 Direct 0 0
10.1.3.1/32 Direct 0 0
10.1.3.2/32 Direct 0 0
127.0.0.0/8
Direct 0 0
127.0.0.1/32 Direct 0 0
192.168.0.0/24 OSPF 10
192.168.1.0/24 OSPF 10
192.168.2.0/24 OSPF 10
172.17.1.0/24 OSPF 10
OSPF 10 3
2
2
2
3
D
D
D
D
D
D
D
D
D
D
5 OSPF Configuration
10.1.1.2
10GE0/0/1
10.1.2.1
10GE0/0/2
127.0.0.1
10GE0/0/2
10.1.2.2
10GE0/0/2
10.1.2.1
10GE0/0/3
127.0.0.1
10GE0/0/3
10.1.2.2
10GE0/0/3
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
10.1.1.2
10GE0/0/1
D
10.1.2.2
10GE0/0/2
D
10.1.2.2
10GE0/0/3
D
10.1.1.2
10GE0/0/1
10.1.2.2
10GE0/0/2
Step 5 Set a weight for the next hop of each equal-cost route on DeviceA.
[DeviceA] ospf 1
[DeviceA-ospf-1]
[DeviceA-ospf-1]
[DeviceA-ospf-1]
[DeviceA-ospf-1]
nexthop 10.1.1.2 weight 2
nexthop 10.1.2.2 weight 1
nexthop 10.1.3.2 weight 1
quit
----End
Verifying the Configuration
# Check information about the routing table on DeviceA.
[DeviceA] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
---------------------------------------------------------------------------Routing Table: _public_
Destinations : 15
Routes : 15
Destination/Mask
Proto Pre Cost Flags
10.1.1.0/24 Direct 0 0
10.1.1.1/32 Direct 0 0
10.1.1.2/32 Direct 0 0
10.1.2.0/24 Direct 0 0
10.1.2.1/32 Direct 0 0
10.1.2.2/32 Direct 0 0
10.1.3.0/24 Direct 0 0
10.1.3.1/32 Direct 0 0
10.1.3.2/32 Direct 0 0
127.0.0.0/8
Direct 0 0
127.0.0.1/32 Direct 0 0
192.168.0.0/24 OSPF 10
192.168.1.0/24 OSPF 10
192.168.2.0/24 OSPF 10
172.17.1.0/24 OSPF 10
OSPF 10 3
2
2
2
3
D
D
D
D
D
D
D
D
D
D
D
D
NextHop
Interface
10.1.1.1
10GE0/0/1
127.0.0.1
10GE0/0/1
10.1.1.2
10GE0/0/1
10.1.2.1
10GE0/0/2
127.0.0.1
10GE0/0/2
10.1.2.2
10GE0/0/2
10.1.2.1
10GE0/0/3
127.0.0.1
10GE0/0/3
10.1.2.2
10GE0/0/3
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D
10.1.1.2
10GE0/0/1
D
10.1.2.2
10GE0/0/2
D
10.1.2.2
10GE0/0/3
D
10.1.2.2
10GE0/0/2
10.1.3.2
10GE0/0/3
As shown in the routing table, as the priorities of the routes with next hop
addresses 10.1.2.2 and 10.1.3.2 are higher than that of the route with next hop
address 10.1.1.2, DeviceA has only two valid next hops: 10.1.2.2 (DeviceC) and
10.1.3.2 (DeviceD).
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
interface 10GE0/0/1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
203
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
ip address 10.1.1.1 255.255.255.0
#
interface 10GE0/0/2
ip address 10.1.2.1 255.255.255.0
#
interface 10GE0/0/3
ip address 10.1.3.1 255.255.255.0
#
ospf 1 router-id 1.1.1.1
maximum load-balancing 2
nexthop 10.1.1.2 weight 2
nexthop 10.1.2.2 weight 1
nexthop 10.1.3.2 weight 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
interface 10GE0/0/1
ip address 10.1.1.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.0.1 255.255.255.0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.0.0 0.0.255.255
#
return
●
DeviceC
#
sysname DeviceC
#
interface 10GE0/0/1
ip address 10.1.2.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.1 255.255.255.0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return
●
DeviceD
#
sysname DeviceD
#
interface 10GE0/0/1
ip address 10.1.3.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.1.3.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
204
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
DeviceE
#
sysname DeviceE
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.2 255.255.255.0
#
interface 10GE0/0/3
ip address 192.168.2.2 255.255.255.0
#
interface 10GE0/0/4
ip address 172.17.1.1 255.255.255.0
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 192.168.0.0 0.0.255.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
5.13 Setting the Convergence Priority for OSPF Routes
Prerequisites
Before setting the convergence priority for OSPF routes, you have completed the
following task:
●
Configure basic OSPF functions.
Context
LSA flooding, LSDB synchronization, and route calculation can be implemented
based on a convergence priority set for OSPF routes to help adjust the route
convergence speed. If an LSA has multiple convergence priorities, the highest
priority takes effect.
OSPF calculates LSAs in the sequence of intra-area routes, inter-area routes, and
AS external routes. If convergence priorities are set for these three types of routes,
OSPF calculates the different types of routes separately. The convergence priorities
in the descending order are as follows: Critical > High > Medium > Low. In
addition, to ensure that LSAs with a higher convergence priority are processed
first, OSPF places LSAs into the critical, high, medium, and low queues based on
convergence priorities during LSA flooding.
By default, the convergence priorities of public OSPF host routes, direct routes,
static routes, and other protocol (such as BGP and RIP) routes are medium, high,
medium, and low, respectively. On the public network, the convergence priority of
OSPF 32-bit host routes is medium.
Procedure
Step 1 Enter the system view.
system-view
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
205
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 2 Configure an IP prefix list.
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ipv4-address mask-length [ matchnetwork ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]
Step 3 Enter the OSPF view.
ospf [ process-id ]
Step 4 Set a convergence priority for the OSPF routes that match the specified IP prefix
list.
prefix-priority { critical | high | medium } ip-prefix ip-prefix-name
This command sets a convergence priority for the OSPF routes matching the
specified IP prefix list. The configuration takes effect on the public network only.
----End
Verifying the Configuration
Run the display ospf [ process-id ] routing ip-address [ mask | mask-length ]
command to check information about a specified OSPF route. The command
output shows the priority of the specified OSPF route.
5.14 Configuring a Stub Router
Prerequisites
Before configuring a stub router, you have completed the following task:
●
Configure basic OSPF functions.
Context
Maintenance operations, such as device upgrade, can potentially trigger route
flapping. To prevent an OSPF route from going through a path that includes a
device under upgrade or maintenance, you can configure the device as a stub
router. Then, after the configuration is performed, the route on the stub router will
not be selected. The link cost on the stub router is automatically set to the
maximum value 65535, thereby preventing traffic from being routed to the stub
router. This configuration task generally applies to device upgrade or maintenance
scenarios.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Configure the device as a stub router.
stub-router [ [ on-startup [ interval ] ] | [ include-stub ] | [ external-lsa [ externallsa-metric ] ] |
[ summary-lsa [ summarylsa-metric ] ] ] *
By default, no device is configured as a stub router.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
206
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
If a device is configured as a stub router, the device keeps serving as the role for
500 seconds by default.
NOTE
The stub router configured using this command is irrelevant to the devices in a stub area.
----End
Verifying the Configuration
Run the display ospf [ process-id ] routing command to check information about
the OSPF routing table.
5.15 Suppressing an Interface from Sending and
Receiving OSPF Packets
Prerequisites
Before suppressing an interface from sending and receiving OSPF packets, you
have completed the following task:
●
Configure basic OSPF functions.
Context
If a device interface is suppressed from sending and receiving OSPF packets, link
information about this interface will not be used for route calculation. This
ensures that routes to the other interfaces on the device are preferentially
selected.
For example, there are three routes between DeviceA and DeviceB, as shown in
Figure 5-30. To ensure that the route to interface 2 is selected as the optimal
route, you need to suppress interface 1 and interface 3 from sending and receiving
OSPF packets.
Figure 5-30 Network diagram of suppressing the interfaces from sending and
receiving OSPF packets
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
207
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Suppress a specified interface from sending and receiving OSPF packets.
silent-interface { all | interface-type interface-number }
Different processes can suppress the same interface from sending and receiving
OSPF packets, but the silent-interface command is valid only for the OSPF
interfaces enabled in the current process.
After an OSPF interface is configured to be in silent state, the interface can still
advertise its direct routes. Hello packets on the interface, however, cannot be sent.
Therefore, a neighbor relationship cannot be established on the interface. This can
enhance the networking adaptability of OSPF and reduce system resource
consumption.
----End
Verifying the Configuration
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check information about OSPF
interfaces.
5.16 Configuring OSPF to Import External Routes
Prerequisites
Before configuring OSPF to import external routes, you have completed the
following tasks:
●
Configure basic OSPF functions.
●
To use a route-policy to filter the routes to be imported, create the routepolicy first.
●
To use an IP prefix list to filter the routes to be imported, create the IP prefix
list first.
Context
When a device on an OSPF network needs to access a device running a non-OSPF
routing protocol, the device needs to import the routes of the non-OSPF routing
protocol into the OSPF network.
OSPF provides loop-free intra-area routes and inter-area routes; however, OSPF
cannot prevent external routing loops. Therefore, you should exercise caution
when configuring OSPF to import external routes.
Perform the following steps on the ASBR running OSPF.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
208
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
NOTICE
OSPF and other dynamic routing protocols such as IS-IS and BGP often import
routes from each other. If no routing policy is configured or a routing policy is
incorrectly configured on a device where IS-IS, OSPF, and BGP import routes from
each other, a Layer 3 routing loop may occur due to a route selection result
change. As a result, services are compromised. For details about the cause of the
routing loop, see 5.25.1 Understanding Routing Loop Detection for Routes
Imported to OSPF.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Import routes from another protocol.
import-route { bgp [ permit-ibgp ] | direct | rip [ process-id-rip ] | static | isis [ process-id-isis ] | ospf
[ process-id-ospf ] } [ cost cost | tag tag | type type | route-policy route-policy-name ] *
NOTE
The import-route command cannot be used to import external default routes.
Step 4 (Optional) Set the default values of parameters (the cost, tag, and type) for the
imported routes.
default { cost { costvalue | inherit-metric } | tag tagvalue | type typevalue }
*
You can set default values for the parameters (such as the cost, route tag, and
route type) of the external routes imported by OSPF. The route tag can be used to
differentiate AS numbers carried in BGP routes imported by OSPF.
The default values are as follows:
●
The cost of the external routes imported by OSPF is 1.
●
A maximum of 2,147,483,647 routes can be imported each time.
●
The type of the imported external routes is Type 2.
●
The tag value of the imported routes is 1.
NOTE
Run one of the following commands to set a cost for imported routes. The commands are
listed in descending order of priority:
●
Run the apply cost command to apply a cost to routes filtered by a route-policy.
●
Run the import-route command to set a cost for imported routes.
●
Run the default command to set a default cost for imported routes.
Step 5 (Optional) Set a limit on the number of LSAs generated when OSPF imports
external routes.
import-route limit limit-number [ threshold-alarm { upper-limit upper-limit-value | lower-limit lowerlimit-value }* ]
If OSPF imports a large number of external routes and advertises them to a device
with a small routing table capacity, the device may restart unexpectedly. To
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
209
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
address this problem, set a limit on the number of LSAs generated when OSPF
imports external routes. Check the overload status based on the value of the
Current status field in the display ospf brief command output.
●
Normal: The number of generated LSAs is less than or equal to the lower
alarm threshold.
●
Approach limit: The number of generated LSAs is approaching (reaching or
exceeding 90% of) the upper alarm threshold.
●
Exceed limit: The number of generated LSAs has reached or exceeded the
limit.
Ensure that upper-limit-value is greater than or equal to lower-limit-value.
----End
Verifying the Configuration
Run the display ospf [ process-id ] routing command to check information about
the OSPF routing table.
5.17 Configuring OSPF to Advertise a Default Route
Prerequisites
Before configuring OSPF to advertise a default route, you have completed the
following tasks:
●
Configure basic OSPF functions.
●
To use a route-policy to filter the default route, create the route-policy first.
Context
In actual networking scenarios, usually multiple devices are deployed on the area
border and AS border of an OSPF network for next-hop backup or traffic load
balancing. A default route can be configured to reduce routing entries and
improve resource utilization on the OSPF network.
OSPF default routes are generally applied to the following scenarios:
1.
An ABR in an area advertises Type 3 LSAs carrying the default route
information within the area. Devices in the area use the received default route
information to forward inter-area packets.
2.
An ASBR in an AS advertises Type 5 or Type 7 LSAs carrying the default route
information within the AS. Devices in the AS use the received default route
information to forward AS external packets.
If no matching route is found, the default route can be used to forward packets.
The default route information carried in Type 3 LSAs takes precedence over that
carried in Type 5 or Type 7 LSAs.
The mode in which OSPF advertises a default route depends on the type of the
area that the default route is imported into, as shown in Table 5-28.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
210
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-28 Default route advertising mode
Area
Type
Generation Condition
Advertise
d By
LSA Type
Floodi
ng
Area
Comm
on
area
The default-route-advertise
command is run.
ASBR
Type 5 LSA
Com
mon
area
Stub
area
Automatically
ABR
Type 3 LSA
Stub
area
NSSA
The nssa [ default-routeadvertise ] command is run.
ASBR
Type 7 LSA
NSSA
Automatically
ABR
Type 3 LSA
NSSA
Automatically
ABR
Type 3 LSA
NSSA
Totally
NSSA
Perform the following steps on the ASBR running OSPF.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Import default routes to the OSPF process.
default-route-advertise [ [ always | permit-calculate-other ] | cost costvalue | type typevalue | routepolicy route-policy-name | distribute-delay delaytimer | permit-preference-less-than preference-val ] *
NOTE
To prevent loops, you are advised to specify permit-preference-less-than to prevent lowpriority active default routes from being imported. This parameter is used only when
always is not specified.
For details about how to configure the default route in an NSSA, see 5.9
Configuring an OSPF NSSA.
----End
Verifying the Configuration
Run the display ospf [ process-id ] routing ip-address [ mask | mask-length ]
command to check information about the default route advertised to a common
OSPF area.
5.18 Configuring OSPF Route Summarization
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
211
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.18.1 Understanding OSPF Route Summarization
On a large OSPF network, the OSPF routing table often includes a large number
of routing entries. The size of such routing tables can be reduced through route
summarization, which accelerates route lookup and simplifies management. Route
summarization also prevents route flapping and improves network stability. If a
link on a summarized network segment frequently alternates between up and
down, this function prevents the changes in state from being advertised to devices
whose IP addresses are not on the network segment of the summary route.
OSPF supports two route summarization modes.
●
ABR summarization
When an ABR transmits routing information to other areas, it generates Type
3 LSAs by network segment. If consecutive network segments exist in this
area, you can summarize these network segments into a single network
segment. The ABR generates a summary LSA for the post-summarization
network segment and advertises only this LSA.
●
ASBR summarization
If route summarization is configured on an ASBR, the ASBR summarizes Type
5 LSAs that are within the post-summarization address range. If an NSSA has
been configured, the ASBR also summarizes Type 7 LSAs within the postsummarization address range.
If the local device is both an ASBR and ABR, it summarizes the Type 5 LSAs
translated from Type 7 LSAs.
5.18.2 Configuring ABR Route Summarization
Prerequisites
Before configuring ABR route summarization, you have completed the following
task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Enter the OSPF area view.
area area-id
Step 4 Configure OSPF ABR route summarization.
abr-summary ip-address mask [ [ advertise | [ cost { cost-value | inherit-minimum } ] | [ generate-null0route ] ] * | [ not-advertise | [ cost { cost-value | inherit-minimum } ] ] * | [ generate-null0-route |
[ advertise ] | [ cost { cost-value | inherit-minimum } ] ] * ]
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
212
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.18.3 Configuring ASBR Route Summarization
Prerequisites
Before configuring ASBR route summarization, you have completed the following
task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Configure OSPF route summarization on the ASBR.
asbr-summary ip-address mask [ [ not-advertise | generate-null0-route ] | tag tag-value | cost cost-value
| distribute-delay interval ] *
After route summarization is configured on the ASBR, the routing table on the
local OSPF device remains unchanged. The routing table on an OSPF neighbor,
however, contains only one summary route and no specific route. This summary
route stays in the routing table until all the summarized specific routes on the
network are withdrawn.
----End
5.18.4 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] asbr-summary [ ip-address mask ]
command to check information about the OSPF summary route.
●
Run the display ospf [ process-id ] routing command to check information
about the OSPF routing table on the local device.
----End
5.18.5 Example for Configuring Route Summarization in an
OSPF Area
Networking Requirements
On the network shown in Figure 5-31, DeviceA, DeviceB, and DeviceC run OSPF to
communicate with each other. DeviceA runs in area 0, and DeviceC runs in area 1.
DeviceB is an ABR and runs in both areas. Among the routes received from
DeviceA, DeviceB summarizes the routes to some network segments and
advertises the summary route to DeviceC. This reduces the number of routing
entries on DeviceB.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
213
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-31 Networking diagram of configuring route summarization in an OSPF
area
NOTE
In this example, interface1, interface2, and interface3 represent 10GE0/0/1, 10GE0/0/2, and
10GE0/0/3, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on each device and configure basic OSPF functions to ensure
that the devices can communicate with each other using OSPF.
2.
Configure OSPF route summarization.
Procedure
Step 1 Configure IP addresses for interfaces.
# Configure DeviceA.
<HUAWEI> system-view
[HUAWEI] sysname DeviceA
[DeviceA] interface 10ge 0/0/1
[DeviceA-10GE0/0/1] undo portswitch
[DeviceA-10GE0/0/1] ip address 192.168.0.1 24
[DeviceA-10GE0/0/1] quit
[DeviceA] interface 10ge 0/0/2
[DeviceA-10GE0/0/2] undo portswitch
[DeviceA-10GE0/0/2] ip address 192.168.2.1 24
[DeviceA-10GE0/0/2] quit
[DeviceA] interface 10ge 0/0/3
[DeviceA-10GE0/0/3] undo portswitch
[DeviceA-10GE0/0/3] ip address 192.168.3.1 24
[DeviceA-10GE0/0/3] quit
[DeviceA] interface loopback0
[DeviceA-loopback0] ip address 1.1.1.1 32
[DeviceA-loopback0] quit
The configurations of DeviceB and DeviceC are similar to the configuration of
DeviceA. For detailed configurations, see Configuration Scripts.
Step 2 Configure basic OSPF functions.
# Configure DeviceA.
[DeviceA] router id 1.1.1.1
[DeviceA] ospf 1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
214
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0]
[DeviceA-ospf-1-area-0.0.0.0]
[DeviceA-ospf-1-area-0.0.0.0]
[DeviceA-ospf-1-area-0.0.0.0]
[DeviceA-ospf-1] quit
5 OSPF Configuration
network 192.168.0.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
quit
# Configure DeviceB.
[DeviceB] router id 2.2.2.2
[DeviceB] ospf 1
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0]
[DeviceB-ospf-1-area-0.0.0.0]
[DeviceB-ospf-1] area 1
[DeviceB-ospf-1-area-0.0.0.1]
[DeviceB-ospf-1-area-0.0.0.1]
[DeviceB-ospf-1] quit
network 192.168.0.0 0.0.0.255
quit
network 192.168.1.0 0.0.0.255
quit
# Configure DeviceC.
[DeviceC] router id 3.3.3.3
[DeviceC] ospf 1
[DeviceC-ospf-1] area 1
[DeviceC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.1] quit
[DeviceC-ospf-1] quit
Step 3 Configure OSPF route summarization on the ABR.
[DeviceB] ospf 1
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] abr-summary 192.168.2.0 255.255.254.0
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
----End
Verifying the Configuration
# Check the routing table of DeviceC.
[DeviceC] display ip routing-table
Proto: Protocol
Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
-----------------------------------------------------------------------------Routing Table : _public_
Destinations : 10
Routes : 10
Destination/Mask
Proto Pre Cost
3.3.3.3/32 Direct 0 0
127.0.0.0/8 Direct 0 0
127.0.0.1/32 Direct 0 0
127.255.255.255/32 Direct 0 0
192.168.1.0/24 Direct 0 0
192.168.1.1/32 Direct 0 0
192.168.1.255/32 Direct 0 0
192.168.2.0/23 OSPF 10 2
192.168.0.0/24 OSPF 10 2
255.255.255.255/32 Direct 0 0
Flags NextHop
Interface
D 127.0.0.1
LoopBack0
D 127.0.0.1
InLoopBack0
D 127.0.0.1
InLoopBack0
D 127.0.0.1
InLoopBack0
D 192.168.1.1
10GE0/0/2
D 127.0.0.1
10GE0/0/2
D 127.0.0.1
10GE0/0/2
D 192.168.1.2
10GE0/0/2
D 192.168.1.2
10GE0/0/2
D 127.0.0.1
InLoopBack0
The command output shows the OSPF routes to network segments 192.168.2.0/23
and 192.168.0.0/24 advertised by DeviceB.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
215
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
interface 10GE0/0/3
ip address 192.168.3.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.2 255.255.255.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
abr-summary 192.168.2.0 255.255.254.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
interface 10GE0/0/1
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
216
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.18.6 Example for Configuring Summarization on Routes
Imported into OSPF
Networking Requirements
On the network shown in Figure 5-32, DeviceA, DeviceB, and DeviceC run OSPF to
communicate with each other. DeviceA runs in area 0, and DeviceC runs in area 1.
DeviceB is an ABR and runs in both areas. DeviceA is an ASBR. DeviceA is
configured to summarize the imported direct routes and advertise the summary
routes to other devices in the area. This reduces the number of routing entries on
DeviceA.
Figure 5-32 Networking diagram of configuring summarization on routes
imported into OSPF
NOTE
In this example, interface1, interface2, and interface3 represent 10GE0/0/1, 10GE0/0/2, and
10GE0/0/3, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on each device and configure basic OSPF functions to ensure
that the devices can communicate with each other using OSPF.
2.
Configure OSPF route summarization.
Procedure
Step 1 Configure IP addresses for interfaces.
# Configure DeviceA.
<HUAWEI> system-view
[HUAWEI] sysname DeviceA
[DeviceA] interface 10ge 0/0/1
[DeviceA-10GE0/0/1] undo portswitch
[DeviceA-10GE0/0/1] ip address 192.168.0.1 24
[DeviceA-10GE0/0/1] quit
[DeviceA] interface 10ge 0/0/2
[DeviceA-10GE0/0/2] undo portswitch
[DeviceA-10GE0/0/2] ip address 192.168.2.1 24
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
217
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
[DeviceA-10GE0/0/2] quit
[DeviceA] interface 10ge 0/0/3
[DeviceA-10GE0/0/3] undo portswitch
[DeviceA-10GE0/0/3] ip address 192.168.3.1 24
[DeviceA-10GE0/0/3] quit
[DeviceA] interface loopback0
[DeviceA-loopback0] ip address 1.1.1.1 32
[DeviceA-loopback0] quit
The configurations of DeviceB and DeviceC are similar to the configuration of
DeviceA. For detailed configurations, see Configuration Scripts.
Step 2 Configure basic OSPF functions.
# Configure DeviceA.
[DeviceA] router id 1.1.1.1
[DeviceA] ospf 1
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] router id 2.2.2.2
[DeviceB] ospf 1
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0]
[DeviceB-ospf-1-area-0.0.0.0]
[DeviceB-ospf-1] area 1
[DeviceB-ospf-1-area-0.0.0.1]
[DeviceB-ospf-1-area-0.0.0.1]
[DeviceB-ospf-1] quit
network 192.168.0.0 0.0.0.255
quit
network 192.168.1.0 0.0.0.255
quit
# Configure DeviceC.
[DeviceC] router id 3.3.3.3
[DeviceC] ospf 1
[DeviceC-ospf-1] area 1
[DeviceC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.1] quit
[DeviceC-ospf-1] quit
Step 3 Configure the ASBR to summarize imported routes.
[DeviceA] ospf 1
[DeviceA-ospf-1] import-route direct
[DeviceA-ospf-1] asbr-summary 192.168.2.0 255.255.254.0
[DeviceA-ospf-1] quit
----End
Verifying the Configuration
# Check the routing table of DeviceC.
[DeviceC] display ip routing-table
Proto: Protocol
Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
-----------------------------------------------------------------------------Routing Table : _public_
Destinations : 10
Routes : 10
Destination/Mask
Proto Pre Cost
3.3.3.3/32 Direct 0 0
127.0.0.0/8 Direct 0 0
127.0.0.1/32 Direct 0 0
Issue 04 (2023-09-22)
Flags NextHop
D 127.0.0.1
D 127.0.0.1
D 127.0.0.1
Interface
LoopBack0
InLoopBack0
InLoopBack0
Copyright © Huawei Technologies Co., Ltd.
218
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
127.255.255.255/32 Direct 0 0
192.168.1.0/24 Direct 0 0
192.168.1.1/32 Direct 0 0
192.168.1.255/32 Direct 0 0
192.168.2.0/23 OSPF 10 2
192.168.0.0/24 OSPF 10 2
255.255.255.255/32 Direct 0 0
5 OSPF Configuration
D 127.0.0.1
InLoopBack0
D 192.168.1.1
10GE0/0/2
D 127.0.0.1
10GE0/0/2
D 127.0.0.1
10GE0/0/2
D 192.168.1.2
10GE0/0/2
D 192.168.1.2
10GE0/0/2
D 127.0.0.1
InLoopBack0
The command output shows information about the summary route to
192.168.2.0/23 advertised by DeviceA.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
interface 10GE0/0/3
ip address 192.168.3.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
asbr-summary 192.168.2.0 255.255.254.0
import-route direct
area 0.0.0.0
network 192.168.0.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.2 255.255.255.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
219
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
interface 10GE0/0/1
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
5.19 Configuring OSPF to Filter LSAs
5.19.1 Understanding OSPF LSA Filtering
Configuring an ABR to filter LSAs in an area can prevent unnecessary LSAs from
being transmitted to a neighbor. This configuration reduces the size of the LSDB
on the neighbor and speeds up network convergence. This way, only the incoming
or outgoing Type 3 LSAs (summary LSAs) that meet the filtering conditions can be
accepted or advertised.
In addition, you can configure devices of different roles to filter out unwanted
LSAs before advertising required LSAs to neighbors. If multiple links exist between
two devices, you can configure this filtering function on some links to ensure that
the matched LSAs are not transmitted through these links. This prevents
unnecessary retransmissions and saves bandwidth resources.
5.19.2 Configuring OSPF to Filter LSAs in an Area
Prerequisites
Before configuring OSPF to filter LSAs in an area, you have completed the
following tasks:
●
Configure basic OSPF functions.
●
To use a route-policy to filter LSAs, create the route-policy first.
●
To use an IP prefix list to filter LSAs, create the IP prefix list first.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Enter the OSPF area view.
area area-id
Step 4 To configure OSPF to filter incoming or outgoing Type 3 LSAs in an area, use any
of the following methods as needed:
●
Issue 04 (2023-09-22)
Based on an ACL
Copyright © Huawei Technologies Co., Ltd.
220
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
a.
b.
c.
5 OSPF Configuration
Return to the system view.
quit
Create an ACL and enter the ACL view.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-aclnumber }
Configure an ACL rule.
rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type fragment | source
{ source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpninstance vpn-instance-name | logging ] *
When the rule command is used to configure a filtering rule for a named
ACL, only the configurations specified by source and time-range take
effect.
The following table lists the strategies that can be taken when an ACL is
used for filtering.
Table 5-29 ACL strategies
Issue 04 (2023-09-22)
Condition
Result
The action in an ACL
rule is permit.
The matched LSAs will be advertised or
accepted.
The action in an ACL
rule is deny.
The matched LSAs will not be advertised or
accepted.
The network segment
of a route is beyond
the range specified in
an ACL rule.
By default, the matched LSAs will not be
advertised or accepted.
The ACL does not
contain rules.
Any LSAs matched against the filtering policy
based on this ACL will not be advertised or
accepted.
If the configuration
order is used as the
ACL rule matching
order, LSAs are
matched against the
ACL rules based on
the configuration
order by default. If
the ACL rules are
numbered with IDs,
LSAs are matched
against the ACL rules
in ascending order of
their IDs.
In this case, LSAs can be filtered using a
blacklist or whitelist:
Filtering using a blacklist: Configure a rule with
a smaller ID and specify the action deny in this
rule to filter out the unwanted LSAs. Then,
configure another rule with a larger ID in the
same ACL and specify the action permit in this
rule to accept or advertise the other LSAs.
Filtering using a whitelist: Configure a rule with
a smaller ID and specify the action permit in
this rule to permit the LSAs to be advertised or
accepted. Then, configure another rule with a
larger ID in the same ACL and specify the
action deny in this rule to filter out unwanted
LSAs.
d.
Enter the OSPF view.
e.
Enter the OSPF area view.
ospf [ process-id ]
Copyright © Huawei Technologies Co., Ltd.
221
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
area area-id
f.
●
●
Implement filtering based on the ACL.
filter { acl-number | acl-name acl-name } export
filter { acl-number | acl-name acl-name } import [ include-abr-summary ]
Based on an IP prefix list
filter ip-prefix ip-prefix-name export
filter ip-prefix ip-prefix-name import [ include-abr-summary ]
Based on a route-policy
filter route-policy route-policy-name export
filter route-policy route-policy-name import [ include-abr-summary ]
----End
5.19.3 Configuring OSPF to Filter LSAs to Be Sent
Prerequisites
Before configuring OSPF to filter LSAs to be sent, you have completed the
following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Return to the system view.
quit
Step 5 Create an ACL and enter the ACL view.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-acl-number }
Step 6 Configure an ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny } [ fragment-type fragment | source { source-ipaddress { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instancename | logging ] *
When the rule command is used to configure a filtering rule for a named ACL,
only the configurations specified by source and time-range take effect.
The following table lists the strategies that can be taken when an ACL is used for
filtering.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
222
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-30 ACL strategies
Condition
Result
The action in an ACL
rule is permit.
The matched LSAs will be advertised.
The action in an ACL
rule is deny.
The matched LSAs will not be advertised.
The network segment of
a route is beyond the
range specified in an
ACL rule.
The LSA carrying the route information will not be
advertised by default.
The ACL does not
contain rules.
Any LSAs matched against the filtering policy based
on this ACL will not be advertised.
If the configuration
order is used as the ACL
rule matching order,
LSAs are matched
against the ACL rules
based on the
configuration order by
default. If the ACL rules
are numbered with IDs,
LSAs are matched
against the ACL rules in
ascending order of their
IDs.
In this case, LSAs can be filtered using a blacklist or
whitelist:
Filtering using a blacklist: Configure a rule with a
smaller ID and specify the action deny in this rule to
filter out the unwanted LSAs. Then, configure
another rule with a larger ID in the same ACL and
specify the action permit in this rule to advertise the
other LSAs.
Filtering using a whitelist: Configure a rule with a
smaller ID and specify the action permit in this rule
to permit the LSAs to be advertised. Then, configure
another rule with a larger ID in the same ACL and
specify the action deny in this rule to filter out
unwanted LSAs.
Step 7 Return to the system view.
quit
Step 8 Enter the interface view.
interface interface-type interface-number
Step 9 Configure the interface to filter LSAs to be sent.
ospf filter-lsa-out { all | { ase [ acl { ase-acl-num | ase-acl-name } ] | nssa [ acl { nssa-acl-num | nssa-aclname } ] | summary [ acl { sum-acl-num | sum-acl-name } ] } * }
----End
5.19.4 (Optional) Configuring OSPF to Discard Specified LSAs
Context
OSPF can be configured to discard specified LSAs in the following scenarios:
1.
Issue 04 (2023-09-22)
When devices on the entire network restart repeatedly due to abnormal LSAs
and you have located the LSA that causes protocol restarts, you can configure
this function as a last resort to prevent the device from restarting
Copyright © Huawei Technologies Co., Ltd.
223
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
continuously. However, if this function is incorrectly configured, routing loops
may occur.
2.
If an LSA is identified as an attack packet as it is not supposed to appear in
the local area and has caused serious problems, such as device restarts, you
can configure this function to filter out the LSA under the condition that the
attack source cannot be located temporarily and that the LSA does not affect
topology path computation.
3.
If an LSA is identified as an attack packet as it is not supposed to appear in
the local area and it affects topology path computation and has caused
serious problems, such as network-wide device restarts, you can configure this
function on each device to discard the LSA to prevent it from participating in
network-wide calculation.
NOTE
To filter out the LSA that affects topology path computation, you must ensure that it
is removed from all the LSDBs on the entire network. Otherwise, routing loops may
occur.
4.
If an LSA is identified as an unreachable residual LSA and the device that
advertised the LSA becomes permanently unreachable, you can configure this
function to filter out the LSA upon reception under the condition that the LSA
does not affect topology path computation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Configure the device to discard LSAs of a specified type.
ignore-receive-lsa advertise-router adv-rtr-id [ lsa-type type-value [ area { area-id | area-idipv4 } ] | linkstate-id ls-id ] *
NOTE
If this command is incorrectly configured, services cannot be restored even if the undo
ignore-receive-lsa advertise-router adv-rtr-id [ lsa-type type-value [ area { area-id | areaidipv4 } ] | link-state-id ls-id ] * command is run. In this case, you may need to reset the
process or neighbor to restore services.
You are not advised to run this command to filter out the LSAs that exist on the network as
running this command may filter out normal service LSAs.
As an attack LSA can have any key, it is difficult to defend against the LSA using this
command. Therefore, you are advised to directly isolate the attack source.
This command cannot be used to defend against attacks as it goes against protocol
processing rules and affects services. Therefore, exercise caution when running this
command.
If the fault is caused by a bug, you are advised to run this command temporarily. After the
patch is installed, run the undo ignore-receive-lsa advertise-router adv-rtr-id [ lsa-type
type-value [ area { area-id | area-idipv4 } ] | link-state-id ls-id ] * command immediately
and check whether services are affected. If services are affected, re-establish all neighbor
relationships to restore services.
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
224
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.19.5 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] lsdb command to check the OSPF LSDB
information on each device.
----End
5.20 Configuring OSPF to Filter Routes
5.20.1 Understanding OSPF Route Filtering
To filter routes, OSPF can use routing policies, such as route-policies, ACLs, and IP
prefix lists. OSPF route filtering can be used in the following ways:
●
Route import
OSPF can import the routes learned by other routing protocols. A device uses
a configured routing policy to filter routes and imports only the routes that
match the routing policy. Only an ASBR can import external routes, and
therefore a routing policy for importing such routes must be configured on
the ASBR.
●
Advertisement of imported routes
OSPF advertises imported routes to its neighbors. Only an ASBR can import
external routes and then advertise them, and therefore a routing policy for
advertising such imported routes must be configured on the ASBR.
If OSPF imports a large number of external routes and advertises them to a
device with a small routing table capacity, the device may restart
unexpectedly. To prevent this, configure a limit on the number of imported
external routes to be advertised by OSPF.
●
Route learning
By configuring filtering rules, you can configure OSPF to filter received intraarea, inter-area, and AS external routes. Such filtering only determines
whether to add routing entries. That is, all routes in the OSPF routing table
can be calculated and advertised normally, but only the routes that match the
filtering rules can be added to the local routing table.
During route learning, LSAs are not filtered. Instead, only the routes
calculated based on LSAs are filtered to determine whether they are added to
the routing table. Therefore, the learned LSAs are complete.
5.20.2 Configuring OSPF to Filter Routes to Be Advertised
Prerequisites
Before configuring OSPF to filter routes to be advertised, you have completed the
following tasks:
●
Configure basic OSPF functions.
●
To use a route-policy to filter the routes, create the route-policy first.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
225
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
To use an IP prefix list to filter the routes, create the IP prefix list first.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Choose any of the following methods to filter the routes to be advertised:
●
Based on an ACL
a.
b.
c.
Return to the system view.
quit
Create an ACL and enter the ACL view.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-aclnumber }
Configure an ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny } [ fragment-type fragment | source
{ source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpninstance vpn-instance-name | logging ] *
When the rule command is used to configure a filtering rule for a named
ACL, only the configurations specified by source and time-range take
effect.
The following table lists the strategies that can be taken when an ACL is
used for filtering.
Table 5-31 ACL strategies
Issue 04 (2023-09-22)
Condition
Result
The action in an ACL
rule is permit.
The matched routes will be advertised or
accepted.
The action in an ACL
rule is deny.
The matched routes will not be advertised or
accepted.
The network segment
of a route is beyond
the range specified in
an ACL rule.
By default, the matched routes will not be
advertised or accepted.
The ACL does not
contain rules.
Any routes matched against the filtering policy
based on this ACL will not be advertised or
accepted.
Copyright © Huawei Technologies Co., Ltd.
226
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
d.
e.
5 OSPF Configuration
Condition
Result
If the configuration
order is used as the
ACL rule matching
order, routes are
matched against the
ACL rules based on
the configuration
order by default. If
the ACL rules are
numbered with IDs,
routes are matched
against the ACL rules
in ascending order of
their IDs.
In this case, routes can be filtered using a
blacklist or whitelist:
Filtering using a blacklist: Configure a rule with
a smaller ID and specify the action deny in this
rule to filter out the unwanted routes. Then,
configure another rule with a larger ID in the
same ACL and specify the action permit in this
rule to accept or advertise the other routes.
Filtering using a whitelist: Configure a rule with
a smaller ID and specify the action permit in
this rule to permit the routes to be advertised
or accepted. Then, configure another rule with
a larger ID in the same ACL and specify the
action deny in this rule to filter out unwanted
routes.
Enter the OSPF view.
ospf [ process-id ]
Implement filtering based on the ACL.
filter-policy { acl-number | acl-name acl-name } export [ direct | static | bgp | { rip | isis |
ospf } [ process-id ] ]
●
Based on an IP prefix list
●
Based on a route-policy
filter-policy ip-prefix ip-prefix-name export [ direct | static | bgp | { rip | isis | ospf } [ process-id ] ]
filter-policy route-policy route-policy-name export [ direct | static | bgp | { rip | isis | ospf }
[ process-id ] ]
----End
5.20.3 Configuring OSPF to Filter Received Routes
Prerequisites
Before configuring OSPF to filter received routes, you have completed the
following tasks:
●
Configure basic OSPF functions.
●
To use a route-policy to filter the routes, create the route-policy first.
●
To use an IP prefix list to filter the routes, create the IP prefix list first.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Choose any of the following methods to filter the received routes:
●
Issue 04 (2023-09-22)
Based on an ACL
Copyright © Huawei Technologies Co., Ltd.
227
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
a.
b.
c.
5 OSPF Configuration
Return to the system view.
quit
Create an ACL and enter the ACL view.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-aclnumber }
Configure an ACL rule.
rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type fragment | source
{ source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpninstance vpn-instance-name | logging ] *
When the rule command is used to configure a filtering rule for a named
ACL, only the configurations specified by source and time-range take
effect.
The following table lists the strategies that can be taken when an ACL is
used for filtering.
Table 5-32 ACL strategies
Issue 04 (2023-09-22)
Condition
Result
The action in an ACL
rule is permit.
The matched routes will be advertised or
accepted.
The action in an ACL
rule is deny.
The matched routes will not be advertised or
accepted.
The network segment
of a route is beyond
the range specified in
an ACL rule.
By default, the matched routes will not be
advertised or accepted.
The ACL does not
contain rules.
Any routes matched against the filtering policy
based on this ACL will not be advertised or
accepted.
If the configuration
order is used as the
ACL rule matching
order, routes are
matched against the
ACL rules based on
the configuration
order by default. If
the ACL rules are
numbered with IDs,
routes are matched
against the ACL rules
in ascending order of
their IDs.
In this case, routes can be filtered using a
blacklist or whitelist:
Filtering using a blacklist: Configure a rule with
a smaller ID and specify the action deny in this
rule to filter out the unwanted routes. Then,
configure another rule with a larger ID in the
same ACL and specify the action permit in this
rule to accept or advertise the other routes.
Filtering using a whitelist: Configure a rule with
a smaller ID and specify the action permit in
this rule to permit the routes to be advertised
or accepted. Then, configure another rule with
a larger ID in the same ACL and specify the
action deny in this rule to filter out unwanted
routes.
d.
Enter the OSPF view.
e.
Implement filtering based on the ACL.
ospf [ process-id ]
Copyright © Huawei Technologies Co., Ltd.
228
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
filter-policy { acl-number | acl-name acl-name [ secondary ] } import
●
●
Based on an IP prefix list
filter-policy ip-prefix ip-prefix-name [ secondary ] import
Based on a route-policy
filter-policy route-policy route-policy-name [ secondary ] import
OSPF is a link-state dynamic routing protocol, with routing information stored in
the LSDB. Therefore, received LSAs cannot be filtered using the filter-policy
import command. Instead, the command is used to filter the routes calculated by
OSPF, with only the routes that match the filtering rules being added to the
routing information base (RIB).
----End
5.20.4 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] routing command to check information
about the OSPF routing table on the local device.
----End
5.21 Setting the Maximum Number of External Routes
Allowed in the OSPF LSDB
Prerequisites
Before setting the maximum number of external routes allowed in the LSDB, you
have completed the following task:
●
Configure basic OSPF functions.
Context
OSPF devices in the same area are considered to have converged once they have
the same LSDB. However, achieving such a state can be difficult as the number of
routes on a network continuously increases, causing some devices to be unable to
carry excess routing information due to limited system resources. This is called an
OSPF database overflow.
One way to solve such an issue is to configure stub areas or NSSAs, which reduces
the amount of routing information on devices. However, such an approach cannot
prevent an OSPF database overflow caused by a sharp increase in dynamic routes.
To resolve this issue, set the maximum number of external routes allowed in the
LSDB to dynamically limit the size of the LSDB.
NOTE
The maximum numbers set for all devices in the OSPF AS must be the same.
If the number of external routes in the LSDB exceeds the maximum number on a
device, the device enters the overflow state and starts the overflow timer. For
details, see Table 5-33.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
229
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-33 Operations performed by the device after it enters or exits the
overflow state
Phase
OSPF Processing
Staying in the overflow
state
Removes self-generated non-default external routes
and stops advertising non-default external routes.
Discards newly received non-default external routes
and does not reply with an LSAck packet.
Checks whether the number of external routes is
still greater than the preset maximum number
when the overflow timer expires.
● Restarts the timer if the number of external
routes is greater than the preset maximum
number.
● Exits the overflow state if the number of external
routes is less than or equal to the preset
maximum number.
Exiting the overflow state
Disables the overflow timer.
Advertises non-default external routes.
Accepts newly received non-default external routes
and replies with LSAck packets.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
Step 3 Set the maximum number of external routes allowed in the LSDB.
lsdb-overflow-limit number
If the number of external routes imported by OSPF exceeds the preset maximum
number, the device deletes self-generated non-default external routes to ensure
proper forwarding of the other external routes.
----End
Verifying the Configuration
Run the display ospf [ process-id ] lsdb command to check the OSPF LSDB
information on each device.
5.22 Controlling the Establishment of OSPF Neighbor
Relationships
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
230
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.22.1 Understanding How to Control the Establishment of
OSPF Neighbor Relationships
OSPF uses Hello packets to establish and maintain OSPF neighbor relationships.
Hello packets are periodically sent on OSPF interfaces. OSPF uses the Hello timer
to control the interval for sending Hello packets. The intervals between two
neighbors must be the same; otherwise, OSPF neighbor relationships cannot be
established. You can adjust the value of the Hello timer to change the speed at
which an OSPF neighbor relationship is established and thereby change the speed
of network convergence.
To enable a device to detect faults on neighbors or changes in network topology
quickly, OSPF introduces the Dead timer. If no Hello packet is received from a
neighbor within a dead interval, the neighbor is considered down.
If the neighbor status of a device or the DR/BDR on a multi-access network
(broadcast or NBMA network) changes, the device does not send Hello packets to
its neighbor until the Hello timer expires, slowing down neighbor relationship
establishment. Enabling Smart-discover on OSPF interfaces can solve this problem.
Table 5-34 Differences between implementations with and without Smartdiscover
With or Without Smartdiscover
Implementation Method
Without Smart-discover
● The device starts to send Hello packets only
when the Hello timer has expired.
● Hello packets are sent at the Hello interval.
● Neighbors continue to wait to receive Hello
packets within the Hello interval.
With Smart-discover
● Hello packets are sent directly regardless of
whether the Hello timer has expired.
● Neighbors receive packets without delay and
can trigger state transition immediately.
5.22.2 Setting the Interval at Which Hello Packets Are Sent
Prerequisites
Before setting the interval at which Hello packets are sent, you have completed
the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
231
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set the interval at which the interface sends Hello packets.
ospf timer hello interval [ conservative ]
To speed up OSPF convergence in the case of a link failure, configuring BFD for
OSPF is recommended. If the remote end does not support BFD for OSPF or you
do not want to configure BFD for OSPF, you are advised to specify conservative
when you run the ospf timer hello command. In conservative mode, the value set
for the Dead timer using the ospf timer dead command takes effect even if the
value is less than 10 seconds. If conservative is not specified in the ospf timer
hello command and the Dead timer is set to be less than 10 seconds, the actual
Dead timer is not less than 10 seconds. As a result, OSPF convergence is timeconsuming, and services are compromised.
NOTE
The Hello interval should not be less than the time a device takes to perform a master/slave
main control board switchover. Otherwise, an intermittent protocol interruption may occur
during a switchover. The default timer value is recommended.
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check OSPF interface
information. The Hello field in the command output indicates the interval at
which Hello packets are sent.
●
Run the display ospf [ process-id ] brief command to check brief OSPF
information. The Hello field in the command output indicates the interval at
which Hello packets are sent.
5.22.3 Setting a Dead Interval for OSPF Neighbors
Prerequisites
Before setting a Dead interval for OSPF neighbors, you have completed the
following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
232
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set a Dead interval for OSPF neighbors.
ospf timer dead interval
By default, the Dead interval on a P2P or broadcast interface is 40 seconds,
whereas that on a P2MP or NBMA interface is 120 seconds; the Dead interval is
four times the length of the Hello interval on the same interface.
NOTE
A Dead interval that is shorter than 10 seconds may disconnect the involved OSPF neighbor
relationship. To prevent this issue, a minimum of 10 seconds takes effect if the value of
dead interval is less than 10 seconds. To ensure that a Dead interval shorter than 10
seconds takes effect, enable the conservative mode by specifying conservative in the ospf
timer hello command.
Changing the network type will restore both the Hello interval and Dead interval to their
default values.
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check OSPF interface
information. The Dead field in the command output indicates the Dead
interval for OSPF neighbors.
●
Run the display ospf [ process-id ] brief command to check brief OSPF
information. The Dead field in the command output indicates the Dead
interval for OSPF neighbors.
5.22.4 Configuring Smart-discover
Prerequisites
Before configuring Smart-discover, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
233
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Determine whether to perform this step based on the current interface working
mode.
Step 4 Enable Smart-discover on the interface.
ospf smart-discover
----End
5.23 Controlling OSPF Route Calculation
5.23.1 Understanding How to Control OSPF Route Calculation
In general, OSPF route calculation consists of two phases. First, OSPF neighbors
exchange LSAs to synchronize LSDBs, and then OSPF uses algorithms to calculate
routes based on these LSDBs. Currently, PRC and I-SPF are the only algorithms
used by OSPF devices. You can control OSPF route calculation by managing LSA
exchange between OSPF neighbors.
5.23.2 Setting the Update Interval for LSAs
Prerequisites
Before setting the update interval for LSAs, you have completed the following
task:
●
Configure basic OSPF functions.
Context
OSPF sets a 5-second update interval for LSAs. This prevents network connections
or frequent route flapping from consuming excessive network bandwidth or device
resources. On a stable network that requires fast route convergence, you can alter
the interval to 0 seconds. In this manner, LSAs indicating topology or route
changes can be advertised immediately, which speeds up route convergence.
On an unstable network, routes are calculated frequently, consuming excessive
CPU resources. Additionally, LSAs that describe the unstable topology are
generated and transmitted, which, when frequently processed will compromise the
rapid and stable operation of the entire network.
To speed up route convergence on the entire network, the OSPF intelligent timer
controls LSA generation, LSA reception, and route calculation.
The OSPF intelligent timer works as follows:
●
On a network where routes are calculated frequently, the OSPF intelligent
timer dynamically adjusts the interval between route calculations based on
user configuration and exponential backoff technology. This reduces the route
calculation count and CPU resource consumption. Routes are calculated after
the network topology becomes stable.
●
On an unstable network, if frequent topology changes occur, the OSPF
intelligent timer dynamically adjusts the interval for generating or receiving
LSAs. In this way, no LSAs are generated and received LSAs are not processed
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
234
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
within the interval, reducing the generation and flooding of invalid LSAs on
the entire network.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Set the update interval for LSAs.
lsa-originate-interval { 0 | intelligent-timer max-interval start-interval hold-interval [ other-type
interval ] | other-type interval [ intelligent-timer max-interval start-interval hold-interval ] }
Parameters in this command are described as follows:
●
●
●
●
●
intelligent-timer: uses the intelligent timer to set the update interval for
Type 1 LSAs (router LSAs) and Type 2 LSAs (network LSAs).
max-interval: specifies the maximum interval at which LSAs are updated, in
milliseconds.
start-interval: specifies the initial interval at which LSAs are updated, in
milliseconds.
hold-interval: specifies the hold interval at which LSAs are updated, in
milliseconds.
other-type: sets the update interval for Type 3 LSAs (network-summaryLSAs), Type 4 LSAs (ASBR-summary-LSAs), and Type 10 LSAs (opaque LSAs).
Details about which interval LSAs are updated are as follows:
1.
The initial interval at which LSAs are updated is specified by start-interval.
2.
The interval at which LSAs are updated for the nth (n ≥ 2) time equals holdinterval x 2(n – 2).
3.
When the interval specified by hold-interval x 2(n – 2) reaches the maximum
interval specified by max-interval, OSPF updates LSAs at the maximum
interval for three consecutive times. Then, OSPF updates LSAs at the initial
interval specified by start-interval.
----End
5.23.3 Setting the Receive Interval for LSAs
Prerequisites
Before setting the receive interval for LSAs, you have completed the following
task:
●
Issue 04 (2023-09-22)
Configure basic OSPF functions.
Copyright © Huawei Technologies Co., Ltd.
235
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Context
OSPF sets a 1-second receive interval for LSAs. This prevents network connections
or frequent route flapping from consuming excessive network bandwidth or device
resources.
On a stable network that requires fast route convergence, you can cancel the
receive interval by setting the interval to 0 seconds. This speeds up route
convergence as LSAs indicating topology or route changes can be received
immediately.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Set the receive interval for LSAs.
lsa-arrival-interval { interval | intelligent-timer max-interval start-interval hold-interval }
Parameters in this command are described as follows:
●
interval: specifies the receive interval for LSAs, in milliseconds.
●
intelligent-timer: uses the intelligent timer to set the receive interval for
router LSAs and network LSAs.
●
max-interval: specifies the maximum interval at which LSAs are received, in
milliseconds.
●
●
start-interval: specifies the initial interval at which LSAs are received, in
milliseconds.
hold-interval: specifies the hold interval at which LSAs are received, in
milliseconds.
By default, the intelligent timer is enabled; the maximum interval, initial interval,
and hold interval at which LSAs are received are 1000 ms, 500 ms, and 500 ms,
respectively. Details about which interval LSAs are received are as follows:
1.
The initial interval at which LSAs are received is specified by start-interval.
2.
The interval at which LSAs are received for the nth (n ≥ 2) time equals holdinterval x 2(n – 1).
3.
When the interval specified by hold-interval x 2(n – 1) reaches the maximum
interval specified by max-interval, OSPF receives LSAs at the maximum
interval for three consecutive times. Then, OSPF receives LSAs at the initial
interval specified by start-interval.
Step 4 (Optional) Set a suppression period that takes effect if the device receives a large
number of updated LSAs indicating a flapping link.
lsa-arrival-interval suppress-flapping suppress-interval [ threshold threshold ]
If the device receives normal OSPF LSAs, setting an interval using the lsa-arrivalinterval command prevents the device from receiving frequent LSAs.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
236
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
If the device receives a large number of updated LSAs indicating a flapping link,
setting a suppression period using the lsa-arrival-interval suppress-flapping
command minimizes the impact that the flapping poses on services.
If the lsa-arrival-interval interval command and the lsa-arrival-interval
suppress-flapping suppress-interval command are both run, the device compares
the two configured values and uses the larger value as the actual suppression
period.
----End
5.23.4 Setting the Delay for Transmitting LSAs on an OSPF
Interface
Prerequisites
Before setting the delay for transmitting LSAs on an OSPF interface, you have
completed the following task:
●
Configure basic OSPF functions.
Context
Setting the delay for transmitting LSAs on OSPF interfaces is recommended on
low-speed networks.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Set the delay for transmitting LSAs on the interface.
ospf trans-delay delayvalue
An LSA ages by 1 each second in the LSDB on the local device, but it does not
increase during transmission. Therefore, an LSA transmission delay needs to be set
before LSAs are sent.
----End
Verifying the Configuration
●
Issue 04 (2023-09-22)
Run the display ospf [ process-id ] interface [ all | no-peer | interface-type
interface-number ] [ verbose ] command to check OSPF interface
information. The Transmit Delay field in the command output indicates the
delay for transmitting LSAs.
Copyright © Huawei Technologies Co., Ltd.
237
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
Run the display ospf [ process-id ] brief command to check brief OSPF
information. The Timers field in the command output indicates the delay for
transmitting LSAs.
5.23.5 Setting the Interval at Which LSAs Are Retransmitted
to OSPF Adjacency Devices
Prerequisites
Before setting the interval at which LSAs are retransmitted to OSPF adjacency
devices, you have completed the following task:
●
Configure basic OSPF functions.
Context
After sending an LSA to an adjacency device (neighbor), a device waits for the
neighbor to reply with an LSAck packet. If the device does not receive an LSAck
packet after the retransmission interval elapses n times, it retransmits the LSA to
its neighbor, the device retransmits the LSA to its neighbor. The retransmission
interval is defined as follows:
First retransmission: Interval = User-configured retransmission interval (interval).
Second retransmission: Interval = User-configured retransmission interval
(interval).
Third retransmission: Interval = User-configured retransmission interval (interval).
Fourth retransmission: Interval = User-configured retransmission interval (interval)
x 2.
Fifth retransmission: Interval = User-configured retransmission interval (interval) x
2^2.
Nth retransmission: Interval = User-configured retransmission interval (interval) x
2^(n – 3).
If interval x 2^(n – 3) is greater than 30, the retransmission interval for the nth
time is 30.
If the user-configured retransmission interval (interval) is greater than 30, the
retransmission interval for the nth time is equal to this user-configured interval.
You can set an appropriate interval at which LSAs are retransmitted based on
network conditions in order to accelerate convergence.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Set the interval at which LSAs are retransmitted to OSPF adjacency devices.
ospf timer retransmit interval
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
238
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Setting the interval to a proper value is recommended. An excessively short
interval will cause unnecessary retransmission. Generally, the interval should be
longer than the round trip of a packet that is transmitted between two devices.
The default retransmission interval is 5 seconds, which is recommended.
----End
Verifying the Configuration
Run the display ospf [ process-id ] retrans-queue [ interface-type interfacenumber ] [ neighbor-id ] command to check information about the LSA
retransmission list.
5.23.6 Setting the Interval for SPF Calculation
Prerequisites
Before setting the interval for SPF calculation, you have completed the following
task:
●
Configure basic OSPF functions.
Context
When the OSPF LSDB changes, the shortest path needs to be recalculated. If a
network changes frequently, the shortest path is calculated accordingly, resulting
in excessive consumption of system resources, affecting device efficiency. Using
the intelligent timer to set a proper interval for SPF calculation prevents excessive
consumption of device memory and bandwidth resources.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Set the interval for SPF calculation.
spf-schedule-interval { interval1 | intelligent-timer max-interval start-interval hold-interval
[ conservative ] | millisecond interval2 }
If the intelligent timer is enabled using intelligent-timer, the interval for SPF
calculation is as follows:
1.
The initial interval for SPF calculation is specified by start-interval.
2.
The interval for SPF calculation for the nth (n ≥ 2) time equals hold-interval x
2(n – 2).
3.
After the interval specified by hold-interval x 2(n – 2) reaches the maximum
interval specified by max-interval, OSPF keeps using the maximum interval for
SPF calculation.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
239
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
4.
If no flapping occurs during the interval from the end of the last SPF
calculation to the start of the next SPF calculation, and the interval exceeds
the maximum interval specified by max-interval, the intelligent timer exits.
5.
If no flapping occurs in the previous interval but occurs in the current interval,
SPF calculation is delayed for a period of start-interval. After the SPF
calculation is complete, the current interval will be applied when waiting for
the next SPF calculation.
----End
Verifying the Configuration
Run the display ospf [ process-id ] brief command to check brief OSPF
information. The Spf-schedule-interval field in the command output indicates the
interval for SPF calculation.
5.23.7 Setting a Period During Which OSPF Keeps the
Maximum Cost in Local LSAs
Prerequisites
Before setting a period during which OSPF keeps the maximum cost in local LSAs,
you have completed the following task:
●
Configure basic OSPF functions.
Context
When an OSPF interface changes from down to up, the OSPF neighbor
relationship is re-established. After OSPF routes converge, traffic is switched back
to the recovered link. In most cases, IGP routes converge quickly, although many
services that depend on IGP routes may require a delayed switchback. In this case,
you can run the ospf peer hold-max-cost command to specify a period during
which OSPF keeps the maximum cost in local LSAs. After the OSPF neighbor
relationship reaches the Full state, the traffic forwarding path remains unchanged
during the specified period. After this period expires, the maximum cost is restored
to the original cost of the recovered link, and traffic is switched back to the
recovered link.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
240
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 4 Set a period during which OSPF keeps the maximum cost in local LSAs.
ospf peer hold-max-cost timer timer
----End
Verifying the Configuration
Run the display ospf [ process-id ] brief command to check brief OSPF
information. The Timers field in the command output includes the period during
which OSPF keeps the maximum cost in local LSAs.
5.24 Configuring OSPF Neighbor Relationship Flapping
Suppression
5.24.1 Understanding OSPF Neighbor Relationship Flapping
Suppression
Context
If an interface carrying OSPF services frequently alternates between up and down,
OSPF neighbor relationship flapping will occur on the interface. In this case, OSPF
quickly sends Hello packets to re-establish neighbor relationships, synchronizes
LSDBs, and triggers route calculation. As a result, a large number of packets are
exchanged, compromising the stability of existing neighbor relationships, OSPF
services, and other OSPF-dependent services (such as BGP). OSPF neighbor
relationship flapping suppression can be used to address this issue. If OSPF
neighbor relationships flap frequently, this function delays the re-establishment of
the relationships or prevents service traffic from passing through flapping links.
Related Concepts
flapping-event: reported when the final status of a neighbor relationship on an
interface changes from Full to a non-Full state. The flapping-event triggers
flapping detection.
flapping-count: number of times flapping has occurred.
detecting-interval: detection interval. The interval is used to determine whether to
trigger a valid flapping_event.
threshold: flapping suppression threshold. When the flapping_count reaches or
exceeds the threshold, flapping suppression takes effect.
resume-interval: interval for exiting OSPF neighbor relationship flapping
suppression. If the interval between two successive valid flapping_events is longer
than the resume-interval, the flapping_count is reset.
Fundamentals
Flapping detection
When configured with OSPF neighbor relationship flapping suppression, an OSPF
interface starts a flapping counter. If the interval between two successive neighbor
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
241
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
relationship states (changing from Full to a non-Full state) is shorter than the
detecting-interval, a valid flapping_event is recorded, and the flapping_count is
incremented by 1. When the flapping_count reaches or exceeds the threshold,
flapping suppression takes effect. If the interval between two successive neighbor
relationship states (changing from Full to a non-Full state) is longer than the
resume-interval, the flapping_count is reset.
The detecting-interval, threshold, and resume-interval parameters are
configurable.
NOTE
The value of resume-interval must be greater than that of detecting-interval.
Flapping suppression
OSPF neighbor relationship flapping suppression operates in two modes:
●
Hold-down mode: If flooding and topology changes frequently occur during
the establishment of neighbor relationships, re-establishment of these
relationships is disabled during Hold-down suppression. This minimizes LSDB
synchronization attempts and packet exchanges.
●
Hold-max-cost mode: If the traffic forwarding path changes frequently,
interfaces use 65535 (maximum value) as the cost of the flapping link during
Hold-max-cost suppression. This prevents traffic from passing through the
flapping link.
If both modes are enabled, flapping suppression initially works in Hold-down
mode (until its duration expires) and then in Hold-max-cost mode.
By default, the Hold-max-cost mode takes effect. The flapping suppression mode
and suppression period can be changed manually.
If an attack causes frequent neighbor relationship flapping, Hold-down mode can
minimize the impact of the attack.
NOTE
When an interface enters the flapping suppression state, all neighbor relationships on the
interface enter the state accordingly.
Exiting flapping suppression
Interfaces exit flapping suppression in the following scenarios:
●
The suppression timer expires.
●
The corresponding OSPF process is reset.
●
An OSPF neighbor relationship is reset.
●
A user forcibly exits flapping suppression.
Typical Scenarios
Basic scenario
As shown in Figure 5-33, traffic is forwarded along the path DeviceA -> DeviceB > DeviceC -> DeviceE when the links are working properly. If the link between
DeviceB and DeviceC fails, the forwarding path switches to DeviceA -> DeviceB ->
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
242
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
DeviceD -> DeviceE. If the neighbor relationship between DeviceB and DeviceC
frequently flaps at the early stage of the path switchover, the DeviceA -> DeviceE
traffic will alternate between the primary and backup paths frequently, causing
traffic loss and affecting network stability. If neighbor relationship flapping is
severe, flapping suppression takes effect.
●
If flapping suppression works in Hold-down mode, the neighbor relationship
between DeviceB and DeviceC is not re-established during the suppression
period, in which traffic is forwarded along the path DeviceA -> DeviceB ->
DeviceD -> DeviceE.
●
If flapping suppression works in Hold-max-cost mode, 65535 is used as the
cost of the link between DeviceB and DeviceC during the suppression period,
and traffic is forwarded along the path DeviceA -> DeviceB -> DeviceD ->
DeviceE.
Figure 5-33 Flapping suppression in a basic scenario
Single forwarding path scenario
When only one forwarding path exists on the network, disconnecting the neighbor
relationship between any two devices on the path will interrupt traffic. As shown
in Figure 5-34, traffic is forwarded through the DeviceA -> DeviceB -> DeviceC ->
DeviceE path. If the neighbor relationship between DeviceB and DeviceC flaps and
the flapping meets suppression conditions, flapping suppression takes effect.
However, if the neighbor relationship between DeviceB and DeviceC is not reestablished, the whole network will be divided. Therefore, Hold-max-cost mode
(rather than Hold-down mode) is recommended. If flapping suppression works in
Hold-max-cost mode, 65535 is used as the cost of the link between DeviceB and
DeviceC during the suppression period. After the network becomes stable and the
suppression timer expires, flapping suppression exits automatically, and services
recover immediately.
NOTE
By default, the Hold-max-cost mode takes effect.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
243
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-34 Flapping suppression in a single forwarding path scenario
Broadcast scenario
As shown in Figure 5-35, four devices are connected to the same broadcast
network and establish neighbor relationships of the broadcast network type. If
DeviceC flaps due to a link failure, and DeviceA and DeviceB were deployed at
different time points (DeviceA was deployed earlier for example) or the flapping
suppression parameters on DeviceA and DeviceB are different, DeviceA first
detects the flapping and suppresses DeviceC, and therefore the Hello packets sent
by DeviceA do not carry DeviceC's router ID. However, DeviceB has not detected
any flapping and still considers DeviceC a valid node. As a result, the DR
candidates identified by DeviceA are DeviceB and DeviceD, whereas the DR
candidates identified by DeviceB are DeviceA, DeviceC, and DeviceD. This may lead
to route calculation errors due to different DR election results. To prevent this
problem in scenarios where an interface has multiple neighbors, such as on a
broadcast, P2MP, or NBMA network, all neighbors on the interface need to be
suppressed if one or more of the interface's neighbor relationships are in Exstart
or Down state. Specifically, if DeviceC flaps, DeviceA, DeviceB, and DeviceD on the
broadcast network are all suppressed. After the network becomes stable and the
suppression timer expires, flapping suppression exits automatically, and DeviceA,
DeviceB, and DeviceD are restored to normal status.
Figure 5-35 Flapping suppression on a broadcast network
Multi-area scenario
As shown in Figure 5-36, DeviceA, DeviceB, DeviceC, DeviceE, and DeviceF are
connected in area 1, and DeviceB, DeviceD, and DeviceE are connected in area 0
(backbone area). Traffic from DeviceA to DeviceF is preferentially forwarded along
an intra-area route, and the forwarding path is DeviceA -> DeviceB -> DeviceC ->
DeviceE -> DeviceF. If the neighbor relationship between DeviceB and DeviceC
flaps and the flapping meets suppression conditions, flapping suppression takes
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
244
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
effect and defaults to the Hold-max-cost mode. Consequently, 65535 is used as
the cost of the link between DeviceB and DeviceC. However, the forwarding path
remains unchanged because intra-area routes take precedence over inter-area
routes during route selection according to OSPF route selection rules. To prevent
traffic loss in multi-area scenarios, configure the Hold-down mode to prevent the
neighbor relationship between DeviceB and DeviceC from being re-established
during the suppression period. During this period, traffic is forwarded along the
path DeviceA -> DeviceB -> DeviceD -> DeviceE -> DeviceF.
NOTE
By default, the Hold-max-cost mode takes effect. The mode can be changed to Hold-down
manually.
Figure 5-36 Flapping suppression in a multi-area scenario
5.24.2 Configuring OSPF Neighbor Relationship Flapping
Suppression
Prerequisites
Before configuring OSPF neighbor relationship flapping suppression, you have
completed the following task:
●
Configure basic OSPF functions.
Context
If an interface carrying OSPF services frequently alternates between up and down,
OSPF neighbor relationship flapping will occur on the interface. In this case, OSPF
frequently sends Hello packets to re-establish neighbor relationships, synchronizes
LSDBs, and recalculates routes. As a result, a large number of packets are
exchanged, compromising the stability of existing neighbor relationships, OSPF
services, and other OSPF-dependent services. To overcome this problem, OSPF
neighbor relationship flapping suppression can delay the OSPF neighbor
relationship from being re-established or prevent service traffic from passing
through flapping links.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
245
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 (Optional) Disable OSPF neighbor relationship flapping suppression globally.
ospf [ process-id ]
suppress-flapping peer disable
quit
By default, OSPF neighbor relationship flapping suppression is enabled globally.
This function is enabled on each interface in the current OSPF process. To disable
this function globally, perform this step.
Step 3 Enter the interface view.
interface interface-type interface-number
Step 4 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 5 Enable the Hold-down mode and set a corresponding duration.
ospf suppress-flapping peer hold-down interval
Flapping suppression is classified as Hold-down mode or Hold-max-cost mode:
●
Hold-down mode: In the case of frequent flooding and topology changes
during neighbor relationship establishment, interfaces prevent neighbor
relationship re-establishment during Hold-down suppression, which minimizes
LSDB synchronization attempts and packet exchanges.
●
Hold-max-cost mode: If the traffic forwarding path changes frequently,
interfaces use 65535 (maximum value) as the cost of the flapping link during
Hold-max-cost suppression, which prevents traffic from passing through the
flapping link.
By default, the Hold-max-cost mode takes effect. If both modes are enabled,
flapping suppression initially works in Hold-down mode (until its duration expires)
and then in Hold-max-cost mode.
Step 6 (Optional) Disable the Hold-max-cost mode.
ospf suppress-flapping peer hold-max-cost disable
Step 7 (Optional) Configure detection parameters for OSPF neighbor relationship
flapping suppression.
ospf suppress-flapping peer { detecting-interval detecting-interval | threshold threshold | resumeinterval resume-interval } *
Parameters in this command are described as follows:
●
Issue 04 (2023-09-22)
detecting-interval: indicates the detection interval for OSPF neighbor
relationship flapping suppression. An OSPF interface with OSPF neighbor
relationship flapping suppression enabled starts a flapping counter. If the
interval between two successive neighbor relationship states (changing from
Full to a non-Full state) is shorter than the detecting-interval, a valid
flapping_event is recorded, and the flapping_count is incremented by 1.
Copyright © Huawei Technologies Co., Ltd.
246
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
threshold: indicates the threshold for OSPF neighbor relationship flapping
suppression. When the flapping_count reaches or exceeds the threshold,
flapping suppression occurs.
●
resume-interval: indicates the interval for exiting OSPF neighbor relationship
flapping suppression. If the interval between two successive neighbor
relationship states (changing from Full to a non-Full state) is longer than the
resume-interval, the flapping_count is reset. If OSPF neighbor relationship
flapping suppression works in Hold-max-cost mode, the value of resumeinterval indicates the duration of this mode.
●
The value of resume-interval must be greater than that of detecting-interval.
You can configure detection parameters for OSPF neighbor relationship flapping
suppression on specific interfaces according to network conditions. However, using
the default values of these parameters is recommended. By default, the detection
interval for OSPF neighbor relationship flapping suppression is 60 seconds, the
suppression threshold is 10, and the interval for exiting flapping suppression is 120
seconds.
Step 8 (Optional) Configure the specified OSPF interface to exit neighbor relationship
flapping suppression.
quit
quit
reset ospf process-id suppress-flapping peer [ interface-type interface-number ] [ notify-peer ]
NOTE
Interfaces exit flapping suppression in the following scenarios:
● The suppression timer expires.
● The corresponding OSPF process is reset.
● An OSPF neighbor relationship is reset using the reset ospf peer command.
● OSPF neighbor relationship flapping suppression is disabled globally using the suppressflapping peer disable command in the OSPF view.
----End
Verifying the Configuration
Run the display ospf [ process-id ] interface interface-type interface-number
verbose command to check the status of OSPF neighbor relationship flapping
suppression. Suppress flapping peer in the command output indicates the current
suppression mode, when flapping suppression started, and the remaining time
before flapping suppression exits.
5.24.3 Disabling OSPF Interface Flapping Suppression
Prerequisites
Before disabling OSPF interface flapping suppression, you have completed the
following task:
●
Configure basic OSPF functions.
Context
OSPF packets are exchanged frequently in cases where an interface carrying OSPF
services alternates between up and down, and this compromises the stability of
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
247
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
existing interfaces, OSPF services, and other OSPF-dependent services. Interface
flapping suppression can address this issue by allowing a device to delay a
flapping interface from going up.
OSPF interface flapping suppression is enabled globally by default. However, you
can disable this function if it is not required.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Disable OSPF interface flapping suppression.
ospf suppress-flapping interface disable
----End
Verifying the Configuration
Run the display current-configuration configuration ospf command to check
the configuration status of OSPF interface flapping suppression.
5.24.4 Configuring the Route Calculation Delay Function in
Cases of Frequent LSA Flapping
Prerequisites
Before configuring the route calculation delay function in cases of frequent LSA
flapping, you have completed the following task:
●
Configure basic OSPF functions.
Context
Frequent OSPF LSA flapping on a remote device may lead to route flapping on the
local device, which adversely affects services. To address this problem, configure
the local device to delay route calculation in cases of frequent LSA flapping, as
this suppresses route flapping locally.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Configure the device to delay route calculation in cases of frequent OSPF LSA
flapping.
maxage-lsa route-calculate-delay delay-interval
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
248
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Verifying the Configuration
Run the display ospf [ process-id ] statistics updated-lsa command to check
information about the LSAs that are frequently updated in the LSDB.
5.24.5 Disabling Master/Slave Main Control Board Switching
Triggered by Unexpected OSPF LSA Aging
Prerequisites
Before disabling master/slave main control board switching triggered by
unexpected OSPF LSA aging, you have completed the following task:
●
Configure basic OSPF functions.
Context
If a local device's aging timer expires unexpectedly, the local device clears all
router LSAs received from its neighbors, leading to large-scale route flapping and
service interruption. To prevent this problem, master/slave main control board
switching triggered by unexpected OSPF LSA aging is enabled by default, and is
triggered to restore network connections and service traffic when the following
condition is met: (Number of cleared router LSAs/Total number of router LSAs) x
100% ≥ 80% (Router LSAs are those sent by the neighboring devices to the local
device)
If you do not require this function, perform the following steps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Disable master/slave main control board switching triggered by unexpected OSPF
LSA aging.
ospf maxage-lsa auto-protect disable
----End
Verifying the Configuration
Run the display ospf [ process-id ] statistics maxage-lsa command to check
information about the router LSAs that have reached the maximum aging time.
5.24.6 Disabling OSPF LSA Aging Management
Prerequisites
Before disabling OSPF LSA aging management, you have completed the following
task:
●
Issue 04 (2023-09-22)
Configure basic OSPF functions.
Copyright © Huawei Technologies Co., Ltd.
249
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Context
LSAs are aged out if their LS age field encounters an exception, and this may
cause LSA flapping or incorrect route calculation. For example, if the aging time
carried in a received LSA is 2500 seconds, the device considers the LSA to be
abnormal and reduces the aging time to 500 seconds. As a result, the LSA is aged
out far sooner than expected. To address this issue, the OSPF LSA aging
management function is enabled by default. If the aging time in a received LSA is
longer than 1800 seconds, OSPF considers the LSA to be abnormal and changes
the aging time to 1700 seconds. This operation is performed for each abnormal
LSA until the aging time values of all LSAs in the area are the same. As a result,
routes can be calculated correctly.
If you want to disable this function, perform the following steps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Disable OSPF LSA aging management.
lsa-age refresh disable
----End
Verifying the Configuration
Run the display ospf [ process-id ] statistics maxage-lsa command to check
information about router LSAs that have reached the maximum aging time.
5.24.7 Enabling Secure Synchronization
Prerequisites
Before enabling secure synchronization, you have completed the following task:
●
Configure basic OSPF functions.
Context
For a short moment when devices in an area finish synchronizing their LSDBs,
each LSDB differs from the others. As a result, route flapping occurs. You can
enable secure synchronization to solve this problem; however, it may delay the
establishment of an OSPF adjacency.
Procedure
Step 1 Enter the system view.
system-view
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
250
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Enable secure synchronization.
safe-sync enable
----End
5.25 Configuring Routing Loop Detection for Routes
Imported to OSPF
5.25.1 Understanding Routing Loop Detection for Routes
Imported to OSPF
Routes of an OSPF process can be imported to another OSPF process or the
process of another protocol (such as IS-IS or BGP) for redistribution. However, if a
device that performs such a route import is incorrectly configured, routing loops
may occur. OSPF can use the routing loop detection function to detect routing
loops.
Related Concepts
Redistribute ID
IS-IS uses a system ID as a redistribution identifier, OSPF and OSPFv3 use a router
ID + process ID as a redistribution identifier, and BGP uses a VrfID + random
number as a redistribution identifier. For ease of understanding, the redistribution
identifiers of different protocols are all called Redistribute IDs. When routes are
distributed, the information carried in the routes contains Redistribute IDs.
Redistribute List
A Redistribute list may consist of multiple Redistribute IDs. Each Redistribute list of
BGP contains a maximum of four Redistribute IDs, and each Redistribute list of
any other routing protocol contains a maximum of two Redistribute IDs. When the
number of Redistribute IDs exceeds the corresponding limit, the old ones are
discarded according to the sequence in which Redistribute IDs are added.
Cause (OSPF Inter-Process Mutual Route Import)
In Figure 5-37, DeviceA, DeviceB, and DeviceC run OSPF process 1; DeviceF and
DeviceG run OSPF process 2; DeviceD and DeviceE run both of the processes.
Route import between OSPF process 1 and OSPF process 2 is configured on
DeviceD and DeviceE. The routes distributed by OSPF process 1 on DeviceE are redistributed back to OSPF process 1 on DeviceD through OSPF process 2. As the
costs of the routes newly distributed by DeviceD are smaller, they are
preferentially selected by OSPF process 1, resulting in routing loops.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
251
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-37 Typical network diagram of OSPF inter-process mutual route import
Take the route distributed by DeviceA as an example. A stable routing loop is
formed through the following process:
Phase 1
On the network shown in Figure 5-38, OSPF process 1 on DeviceA imports the
static route 10.0.0.1 and floods a Type 5 AS-External-LSA in OSPF process 1. After
receiving the LSA, OSPF process 1 on DeviceD and OSPF process 1 on DeviceE
each calculate a route to 10.0.0.1, with the outbound interfaces being interface1
on DeviceD and interface1 on DeviceE, respectively, and the cost being 102. At this
point, the routes to 10.0.0.1 in OSPF process 1 in the routing tables of DeviceD
and DeviceE are active.
Figure 5-38 Phase 1
Phase 2
In Figure 5-39, DeviceD and DeviceE are configured to import routes from OSPF
process 1 to OSPF process 2. No route-policy is configured for the import, or the
configured route-policy is improper. For example, OSPF process 2 on DeviceE
imports routes from OSPF process 1 and then floods a Type 5 AS-External-LSA in
OSPF process 2. After receiving the LSA, OSPF process 2 on DeviceD calculates a
route to 10.0.0.1, with the cost being 2, which is smaller than that (102) of the
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
252
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
route calculated by OSPF process 1. As a result, the active route to 10.0.0.1 in the
routing table of DeviceD is switched from the one calculated by OSPF process 1 to
the one calculated by OSPF process 2, and the outbound interface of the route is
sub-interface2.1.
Figure 5-39 Phase 2
Phase 3
In Figure 5-40, DeviceD imports the route from OSPF process 2 to OSPF process 1
and floods a Type 5 AS-External LSA in OSPF process 1. After receiving the LSA,
OSPF process 1 on DeviceE recalculates the route to 10.0.0.1. The cost of the route
becomes 2, which is smaller than that of the previously calculated route.
Therefore, the route to 10.0.0.1 in OSPF process 1 on DeviceE is changed to the
route distributed by DeviceD, and the outbound interface is interface 2.
Figure 5-40 Phase 3
Phase 4
After the route to 10.0.0.1 on DeviceE is updated, OSPF process 2 still imports the
route from OSPF process 1 as the route remains active, and continues to
distribute/update a Type 5 AS-External-LSA.
As a result, a stable routing loop is formed. Assuming that traffic is injected from
DeviceF, Figure 5-41 shows the traffic flow when the routing loop occurs.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
253
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-41 Traffic flow when the routing loop occurs
Implementation (OSPF Inter-Process Mutual Route Import)
Routing loop detection for the routes imported between OSPF processes can
resolve the routing loops in the preceding scenario.
When distributing a Type 5 AS-External-LSA for an imported route, OSPF also uses
a Type 11 extended prefix Opaque LSA to distribute to other devices the
Redistribute ID of the device that redistributes the imported route. If the route is
redistributed by different protocols through multiple devices, the Redistribute IDs
of these protocols on the devices are distributed through a Type 11 extended
prefix Opaque LSA. When receiving the Type 11 extended prefix Opaque LSA, a
route calculation device saves the Redistribute ID and route information of the
route redistribution device. When another process of a route calculation device
imports the route, the device checks whether a routing loop occurs according to
the route redistribution information. If a routing loop occurs, the device attaches a
large route cost to the AS-External-LSA for the imported route so that other
devices preferentially select other paths after learning the route. This prevents
routing loops.
Figure 5-42 Typical networking of route import to OSPF
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
254
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
The following uses the Figure 5-42 to explain how a loop is detected and
eliminated:
1.
DeviceA distributes its locally originated route 10.0.0.1/24 to DeviceB.
2.
DeviceD learns the route distributed by DeviceB through OSPF process 1 and
imports the route from OSPF process 1 to OSPF process 2. DeviceE learns the
route distributed by DeviceD through OSPF process 2 and saves the
Redistribute List distributed by DeviceD through OSPF process 2 to the routing
table when calculating routes.
3.
DeviceE imports the route from OSPF process 2 to OSPF process 1 and
redistributes the route through OSPF process 1. The corresponding Type 11
extended prefix Opaque LSA contains the Redistribute ID of OSPF process 1
on DeviceE and the Redistribute ID of OSPF process 2 on DeviceD. The
Redistribute ID of OSPF process 1 on DeviceB has been discarded from the
LSA.
4.
OSPF process 1 on DeviceD learns the Redistribute list corresponding to the
route distributed by DeviceE and saves the Redistribute list in the routing
table. When importing the route from OSPF process 1 to OSPF process 2,
DeviceD finds that the Redistribute list of the route contains its own
Redistribute ID, considers that a routing loop is detected, and reports an
alarm. OSPF process 2 on DeviceD distributes a large cost when redistributing
the route so that other devices preferentially select other paths after learning
the route. This prevents routing loops.
NOTE
In the preceding typical networking:
If routes are imported within a protocol on a device and the device detects a routing
loop, it increases the cost of the route to be advertised. After the remote device learns
this route with a large cost, it does not preferentially select this route as the optimal
route in the IP routing table. In this manner, the routing loop is eliminated.
In the case of inter-protocol route import, if a routing protocol with a higher priority
detects a routing loop, although this protocol increases the cost of the corresponding
route, the cost increase will not render the route inactive. As a result, the routing loop
cannot be eliminated. If the routing protocol with a lower priority detects a routing
loop and increases the cost of the corresponding route, the originally imported route is
preferentially selected. In this case, the routing loop can be eliminated.
Cause (Mutual Route Import Between OSPF and IS-IS)
On the network shown in Figure 5-43, DeviceA, DeviceB, and DeviceC run OSPF
process 1, DeviceF and DeviceG run IS-IS process 2, and DeviceD and DeviceE run
both processes. Route import between OSPF process 1 and IS-IS process 2 is
configured on DeviceD and DeviceE. The ASE routes distributed by OSPF process 1
on DeviceE are re-distributed back to OSPF process 1 on DeviceD through IS-IS
process 2. As the costs of the routes newly distributed by DeviceD are smaller, they
are preferentially selected by OSPF process 1, resulting in routing loops.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
255
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-43 Traffic flow when a routing loop occurs during route import between
OSPF and IS-IS
Implementation (Mutual Route Import Between OSPF and IS-IS)
The following uses the networking shown in Figure 5-43 as an example to
describe how a routing loop is detected and resolved.
1.
DeviceD learns the route distributed by DeviceB through OSPF process 1 and
imports the route from OSPF process 1 to IS-IS process 2. When IS-IS process
2 on DeviceD distributes route information, it uses the extended prefix subTLV to distribute the Redistribute ID of IS-IS process 2 through an LSP. IS-IS
process 2 on DeviceE learns the route distributed by DeviceD and saves the
Redistribute ID distributed by IS-IS process 2 on DeviceD to the routing table
during route calculation.
2.
DeviceE imports the route from IS-IS process 2 to OSPF process 1 and uses an
E-AS-External-LSA to distribute the Redistribute ID of OSPF process 1 on
DeviceE when distributing route information. Similarly, after OSPF process 1
on DeviceD learns the route from DeviceE, DeviceD saves the Redistribute ID
distributed by OSPF process 1 on DeviceE to the routing table during route
calculation.
3.
When importing the route from OSPF process 1 to IS-IS process 2, DeviceD
finds that the Redistribute list of the route contains its own Redistribute ID,
considers that a routing loop is detected, and reports an alarm. IS-IS process 2
on DeviceD distributes a large cost when distributing the imported route.
Because IS-IS has a higher priority than OSPF ASE, this does not affect the
route selection result or resolve the routing loop.
4.
DeviceE imports the route from IS-IS process 2 to OSPF process 1, finds that
the Redistribute list of the route contains its own Redistribute ID, considers
that a routing loop is detected, and reports an alarm. OSPF process 1 on
DeviceE distributes a large cost when distributing the imported route so that
other devices preferentially select other paths after learning the route. This
prevents routing loops.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
256
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
NOTE
In the preceding typical networking:
If routes are imported within a protocol on a device and the device detects a routing loop, it
increases the cost of the route to be advertised. After the remote device learns this route
with a large cost, it does not preferentially select this route as the optimal route in the IP
routing table. In this manner, the routing loop is eliminated.
In the case of inter-protocol route import, if a routing protocol with a higher priority detects
a routing loop, although this protocol increases the cost of the corresponding route, the
cost increase will not render the route inactive. As a result, the routing loop cannot be
eliminated. If the routing protocol with a lower priority detects a routing loop and increases
the cost of the corresponding route, the originally imported route is preferentially selected.
In this case, the routing loop can be eliminated.
Cause (Mutual Route Import Between OSPF and BGP)
On the network shown in Figure 5-44, DeviceA, DeviceB, and DeviceC run a BGP
process, DeviceF and DeviceG run OSPF process 2, and DeviceD and DeviceE run
both processes. Route import between BGP and OSPF process 2 is configured on
DeviceD and DeviceE. The routes distributed by BGP on DeviceE are redistributed
back to BGP through OSPF process 2 on DeviceD. Because no route-policy is
configured for the import or the configured route-policy is improper, the route
newly distributed by DeviceD may be selected as the optimal route by BGP,
causing a routing loop.
Figure 5-44 Traffic flow when a routing loop occurs during route import between
OSPF and BGP
Implementation (Mutual Route Import Between OSPF and BGP)
The following uses the networking shown in Figure 5-44 as an example to
describe how a routing loop is detected and resolved.
1.
Issue 04 (2023-09-22)
DeviceD learns the route distributed by DeviceB through BGP and imports the
BGP route to OSPF process 2. When DeviceD distributes the imported route
through OSPF process 2, it uses a Type 11 extended prefix Opaque LSA to
distribute the Redistribute ID of OSPF process 2 on DeviceD. DeviceE learns
the route distributed by DeviceD through OSPF process 2 and saves the
Redistribute List distributed by DeviceD through OSPF process 2 to the routing
table when calculating routes.
Copyright © Huawei Technologies Co., Ltd.
257
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
2.
DeviceE imports the route from OSPF process 2 to BGP and distributes the
Redistribute ID of the BGP process on DeviceE through a Type 11 extended
prefix Opaque LSA when redistributing the imported route. After BGP on
DeviceD learns the route distributed by DeviceE, DeviceD saves the
Redistribute ID distributed by BGP on DeviceE to the routing table during
route calculation.
3.
When importing the route from BGP to OSPF process 2, DeviceD finds that
the Redistribute list of the route contains its own Redistribute ID, considers
that a routing loop is detected, and reports an alarm. OSPF process 2 on
DeviceD distributes a large link cost when distributing the imported route.
Because OSPF has a higher priority than BGP, this does not affect the route
selection result or resolve the routing loop.
4.
After learning the route distributed by OSPF on DeviceD, DeviceE imports the
route to BGP. Upon finding that the Redistribute list of the route contains its
own Redistribute ID, DeviceE considers that a routing loop is detected and
reports an alarm. When BGP on DeviceE distributes the route, it reduces the
priority of the route. In this way, other devices preferentially select other paths
after learning this route, preventing routing loops.
NOTE
In the preceding typical networking:
If routes are imported within a protocol on a device and the device detects a routing
loop, it increases the cost of the route to be advertised. After the remote device learns
this route with a large cost, it does not preferentially select this route as the optimal
route in the IP routing table. In this manner, the routing loop is eliminated.
In the case of inter-protocol route import, if a routing protocol with a higher priority
detects a routing loop, although this protocol increases the cost of the corresponding
route, the cost increase will not render the route inactive. As a result, the routing loop
cannot be eliminated. If the routing protocol with a lower priority detects a routing
loop and increases the cost of the corresponding route, the originally imported route is
preferentially selected. In this case, the routing loop can be eliminated.
5.25.2 Configuring Routing Loop Detection for Routes
Imported into OSPF
Context
Routing loops may occur when an OSPF process imports routes. If routing loop
detection is enabled for routes imported to OSPF on a device and this device
detects that it imports a route advertised by itself, it sends this route with a large
link cost to other devices. After receiving this route, these devices preferentially
select other paths, thereby preventing routing loops.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
258
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 3 Enable the OSPF Opaque LSA capability.
opaque-capability enable
NOTE
OSPF uses opaque LSAs to implement loop detection on imported routes. Therefore, to
enable loop detection on imported routes, run the opaque-capability enable command to
enable the opaque LSA capability.
Step 4 (Optional) Exit the routing loop detection alarm state and clear related alarms.
clear route loop-detect ospf alarm-state
NOTE
If the device detects an OSPF routing loop, it reports an alarm. Because the device cannot
automatically detect whether the routing loop is eliminated, you need to run this command
after the routing loop is eliminated to prevent the device from advertising a large link cost
for imported routes and manually clear the OSPF routing loop alarm. If this command is
executed when the routing loop has not been eliminated, the alarm is reported again.
Step 5 Enable routing loop detection for routes imported into OSPF.
route loop-detect ospf enable
NOTE
To disable routing loop detection for routes imported into OSPF, run the undo route loopdetect ospf enable command.
----End
5.25.3 Example for Configuring Routing Loop Detection for
BGP Routes Imported to OSPF
This section describes how to configure routing loop detection for routes imported
from BGP to OSPF.
Networking Requirements
On the live network, OSPF routes can be imported to a BGP process for
redistribution. In such a scenario, routing policies are usually configured on
multiple devices to prevent routing loops. If routing policies are incorrectly
configured on the devices that import routes, routing loops may occur. To prevent
this problem, configure routing loop detection for the routes imported to OSPF.
On the network shown in Figure 5-45, DeviceA, DeviceB, DeviceC, and DeviceD
establish IBGP peer relationships, and an OSPF process is configured on DeviceC
and DeviceD. OSPF is configured on DeviceC to import BGP routes, and BGP is
configured on DeviceD to import OSPF routes.
Figure 5-45 Routing loop detection for routes imported from BGP to OSPF
NOTE
In this example, interface 1, interface 2, and interface 3 represent 10GE 0/0/1, 10GE 0/0/2,
and 10GE0/0/3, respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
259
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces on each device.
2.
Enable OSPF and BGP, and configure basic OSPF and BGP functions.
3.
Configure route import to construct a routing loop.
4.
Check whether a routing loop occurs.
5.
Enable routing loop detection to check whether the routing loop is
eliminated.
Procedure
Step 1 Assign an IP address to each interface.
DeviceA is used as an example.
<DeviceA> system-view
[DeviceA] interface 10GE0/0/1
[DeviceA-10GE0/0/1] ip address 10.12.1.1 24
[DeviceA-10GE0/0/1] quit
The configurations of other devices are similar to those of DeviceA. For
configuration details, see Configuration Scripts in this section.
In addition, configure a static route on DeviceA to simulate a looped route.
[DeviceA] ip route-static 10.0.0.0 255.255.255.255 NULL0
Step 2 Enable OSPF and BGP, and configure basic OSPF and BGP functions to implement
intra-AS communication.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
260
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
# Enable BGP on DeviceA and establish an IBGP peer relationship between
DeviceA and DeviceB.
[DeviceA] bgp 100
[DeviceA-bgp] router-id 10.11.1.1
[DeviceA-bgp] peer 10.12.1.2 as-number 100
[DeviceA-bgp] ipv4-family unicast
[DeviceA-bgp-af-ipv4] peer 10.12.1.2 enable
[DeviceA-bgp] quit
# Enable BGP on DeviceB, and establish IBGP peer relationships between DeviceB
and DeviceA, between DeviceB and DeviceC, and between DeviceB and DeviceD.
[DeviceB] bgp 100
[DeviceB-bgp] router-id 10.22.2.2
[DeviceB-bgp] peer 10.12.1.1 as-number 100
[DeviceB-bgp] peer 10.23.1.3 as-number 100
[DeviceB-bgp] peer 10.24.1.4 as-number 100
[DeviceB-bgp] ipv4-family unicast
[DeviceB-bgp-af-ipv4] peer 10.12.1.1 enable
[DeviceB-bgp-af-ipv4] peer 10.23.1.3 enable
[DeviceB-bgp-af-ipv4] peer 10.24.1.4 enable
[DeviceB-bgp-af-ipv4] peer 10.23.1.3 reflect-client
[DeviceB-bgp] quit
# Enable BGP on DeviceC and establish an IBGP peer relationship between
DeviceC and DeviceB.
[DeviceC] bgp 100
[DeviceC-bgp] router-id 10.33.3.3
[DeviceC-bgp] peer 10.23.1.2 as-number 100
[DeviceC-bgp] ipv4-family unicast
[DeviceC-bgp-af-ipv4] peer 10.23.1.2 enable
[DeviceC-bgp] quit
# Enable BGP on DeviceD and establish an IBGP peer relationship between
DeviceD and DeviceB.
[DeviceD] bgp 100
[DeviceD-bgp] router-id 10.44.4.4
[DeviceD-bgp] peer 10.24.1.2 as-number 100
[DeviceD-bgp] ipv4-family unicast
[DeviceD-bgp-af-ipv4] peer 10.24.1.2 enable
[DeviceD-bgp] quit
# Configure OSPF on DeviceC and DeviceD. The configuration on DeviceC is used
as an example.
[DeviceC] ospf 1 router-id 10.33.3.3
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.0] network 10.34.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] quit
[DeviceC-ospf-1] quit
Step 3 Configure route import.
# Configure OSPF on DeviceC to import BGP routes.
[DeviceC] ospf 1 router-id 10.33.3.3
[DeviceC-ospf-1] import-route bgp permit-ibgp
[DeviceC-ospf-1] quit
# Configure BGP on DeviceD to import OSPF routes.
[DeviceD] bgp 100
[DeviceD-bgp] ipv4-family unicast
[DeviceD-bgp-af-ipv4] import-route ospf 1
[DeviceD-bgp] quit
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
261
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 4 Display the routing table on each device to check whether a routing loop occurs.
# Check BGP peer information on DeviceB.
[DeviceB] display bgp peer
BGP local router ID : 10.22.2.2
Local AS number : 100
Total number of peers : 3
Peer
10.12.1.1
10.23.1.3
10.24.1.4
V
4
4
4
Peers in established state : 3
AS MsgRcvd MsgSent OutQ Up/Down
State
100
453
458
0 06:30:47 Established
100
452
458
0 06:30:46 Established
100
451
457
0 06:29:39 Established
PrefRcv
1
0
3
# Check OSPF neighbor information on DeviceC.
[DeviceC] display ospf peer
(M) Indicates MADJ neighbor
OSPF Process 1 with Router ID 10.33.3.3
Neighbors
Area 0.0.0.0 interface 10.34.1.3 (10GE0/0/1)'s neighbors
Router ID: 10.44.4.4
Address: 10.34.1.4
State: Full
Mode:Nbr is Master
Priority: 1
DR: 10.34.1.4
BDR: 10.34.1.3
MTU: 0
Dead timer due in 31 sec
Retrans timer interval: 5
Neighbor is up for 06h28m21s
Neighbor Up Time : 2021-08-27 02:59:32
Authentication Sequence: [ 0 ]
# Check OSPF neighbor information on DeviceD.
[DeviceD] display ospf peer
(M) Indicates MADJ neighbor
OSPF Process 1 with Router ID 10.44.4.4
Neighbors
Area 0.0.0.0 interface 10.34.1.4 (10GE0/0/2)'s neighbors
Router ID: 10.33.3.3
Address: 10.34.1.3
State: Full
Mode:Nbr is Slave
Priority: 1
DR: 10.34.1.4
BDR: 10.34.1.3
MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 06h28m25s
Neighbor Up Time : 2021-08-27 02:59:32
Authentication Sequence: [ 0 ]
The preceding command outputs show that BGP peer relationships and OSPF
neighbor relationships have been established between the devices.
# Check the BGP routing table of DeviceB.
[DeviceB] display bgp routing-table 10.0.0.0
BGP local router ID : 10.22.2.2
Local AS number : 100
Paths: 2 available, 1 best, 1 select, 0 best-external, 0 add-path
BGP routing table entry information of 10.0.0.0/32:
RR-client route.
From: 10.24.1.4 (10.44.4.4)
Route Duration: 0d00h00m52s
Relay IP Nexthop: 10.24.1.4
Relay IP Out-Interface: 10GE0/0/1
Original nexthop: 10.24.1.4
Qos information : 0x0
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
262
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
AS-path Nil, origin incomplete, MED 1, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Advertised to such 3 peers:
10.23.1.3
10.24.1.4
10.12.1.1
BGP routing table entry information of 10.0.0.0/32:
From: 10.12.1.1 (10.11.1.1)
Route Duration: 0d22h53m22s
Relay IP Nexthop: 10.12.1.1
Relay IP Out-Interface:10GE0/0/2
Original nexthop: 10.12.1.1
Qos information : 0x0
AS-path 10, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, pre 255, not preferred for
AS-Path
Not advertised to any peer yet
The preceding command output shows that DeviceB has learned the BGP route
advertised by DeviceD.
# Check the BGP routing table of DeviceC.
[DeviceC] display bgp routing-table 10.0.0.0
BGP local router ID : 10.33.3.3
Local AS number : 100
Paths: 1 available, 1 best, 1 select, 0 best-external, 0 add-path
BGP routing table entry information of 10.0.0.0/32:
From: 10.23.1.2 (10.22.2.2)
Route Duration: 0d07h12m30s
Relay IP Nexthop: 0.0.0.0
Relay IP Out-Interface: NULL0
Original nexthop: 10.12.1.1
Qos information : 0x0
AS-path 10, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Originator: 10.11.1.1
Cluster list: 10.22.2.2
Not advertised to any peer yet
The preceding command output shows that DeviceC has learned the BGP route
advertised by DeviceB.
# Check the routing table of DeviceD.
[DeviceD] display ospf routing 10.0.0.0
OSPF Process 1 with Router ID 10.44.4.4
Destination : 10.0.0.0/32
AdverRouter : 10.33.3.3
Cost
:1
NextHop
: 10.34.1.3
Priority
: Medium
Tag
Type
Interface
Age
:1
: Type2
: 10GE0/0/2
: 01h31m18s
The preceding command output shows that DeviceD has learned the OSPF route
distributed by DeviceC.
In this case, a routing loop occurs on DeviceB, DeviceC, and DeviceD.
Step 5 Enable routing loop detection on each device.
# Enable routing loop detection for routes imported into OSPF and BGP. DeviceA is
used as an example.
[DeviceA] route loop-detect ospf enable
[DeviceA] route loop-detect bgp enable
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
263
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
NOTE
In the case of inter-protocol route import, if a routing protocol with a higher priority detects
a routing loop, although this protocol increases the cost of the corresponding route, the
cost increase will not render the route inactive. As a result, the routing loop cannot be
eliminated. If a routing protocol with a lower preference detects a routing loop and
increases the cost of the corresponding route, this route will not be preferred over the
originally received route. In this case, the routing loop can be eliminated. OSPF has a higher
preference than BGP. Therefore, to eliminate the routing loop, you need to reduce the
preference of the corresponding BGP route.
Step 6 Check whether the routing loop is eliminated.
# Check the BGP routing table of DeviceB.
[DeviceB] display bgp routing-table 10.0.0.0
BGP local router ID : 10.22.2.2
Local AS number : 100
Paths: 1 available, 1 best, 1 select, 0 best-external, 0 add-path
BGP routing table entry information of 10.0.0.0/32:
From: 10.12.1.1 (10.11.1.1)
Route Duration: 1d00h10m02s
Relay IP Nexthop: 10.12.1.1
Relay IP Out-Interface: 10GE0/0/2
Original nexthop: 10.12.1.1
Qos information : 0x0
AS-path 10, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Advertised to such 2 peers:
10.23.1.3
10.24.1.4
The preceding command output shows that DeviceB has learned the route
distributed by DeviceA and no longer preferentially selects the route distributed by
DeviceD. This means that the routing loop on DeviceB, DeviceC, and DeviceD is
eliminated.
----End
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
interface 10GE0/0/1
ip address 10.12.1.1 255.255.255.0
#
bgp 100
router-id 10.11.1.1
private-4-byte-as enable
peer 10.12.1.2 as-number 100
#
ipv4-family unicast
import-route static
peer 10.12.1.2 enable
#
ip route-static 10.0.0.0 255.255.255.255 NULL0
#
route loop-detect ospf enable
#
route loop-detect bgp enable
#
return
●
Issue 04 (2023-09-22)
DeviceB
Copyright © Huawei Technologies Co., Ltd.
264
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
#
sysname DeviceB
#
interface 10GE0/0/2
ip address 10.12.1.2 255.255.255.0
#
interface 10GE0/0/3
ip address 10.24.1.2 255.255.255.0
#
interface 10GE0/0/1
ip address 10.23.1.2 255.255.255.0
#
bgp 100
router-id 10.22.2.2
private-4-byte-as enable
peer 10.12.1.1 as-number 100
peer 10.23.1.3 as-number 100
peer 10.24.1.4 as-number 100
#
ipv4-family unicast
peer 10.12.1.1 enable
peer 10.23.1.3 enable
peer 10.23.1.3 reflect-client
peer 10.24.1.4 enable
peer 10.24.1.4 reflect-client
#
route loop-detect ospf enable
#
route loop-detect bgp enable
#
return
●
DeviceC
#
sysname DeviceC
#
interface 10GE0/0/1
ip address 10.34.1.3 255.255.255.0
#
interface 10GE0/0/2
ip address 10.23.1.3 255.255.255.0
#
bgp 100
router-id 10.33.3.3
private-4-byte-as enable
peer 10.23.1.2 as-number 100
#
ipv4-family unicast
peer 10.23.1.2 enable
#
ospf 1 router-id 10.33.3.3
import-route bgp permit-ibgp
opaque-capability enable
area 0.0.0.0
network 10.34.1.0 0.0.0.255
#
route loop-detect ospf enable
#
route loop-detect bgp enable
#
return
●
DeviceD
#
sysname DeviceD
#
interface 10GE0/0/2
ip address 10.34.1.4 255.255.255.0
#
interface 10GE0/0/1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
265
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
ip address 10.24.1.4 255.255.255.0
#
bgp 100
router-id 10.44.4.4
private-4-byte-as enable
peer 10.24.1.2 as-number 100
#
ipv4-family unicast
import-route ospf 1
peer 10.24.1.2 enable
#
ospf 1 router-id 10.44.4.4
opaque-capability enable
area 0.0.0.0
network 10.34.1.0 0.0.0.255
#
route loop-detect ospf enable
#
route loop-detect bgp enable
#
return
5.26 Suppressing the Advertisement of Interface IP
Addresses
Prerequisites
Before suppressing the advertisement of interface IP addresses, you have
completed the following task:
●
Configure basic OSPF functions.
Context
On an OSPF network, if a device only requires an interface to establish a neighbor
relationship with another device, and you want to hide the IP address of the
interface from external devices, you can suppress the advertisement of the
interface IP address. This allows an interface of an external device to use the same
IP address.
Procedure
●
Suppress the advertisement of all interface IP addresses in the OSPF process.
a.
Enter the system view.
system-view
b.
Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default
value is 1.
c.
Suppress the advertisement of all interface IP addresses in the OSPF
process.
suppress-reachability
●
Suppress the advertisement of the IP address of a specified interface.
a.
Enter the system view.
system-view
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
266
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
b.
5 OSPF Configuration
Enter the interface view.
interface interface-type interface-number
c.
Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface
working mode.
d.
Suppress the advertisement of the IP address of the specified interface.
ospf suppress-reachability
----End
Verifying the Configuration
●
Run the display ospf [ process-id ] interface [ verbose ] command to check
OSPF interface information.
●
Run the display ospf [ process-id ] routing command to check OSPF routing
table information.
5.27 Disabling OSPF CPU Overload Control
Context
By default, OSPF CPU overload control is enabled. If a device's CPU is overloaded,
each module takes necessary measures to control its own CPU usage accordingly.
Upon receiving a CPU overload notification from the system, the OSPF module
controls the speeds of some internal computing processes and the establishment
of neighbor relationships based on the CPU overload condition to enhance the
resilience of OSPF. In this case, new neighbor relationships cannot be established.
For original neighbor relationships, if a neighbor relationship is in the Full state, it
will be retained; if a neighbor relationship is in a non-Full state, establishment of
the neighbor relationship is paused and can continue only after the CPU recovers
from overload.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Disable OSPF CPU overload control.
ospf cpu-overload control disable
NOTE
To minimize the impact of CPU overload upon services, you are advised not to disable OSPF
CPU overload control.
----End
5.28 Configuring OSPF-BGP Synchronization
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
267
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.28.1 Understanding OSPF-BGP Synchronization
Purpose
New device deployment or a device restart may lead to network traffic loss during
BGP convergence. This is due to IGP convergence being faster than BGP
convergence. OSPF-BGP synchronization can address this issue.
Fundamentals
If a backup link exists, BGP traffic may be lost during traffic switchback, as BGP
routes converge more slowly than OSPF routes.
In Figure 5-46, DeviceA, DeviceB, DeviceC, and DeviceD run OSPF and establish
IBGP connections. DeviceC functions as a backup of DeviceB. When the network is
stable, BGP and OSPF routes fully converge on the devices.
In normal cases, traffic from DeviceA to 10.3.1.0/30 passes through DeviceB. If
DeviceB fails, traffic is switched to DeviceC. After DeviceB recovers, traffic is
switched back to DeviceB, during which traffic loss occurs.
This is due to OSPF route convergence being complete, while BGP route
convergence (which is slower than IGP route convergence) continues during the
traffic switchback. As a result, DeviceB does not have the route to 10.3.1.0/30.
When traffic from DeviceA to 10.3.1.0/30 is forwarded to DeviceB, DeviceB
discards the traffic because it does not have the route to 10.3.1.0/30.
Figure 5-46 Networking for OSPF-BGP synchronization
If OSPF-BGP synchronization is configured on a device, the device remains as a
stub device during the set synchronization period. During this period, the link
metric in the LSAs advertised by the device is the maximum value (65535), which
instructs other OSPF devices not to use it as a transit device for data forwarding.
In Figure 5-46, OSPF-BGP synchronization is enabled on DeviceB. In this situation,
before BGP route convergence is complete, DeviceA continues to forward data
through DeviceC rather than DeviceB until BGP route convergence on the latter is
complete.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
268
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.28.2 Enabling OSPF-BGP Synchronization
Prerequisites
Before enabling OSPF-BGP synchronization, you have completed the following
tasks:
●
Configure basic OSPF functions.
●
Configure basic BGP functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Configure the current device as a stub router.
stub-router on-startup [ interval ]
After configuration, the link metric in the LSAs advertised by the device is the
maximum value (65535), which instructs other OSPF devices not to use it as a
transit device for data forwarding.
Step 4 Enable secure synchronization.
safe-sync enable
If a stub router restarts, the router LSAs on the device are discarded. In this case,
the neighbors use the old router LSAs before the device restart to calculate routes
that pass through it due to the interval at which LSAs are retransmitted. As a
result, packet loss occurs and continues for seconds after the device is restarted
and before the device establishes a neighbor relationship with the peer end.
To prevent this issue, configure secure synchronization on the device to be
restarted. When the device synchronizes the LSDB with the peer end, it deletes or
updates the LSA received from the peer end if that LSA was the one generated by
the device itself. In this manner, the neighbor relationship between the local device
and peer end can reach the Full state, indicating a successful establishment.
----End
5.28.3 Verifying the Configuration
Procedure
●
Run the display ip routing-table command on the previous hop of the device
with OSPF-BGP synchronization enabled. The command output shows that
the next hop of the route to the destination address is changed to another
device.
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
269
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.28.4 Example for Configuring OSPF-BGP Synchronization
Networking Requirements
In Figure 5-47, all devices run BGP, and an EBGP connection is set up between
DeviceD and DeviceE. IBGP connections are set up between devices in AS 10, and
OSPF is used in the AS.
OSPF-BGP synchronization is required on DeviceB so that a restart of DeviceB does
not interrupt the traffic from DeviceA to AS 20.
Figure 5-47 Network diagram of OSPF-BGP synchronization
NOTE
In this example, interface 1, interface 2, and interface 3 represent 10GE 0/0/1, 10GE 0/0/2,
and 10GE 0/0/3, respectively.
Configuration Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable OSPF on DeviceA, DeviceB, DeviceC, and DeviceD (except the interface
10.2.1.1/30), and specify the same area for the network segments where the
OSPF interfaces reside.
2.
Set up IBGP connections between DeviceA, DeviceB, DeviceC, and DeviceD
(except the interface 10.2.1.1/30).
3.
Set the OSPF cost on DeviceC.
4.
Configure an EBGP connection between DeviceD and DeviceE.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
270
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.
Configure BGP to import direct routes and routes from the OSPF process on
DeviceD.
6.
Configure BGP on DeviceE.
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 5-47. For configuration
details, see configuration scripts.
Step 2 Configure basic OSPF functions.
For detailed configurations, see the configuration scripts.
Step 3 Configure IBGP peer relationships between DeviceA, DeviceB, DeviceC, and
DeviceD.
# Configure DeviceA.
<DeviceA> system-view
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] ip address 10.10.1.1 32
[DeviceA-LoopBack0] quit
[DeviceA] bgp 10
[DeviceA-bgp] router-id 10.10.1.1
[DeviceA-bgp] peer 10.10.2.2 as-number 10
[DeviceA-bgp] peer 10.10.2.2 connect-interface LoopBack 0
[DeviceA-bgp] peer 10.10.3.3 as-number 10
[DeviceA-bgp] peer 10.10.3.3 connect-interface LoopBack 0
[DeviceA-bgp] peer 10.10.4.4 as-number 10
[DeviceA-bgp] peer 10.10.4.4 connect-interface LoopBack 0
[DeviceA-bgp] quit
# Configure DeviceB.
<DeviceB> system-view
[DeviceB] interface loopback 0
[DeviceB-LoopBack0] ip address 10.10.2.2 32
[DeviceB-LoopBack0] quit
[DeviceB] bgp 10
[DeviceB-bgp] router-id 10.10.2.2
[DeviceB-bgp] peer 10.10.1.1 as-number 10
[DeviceB-bgp] peer 10.10.1.1 connect-interface LoopBack 0
[DeviceB-bgp] peer 10.10.3.3 as-number 10
[DeviceB-bgp] peer 10.10.3.3 connect-interface LoopBack 0
[DeviceB-bgp] peer 10.10.4.4 as-number 10
[DeviceB-bgp] peer 10.10.4.4 connect-interface LoopBack 0
[DeviceB-bgp] quit
# Configure DeviceC.
<DeviceC> system-view
[DeviceC] interface loopback 0
[DeviceC-LoopBack0] ip address 10.10.3.3 32
[DeviceC-LoopBack0] quit
[DeviceC] bgp 10
[DeviceC-bgp] router-id 10.10.3.3
[DeviceC-bgp] peer 10.10.1.1 as-number 10
[DeviceC-bgp] peer 10.10.1.1 connect-interface LoopBack 0
[DeviceC-bgp] peer 10.10.2.2 as-number 10
[DeviceC-bgp] peer 10.10.2.2 connect-interface LoopBack 0
[DeviceC-bgp] peer 10.10.4.4 as-number 10
[DeviceC-bgp] peer 10.10.4.4 connect-interface LoopBack 0
[DeviceC-bgp] quit
# Configure DeviceD.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
271
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
<DeviceD> system-view
[DeviceD] interface loopback 0
[DeviceD-LoopBack0] ip address 10.10.4.4 32
[DeviceD-LoopBack0] quit
[DeviceD] bgp 10
[DeviceD-bgp] router-id 10.10.4.4
[DeviceD-bgp] peer 10.10.1.1 as-number 10
[DeviceD-bgp] peer 10.10.1.1 connect-interface LoopBack 0
[DeviceD-bgp] peer 10.10.2.2 as-number 10
[DeviceD-bgp] peer 10.10.2.2 connect-interface LoopBack 0
[DeviceD-bgp] peer 10.10.3.3 as-number 10
[DeviceD-bgp] peer 10.10.3.3 connect-interface LoopBack 0
[DeviceD-bgp] quit
Step 4 Configure an EBGP connection.
# Configure DeviceD.
[DeviceD] bgp
[DeviceD-bgp]
[DeviceD-bgp]
[DeviceD-bgp]
[DeviceD-bgp]
10
peer 10.2.1.2 as-number 20
import-route direct
import-route ospf 1
quit
# Configure DeviceE.
[DeviceE] bgp 20
[DeviceE-bgp] peer 10.2.1.1 as-number 10
[DeviceE-bgp] ipv4-family unicast
[DeviceE-bgp-af-ipv4] network 10.3.1.0 30
[DeviceE-bgp-af-ipv4] quit
[DeviceE-bgp] quit
Step 5 Set the OSPF cost on DeviceC.
[DeviceC] interface 10ge 0/0/1
[DeviceC-10GE0/0/1] ospf cost 2
[DeviceC-10GE0/0/1] quit
[DeviceC] interface 10ge 0/0/2
[DeviceC-10GE0/0/2] ospf cost 2
[DeviceC-10GE0/0/2] quit
NOTE
After the OSPF cost is set to 2 on DeviceC, DeviceA selects only DeviceB as the intermediate
device to the network segment 10.2.1.0, and DeviceC becomes a backup of DeviceB.
# Check information about the routing table on DeviceA.
[DeviceA] display ip routing-table
Route Flags: R - relied, D - download to fib
-----------------------------------------------------------------------------Routing Table: _public_
Destinations : 20
Routes : 20
Destination/Mask
10.10.1.1/32
10.10.1.255/32
10.10.2.2/32
10.4.4.0/24
10.10.4.4/32
10.5.5.0/24
10.1.1.0/30
10.1.1.3/32
10.1.1.1/32
10.1.1.255/32
10.1.1.255/32
10.1.1.2/32
10.1.1.255/32
Issue 04 (2023-09-22)
Proto
Pre Cost
Direct 0 0
Direct 0 0
OSPF
10 3
BGP
255 0
OSPF
10 3
BGP
255 0
Direct 0 0
Direct 0 0
Direct 0 0
Direct 0 0
Direct 0 0
Direct 0 0
Direct 0 0
Flags NextHop
D
127.0.0.1
D
127.0.0.1
D
10.1.1.2
RD 10.10.4.4
D
10.1.1.2
RD 10.2.1.2
D
10.1.1.1
D
10.1.1.1
D
127.0.0.1
D
127.0.0.1
D
10.1.1.2
D
10.1.1.2
D
10.1.1.2
Interface
InLoopBack0
InLoopBack0
10GE0/0/1
10GE0/0/1
10GE0/0/1
10GE0/0/1
10GE0/0/1
10GE0/0/1
InLoopBack0
InLoopBack0
10GE0/0/1
10GE0/0/1
10GE0/0/1
Copyright © Huawei Technologies Co., Ltd.
272
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
10.1.2.0/30
Direct 0 0
D
10.1.2.1
10GE0/0/2
10.1.2.3/32
Direct 0 0
D
10.1.2.1
10GE0/0/2
10.1.2.1/32
Direct 0 0
D
127.0.0.1
InLoopBack0
10.1.2.255/32
Direct 0 0
D
127.0.0.1
InLoopBack0
10.1.2.2/32
Direct 0 0
D
10.1.2.2
10GE0/0/2
10.1.2.255/32
Direct 0 0
D
10.1.2.2
10GE0/0/2
127.0.0.0/8
Direct 0 0
D
127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0 0
D
127.0.0.1
InLoopBack0
127.0.0.255/32
Direct 0 0
D
127.0.0.1
InLoopBack0
10.3.1.0/30
OSPF 10 2
D
10.1.1.2
10GE0/0/1
10.1.3.1/32
BGP
255 0
RD 10.10.4.4
10GE0/0/1
10.1.4.0/30
OSPF
10 3
D
10.1.1.2
10GE0/0/1
OSPF
10 3
D
10.1.2.2
10GE0/0/2
10.1.4.1/32
BGP
255 0
RD 10.10.4.4
10GE0/0/1
10.2.1.0/30
BGP
255 0
RD 10.10.4.4
10GE0/0/1
10.2.1.2/32
BGP
255 0
RD 10.10.4.4
10GE0/0/1
10.3.1.0/30
BGP
255 0
RD 10.10.4.4
10GE0/0/1
255.255.255.255/32 Direct 0 0
D
127.0.0.1
InLoopBack0
The command output shows that BGP has learned the route to 10.3.1.0, with the
outbound interface being 10GE0/0/1.
# Check information about the routing table on DeviceB.
[DeviceB] display ip routing-table
Route Flags: R - relied, D - download to fib
-----------------------------------------------------------------------------Routing Table: _public_
Destinations : 19
Routes : 19
Destination/Mask
Proto
Pre Cost
Flags NextHop
Interface
10.10.2.2/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.10.2.255/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.10.1.1/32
OSPF
10 2
D 10.1.1.1
10GE0/0/1
10.4.4.0/24
BGP
255 0
RD 10.1.3.2
10GE0/0/2
10.10.4.4/32
OSPF
10 2
D 10.1.3.2
10GE0/0/2
10.5.5.0/24
BGP
255 0
RD 10.2.1.2
10GE0/0/2
10.1.1.0/30
Direct 0 0
D 10.1.1.2
10GE0/0/1
10.1.1.3/32
Direct 0 0
D 10.1.1.2
10GE0/0/1
10.1.1.1/32
Direct 0 0
D 10.1.1.1
10GE0/0/1
10.1.1.255/32
Direct 0 0
D 10.1.1.1
10GE0/0/1
10.1.1.2/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.1.1.255/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.1.2.0/30
OSPF
10 2
D 10.1.1.1
10GE0/0/1
10.1.3.0/30
Direct 0 0
D 10.1.3.1
10GE0/0/2
10.1.3.3/32
Direct 0 0
D 10.1.3.1
10GE0/0/2
10.1.3.1/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.1.3.255/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.1.3.2/32
Direct 0 0
D 10.1.3.2
10GE0/0/2
10.1.3.255/32
Direct 0 0
D 10.1.3.2
10GE0/0/2
127.0.0.0/8
Direct 0 0
D 127.0.0.1
InLoopBack0
127.0.0.1/32
Direct 0 0
D 127.0.0.1
InLoopBack0
127.0.0.255/32
Direct 0 0
D 127.0.0.1
InLoopBack0
10.1.4.0/30
OSPF
10 2
D 10.1.3.2
10GE0/0/2
10.1.4.1/32
BGP
255 0
RD 10.1.3.2
10GE0/0/2
10.2.1.0/30
BGP
255 0
RD 10.1.3.2
10GE0/0/2
10.2.1.2/32
BGP
255 0
RD 10.1.3.2
10GE0/0/2
10.3.1.0/30
BGP 255 0
RD 10.1.3.2
10GE0/0/2
255.255.255.255/32 Direct 0 0
D
127.0.0.1
InLoopBack0
The command output shows that DeviceB has learned the route to 10.3.1.0
through BGP, with the outbound interface being 10GE0/0/2. OSPF has learned the
routes to 10.1.2.0 and 10.1.4.0, and the costs are both 2.
Step 6 Enable OSPF-BGP synchronization on DeviceB.
[DeviceB] ospf 1
[DeviceB-ospf-1] stub-router on-startup
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
273
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
[DeviceB-ospf-1] safe-sync enable
[DeviceB-ospf-1] quit
----End
Verifying the Configuration
# Restart DeviceB.
NOTE
Here, the device is restarted based on the assumption that the device is faulty. In normal
cases, do not run the reboot command because it may lead to a temporary network
outage. In addition, check that the configuration script of the device has been saved before
you restart the device.
[DeviceB] reboot
System will reboot! Continue?[Y/N] y
# Check information about the routing table on DeviceA.
[DeviceA] display ip routing-table
Route Flags: R - relied, D - download to fib
-----------------------------------------------------------------------------Routing Table: _public_
Destinations : 20
Routes : 20
Destination/Mask
Proto Pre Cost
10.10.1.1/32 Direct 0 0
10.10.2.2/32 OSPF 10 4
10.4.4.0/24 BGP 255 0
10.10.4.4/32 OSPF 10 4
10.5.5.0/24 BGP 255 0
10.1.1.0/30 Direct 0 0
10.1.1.1/32 Direct 0 0
10.1.1.2/32 Direct 0 0
10.1.2.0/30 Direct 0 0
10.1.2.1/32 Direct 0 0
10.1.2.2/32 Direct 0 0
127.0.0.0/8 Direct 0 0
127.0.0.1/32 Direct 0 0
10.1.3.0/30 OSPF 10 2
10.1.3.1/32 BGP 255 0
10.1.4.0/30 OSPF 10 3
10.1.4.1/32 BGP 255 0
10.2.1.0/30 BGP 255 0
10.2.1.2/32 BGP 255 0
10.3.1.0/30 BGP 255 0
Flags NextHop
D 127.0.0.1
D 10.1.2.2
RD 10.10.4.4
D 10.1.2.2
RD 10.2.1.2
D 10.1.1.1
D 127.0.0.1
D 10.1.1.2
D 10.1.2.1
D 127.0.0.1
D 10.1.2.2
D 127.0.0.1
D 127.0.0.1
D 10.1.1.2
RD 10.10.4.4
D 10.1.2.2
RD 10.10.4.4
RD 10.10.4.4
RD 10.10.4.4
RD 10.10.4.4
Interface
InLoopBack0
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/1
InLoopBack0
10GE0/0/1
10GE0/0/2
InLoopBack0
10GE0/0/2
InLoopBack0
InLoopBack0
10GE0/0/1
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/2
The command output shows that BGP has learned the route to 10.3.1.0 and the
outbound interface is changed to 10GE0/0/2.
# Check information about the routing table on DeviceB.
[DeviceB] display ip routing-table
Route Flags: R - relied, D - download to fib
-----------------------------------------------------------------------------Routing Table: _public_
Destinations : 15
Routes : 15
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
10.10.1.1/32 OSPF 10 65536
D 10.1.1.1
10GE0/0/1
10.10.2.2/32 Direct 0 0
D 127.0.0.1
InLoopBack0
10.10.4.4/32 OSPF 10 65536
D 10.1.3.2
10GE0/0/2
10.1.1.0/30 Direct 0 0
D 10.1.1.2
10GE0/0/1
10.1.1.1/32 Direct 0 0
D 10.1.1.1
10GE0/0/1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
274
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
10.1.1.2/32
10.1.2.0/30
10.1.3.0/30
10.1.3.1/32
10.1.3.2/32
127.0.0.0/8
127.0.0.1/32
10.1.4.0/30
127.0.0.0/8
127.0.0.1/32
5 OSPF Configuration
Direct 0 0
D
OSPF 10 65536
Direct 0 0
D
Direct 0 0
D
Direct 0 0
D
Direct 0 0
D
Direct 0 0
D
OSPF 10 65536
Direct 0 0
D
Direct 0 0
D
127.0.0.1
InLoopBack0
D 10.1.1.1
10GE0/0/1
10.1.3.1
10GE0/0/2
127.0.0.1
InLoopBack0
10.1.3.2
10GE0/0/2
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
D 10.1.3.2
10GE0/0/2
127.0.0.1
InLoopBack0
127.0.0.1
InLoopBack0
The command output shows that only the OSPF routes exist in the routing table
and their costs are greater than 65535. This is because IGP routes converge faster
than BGP routes.
# Check information about the routing table on DeviceB again.
[DeviceB] display ip routing-table
Route Flags: R - relied, D - download to fib
-----------------------------------------------------------------------------Routing Table: _public_
Destinations : 19
Routes : 19
Destination/Mask
Proto Pre Cost
10.10.2.2/32 Direct 0 0
10.10.1.1/32 OSPF 10 2
10.4.4.0/24 BGP 255 0
10.10.4.4/32 OSPF 10 2
10.5.5.0/24 BGP 255 0
10.1.1.0/30 Direct 0 0
10.1.1.1/32 Direct 0 0
10.1.1.2/32 Direct 0 0
10.1.2.0/30 OSPF 10 2
10.1.3.0/30 Direct 0 0
10.1.3.1/32 Direct 0 0
10.1.3.2/32 Direct 0 0
127.0.0.0/8 Direct 0 0
127.0.0.1/32 Direct 0 0
10.1.4.0/30 OSPF 10 2
10.1.4.1/32 BGP 255 0
10.2.1.0/30 BGP 255 0
10.2.1.2/32 BGP 255 0
10.3.1.0/30 BGP 255 0
Flags NextHop
D 127.0.0.1
D 10.1.1.1
RD 10.1.3.2
D 10.1.3.2
RD 10.2.1.2
D 10.1.1.2
D 10.1.1.1
D 127.0.0.1
D 10.1.1.1
D 10.1.3.1
D 127.0.0.1
D 10.1.3.2
D 127.0.0.1
D 127.0.0.1
D 10.1.3.2
RD 10.1.3.2
RD 10.1.3.2
RD 10.1.3.2
RD 10.1.3.2
Interface
InLoopBack0
10GE0/0/1
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/1
10GE0/0/1
InLoopBack0
10GE0/0/1
10GE0/0/2
InLoopBack0
10GE0/0/2
InLoopBack0
InLoopBack0
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/2
10GE0/0/2
The command output shows that the routing information is restored (to that prior
to device restart) after BGP routes converge on DeviceB.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 10.10.1.1
#
interface 10GE0/0/1
ip address 10.1.1.1 255.255.255.252
#
interface 10GE0/0/2
ip address 10.1.2.1 255.255.255.252
#
interface LoopBack0
ip address 10.10.1.1 255.255.255.255
#
bgp 10
router-id 10.10.1.1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
275
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
peer 10.10.2.2 as-number 10
peer 10.10.2.2 connect-interface LoopBack 0
peer 10.10.3.3 as-number 10
peer 10.10.3.3 connect-interface LoopBack 0
peer 10.10.4.4 as-number 10
peer 10.10.4.4 connect-interface LoopBack 0
#
ospf 1
area 0.0.0.0
network 10.10.1.1 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.2.0 0.0.0.3
#
return
●
DeviceB
#
sysname DeviceB
#
router id 10.10.2.2
#
interface 10GE0/0/1
ip address 10.1.1.2 255.255.255.252
#
interface 10GE0/0/2
ip address 10.1.3.1 255.255.255.252
#
interface LoopBack0
ip address 10.10.2.2 255.255.255.255
#
bgp 10
router-id 10.10.2.2
peer 10.10.1.1 as-number 10
peer 10.10.1.1 connect-interface LoopBack 0
peer 10.10.3.3 as-number 10
peer 10.10.3.3 connect-interface LoopBack 0
peer 10.10.4.4 as-number 10
peer 10.10.4.4 connect-interface LoopBack 0
#
ospf 1
stub-router on-startup
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.3.0 0.0.0.3
network 10.10.2.2 0.0.0.0
#
return
●
DeviceC
#
sysname DeviceC
#
router id 10.10.3.3
#
interface 10GE0/0/1
ip address 10.1.4.1 255.255.255.252
ospf cost 2
#
interface 10GE0/0/2
ip address 10.1.2.2 255.255.255.252
ospf cost 2
#
interface LoopBack0
ip address 10.10.3.3 255.255.255.255
#
bgp 10
router-id 10.10.3.3
peer 10.10.1.1 as-number 10
peer 10.10.1.1 connect-interface LoopBack 0
peer 10.10.2.2 as-number 10
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
276
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
peer 10.10.2.2 connect-interface LoopBack 0
peer 10.10.4.4 as-number 10
peer 10.10.4.4 connect-interface LoopBack 0
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.3
network 10.1.4.0 0.0.0.3
network 10.10.3.3 0.0.0.0
#
return
●
DeviceD
#
sysname DeviceD
#
router id 10.10.4.4
#
interface 10GE0/0/1
ip address 10.1.4.2 255.255.255.252
#
interface 10GE0/0/2
ip address 10.1.3.2 255.255.255.252
#
interface 10GE0/0/3
ip address 10.2.1.1 255.255.255.252
#
interface LoopBack0
ip address 10.10.4.4 255.255.255.255
#
bgp 10
router-id 10.10.4.4
peer 10.2.1.2 as-number 20
peer 10.10.1.1 as-number 10
peer 10.10.1.1 connect-interface LoopBack 0
peer 10.10.2.2 as-number 10
peer 10.10.2.2 connect-interface LoopBack 0
peer 10.10.3.3 as-number 10
peer 10.10.3.3 connect-interface LoopBack 0
#
ipv4-family unicast
import-route direct
import-route ospf 1
peer 10.2.1.2 enable
#
ospf 1
area 0.0.0.0
network 10.10.4.4 0.0.0.0
network 10.1.3.0 0.0.0.3
network 10.1.4.0 0.0.0.3
#
return
●
DeviceE
#
sysname DeviceE
#
router id 10.5.5.5
#
interface 10GE0/0/1
ip address 10.2.1.2 255.255.255.252
#
interface 10GE0/0/2
ip address 10.3.1.1 255.255.255.252
#
interface LoopBack0
ip address 10.5.5.5 255.255.255.255
#
bgp 20
router-id 10.5.5.5
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
277
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
peer 10.2.1.1 as-number 10
#
ipv4-family unicast
network 10.3.1.0 255.255.255.252
peer 10.2.1.1 enable
#
return
5.29 Configuring BFD for OSPF
5.29.1 Understanding BFD for OSPF
Definition
Bidirectional Forwarding Detection (BFD) is a mechanism for detecting
communication faults between systems.
Specifically, BFD detects the connectivity of a data protocol along a path between
two systems. Such a path can be a physical link, a logical link, or a tunnel.
In BFD for OSPF, a BFD session is associated with OSPF. The session quickly detects
link faults and notifies OSPF, maximizing the efficiency of OSPF's response to
network topology changes.
Purpose
A link fault or a topology change causes devices to recalculate routes. Fast and
efficient routing protocol convergence is necessary to improve network availability.
As link faults are inevitable, rapidly detecting these faults and notifying routing
protocols is an effective way to quickly resolve such issues. When BFD is
associated with OSPF, it can speed up OSPF convergence if a fault occurs on the
link between neighbors.
Table 5-35 OSPF convergence speeds before and after BFD for OSPF is configured
BFD
Configured
for OSPF
Link Fault Detection Mechanism
Convergence
Speed
No
The OSPF Dead timer expires.
Within seconds
Yes
The associated BFD session goes down.
Within milliseconds
Fundamentals
Figure 5-48 shows a typical network topology with BFD for OSPF configured.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
278
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-48 BFD for OSPF
1.
OSPF neighbor relationships are established between the three devices.
2.
When the neighbor relationships enter the Full state, BFD is instructed to set
up a BFD session.
3.
The outbound interface of the route from DeviceA to DeviceB is interface 1. If
the link between DeviceA and DeviceB fails, BFD detects the fault and then
notifies DeviceA.
4.
DeviceA processes the neighbor relationship down event and recalculates
routes. The new route passes through DeviceC and reaches DeviceB, with
interface 2 as the outbound interface.
5.29.2 Configuring BFD for OSPF in a Specified Process
Prerequisites
Before configuring BFD for OSPF in a specified process, you have completed the
following task:
●
Configure basic OSPF functions.
Context
After BFD for OSPF is configured, upon detection of a link fault, BFD immediately
notifies the devices at both ends of the link, triggering rapid OSPF convergence. If
the OSPF neighbor relationship goes down, the BFD session will be deleted
dynamically. Perform the following steps on the devices between which a BFD
session is to be created for each interface in the specified process.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable BFD globally.
bfd
Step 3 Return to the system view.
quit
Step 4 Enter the OSPF view.
ospf [ process-id ]
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
279
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 5 Configure BFD for OSPF for the OSPF process.
bfd all-interfaces enable
If BFD is enabled globally and all neighbor relationships in the OSPF process are in
the Full state, OSPF creates a BFD session with default parameter values for each
interface in the process.
Step 6 (Optional) Modify BFD session parameters.
bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier
multiplier-value | frr-binding } *
The default interval at which BFD packets are transmitted and the default
detection multiplier are recommended. As such, this step can be skipped.
The parameters need to be configured based on network conditions and
requirements on network reliability. A short transmission interval for BFD packets
can be set for a link that requires high reliability, and a long transmission interval
can be used for a link that has low reliability requirements.
NOTE
● Actual interval at which BFD packets are transmitted on the local device = Max { transmitinterval (interval at which BFD packets are transmitted) set on the local device, receiveinterval (interval at which BFD packets are received) set on the peer device }
● Actual interval at which BFD packets are received on the local device = Max { transmitinterval (interval at which BFD packets are transmitted) set on the peer device, receiveinterval (interval at which BFD packets are received) set on the local device }
● Actual period for BFD detection on the local device = Actual interval at which BFD packets
are received on the local device x Detection multiplier specified by multiplier-value on the
peer device
For example, if the following conditions are met:
● On the local device, the interval at which BFD packets are transmitted is set to 200 ms, the
interval at which BFD packets are received is set to 300 ms, and the detection multiplier is
set to 4.
● On the peer device, the interval at which BFD packets are transmitted is set to 100 ms, the
interval at which BFD packets are received is set to 600 ms, and the detection multiplier is
set to 5.
The following results are then obtained:
● On the local device, the actual interval at which BFD packets are transmitted is 600 ms
(calculated by Max { 200 ms, 600 ms }); the actual interval at which BFD packets are
received is 300 ms (calculated by Max { 100 ms, 300 ms }); the actual detection period is
1500 ms (calculated by 300 ms x 5).
● On the peer device, the actual interval at which BFD packets are transmitted is 300 ms
(calculated by Max { 100 ms, 300 ms }); the actual interval at which BFD packets are
received is 600 ms (calculated by Max { 200 ms, 600 ms }); the actual detection period is
2400 ms (calculated by 600 ms x 4).
Step 7 (Optional) Enable each interface in an OSPF process to adjust its cost based on
the status of an associated BFD session.
bfd all-interfaces incr-cost { cost | max-reachable }
Regarding the configuration of adjusting the interface cost based on the status of
an associated BFD session, the configuration in the interface view takes
precedence over that in the process.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
280
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 8 (Optional) Disable a specified interface from dynamically creating a BFD session.
1.
Return to the system view.
quit
2.
Enter the interface view.
interface interface-type interface-number
3.
Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface
working mode.
4.
Disable the interface from dynamically creating a BFD session.
ospf bfd block
After BFD for OSPF is configured, all interfaces on which neighbor
relationships are Full in the OSPF process will create BFD sessions. If BFD is
not required on specific interfaces, disable these interfaces from dynamically
creating BFD sessions.
----End
Verifying the Configuration
Run the display ospf [process-id ] bfd session { router-id | all } command to
check information about all the sessions of BFD for OSPF.
5.29.3 Configuring BFD for OSPF on a Specified Interface
Prerequisites
Before configuring BFD for OSPF on a specified interface, you have completed the
following task:
●
Configure basic OSPF functions.
Context
After BFD for OSPF is configured on a device interface, BFD quickly detects link
faults on the interface and instructs OSPF to immediately recalculate routes,
maximizing the speed of OSPF convergence. If the OSPF neighbor relationship on
the interface goes down, the associated BFD session will be dynamically deleted.
Perform the following steps on the device where a BFD session needs to be
configured on a specified interface:
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable BFD globally.
bfd
Step 3 Return to the system view.
quit
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
281
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 4 Enter the interface view.
interface interface-type interface-number
Step 5 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 6 Configure BFD for OSPF for the interface.
ospf bfd enable [ per-link one-arm-echo ]
After this step is performed, when the neighbor relationship on the specified
interface is in the Full state, OSPF creates a BFD session with default parameter
values for this interface.
If BFD for OSPF is configured for an Eth-Trunk with multiple physical interfaces
added in a VLAN, and per-link one-arm-echo is not specified, the BFD session
may go down even if only one of the physical interfaces goes down. As a result,
the OSPF neighbor relationship also goes down. If per-link one-arm-echo is
specified in this case, the BFD session goes down only if all the physical interfaces
are down, which prevents the OSPF neighbor relationship from going down.
NOTE
The configuration of BFD for OSPF on an interface takes precedence over that in the OSPF
process.
The per-link one-arm-echo parameter can be specified only in the VLANIF interface view.
Step 7 (Optional) Modify BFD session parameters.
ospf bfd { min-tx-interval transmit-interval | min-rx-interval receive-interval | detect-multiplier
multiplier-value | frr-binding } *
The default interval at which BFD packets are transmitted and the default
detection multiplier are recommended. As such, this step can be skipped.
The parameters need to be configured based on network conditions and
requirements on network reliability. A short transmission interval for BFD packets
can be set for a link that requires high reliability, and a long transmission interval
can be used when reliability is not as critical.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
282
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
NOTE
● Actual interval at which BFD packets are transmitted on the local device = Max { transmitinterval (interval at which BFD packets are transmitted) set on the local device, receiveinterval (interval at which BFD packets are received) set on the peer device }
● Actual interval at which BFD packets are received on the local device = Max { transmitinterval (interval at which BFD packets are transmitted) set on the peer device, receiveinterval (interval at which BFD packets are received) set on the local device }
● Actual period for BFD detection on the local device = Actual interval at which BFD packets
are received on the local device x Detection multiplier specified by multiplier-value on the
peer device
For example, if the following conditions are met:
● On the local device, the interval at which BFD packets are transmitted is set to 200 ms, the
interval at which BFD packets are received is set to 300 ms, and the detection multiplier is
set to 4.
● On the peer device, the interval at which BFD packets are transmitted is set to 100 ms, the
interval at which BFD packets are received is set to 600 ms, and the detection multiplier is
set to 5.
The following results are then obtained:
● On the local device, the actual interval at which BFD packets are transmitted is 600 ms
(calculated by Max { 200 ms, 600 ms }); the actual interval at which BFD packets are
received is 300 ms (calculated by Max { 100 ms, 300 ms }); the actual detection period is
1500 ms (calculated by 300 ms x 5).
● On the peer device, the actual interval at which BFD packets are transmitted is 300 ms
(calculated by Max { 100 ms, 300 ms }); the actual interval at which BFD packets are
received is 600 ms (calculated by Max { 200 ms, 600 ms }); the actual detection period is
2400 ms (calculated by 600 ms x 4).
----End
Verifying the Configuration
Run the display ospf [process-id ] bfd session interface-type interface-number
[ router-id ] command to check information about the session of BFD for OSPF on
the specified interface.
5.29.4 Example for Configuring BFD for OSPF
Networking Requirements
An OSPF device periodically sends Hello packets to its neighbors for fault
detection, and actually detecting a fault takes more than 1 second. As related
technologies mature and develop, voice, video, and video on demand (VOD)
services are now more widely used than ever before. Such services are sensitive to
the packet loss rate and delay, and when the traffic rate reaches gigabit per
second (Gbit/s), time-consuming fault detection results in the loss of a large
number of packets. As such, the high reliability requirements of carrier-class
networks cannot be met. To address this problem, configure BFD for OSPF to
implement fault detection within milliseconds, maximizing OSPF convergence
speeds in the case of link status changes.
For example, on the network shown in Figure 5-49, the primary link (DeviceA ->
DeviceB) and backup link (DeviceA -> DeviceC -> DeviceB) are deployed. In
normal scenarios, service traffic is transmitted along the primary link. If the
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
283
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
primary link goes faulty, DeviceA is expected to rapidly detect the fault and
efficiently switch traffic to the backup link.
You can configure BFD for OSPF to monitor the OSPF neighbor relationship
between DeviceA and DeviceB. If the link between DeviceA and DeviceB fails, BFD
can rapidly detect the failure and report it to OSPF. This allows traffic to be
switched to the backup link.
Figure 5-49 Network diagram of BFD for OSPF
NOTE
In this example, interface 1, interface 2, and interface 3 represent 10GE 0/0/1, 10GE 0/0/2,
and 10GE 0/0/3, respectively.
Configuration Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions on each device to ensure routing reachability.
2.
Enable BFD globally.
3.
Configure BFD for OSPF in the specified process on DeviceA, DeviceB, and
DeviceC.
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 5-49. For configuration
details, see configuration scripts.
Step 2 Configure basic OSPF functions.
For detailed configurations, see the configuration scripts.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
284
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 3 Configure BFD for OSPF in the specified process.
# Configure DeviceA.
[DeviceA] bfd
[DeviceA-bfd] quit
[DeviceA] ospf 1
[DeviceA-ospf-1] bfd all-interfaces enable
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] bfd
[DeviceB-bfd] quit
[DeviceB] ospf 1
[DeviceB-ospf-1] bfd all-interfaces enable
[DeviceB-ospf-1] quit
# Configure DeviceC.
[DeviceC] bfd
[DeviceC-bfd] quit
[DeviceC] ospf 1
[DeviceC-ospf-1] bfd all-interfaces enable
[DeviceC-ospf-1] quit
----End
Verifying the Configuration
# Run the display ospf bfd session all command on any of DeviceA, DeviceB, or
DeviceC. Check whether the BFDState field is displayed as up in the command
output.
The following example uses the command output on DeviceA.
[DeviceA] display ospf bfd session all
OSPF Process 1 with Router ID 1.1.1.1
Area 0.0.0.0 interface 1.1.1.1(10GE0/0/1)'s BFD Sessions
NeighborId:2.2.2.2
AreaId:0.0.0.0
Interface: 10GE0/0/1
BFDState:up
rx :1000
tx
:1000
Multiplier:3
BFD Local Dis:0
LocalIpAdd:1.1.1.1
RemoteIpAdd:1.1.1.2
Diagnostic Info:0
Area 0.0.0.0 interface 3.3.3.1(10GE0/0/2)'s BFD Sessions
NeighborId:3.3.3.3
AreaId:0.0.0.0
Interface: 10GE0/0/2
BFDState:up
rx :1000
tx
:1000
Multiplier:3
BFD Local Dis:0
LocalIpAdd:3.3.3.1
RemoteIpAdd:3.3.3.2
Diagnostic Info:0
# Run the shutdown command on DeviceB's 10GE0/0/2 to simulate a fault on the
primary link.
[DeviceB] interface 10ge 0/0/2
[DeviceB-10GE0/0/2] shutdown
# Check information about the routing table on DeviceA. The routing path is
switched to the backup link DeviceA -> DeviceC -> DeviceB after the primary link
fails, and you can see that the next hop address of the route to 172.16.1.0/24 is
1.1.1.2.
[DeviceA] display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
285
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
Routing for Network
Destination
Cost
2.2.2.0/24
2
172.16.1.0/24
3
Type
Stub
Stub
5 OSPF Configuration
NextHop
AdvRouter
Area
1.1.1.2
3.3.3.3
0.0.0.0
1.1.1.2
2.2.2.2
0.0.0.0
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
bfd
#
interface 10GE0/0/1
ip address 1.1.1.1 255.255.255.0
#
interface 10GE0/0/2
ip address 3.3.3.1 255.255.255.0
#
ospf 1
bfd all-interfaces enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 1.1.1.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
bfd
#
interface 10GE0/0/1
ip address 2.2.2.2 255.255.255.0
#
interface 10GE0/0/2
ip address 3.3.3.2 255.255.255.0
#
interface 10GE0/0/3
ip address 172.16.1.1 255.255.255.0
#
ospf 1
bfd all-interfaces enable
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
bfd
#
interface 10GE0/0/1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
286
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
ip address 1.1.1.2 255.255.255.0
#
interface 10GE0/0/2
ip address 2.2.2.1 255.255.255.0
#
ospf 1
bfd all-interfaces enable
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
#
return
5.30 Configuring OSPF IP FRR
5.30.1 Understanding OSPF IP FRR
OSPF IP fast reroute (FRR) refers to the process in which the device precomputes a
backup path based on the network-wide LSDBs, and stores this backup path in the
forwarding table. If the primary path fails, traffic can be quickly switched to the
backup path, reducing the fault recovery time.
Context
As networks develop, services such as Voice over IP (VoIP) and online video
services require high-quality and real-time transmission. However, if a link fails,
OSPF must complete the following procedure before switching traffic to a new
link: detect the fault, update LSAs, flood LSAs, calculate routes, and deliver route
entries to the FIB. This is a lengthy process, and the associated traffic interruption
is often longer than users can tolerate. As a result, real-time transmission
requirements cannot be met. OSPF IP FRR can effectively solve this problem. OSPF
IP FRR conforms to dynamic IP FRR defined by a standard protocol, and allows
traffic to be quickly switched to a backup link, protecting traffic against link or
node failures and minimizing the length of interruptions.
Major FRR techniques include loop-free alternate (LFA), U-turn, Not-Via, remote
LFA, and maximally redundant tree (MRT). Of these, only LFA is supported by
OSPF.
Related Concepts
OSPF IP FRR
OSPF IP FRR refers to a mechanism in which a device uses the LFA algorithm to
precompute the next hop of a backup route, and stores the primary and backup
routes to the same destination address but with different next hops in the
forwarding table. If the primary link fails, the device switches traffic to the backup
link before route convergence is complete on the control plane. This mechanism
minimizes the length of traffic interruptions and protects services.
OSPF IP FRR policy
An OSPF IP FRR policy can be used to filter backup routes. Only the backup routes
that match the filtering rules in the policy can be added to the IP routing table,
facilitating flexible control of the OSPF backup routes to be added to the table.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
287
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
LFA algorithm
The LFA algorithm calculates a backup link as follows: With the neighbor that can
provide a backup link as the root node, the SPF algorithm is used to calculate the
shortest path to the destination node, and then a loop-free backup link with the
smallest cost is calculated according to the inequality defined in the standard
protocol.
OSPF LFA FRR
OSPF LFA FRR protects traffic against either a link failure or a node-and-link
failure. The node-and-link protection takes precedence over the link protection.
Link protection
Link protection takes effect when the traffic to be protected flows along a
specified link.
In Figure 5-50, traffic flows from DeviceS to DeviceD. The primary link is DeviceS > DeviceE -> DeviceD, and the backup link is DeviceS -> DeviceN -> DeviceE ->
DeviceD. The link costs meet the inequality: Distance_opt (N, D) < Distance_opt
(N, S) + Distance_opt (S, D). With OSPF LFA FRR, DeviceS switches traffic to the
backup link if the primary link fails, minimizing the traffic interruption duration.
NOTE
Distance_opt (X, Y) indicates the shortest path from node X to node Y. S stands for the
source node, N for a node along the backup link, and D for the destination node.
Figure 5-50 OSPF LFA FRR – link protection
Node-and-link protection
Node-and-link protection takes effect when the traffic to be protected flows along
a specified node and link.
In Figure 5-51, traffic flows from DeviceS to DeviceD. The primary link is DeviceS > DeviceE -> DeviceD, and the backup link is DeviceS -> DeviceN -> DeviceD. With
OSPF LFA FRR, DeviceS switches traffic to the backup link if the primary link fails,
minimizing the traffic interruption duration.
Node-and-link protection takes effect only if the following conditions are met:
●
Issue 04 (2023-09-22)
The link costs meet the inequality: Distance_opt (N, D) < Distance_opt (N, S)
+ Distance_opt (S, D).
Copyright © Huawei Technologies Co., Ltd.
288
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
The interface costs meet the inequality: Distance_opt (N, D) < Distance_opt
(N, E) + Distance_opt (E, D).
NOTE
Distance_opt (X, Y) indicates the shortest link from node X to node Y. S stands for the
source node, E for the faulty node, N for a node along the backup link, and D for the
destination node.
Figure 5-51 OSPF LFA FRR – node-and-link protection
OSPF FRR for a Multi-Node Routing Scenario
With OSPF LFA FRR, a device uses the SPF algorithm to calculate the shortest path
to the destination with a neighbor that provides a backup link as the root node,
and then stores the node-based backup next hop. This applies to a scenario where
a route is received from only one node, single-node routing scenario for short. As
networks are increasingly diversified, two ABRs or ASBRs are deployed to improve
network reliability. In this case, OSPF FRR is developed for scenarios where the
same route is received from multiple nodes, multi-node routing scenarios for
short.
NOTE
In a multi-node routing scenario, OSPF FRR is implemented by calculating the Type 3 LSAs
advertised by the ABRs of an area for intra-area, inter-area, ASE, or NSSA routing. Inter-area
routing is used as an example to describe how OSPF FRR works in a multi-node routing
scenario.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
289
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-52 OSPF FRR in a multi-node routing scenario
In Figure 5-52, DeviceB and DeviceC function as ABRs to forward routes between
area 0 and area 1, while DeviceE advertises an intra-area route. Upon receipt of
the route, DeviceB and DeviceC each translate it into a Type 3 LSA and flood the
LSA to area 0. After OSPF FRR is enabled on DeviceA, DeviceA considers both
DeviceB and DeviceC as its neighbors. Without a fixed neighbor as the root node,
DeviceA fails to calculate the FRR backup next hop. To address this problem, a
virtual node is simulated between DeviceB and DeviceC and used as the root node
of DeviceA, and DeviceA uses the LFA algorithm to calculate the backup next hop.
This solution converts multi-node routing into single-node routing.
For example, DeviceB and DeviceC each advertise a route with the prefix
10.1.1.0/24. After DeviceA with OSPF FRR enabled receives the routes, it fails to
calculate a backup next hop due to a lack of a fixed root node. To address this
problem, a virtual node is simulated between DeviceB and DeviceC and used as
the root node of DeviceA. The cost of the link from DeviceB to the virtual node is
0, and the cost of the link from DeviceC to the virtual node is 5. The costs of the
links from the virtual node to DeviceB and to DeviceC are both the maximum
value (65535). If the virtual node advertises the 10.1.1.0/24 route, it will use the
lower cost of the routes advertised by DeviceB and DeviceC as the cost of the
10.1.1.0/24 route. DeviceA is configured to consider DeviceB and DeviceC as invalid
sources of the 10.1.1.0/24 route and use the LFA algorithm to calculate a backup
next hop for the route, with the virtual node as the root node.
Derivative Functions
A BFD session can be associated with OSPF IP FRR. With this configuration, the
BFD session goes down if BFD detects a link fault. In this case, OSPF IP FRR is
triggered to switch traffic from the faulty link to the backup link, thereby
protecting traffic.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
290
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.30.2 Enabling OSPF IP FRR
Prerequisites
Before enabling OSPF IP FRR, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ]
*
process-id specifies the ID of an OSPF process, and the default value is 1.
Step 3 Enter the OSPF IP FRR view.
frr
Step 4 Enable OSPF IP FRR so that OSPF can generate a loop-free backup link.
loop-free-alternate
OSPF can generate a loop-free backup link only when OSPF IP FRR meets the
traffic protection inequalities. For detailed description, see 5.30.1 Understanding
OSPF IP FRR.
Step 5 (Optional) Configure an OSPF IP FRR route-policy to filter OSPF backup routes.
frr-policy route route-policy route-policy-name
After the OSPF IP FRR route-policy is configured, only the OSPF backup routes
that match the filtering rules in the policy can be added to the forwarding table.
Step 6 (Optional) Set the solution of selecting a backup path for OSPF IP FRR.
tiebreaker { node-protecting | lowest-cost } preference preference
By default, the solution of selecting a backup path for OSPF IP FRR is nodeprotection path first. In actual networking scenarios, the solution may need to be
changed to smallest-cost path first due to considerations such as interface
forwarding capacity and link cost. In Figure 5-53, the primary path is Link-1
(DeviceS -> DeviceE -> DeviceD), and Link-2 (DeviceS -> DeviceE -> DeviceD) and
Link-3 (DeviceS -> DeviceN -> DeviceD) are backup path candidates. By default,
Link-3 is selected as the backup path. To change the solution of selecting a backup
path for OSPF IP FRR to smallest-cost path first, run the tiebreaker command.
After the command is run, Link-2 is selected as the backup path.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
291
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-53 Solution of selecting a backup path for OSPF IP FRR
----End
5.30.3 (Optional) Binding IP FRR and BFD
Context
Binding IP FRR and BFD is implemented by associating the status of BFD sessions
with the link status of interfaces. This ensures that a link fault can be detected
immediately and traffic can be quickly switched to the backup link.
●
IP FRR and BFD can be bound in an OSPF process so that the binding takes
effect for all interfaces in the OSPF process.
●
Alternatively, IP FRR and BFD can be bound on specified interfaces.
Perform the following steps on the device where IP FRR and BFD need to be
bound.
Procedure
●
Bind IP FRR and BFD in an OSPF process.
a.
Enter the system view.
system-view
b.
Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default
value is 1.
c.
Bind IP FRR and BFD in the OSPF process.
bfd all-interfaces frr-binding
●
Bind IP FRR and BFD on a specified OSPF interface.
a.
Enter the system view.
system-view
b.
Enter the interface view.
interface interface-type interface-number
c.
Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface
working mode.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
292
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
d.
5 OSPF Configuration
Bind IP FRR and BFD on the interface.
ospf bfd frr-binding
The BFD configuration on an interface takes precedence over that in the
OSPF process.
----End
5.30.4 (Optional) Disabling OSPF IP FRR on an Interface
Context
If an interface is connected to a device running key services, ensure that a backup
path does not pass through this interface in order to prevent the services from
being compromised after FRR calculation. To meet this requirement, disable OSPF
IP FRR on the interface.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Determine whether to perform this step based on the current interface working
mode.
Step 4 Disable FRR on the OSPF interface.
ospf frr block
----End
5.30.5 Verifying the Configuration
Procedure
●
Run the display ospf [ process-id ] routing command to check information
about the primary and backup links of OSPF routes after configuring OSPF IP
FRR.
----End
5.30.6 Example for Configuring OSPF IP FRR
Networking Requirements
If a fault occurs on a primary link, traffic is switched to a backup link. In this
scenario, two problems arise:
●
Issue 04 (2023-09-22)
Hundreds of milliseconds are required for traffic to be switched to a backup
link, during which services are interrupted.
Copyright © Huawei Technologies Co., Ltd.
293
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
Traffic may be switched to the link that passes through DeviceA. DeviceA is an
ASBR and is not expected to function as a backup device.
If a fault occurs on the network, OSPF IP FRR can rapidly switch traffic to the
backup link without waiting for route convergence, ensuring uninterrupted traffic
transmission. In addition, you can also prevent the link that passes through
DeviceA from functioning as the FRR backup link.
On the network shown in Figure 5-54:
●
OSPF runs on all devices.
●
The link costs meet the OSPF IP FRR inequality.
●
If the primary link T fails, DeviceS immediately switches traffic to the backup
link, which passes through DeviceN.
●
Based on the network planning, the link that passes through DeviceA does
not function as an FRR backup link.
Figure 5-54 Network diagram of OSPF IP FRR
NOTE
In this example, interface1, interface2, interface3, and interface4 represent 10GE 0/0/1,
10GE 0/0/2, 10GE 0/0/3, and 10GE0/0/4, respectively.
Device
Route
r ID
Interface
IP Address
DeviceS
1.1.1.1
10GE0/0/1
10.1.1.1/24
10GE0/0/2
10.1.2.1/24
10GE0/0/3
10.1.3.1/24
10GE0/0/1
10.1.1.2/24
10GE0/0/2
10.2.1.2/24
DeviceA
Issue 04 (2023-09-22)
2.2.2.2
Copyright © Huawei Technologies Co., Ltd.
294
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Device
Route
r ID
Interface
IP Address
DeviceN
3.3.3.3
10GE0/0/1
10.1.3.2/24
10GE0/0/2
10.2.3.2/24
10GE0/0/1
10.2.1.1/24
10GE0/0/2
10.1.2.2/24
10GE0/0/3
10.2.3.1/24
10GE0/0/4
172.17.1.1/24
DeviceE
4.4.4.4
Configuration Precautions
The following should be noted:
●
Before configuring OSPF IP FRR, disabling FRR on specific interfaces is
recommended. This prevents the links connected to these interfaces from
being calculated as backup links during FRR calculation.
●
During the OSPF IP FRR configuration, to ensure that the underlying layer can
fast respond to a link status change and traffic can be switched to the backup
link immediately, run the bfd all-interfaces frr-binding command. This
associates the BFD session status with the link status of all interfaces in the
OSPF process. If a BFD session goes down, the associated interfaces go down
accordingly.
●
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for
Configuring Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions on each device.
2.
Configure BFD for OSPF on all the devices in area 0.
3.
Set the costs of links to ensure that link T is selected to transmit traffic.
4.
Disable FRR on a specified interface of DeviceS.
5.
Enable OSPF IP FRR on DeviceS to protect the traffic it forwards.
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 5-54. For detailed
configurations, see the configuration scripts.
Step 2 Configure basic OSPF functions.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
295
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Refer to 5.5.7 Example for Configuring Basic OSPF Functions. For details, see
Configuration Scripts in this section.
Step 3 Configure BFD for OSPF on all the devices in area 0.
# Configure DeviceS.
[DeviceS] bfd
[DeviceS-bfd] quit
[DeviceS] ospf 1
[DeviceS-ospf-1] bfd all-interfaces enable
[DeviceS-ospf-1] quit
The configurations of DeviceA, DeviceN, and DeviceE are similar to the
configuration of DeviceS. For detailed configurations, see Configuration Scripts.
Step 4 Set the costs of links to ensure that link T is selected to transmit traffic.
# Configure DeviceS.
[DeviceS] interface 10ge 0/0/1
[DeviceS-10GE0/0/1] ospf cost 10
[DeviceS-10GE0/0/1] quit
[DeviceS] interface 10ge 0/0/2
[DeviceS-10GE0/0/2] ospf cost 15
[DeviceS-10GE0/0/2] quit
[DeviceS] interface 10ge 0/0/3
[DeviceS-10GE0/0/3] ospf cost 10
[DeviceS-10GE0/0/3] quit
# Configure DeviceA.
[DeviceA] interface 10ge 0/0/2
[DeviceA-10GE0/0/2] ospf cost 15
[DeviceA-10GE0/0/2] quit
# Configure DeviceN.
[DeviceN] interface 10ge 0/0/2
[DeviceN-10GE0/0/2] ospf cost 10
[DeviceN-10GE0/0/2] quit
Step 5 Disable FRR on a specified interface of DeviceS.
[DeviceS] interface 10ge 0/0/1
[DeviceS-10GE0/0/1] ospf frr block
[DeviceS-10GE0/0/1] quit
Step 6 Enable OSPF IP FRR, and bind IP FRR and BFD on DeviceS.
[DeviceS] ospf
[DeviceS-ospf-1] frr
[DeviceS-ospf-1-frr] loop-free-alternate
[DeviceS-ospf-1-frr] quit
[DeviceS-ospf-1] bfd all-interfaces frr-binding
[DeviceS-ospf-1] quit
----End
Verifying the Configuration
# Run the display ospf routing command on DeviceS to check the routing
information.
[DeviceS] display ospf routing router-id 4.4.4.4
OSPF Process 1 with Router ID 1.1.1.1
Destination :
Issue 04 (2023-09-22)
4.4.4.4
Route Type :
Intra-area
Copyright © Huawei Technologies Co., Ltd.
296
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Area
: 0.0.0.1
AdvRouter :
4.4.4.4
Type
: ASBR
URT Cost : 59
NextHop
: 10.2.2.1.
Interface :
10GE0/0/2
Backup Nexthop : 10.1.3.2
Backup Interface : 10GE0/0/3 Backup Type : LFA LINK
The preceding command output shows that a backup link is generated using FRR
on DeviceS.
Configuration Scripts
●
DeviceS
#
sysname DeviceS
#
bfd
#
interface 10GE0/0/1
ip address 10.1.1.1 255.255.255.0
ospf frr block
ospf cost 10
#
interface 10GE0/0/2
ip address 10.1.2.1 255.255.255.0
ospf cost 15
#
interface 10GE0/0/3
ip address 10.1.3.1 255.255.255.0
ospf cost 10
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
bfd all-interfaces enable
bfd all-interfaces frr-binding
frr
loop-free-alternate
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
return
●
DeviceA
#
sysname DeviceA
#
bfd
#
interface 10GE0/0/1
ip address 10.1.1.2 255.255.255.0
ospf cost 10
#
interface 10GE0/0/2
ip address 10.2.1.2 255.255.255.0
ospf cost 15
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1 router-id 2.2.2.2
bfd all-interfaces enable
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
297
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
#
return
●
DeviceN
#
sysname DeviceN
#
bfd
#
interface 10GE0/0/1
ip address 10.1.3.2 255.255.255.0
ospf cost 10
#
interface 10GE0/0/2
ip address 10.2.3.2 255.255.255.0
ospf cost 10
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
bfd all-interfaces enable
area 0.0.0.0
network 10.1.3.0 0.0.0.255
network 10.2.3.0 0.0.0.255
#
return
●
DeviceE
#
sysname DeviceE
#
bfd
#
interface 10GE0/0/1
ip address 10.2.1.1 255.255.255.0
#
interface 10GE0/0/2
ip address 10.1.2.2 255.255.255.0
#
interface 10GE0/0/3
ip address 10.2.3.1 255.255.255.0
#
interface 10GE0/0/4
ip address 172.17.1.1 255.255.255.0
ospf cost 5
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
ospf 1 router-id 4.4.4.4
bfd all-interfaces enable
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
5.31 Configuring OSPF GR
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
298
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.31.1 Configuring an OSPF GR Helper
Prerequisites
Before configuring an OSPF GR helper, you have completed the following task:
●
Configure basic OSPF functions.
Context
Graceful restart (GR) is a high availability (HA) technology used to ensure normal
traffic forwarding and non-stop forwarding of key services during the restart of
routing protocols. HA comprises of a comprehensive set of techniques, such as
fault-tolerant redundancy, link protection, faulty node recovery, and traffic
engineering. As a fault-tolerant redundancy technology, GR is widely used to
ensure non-stop forwarding of key data during the active/standby switchover and
system upgrade.
NOTE
GR involves two roles: GR restarter and GR helper. Currently, a device can only function as a
GR helper.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Enable the opaque LSA capability.
opaque-capability enable
OSPF supports OSPF GR by transmitting Type 9 LSAs (opaque LSAs). As such,
before configuring OSPF GR, run the opaque-capability enable command to
enable the opaque LSA capability.
Step 4 Configure the device as a GR helper and specify a filtering policy so that the
device functions as the GR helper only for the OSPF neighbors that match the
filtering policy. Select either of the following filtering methods based on actual
conditions:
●
Based on an ACL
a.
b.
c.
Issue 04 (2023-09-22)
Return to the system view.
quit
Create an ACL and enter the ACL view.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-aclnumber }
Configure an ACL rule.
rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type fragment | source
{ source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpninstance vpn-instance-name | logging ] *
Copyright © Huawei Technologies Co., Ltd.
299
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
When the rule command is used to configure a filtering rule for a named
ACL, only the configurations specified by source and time-range take
effect.
d.
e.
●
Enter the OSPF view.
ospf [ process-id ]
Implement filtering based on the ACL.
graceful-restart [ helper-role { { acl-number acl-number | acl-name acl-name } * } | never } ]
Based on an IP prefix list
graceful-restart [ helper-role { { ip-prefix ip-prefix-name * } | never } ]
Step 5 (Optional) Disable the device from checking AS external LSAs when it functions as
a GR helper.
graceful-restart helper-role ignore-external-lsa
By default, a GR helper checks AS external LSAs.
Step 6 (Optional) Configure the device to support only planned GR when it functions as a
GR helper.
graceful-restart helper-role planned-only
By default, a GR helper supports both planned GR and unplanned GR.
Step 7 (Optional) Enable the non-IETF mode.
graceful-restart non-ietf
By default, the device uses the IETF standard mode. When the neighbor restarter
uses the non-IETF mode, the non-IETF mode must also be enabled on the local
device. As the IETF mode and non-IETF mode are mutually exclusive, only one of
them can be enabled on a device.
----End
Verifying the Configuration
Run the display ospf [ process-id ] graceful-restart [ verbose ] command to
check the OSPF GR configuration.
5.31.2 Example for Configuring OSPF GR
Networking Requirements
On the network shown in Figure 5-55, OSPF runs among the three devices, and
the entire OSPF network is divided into area 0 and area 1. It is required that data
forwarding be not affected during the restart of OSPF on DeviceC.
NOTE
In this example, interface 1 and interface 2 represent 10GE0/0/1 and 10GE0/0/2,
respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
300
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Figure 5-55 Networking diagram for configuring OSPF GR
Area1
DeviceA
DeviceC 192.168.1.1/24
interface2
interface1
192.168.1.2/24
Area0
192.168.0.1/24 DeviceB
interface1
Interface1
192.168.0.2/24
Configuration Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions on each device to implement interworking on
the OSPF network.
2.
Enable the Opaque LSA function on DeviceA and DeviceC so that OSPF
supports OSPF GR through Type 9 LSAs.
3.
Configure GR on DeviceA and DeviceC to ensure normal data forwarding
when OSPF restarts.
Procedure
Step 1 Assign an IP address to each interface. For detailed configurations, see the
configuration scripts.
Step 2 Configure basic OSPF functions.
# Configure DeviceA.
[DeviceA] ospf 1 router-id 10.1.1.1
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
# Configure DeviceB.
[DeviceB] ospf 1 router-id 10.2.2.2
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
# Configure DeviceC.
[DeviceC] ospf 1 router-id 10.3.3.3
[DeviceC-ospf-1] area 1
[DeviceC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
301
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
[DeviceC-ospf-1-area-0.0.0.1] quit
[DeviceC-ospf-1] quit
Step 3 Enable the Opaque LSA function.
# Configure DeviceA.
[DeviceA] ospf 1
[DeviceA-ospf-1] opaque-capability enable
[DeviceA-ospf-1] quit
# Configure DeviceC.
[DeviceC] ospf 1
[DeviceC-ospf-1] opaque-capability enable
[DeviceC-ospf-1] quit
Step 4 Configure OSPF GR.
# Configure DeviceA.
[DeviceA] ospf 1
[DeviceA-ospf-1] graceful-restart
[DeviceA-ospf-1] quit
# Configure DeviceC.
[DeviceC] ospf 1
[DeviceC-ospf-1] graceful-restart
[DeviceC-ospf-1] quit
----End
Verifying the Configuration
# Check the GR status of DeviceC.
[DeviceC] display ospf graceful-restart
OSPF Process 1 with Router ID 10.3.3.3
Graceful-restart capability
: enabled
Graceful-restart support
: planned and un-planned, totally
Helper-policy support
: planned and un-planned, strict lsa check
Current GR state
: normal
Graceful-restart period
: 120 seconds
Number of neighbors under helper:
Normal neighbors : 0
Virtual neighbors : 0
Sham-link neighbors : 0
Total neighbors
:0
Number of restarting neighbors : 0
Last exit reason:
On graceful restart : none
On Helper
: none
# Check the neighbor status of DeviceA.
[DeviceA] display ospf peer
OSPF Process 1 with Router ID 10.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(10GE0/0/1)'s neighbors
Router ID: 10.2.2.2
Address: 192.168.0.2
GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
302
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0
Dead timer due in 40 sec
Retrans timer interval: 5
Neighbor is up for 00:04:28
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1(10GE0/0/2)'s neighbors
Router ID: 10.3.3.3
Address: 192.168.1.2
GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:00:00
Authentication Sequence: [ 0 ]
The command output shows that the OSPF neighbor of DeviceA is in the Full
state and the GR status is Normal.
# Perform a graceful restart on the OSPF process on DeviceC.
<DeviceC> reset ospf process graceful-restart
# Check the neighbor status of DeviceA.
[DeviceA] display ospf peer
OSPF Process 1 with Router ID 10.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(10GE0/0/1)'s neighbors
Router ID: 10.2.2.2
Address: 192.168.0.2
GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0
Dead timer due in 40 sec
Retrans timer interval: 5
Neighbor is up for 00:04:28
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1()'s neighbors
Router ID: 10.3.3.3
Address: 192.168.1.2
State: Full Mode:Nbr is Slave Priority: 1
DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:00:00
Authentication Sequence: [ 0 ]
GR State: Normal
The command output shows that the neighbor relationship between DeviceA and
DeviceC remains in the Full state and is not affected by the GR of the OSPF
process on DeviceC.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.1 255.255.255.0
#
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
303
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
ospf 1 router-id 10.1.1.1
opaque-capability enable
graceful-restart
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
●
DeviceB
#
sysname DeviceB
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
ospf 1 router-id 10.2.2.2
area 0.0.0.0
network 192.168.0.0 0.0.0.255
#
return
●
DeviceC
#
sysname DeviceC
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
#
ospf 1 router-id 10.3.3.3
opaque-capability enable
graceful-restart
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
5.32 Configuring OSPF Authentication
5.32.1 Understanding OSPF Authentication
OSPF authentication encrypts OSPF packets by adding the authentication field to
packets to ensure network security. A local device checks the authentication field
in OSPF packets received from a remote device, and discards the packets if they do
not contain the same authentication password as the locally configured one,
thereby achieving self-protection.
OSPF Authentication Modes
In terms of packet type, OSPF authentication is classified as follows:
●
Area authentication: configured in the OSPF area view and applies to packets
received by all interfaces in the OSPF area.
●
Interface authentication: configured in the interface view and applies to all
packets received by the interface.
In terms of packet authentication type, OSPF authentication is classified as
follows:
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
304
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
Non-authentication: Authentication is not performed.
●
Simple authentication: A configured password is directly added to packets for
authentication. This authentication mode is insecure.
●
Message-digest algorithm 5 (MD5) authentication: A configured password is
hashed using an algorithm such as MD5, and the ciphertext password is
added to packets for authentication. This authentication mode improves
password security. Currently, MD5 and hash-based message authentication
code for MD5 (HMAC-MD5) are the supported algorithms.
NOTE
As simple, MD5, or HMAC-MD5 is insecure, you are advised to use a more secure
authentication mode.
●
Keychain authentication: A keychain consists of multiple authentication keys,
each of which contains an ID and a password. Each key has a lifecycle, and
keys are dynamically selected in a keychain based on the lifecycle of each key.
A keychain can also dynamically select an authentication key to enhance
attack defense.
Keychain improves OSPF security by dynamically changing algorithms and
keys. It can be used to authenticate both OSPF packets and the process of
establishing a Transmission Control Protocol (TCP) connection.
●
HMAC-SHA256 authentication: A configured password is hashed using the
HMAC for secure hash algorithm 256 (HMAC-SHA256) algorithm, and the
ciphertext password is added to packets for authentication. This
authentication mode improves password security.
OSPF carries authentication types in packet headers and authentication
information in packet trailers.
The authentication types are as follows:
●
0: non-authentication
●
1: simple authentication
●
2: ciphertext authentication
Application Scenario
Figure 5-56 OSPF authentication on a broadcast network
The configuration requirements are as follows:
●
Issue 04 (2023-09-22)
The interface authentication configurations must be the same on all devices
on the same network so that OSPF neighbor relationships can be established.
Copyright © Huawei Technologies Co., Ltd.
305
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
●
5 OSPF Configuration
The area authentication configurations must be the same on all devices in the
same area.
5.32.2 Configuring OSPF Area Authentication
Prerequisites
Before configuring OSPF area authentication, you have completed the following
tasks:
●
Configure basic OSPF functions.
●
To use keychain authentication, complete the Configuring a Keychain task
first.
Context
If OSPF area authentication is used, the authentication mode and password
configurations on all the interfaces in the area must be identical. By default, no
authentication mode is configured for an OSPF area. For security purposes, you
are advised to configure an authentication mode.
NOTE
For security purposes, the weak security algorithm in OSPF is not recommended. If it is
required, run the install feature-software WEAKEA command first to install the weak
security algorithm/protocol feature package WEAKEA.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OSPF view.
ospf [ process-id ]
The process-id parameter specifies the ID of a process, and the default value is 1.
Step 3 Enter the OSPF area view.
area area-id
Step 4 Configure any of the following authentication modes for the OSPF area:
●
Configure simple authentication.
authentication-mode simple [ plain SPlainText | [ cipher ] SCipherText ]
plain indicates the cleartext password. cipher indicates the ciphertext
password.
NOTE
When configuring an authentication password, you are advised to use the ciphertext
mode. The password is saved in configuration scripts in cleartext if you select the
cleartext mode, which poses a high security risk. To ensure device security, change the
password periodically.
●
Configure ciphertext authentication.
authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ KeyID { plain MPlainText | [ cipher ]
MCipherText } ]
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
306
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
plain indicates the cleartext password. cipher indicates the ciphertext
password. By default, the authentication is in ciphertext mode.
NOTE
To ensure high security, you are advised to use the HMAC-SHA256 algorithm instead
of the simple, MD5, and HMAC-MD5 algorithms.
●
Configure keychain authentication.
authentication-mode keychain Keychain-Name
----End
Verifying the Configuration
Run the display ospf [ process-id ] brief command to check brief OSPF
information. The Authtype field in the command output indicates the
authentication mode.
5.32.3 Configuring OSPF Interface Authentication
Prerequisites
Before configuring OSPF interface authentication, you have completed the
following tasks:
●
Configure basic OSPF functions.
●
If keychain authentication is used, Configuring a Keychain.
Context
To implement interface authentication, the authentication mode and password
must be set between neighboring devices. Interface authentication takes
precedence over area authentication. For OSPF interfaces on the same network
segment, the same authentication mode and password must be set. By default, no
authentication mode is configured for an OSPF interface. For security purposes,
you are advised to configure an authentication mode.
NOTE
For security purposes, the weak security algorithm in OSPF is not recommended. If it is
required, run the install feature-software WEAKEA command first to install the weak
security algorithm/protocol feature package WEAKEA.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 Switch the interface working mode to Layer 3.
undo portswitch
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
307
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Determine whether to perform this step based on the current interface working
mode.
Step 4 Configure one of the following authentication modes for the OSPF interface as
required:
●
Configure simple authentication.
ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
plain indicates the cleartext password. cipher indicates the ciphertext
password.
NOTE
When configuring an authentication password, you are advised to use the ciphertext
mode. The password is saved in configuration scripts in cleartext if you select the
cleartext mode, which poses a high security risk. To ensure device security, change the
password periodically.
●
Configure ciphertext authentication.
ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text |
[ cipher ] cipher-text } ]
plain indicates the cleartext password. cipher indicates the ciphertext
password. For MD5, HMAC-MD5, or HMAC-SHA256 authentication, ciphertext
passwords are used by default.
NOTE
To ensure high security, you are advised to use the HMAC-SHA256 algorithm instead
of the simple, MD5, and HMAC-MD5 algorithms.
●
Configure keychain authentication.
ospf authentication-mode keychain keychain-name
●
Configure non-authentication.
ospf authentication-mode null
----End
Verifying the Configuration
Run the display this command in the view of the specified interface to check the
authentication configuration on the interface.
5.33 Configuring OSPF GTSM
5.33.1 Understanding OSPF GTSM
Definition
The Generalized TTL Security Mechanism (GTSM) protects services over the IP
layer by checking whether the time to live (TTL) value in the IP header is within a
pre-defined range.
Purpose
If an attacker simulates real OSPF packets and keeps sending them to a device, an
interface board on the device receives the packets and directly sends them to the
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
308
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
control plane for OSPF processing, without checking their validity. As a result, the
system becomes unexpectedly busy, and CPU usage becomes excessively high. In
such cases, GTSM can be used to solve this problem.
In practice, GTSM is mainly used to protect the TCP/IP-based control plane
protocols (such as routing protocols) against CPU-utilization attacks, such as CPUoverload attacks.
Fundamentals
A GTSM-enabled device checks the TTL value in each received packet based on a
configured policy. Packets that fail to match the GTSM policy will be dropped or
sent to the control plane, thereby preventing the receive end from being attacked.
A GTSM policy includes:
●
Source address of the IP packet sent to the device
●
VPN instance to which the packet belongs
●
Protocol number of the IP packet (89 for OSPF)
●
Source and destination port numbers of protocols over TCP/UDP
●
Valid TTL range
GTSM is implemented as follows:
●
For protocol-specific neighbor/peer relationships over direct links, the TTL
value in each unicast protocol packet to be sent is set to 255.
●
For multi-hop OSPF neighbors, a proper TTL range is defined.
The applicability of GTSM is as follows:
●
GTSM takes effect on unicast packets, rather than multicast packets. This is
because the TTL value of multicast packets cannot exceed 255, avoiding the
need for GTSM.
●
GTSM does not apply to devices that use a tunnel to establish a neighbor
relationship.
5.33.2 Configuring OSPF GTSM
Prerequisites
Before configuring OSPF GTSM, you have completed the following task:
●
Configure basic OSPF functions.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure OSPF GTSM.
ospf valid-ttl-hops ttl [ nonstandard-multicast ]
After this step is performed, only the packets matching the OSPF GTSM policy are
sent to the control plane for processing. Note the following:
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
309
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
The ospf valid-ttl-hops command has two functions: enabling OSPF GTSM
and specifying a TTL value for check. The vpn-instance parameter is valid
only for the latter function.
●
Valid TTL values are within the range [255 – ttl + 1, 255].
----End
5.33.3 Verifying the Configuration
Procedure
●
Run the display gtsm statistics { slot-id | all } command to check GTSM
statistics on each board, including the total number of packets of a specific
protocol, the number of passed packets, and the number of dropped packets.
----End
5.33.4 Example for Configuring OSPF GTSM
Networking Requirements
On the network shown in Figure 5-57, OSPF runs on each device, and GTSM is
enabled on each device. The valid TTL ranges of the packets sent from each device
to DeviceC are as follows:
●
DeviceA and DeviceE are directly connected to DeviceC; therefore, the valid
TTL ranges in the packets are both [255, 255].
●
The valid TTL ranges in the packets sent from DeviceB, DeviceD, and DeviceF
to DeviceC are [254, 255], [253, 255], and [252, 255], respectively.
Figure 5-57 Network diagram of OSPF GTSM
NOTE
In this example, interface 1 and interface 2 represent 10GE 0/0/1 and 10GE 0/0/2,
respectively.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
310
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Configuration Precautions
To improve security, OSPF area authentication or interface authentication is
recommended. For details, see "Improving OSPF Network Security." OSPF area
authentication is used as an example. For details, see "Example for Configuring
Basic OSPF Functions."
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic OSPF functions.
2.
Enable GTSM on each device and specify a valid TTL range.
Procedure
Step 1 Assign an IP address to each interface.
Assign an IP address to each interface as shown in Figure 5-57. For detailed
configurations, see the configuration scripts.
Step 2 Configure basic OSPF functions.
See 5.5.7 Example for Configuring Basic OSPF Functions. For detailed
configurations, see Configuration Scripts in this section.
Step 3 Configure OSPF GTSM.
# Set the valid TTL range in packets from DeviceC to the other devices to [252,
255].
[DeviceC] ospf valid-ttl-hops 4
# Set the valid TTL range in packets from DeviceA to DeviceC to [255, 255].
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
311
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
[DeviceA] ospf valid-ttl-hops 1
# Set the valid TTL range in packets from DeviceB to DeviceC to [254, 255].
[DeviceB] ospf valid-ttl-hops 2
# Set the valid TTL range in packets from DeviceD to DeviceC to [253, 255].
[DeviceD] ospf valid-ttl-hops 3
# Set the valid TTL range in packets from DeviceE to DeviceC to [255, 255].
[DeviceE] ospf valid-ttl-hops 1
# Set the valid TTL range in packets from DeviceF to DeviceC to [252, 255].
[DeviceF] ospf valid-ttl-hops 4
----End
Verifying the Configuration
# Check whether the OSPF neighbor relationships are established properly
between the devices. The following uses the command output on DeviceA as an
example. The command output shows that the status of each neighbor
relationship is Full, that is, the neighbor relationships are established properly.
[DeviceA] display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 192.168.0.1(10GE0/0/1)'s neighbors
Router ID: 2.2.2.2
Address: 192.168.0.2
State: Full Mode:Nbr is Master Priority: 1
DR: None BDR: None MTU: 0
Dead timer due in 36 sec
Retrans timer interval: 5
Neighbor is up for 00:15:04
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1(10GE0/0/2)'s neighbors
Router ID: 3.3.3.3
Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: None BDR: None MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:07:32
Authentication Sequence: [ 0 ]
# Run the display gtsm statistics all command on DeviceC to check GTSM
statistics. If the default action taken on packets that do not match the specified
GTSM policy is set to pass and all the packets are valid, no packet is dropped.
[DeviceC] display gtsm statistics all
GTSM Statistics Table
---------------------------------------------------------------SlotId Protocol Total Counters Drop Counters Pass Counters
---------------------------------------------------------------1
BGP
0
0
0
1
BGPv6
0
0
0
1
OSPF
0
0
0
1
OSPFv3 0
0
0
1
RIP
0
0
0
----------------------------------------------------------------
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
312
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
If the host PC simulates the OSPF packets of DeviceA to attack DeviceC, the
packets are dropped when they reach DeviceC because the TTL value is not 255.
As a result, in the GTSM statistics on DeviceC, the number of dropped packets also
increases.
Configuration Scripts
●
DeviceA
#
sysname DeviceA
#
router id 1.1.1.1
#
interface 10GE0/0/1
ip address 192.168.0.1 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
ospf valid-ttl-hops 1
#
return
●
DeviceB
#
sysname DeviceB
#
router id 2.2.2.2
#
interface 10GE0/0/1
ip address 192.168.0.2 255.255.255.0
#
interface 10GE0/0/2
ip address 192.168.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.2
network 192.168.2.0 0.0.0.255
#
ospf valid-ttl-hops 2
#
return
●
DeviceC
#
sysname DeviceC
#
router id 3.3.3.3
#
interface 10GE0/0/2
ip address 172.16.1.1 255.255.255.0
#
interface 10GE0/0/1
ip address 192.168.1.2 255.255.255.0
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
313
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
#
ospf valid-ttl-hops 4
#
return
●
DeviceD
#
sysname DeviceD
#
router id 4.4.4.4
#
interface 10GE0/0/2
ip address 172.17.1.1 255.255.255.0
#
interface 10GE0/0/1
ip address 192.168.2.2 255.255.255.0
#
ospf 1
area 0.0.0.2
network 192.168.2.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
ospf valid-ttl-hops 3
#
return
●
DeviceE
#
sysname DeviceE
#
router id 5.5.5.5
#
interface 10GE0/0/2
ip address 172.16.1.2 255.255.255.0
#
ospf 1
area 0.0.0.1
network 172.16.1.0 0.0.0.255
#
ospf valid-ttl-hops 1
#
return
●
DeviceF
#
sysname DeviceF
#
router id 6.6.6.6
#
interface 10GE0/0/2
ip address 172.17.1.2 255.255.255.0
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
ospf valid-ttl-hops 4
#
return
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
314
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.34 Configuring the Network Management Function
of OSPF
Prerequisites
Before configuring the network management function of OSPF, you have
completed the following task:
●
Configure basic OSPF functions.
Context
By using the Simple Network Management Protocol (SNMP), the OSPF
management information base (MIB) manages information about messages
exchanged between the network management station (NMS) and agents
(managed devices). To implement the network management function of OSPF,
bind an OSPF process to the OSPF MIB.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Bind an OSPF process to the OSPF MIB.
ospf mib-binding process-id
----End
Verifying the Configuration
Run the display current-configuration command to check whether the OSPF
process is bound to the OSPF MIB.
5.35 Maintaining OSPF
Procedure
To clear running information of OSPF, run the following reset commands in the
user view.
NOTICE
OSPF information cannot be restored after it is cleared. Exercise caution when you
run the reset commands.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
315
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Table 5-36 Clearing OSPF information
Operation
Command
Clear OSPF counters.
reset ospf [ process-id ] counters [ neighbor
[ interface-type interface-number ] [ router-id ] ]
● counters indicates OSPF counters.
● neighbor indicates neighbor information on the
specified interface.
Delete the statistics
about aged router LSAs.
reset ospf [ process-id ] counters maxage-lsa
Re-establish OSPF
neighbor relationships.
reset ospf [ process-id ] peer [ interface-type
interface-number ] router-id
To reset OSPF connections, run the following reset commands in the user view.
NOTICE
Resetting OSPF connections using the reset ospf command disconnects the OSPF
neighbor relationships between devices. Exercise caution when resetting an OSPF
connection.
Table 5-37 Resetting OSPF connections
Operation
Command
Restart an OSPF
process.
reset ospf [ process-id ] process
● If a router ID is changed, the new router ID takes
effect after the reset ospf process command is
run.
● Running the reset ospf process command causes
DR/BDR reelection.
Restart OSPF route
calculation.
reset ospf [ process-id ] spf
Re-import routes.
reset ospf [ process-id ] redistribution
5.36 Troubleshooting OSPF
5.36.1 Failed to Establish an OSPF Neighbor Relationship
Fault Symptom
An OSPF neighbor relationship cannot be established between two devices.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
316
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Procedure
Step 1 Check whether the physical status and protocol status of interfaces at both ends
are up and stable, whether packet loss occurs on the interfaces, and whether the
two devices can ping each other with large packets.
If the physical status or protocol status of either interface is not up or unstable
(an interface flaps, for example), check the physical link and link layer protocol.
Ensure that both the physical status and protocol status of each interface are up
and that the interfaces have no error packet statistics.
You can perform a ping test for a long time with large packets (with each being
1500 bytes or longer) to check whether any packet loss occurs on the interfaces.
Step 2 Check whether the OSPF processes on the two devices have the same router ID.
Run the display ospf [ process-id ] brief command on each device to check the
router ID in the OSPF process.
Each router ID must be unique on the entire network. If router ID conflict occurs,
devices at both ends cannot establish an OSPF neighbor relationship, and routing
information is incorrect. In this case, you are advised to set a unique router ID for
each OSPF process on each device.
If the OSPF processes on the devices have the same router ID, run the ospf
[ process-id ] router-id router-id command in the system view to change the
router ID on either device and ensure that the two devices have different router
IDs in the same OSPF process.
After changing the router ID, run the reset ospf [ process-id ] process command
in the user view to allow the new router ID to take effect.
Step 3 Check whether the two devices have the same OSPF area ID.
Run the display ospf [ process-id ] brief command on each device to check the
OSPF area ID.
If the devices have different OSPF area IDs, run the area area-id command in the
OSPF view on either device to change the OSPF area ID and ensure that the two
devices have the same OSPF area ID.
Step 4 Check whether the OSPF interfaces at both ends have the same network type.
Run the display ospf [ process-id ] interface command on each device to check
the OSPF interface network type.
The network types of the OSPF interfaces at both ends of a link must be the
same; otherwise, the two interfaces cannot establish an OSPF neighbor
relationship.
If the network types of the two OSPF interfaces are different, run the ospf
network-type { broadcast | nbma | p2mp | p2p } command in the OSPF interface
view on either device to change the network type and ensure that the OSPF
interfaces at both ends have the same network type.
NOTE
If the network types of OSPF interfaces at both ends are set to NBMA, run the peer ipaddress [ dr-priority priority ] command in the OSPF view on each device to configure the
NBMA neighbor.
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
317
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
Step 5 Check whether the OSPF interfaces at both ends have the same IP address mask.
Run the display current-configuration interface interface-type interface-number
command on each device to check the IP address information of the specified
OSPF interface.
The IP address masks of OSPF interfaces at both ends of a link must be the same;
otherwise, the two interfaces cannot establish an OSPF neighbor relationship. On
a P2MP network, however, you can run the ospf p2mp-mask-ignore command in
the OSPF interface view to disable a device from checking the network mask so
that an OSPF neighbor relationship can be established.
If the two OSPF interfaces have different IP address masks, run the ip address ipaddress { mask | mask-length } command in the OSPF interface view on either
device to change the IP address mask and ensure that the two OSPF interfaces
have the same IP address mask.
Step 6 Check whether the network segment that the IP addresses of the two OSPF
interfaces belong to is included in the network segment specified in the network
command.
Run the display current-configuration interface interface-type interface-number
command on each device to check the IP address of the specified OSPF interface,
and run the display current-configuration configuration ospf command on each
device to check the OSPF process configuration.
OSPF can run on an interface only if the following two conditions are met:
●
The mask length of the interface's IP address is greater than or equal to that
converted from the wildcard mask specified in the network command. OSPF
uses the wildcard mask. For example, 0.0.0.255 indicates that the mask length
is 24 bits.
●
The primary IP address (if any) of the interface must be within the network
segment specified in the network command.
If the IP address of an interface does not meet the preceding conditions, run the ip
address ip-address { mask | mask-length } command in the OSPF interface view to
change the IP address of the interface, or run the network command in the OSPF
area view to change the specified network segment so that the IP address of the
interface can meet the preceding conditions.
Step 7 Check whether the DR priorities of the two OSPF interfaces are not 0.
Run the display ospf [ process-id ] interface command on each device to check
the OSPF interface's DR priority.
On a broadcast or NBMA network, ensure that the DR priority of at least one
OSPF interface on the link is not 0 so that the DR can be elected. Otherwise, the
neighbor status of both ends can only reach 2-Way.
In this case, run the ospf dr-priority priority command in the OSPF interface view
on either device to change the DR priority and ensure that at least one OSPF
interface has a non-zero DR priority.
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
318
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
5.36.2 Failed to Find Routes of a Non-Local Area
Fault Symptom
When links are normal, OSPF cannot find routes of a non-local area.
Procedure
Step 1 Check whether the local area is connected to the backbone area.
Run the display ospf [ process-id ] brief command on the ABR in the local area to
check the area configuration.
OSPF requires that all non-backbone areas be connected to the backbone area.
If the backbone area configuration does not exist on the ABR, run the area area-id
command in the OSPF view to modify the OSPF area configuration. Ensure that at
least one interface on the ABR runs in the backbone area.
NOTE
If not all non-backbone areas can be connected to the backbone area due to networking
restrictions, configure OSPF virtual links to resolve this problem.
Step 2 Check whether the local area is a totally stubby area.
Run the display current-configuration configuration ospf [ process-id ]
command on the device to check the OSPF process configuration.
If you specify the no-summary parameter on the ABR when configuring a nonbackbone area as a stub area (running the stub no-summary command in the
OSPF area view), the area will become a totally stubby area.
A totally stubby area allows only intra-area routes to be advertised. Specifically, AS
external routes or inter-area routes cannot be advertised in a totally stubby area.
If the area where the device resides is configured as a totally stubby area, perform
either of the following operations as needed:
●
To restore the totally stubby area to a common area, run the undo stub
command in the OSPF area view on each device in this area.
●
To change the totally stubby area to a stub area, run the undo stub
command in the OSPF area view on the ABR in this area and then run the
stub command.
Step 3 Check whether the area where the device resides is a totally NSSA.
Run the display current-configuration configuration ospf [ process-id ]
command on the device to check the OSPF process configuration.
If you specify the no-summary parameter on the ABR when configuring a nonbackbone area as an NSSA (running the nssa no-summary command in the OSPF
area view), the area will become a totally NSSA.
A totally NSSA allows only intra-area routes to be advertised. Specifically, AS
external routes or inter-area routes cannot be advertised in a totally NSSA.
If the area where the device resides is configured as a totally NSSA, perform either
of the following operations as needed:
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
319
NetEngine AR5700, AR6700, and AR8000
Configuration Guide - IP Routing Configuration
5 OSPF Configuration
●
To restore the totally NSSA to a common area, run the undo nssa command
in the OSPF area view on each device in this area.
●
To change the totally NSSA to an NSSA, run the undo nssa command in the
OSPF area view on the ABR in this area and then run the nssa command.
----End
Issue 04 (2023-09-22)
Copyright © Huawei Technologies Co., Ltd.
320
Related documents
S3.1
S3.1
Switching and Routing Phase 1
Switching and Routing Phase 1
Module Summary
Module Summary
Arasan A, Vince Final exam
Arasan A, Vince Final exam
OSPFv3 as a PE-CE Routing Protocol
OSPFv3 as a PE-CE Routing Protocol
Question 9 The Network consists of the following 5 IP networks
Question 9 The Network consists of the following 5 IP networks
Chapter 10
Chapter 10
Download
advertisement