OSPF

advertisement
Preview of the OSPF Commands
Optional Commands:
Rtr(config-router)# default-information originate (Send default)
Rtr(config-router)# area area authentication
(Plain authen.)
Rtr(config-router)# area area authentication message-digest
(md5 authen.)
Rtr(config)# interface loopback number
(Configure lo as RtrID)
Rtr(config)# interface type slot/port
Rtr(config-if)# ip ospf priority <0-255>
(DR/BDR election)
Rtr(config-if)# bandwidth kbps
(Modify default bandwdth)
RTB(config-if)# ip ospf cost cost
(Modify inter. cost)
Rtr(config-if)# ip ospf hello-interval seconds
(Modify Hello)
Rtr(config-if)# ip ospf dead-interval seconds
(Modify Dead)
Rtr(config-if)# ip ospf authentication-key passwd (Plain/md5authen)
Rtr(config-if)# ip ospf message-digest-key key-id md5 password
Distance Vector vs. Link State Routing

With distance vector routing, each node has information
only about the next hop:




Node A: to reach F go to B
Node B: to reach F go to D
Node D: to reach F go to E
Node E: go directly to F
A


Distance vector routing makes
poor routing decisions if
directions are not completely
correct
(e.g., because a node is down).
B
C
D
E
If parts of the directions incorrect, the routing may be incorrect until the
routing algorithms has re-converged.
•2
F
Distance Vector vs. Link State Routing

In link state routing, each node has a complete map of the
topology
A


If a node fails, each
node can calculate
the new route
B
C
D
E
A
F
A
Difficulty: All nodes need to
have a consistent view of the
network
A
•3
B
C
D
E
A
F
C
D
E
C
D
E
B
C
D
E
A
B
B
B
F
C
A
D
F
F
E
B
C
D
E
F
F
Advantages of OSPF (1 of 2)

OSPF is link-state routing protocol


OSPF has fast convergence


RIP, IGRP and EIGRP are distance-vector (routing by rumor) routing
protocols, susceptible to routing loops, split-horizon, and other issues.
RIP and IGRP hold-down timers can cause slow convergence.
OSPF supports VLSM and CIDR

RIPv1 and IGRP do not
Advantages of OSPF (2 of 2)





Cisco’s OSPF metric is based on bandwidth
 RIP is based on hop count
 IGRP/EIGRP bandwidth, delay, reliability, load
OSPF only sends out changes when they occur.
 RIP sends entire routing table every 30 seconds, IGRP every 90 seconds
 Extra: With OSPF, a router does flood its own LSAs when it age reaches
30 minutes (later)
OSPF also uses the concept of areas to implement hierarchical
routing
Two open-standard routing protocols to choose from:
RIP, simple but very limited, or
OSPF, robust but more sophisticated to implement.
IGRP and EIGRP are Cisco proprietary
Link State Routing: Basic princples
1. Each router establishes a relationship (“adjacency”) with its
neighbors
2.Each router generates link state advertisements (LSAs) which are
distributed to all routers
LSA = (link id, state of the link, cost, neighbors of the link)
3. Each router maintains a database of all received LSAs
(topological database or link state database), which describes the
network has a graph with weighted edges
4. Each router uses its link state database to run a shortest path
algorithm (Dijikstra’s algorithm) to produce the shortest path
to each network
•6
Operation of a Link State Routing protocol
Received
LSAs
Link State
Database
Dijkstra’s
Algorithm
LSAs are flooded
to other interfaces
•7
IP Routing
Table
OSPF

OSPF = Open Shortest Path First
The OSPF routing protocol is the most important link
state routing protocol on the Internet
The complexity of OSPF is significant

History:







•8
1989: RFC 1131 OSPF Version 1
1991: RFC1247 OSPF Version 2
1994: RFC 1583 OSPF Version 2 (revised)
1997: RFC 2178 OSPF Version 2 (revised)
1998: RFC 2328 OSPF Version 2 (current version)
OSPF’s Metric is Cost (Bandwidth)
Cisco: Cost = Bandwidth

Cisco uses a default cost of 108/bandwidth

Default bandwidth of the interface (bandwidth command)

108 (100,000,000) as the reference bandwidth: This is used so that the faster
links (higher bandwidth) have lower costs.

Routing metrics, lower the cost the better the route.

I.e. RIP: 3 hops is better than 10 hops


Extra: The reference bandwidth can be modified to accommodate networks
with links faster than 100,000,000 bps (100 Mbps). See ospf auto-cost
reference-bandwidth command.
Cost of a route is the cumulative costs of the outgoing interfaces from
this router to the network.
•Rick Graziani
graziani@cabrillo.e
OSPF’s Metric is Cost (Bandwidth)
Cisco default interface costs:

56-kbps serial link = 1785

64-kbps serial link = 1562

T1 (1.544-Mbps serial link) = 64

E1 (2.048-Mbps serial link) = 48

4-Mbps Token Ring = 25

Ethernet = 10

16-Mbps Token Ring = 6

Fast Ethernet = 1

Problem: Gigabit Ethernet and faster = 1
128-kbps serial link = 781
•Cost =
100,000,000/Bandwidth
Notes:

Cisco routers default to T1 (1.544 Mbps) on all serial interfaces and require manual
modification with the bandwidth command.

ospf auto-cost reference-bandwidth reference-bandwidth can be used to
modify the reference-bandwidth for higher speed interfaces
•Rick Graziani
graziani@cabrillo.e
Configuring Simple Authentication
A router, by default, trusts that routing information received, has come from a router
that should be sending it.
Rtr(config-if)# ip ospf authentication-key passwd

Configured on an interface

password = Clear text unless message-digest is used (next)
Easily captured using a packet sniffer
Passwords
do not have to be the same throughout an area, but they must be
same between neighbors.
After a password is configured, you enable authentication for the area on all
participating area routers with:
Rtr(config-router)# area area authentication

Configured for an OSPF area, in ospf router mode.
•Rick Graziani
graziani@cabrillo.e
Configuring MD5 Encrypted Authentication
Rtr(config-if)# ip ospf message-digest-key key-id md5
password

Key-id = 1 to 255, must match on each router to authenticate.

md5 = Encryption-type

password = encrypted
Passwords
do not have to be the same throughout an area, but they must be
same between neighbors.
After a password is configured, you enable authentication for the area on all
participating area routers with:
Rtr(config-router)# area area authentication [messagedigest]

message-digest option must be used if using message-digest-key

If optional message-digest is used, a message digest, or hash, of the password is
sent.
•Rick Graziani
graziani@cabrillo.e
MD5 Encryption

MD5 authentication, creates a message digest.

This is scrambled data that is based on the password and the packet
contents .

The receiving router uses the shared password and the packet to recalculate the digest.

If the digests match, the router believes that the source of the packet
and its contents have not been tampered with.

In the case of message-digest authentication, the authentication data
field contains the key-id and the length of the message digest that is
appended to the packet.

The Message Digest is like a watermark that can’t be faked.
Terminology


Router ID – Used to identify the routers in the OSPF network
 IP address configured with the OSPF router-id command (extra)
 Highest loopback address (configuration coming)
 Highest active IP address (any IP address)
Loopback address has the advantage of never going down, thus diminishing
the possibility of having to re-establish adjacencies. (more in a moment)
Features of OSPF






Provides authentication of routing messages
Enables load balancing by allowing traffic to be split evenly
across routes with equal cost
Type-of-Service routing allows to setup different routes
dependent on the TOS field
Supports subnetting
Supports multicasting
Allows hierarchical routing
•15
Link State Database


The collection of all LSAs is called the link-state database
Each router has and identical link-state database



Useful for debugging: Each router has a complete description of the
network
If neighboring routers discover each other for the first
time, they will exchange their link-state databases
The link-state databases are synchronized using reliable
flooding
•16
OSPF Packet Types
•17
OSPF Hello Protocol
Hello subprotocol is intended to perform the following tasks within OSPF:
 Dynamic neighbor discovery
 Detect unreachable neighbors
 Ensure two-way communications between neighbors
 Ensure correctness of basic interface parameters between neighbors
 Provide necessary information for the election of the Designated and Backup
Designated routers on a LAN segment (coming)
OSPF Hello Protocol

OSPF routers send Hellos on OSPF enabled interfaces:
Default
every 10 seconds on multi-access and point-to-point segments
Default every 30 seconds on NBMA segments (Frame Relay, X.25, ATM)
Most cases OSPF Hello packets are sent as multicast to ALLSPFRouters (224.0.0.5)


HelloInterval - Cisco default = 10 seconds or 30 seconds and can be changed with
the command ip ospf hello-interval.
RouterDeadInterval - The period in seconds that the router will wait to hear a
Hello from a neighbor before declaring the neighbor down.
Cisco
uses a default of four-times the HelloInterval (4 x 10 sec. = 40 seconds, 120
secconds for NBMA) and can be changed with the command ip ospf deadinterval.

Note: For routers to become adjacent, the Hello, DeadInterval and network
types must be identical between routers or Hello packets get dropped!
Network Types – more later
•show ip ospf interface
Unless you are configuring an NBMA network like Frame Relay, this won’t be an
issue.
•
Many administrators prefer to use point-to-point or point-to-multipoint for
•20
NMBA to avoid the DR/BDR and full-mesh issues.
OSPF packet types (Extra)
•OSPF Type-4 packets have 7 LSA packets
•21
Steps to OSPF Operation
•Rick Graziani
graziani@cabrillo.e
OSPF Packet Format
OSPF Message
IP header
OSPF packets are not
carried as UDP payload!
OSPF has its own IP
protocol number: 89
OSPF Message
Header
Body of OSPF Message
Message Type
Specific Data
LSA
LSA
... ...
TTL: set to 1 (in most cases)
LSA
Header
LSA
Data
Destination IP: neighbor’s IP address or 224.0.0.5
(ALLSPFRouters) or 224.0.0.6 (AllDRouters)
•23
LSA
OSPF Packet Format
OSPF Message
Header
2: current version
is OSPF V2
version
Message types:
1: Hello (tests reachability)
2: Database description
3: Link Status request
4: Link state update
5: Link state acknowledgement
Standard IP checksum taken
over entire packet
Authentication passwd = 1:
Authentication passwd = 2:
Body of OSPF Message
type
message length
source router IP address
ID of the Area
from which the
packet originated
Area ID
checksum
authentication type
authentication
authentication
32 bits
64 cleartext password
0x0000 (16 bits)
KeyID (8 bits)
Length of MD5 checksum (8 bits)
Nondecreasing sequence number (32 bits)
0: no authentication
1: Cleartext
password
2: MD5 checksum
(added to end
packet)
Prevents replay
attacks
•24
OSPF LSA Format
LSA
Link Age
LSA
Header
LSA
Header
LSA
Data
Link Type
Link State ID
advertising router
link sequence number
checksum
length
Link ID
Link 1
Link Data
Link Type #TOS metrics
Metric
Link ID
Link 2
Link Data
Link Type #TOS metrics
Metric
•25
Discovery of Neighbors


Routers multicasts OSPF Hello packets on all OSPF-enabled
interfaces.
If two routers share a link, they can become neighbors, and establish
an adjacency
10.1.10.1
10.1.10.2
Scenario:
Router 10.1.10.2 restarts
OSPF Hello
OSPF Hello: I heard 10.1.10.2

After becoming a neighbor, routers exchange their link state
databases
•26
Neighbor discovery and
database synchronization
10.1.10.1
Discovery of
adjacency
Scenario:
Router 10.1.10.2 restarts
10.1.10.2
OSPF Hello
OSPF Hello: I heard 10.1.10.2
After neighbors are discovered the nodes exchange their databases
Database Description: Sequence = X
Sends database
description.
(description only
contains LSA
headers)
Acknowledges
receipt of
description
•27
Database Description: Sequence = X, 5 LSA headers =
Router-LSA, 10.1.10.1, 0x80000006
Router-LSA,
10.1.10.2, 0x80000007
Router-LSA,
10.1.10.3, 0x80000003
Router-LSA,
10.1.10.4, 0x8000003a
Router-LSA,
10.1.10.5, 0x80000038
Router-LSA,
10.1.10.6, 0x80000005
Database Description: Sequence = X+1, 1 LSA header=
Router-LSA,
10.1.10.2, 0x80000005
Database Description: Sequence = X+1
Sends empty
database
description
Database
description of
10.1.10.2
Regular LSA exchanges
10.1.10.1
Link State Request packets, LSAs =
Router-LSA,
10.1.10.1,
Router-LSA,
10.1.10.2,
Router-LSA,
10.1.10.3,
Router-LSA,
10.1.10.4,
Router-LSA,
10.1.10.5,
Router-LSA,
10.1.10.6,
10.1.10.1 sends
requested LSAs
Link State Update Packet, LSAs =
Router-LSA, 10.1.10.1, 0x80000006
Router-LSA, 10.1.10.2, 0x80000007
Router-LSA, 10.1.10.3, 0x80000003
Router-LSA, 10.1.10.4, 0x8000003a
Router-LSA, 10.1.10.5, 0x80000038
Router-LSA, 10.1.10.6, 0x80000005
Link State Update Packet, LSA =
Router-LSA,
10.1.1.6, 0x80000006
•28
10.1.10.2
10.1.10.2 explicitly
requests each LSA
from 10.1.10.1
10.1.10.2 has more
recent value for
10.0.1.6 and sends it
to 10.1.10.1
(with higher sequence
number)
Dissemination of LSA-Update



A router sends and refloods LSA-Updates, whenever the
topology or link cost changes. (If a received LSA does not
contain new information, the router will not flood the
packet)
Exception: Infrequently (every 30 minutes), a router will
flood LSAs even if there are not new changes.
Acknowledgements of LSA-updates:

explicit ACK, or
implicit via reception of an LSA-Update

Reliable Flooding ---

•29
Terminology
Single Area OSPF
uses only one area,
usually Area 0
•Or “OSPF Routing Domain”
CCNA 3.0 covers Single Area OSPF as opposed to Multi-Area OSPF
 All routers will be configured in a single area, the convention is to use area 0
 If OSPF has more than one area, it must have an area 0
 CCNP includes Multi-Area OSPF
Electing the DR and BDR
• On multi-access, broadcast links (Ethernet), a DR and BDR (if there is
more than one router) need to be elected.
• DR - Designated Router
• BDR – Backup Designated Router
• DR’s serve as collection points for Link
State Advertisements (LSAs) on multiaccess networks
• If the IP network is multi-access, the
OSPF routers will elect one DR and one
BDR

Without a DR, the formation of an adjacency between every attached
router would create many unnecessary LSA (Link State
Advertisements), n(n-1)/2 adjacencies.

Flooding on the network itself would be chaotic.
Electing the DR and BDR




Router with the highest Router ID is elected the DR, next is BDR.
But like other elections, this one can be rigged.
The router’s priority field can be set to either ensure that it becomes the DR or
prevent it from being the DR.
Rtr(config-if)# ip ospf priority <0-255>
 Higher priority becomes DR/BDR
 Default = 1
 0 = Ineligible to become DR/BDR
The router can be assigned a priority between 0 and 255, with 0 preventing this
router from becoming the DR (or BDR) and 255 ensuring at least a tie. (The highest
Router ID would break the tie.)
•Rick Graziani
graziani@cabrillo.e
Electing the DR and BDR
All other routers, “DROther”, establish adjacencies with only the DR and BDR.
 DRother routers multicast LSAs to only the DR and BDR
 (224.0.0.6 - all DR routers)
 DR sends LSA to all adjacent neighbors (DROthers)
(224.0.0.5 - all OSPF routers)
Backup Designated Router - BDR
 Listens, but doesn’t act.
 If LSA is sent, BDR sets a timer.
 If timer expires before it sees the reply from the DR, it becomes the DR and takes
over the update process.
 The process for a new BDR begins.

•Rick Graziani
graziani@cabrillo.e
Electing the DR and BDR
A new router enters the network:
 Once a DR is established, a new router that enters the network with a higher
priority or Router ID it will NOT become the DR or BDR. (Bug in early IOS
12.0)
 Regardless of the priority or Router ID, that router will become a DROther.
 If DR fails, BDR takes over as DR and selection process for new BDR begins.
•Rick Graziani
graziani@cabrillo.e
DR/BDR Elections


Router with the highest Router ID is elected the DR, next is BDR.
But like other elections, this one can be rigged.
Rtr(config)# interface fastethernet 0
Rtr(config-if)# ip ospf priority <0-255>



Higher priority becomes DR/BDR
Default = 1
Ineligible to become DR/BDR = 0
•Rick Graziani
graziani@cabrillo.e
Stub and Totally Stubby Area Criteria




A single exit point
Not a transit area for virtual links (these join Area 0 to
another network by transiting another area)
No ASBR internal to stub area
Not backbone or Area 0
•36
•OSPF Areas
Stub and Totally Stubby Areas
•37
•OSPF Areas
Stub and Totally Stubby Areas




Size of the LS DB inside that area can be greatly reduced
Uses quad 0 route to get to rest of world
Stub areas are typically created when using a hub-andspoke topology
Works when a mix of Cisco and non Cisco routers exist
•38
•OSPF Areas
Totally Stubby Area – Cisco only



A totally stubby area is a stub area that blocks external
Type 5 LSA’s and summary, Type 3 and Type 4, LSA’s from
entering
Intra-area routes and the default of 0.0.0.0/0 are the only
routes known to the stub area
ABR’s inject the default summary link 0.0.0.0/0 into the
totally stubby area
•39
•OSPF Areas
Setting up stub and totally stubby Areas
Router(config-router)#area [area id] stub
Routers exchange packets with the E bit set to 0.
Add no-summary to ABR’s - this blocks inter-area summaries
and makes the area Totally Stubby
On ABR’s define the cost of the default route manually:
Router(config-router)#area [area id]
default-cost [cost]
•40
•OSPF Areas
Not So Stubby Area



Stub and Totally Stubby Areas cannot accept external
routes
If we connect to an area e.g. RIP that is outside our
jurisdiction, and routers are low spec, use NSSA
Accepts external routes as Type 7 and converts then to
Type 5 at ABR
•41
•OSPF Areas
NSSA
•42
•OSPF Areas
Autonomous Systems

An autonomous system is a region of the Internet that is
administered by a single entity.

Routing is done differently within an autonomous system
(intradomain routing) and between autonomous system
(interdomain routing).
•43
Autonomous Systems (AS)
Ethernet
Router
Ethernet
Ethernet
Autonomous
System 1
Router
Router
Router
Ethernet
Router
•44
Ethernet
Autonomous
System 2
Router
Ethernet
BGP







BGP = Border Gateway Protocol
Currently in version 4
Note: In the context of BGP, a gateway is nothing else but
an IP router that connects autonomous systems.
Interdomain routing protocol for routing between
autonomous systems
Uses TCP to send routing messages
BGP is neither a link state, nor a distance vector protocol.
Routing messages in BGP contain complete routes.
Network administrators can specify routing policies
•45
BGP


BGP’s goal is to find any path (not an optimal one). Since
the internals of the AS are never revealed, finding an
optimal path is not feasible.
For each autonomous system (AS), BGP distinguishes:





•46
local traffic
transit traffic
Stub AS
= traffic with source or destination in AS
= traffic that passes through the AS
= has connection to only one AS, only
carry local traffic
Multihomed AS = has connection to >1 AS, but does
not carry transit traffic
Transit AS
= has connection to >1 AS and carries
transit traffic
BGP
AS 1
AS 2
Router
Router
Router
AS 3
Router
Router
Router
Router
•47
AS 4
Download