Routing - IPMasters ICT Services
advertisement
ROUTE Course
OSPF
OSPF FEATURES
OSPF is an open standards routing protocol
This works by using the Dijkstra algorithm
OSPF provides the following features:
Minimizes routing update traffic
Allows scalability (e.g. RIP is limited to 15 hops)
Has unlimited hop count
Supports VLSM/CIDR
Allows multi-vendor deployment (open standard)
OSPF Tables
There are three type of tables
Neighbor
Topology
Routing
Areas Reasons and Features
A larger topology database requires more memory on
each router.
Processing the larger topology database with the SPF
algorithm requires more processing power
A single interface status change, anywhere in the
internetwork forces every router to run SPF again.
A router can be a member of more than one area (ABR)
All routers in the same area have same topology database
When multiple areas exist, there must always be an area 0
(the backbone) to which other areas connect
OSPF Area
Autonomous System Border Router (ASBR)
ROUTER ID
The Router ID (RID) is an IP address used to identify the
router
Cisco chooses the Router ID by using the highest IP
address of all configured loopback interfaces
If no loopback interfaces are configured with addresses,
OSPF will choose the highest IP address of all active
physical interfaces.
You can manually assign the router ID.
The RID interface MUST always be up, therefore loopbacks
are preferred
OSPF PACKETS
Data Field of the OSPF packet contents depend on the OSPF
packet type:
• Hello packet: Contains a list of known neighbors.
• DBD packet: Contains a summary of the LSDB, which includes
all known router IDs and their last sequence number, among
several other fields.
• LSR packet: Contains the type of LSU needed and the router ID
of the router that has the needed LSU.
• LSU packet: Contains the full LSA entries. Multiple LSA entries
can fit in one OSPF update packet.
• LSAck packet: This data field is empty.
OSPF PACKETS
Hello: Discovers neighbors and
builds adjacencies between them
Database Description (DBD):
Checks for database
synchronization between routers
Link-state request (LSR): Requests
specific link-state records from
another router
LSU: Sends specifically requested
link-state records
LSAck: Acknowledges the other
packet types
Hello Packet Information
• Router ID: 32-bit
• Hello and dead intervals: must be the same on neighboring
routers (must match)
• Neighbors: list of adjacent routers
• Area ID: Contains the full LSA entries. Multiple LSA entries
can fit in one OSPF update packet (must match)
• Router Priority: 8-bit
• DR and BDR IP Addresses
• Authentication Password: (must match)
• Stub Area Flag: (must match)
Network Types
Point-to-point
Broadcast mutliaccess
Non-Broadcast Multiaccess (NBMA)
The contents of the LSA (excluding the LSA header) have
changed
OSPF
DR
over L2 and L3 MPLS VPN
and BDR have been selected, any router added to the
broadcast network establishes full adjacencies with the DR
and BDR only
Neighbor Adjacency States
Router
A send hello on LAN .
All connected routers add A
on list of neighbors (init
state)
All routers received Hello
send unicast reply to A with
corresp. Info and list on their
neighbors inc. A
A adds the received
neighbors IDs on table (2way state)
Discovering Network Routes in BC domain
After DR and BDR selected:
Master-slave relationship
higher RID is the Masters
(Exstart state)
Master & slave exchange
DBD packets (Exchange
state)
DBD is LSA entries header (linkstate type, Addr. Of Advertising
router, link cost, Seq. No.)
Discovering Network Routes in BC domain
When receive DBD:
Router Ack the DBD using
LSAck
Compare received info with
its LSDB, send LSR for
newest LSA (Loading state)
Other router replies with
complete info about
requested entry using LSU
Router Ack the received LSU
Router adds new LSAs into
LSDB (Full state)
Attempt
state for NBMA
Link-State Advertisement “LSA”
LSAs
advertised to routers
with split-horizon rule
Each LSA entry has aging timer
in age field of LSA (def. 30min)
Router originated the entry
resends the LSA with higher
seq. no. in LSU to verify link
still active
LSA discarded when LSA reach
its maxage (60 min)
LS entry must be refreshed
every 30 min
LINK-STATE UPDATE “LSU” OPERATION
SPF Recalculation
SFP triggered when any of the following happen:
The LSA’s Options field has changed
The LSA’s LS age is set to maxage
The Length field in the LSA header has changed
The contents of the LSA (excluding the LSA header) have
changed
An SPF calculation is performed separately for each area
in the topology database.
Adjacency for NBMA Network
DR &BDR needs full L2 connectivity with routers in NBMA
Several OSPF configuration choices are available for FR network
depending on network topology:
Nonbroadcast: B/DR are elected, neighbors are manually config
Point-to-multipoint: B/DR not req., multicast hello auto neighbors disc.
Point-to-multipoint nonbroadcast: B/DR not req, manual neighbors config
Broadcast: B/DR are elected, multicast hello auto neighbors disc.
Point-to-point: no B/DR, differ. IP subnets
Point-to-point needs less configuration, nonbroadcast less traffic
overhead
R(config-if)#ip ospf network {broadcast | non-broadcast | point-tomultipoint [non-broadcast] | point-to-point}
NBMA Mode Configuration
Fully meshed topology DR & BDR are elected
Not Fully meshed DR & BDR are manually selected
DR & BDR should have full connectivity with all routers
LSUs are replicated for each PVC
Configure nonbroadcast mode by:
Manually configuring neighbors in DR and BDR
Define OSPF network type as nonbroadcast
neighbor ip-address [priority number] [poll-interval number] [cost
number] [database-filter all]
Point-to-multipoint Mode Configuration
Not full-mesh topology
OSPF treats this mode as several point-to-point links
No static neighbor configuration, multicast hello discover
neighbors
Duplicated LSA packets
Hello interval 30 sec, and dead interval 120 sec
One IP subnet
Point-to-multipoint Nonbroadcast Mode Configuration
Used when no broadcast and multicast
OSPF treats this mode as several point-to-point links
No automatic neighbor discovery, so must use static neighbor
configuration
Bandwidth for each neighbor can be defined
Hello interval 30 sec, and dead interval 120 sec
One IP subnet
OSPF over Frame Relay Subinterface Configuration
Point-to-point subinterface:
Each VC gets its own subinterface
No DR and BDR, automatic neighbor discovery
Point-to-multipoint subinterface:
Nonbroadcast id the default mode
LSA Types
LSA type 1: Router LSA
LSA type 2: Network LSA
LSA type 3 : Summary LSA
LSA type 4: ASBR
LSA type 5: AS External LSA
LSA type 6: Multicast OSPF LSA (not supported by Cisco)
LSA type 7: LSA for NSSA
LSA type 8: External Attributes for BGP (Not supp. by Cisco)
LSA type 9, 10, 11: Opaque LSA (future upgrades)
LSA Type 1
link type is defined by
(1,2,3, or 4)
Link ID: what is on the
other end of the link which
depends on link type
Link data: IP address of the
link, or subnet mask in case
of stub network
Type 1 LSA includes the
OSPF cost for each link, and
whether the router is an
ABR or ASBR
Link
Type
Decription
Link ID Field Contents
1
Point-point
Neighbor RID
2
Transit Network DR’s interface address
3
Stub network
IP network/subnet
4
Virtual link
Neighbor RID
LSA Type 2
Transit Network has at least 2 directly attached OSPF routers
LSA type 2 list all attached routers, DR, and subnet mask
DR is responsible for advertising Network LSA
Link-state ID is the IP address of DR
LSA Type 3
Advertises networks for an area to the rest of areas
Type 3 summary LSA is advertised into the backbone area for
every subnet defined in the originating area
Manual summarization at ABR should be considered
Receiving type 3 LSA does not cause router to run SPF
To summarize inter-area, IOS a creates summary route to null 0:
area area-id range address mask [advertise | not-advertise] [cost
cost]
Link-state ID is
destination network
number (summary
network)
LSA Type 4
Generated by an ABR only when an ASBR exists within an area
It identifies the ASBR and provide a route to it.
ASBR send type 1 LSA with external bit(e bit) is set
ABR generate type 4 LSA and floods it to backbone area and into
their area
Link-state ID is ASBR ID
LSA Type 5
Describe a routes networks outside the OSPF AS
To reduce flooding of LSAs for external networks, summarization
should be considered at ASBR
Link-state ID is the external network number
To manually summarize external routes:
summary-address ip-address mask [not-advertise] [tag tag]
Types of OSPF Routes
Route Designator
description
O
OSPF intra-area (router
LSA) and network LSA
Networks within the area advertised by
router and network LSAs
O IA
OSPF interarea
(summary LSA)
Networks from outside area and within
AS advertised by summary LSAs
O E1
Type 1 external routes
Networks from outside AS advertised
by way of external LSAs.)
O E2
Type 2 external routes
Networks from outside AS advertised
by way of external LSAs.
E1: adding external cost to internal cost (when multiple
ASBRs, E2 the cost in only the external cost
PROPAGATE DEFAULT ROUTE
default-information originate
when configured on a OSPF router it becomes an ASBR, the
router already has a default route
When use always keyword to the command it advertise
regardless whether the router already has default route
default-information originate [always] [metric metric-value] [metric-type
type-value] [route-map map-name]
The default metric value for type of interfaces is “1”
VIRTUAL LINKS
A virtual link allows discontiguous area 0s to be connected, or a
disconnected area to be connected to area 0, via a transit area.
It cannot go through more than one area, nor through stub areas.
LSA on virtual link does not age out (DoNotAge DNA)
To configure virtual link:
area area-id virtual-link router-id [authentication [message-digest | null]] [hello
interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [deadinterval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]]
SPECIAL AREA TYPES
Standard Area: Default area link updates, route summaries, and
external routes
Backbone Area: area 0, all other areas connected to this area
Stub Area: don’t accept external routes
Totally Stubby Area: don’t accept external routes but can send a
packet to external using a default route, no ASBR. (Cisco proprietary)
Not so-stubby area (NSSA): don’t accept external information but
instead use default route, but can allow ASBR and use type 7 LSA
Totally Stubby NSSA: Allows ASBR and does not accept external
routes or summary routes
STUB OR TOTALLY STUBBY AREA
There
is a single exit point from that area; or if there are multiple
exits, one or more ABRs inject a default route into the stub area
and suboptimal routing paths are acceptable.
All
OSPF routers inside the stub area, incl. ABRs, are configured
as stub routers before they become neighbors and exchange
routing information. Hello packets contains stub area flag
The
area is not used as a transit area for virtual links, no ASBR is
inside the area, and not a backbone area (area0)
Type
Type
4 and 5 LSAs not permitted to flood into stub area
3, 4 and 5 LSAs are not permitted to flood into totally
stubby area
STUB OR TOTALLY STUBBY AREA
To
configure stub area:
area area-id stub
area area-id default-cost cost “to change the default route cost,
configured on ABR”
To
configure totally stubby area:
area area-id stub [no-summary]
area area-id default-cost cost “to change the default route cost
configured on internal routers”
NOT-SO-STUBBY AREA “NSSA”
ASBR
exits on area generate type 7 LSA into area with propagate bit (P)
to avoid propagation loop between NSSA and BB.
NSSA
ABR
ABR translates the type 7 LSA to Type 5 LSA
sends default route into NSSA instead of external routes
Routers
in NSSA set N-bit to confirm the support for NSSA. This option
checked during neighbor discovery
Type
7 LSA described in routing table by “O N1” or “O N2”
To configure the NSSA area
Area area-id stub nssa [no-redistribution]
[default-information originate] [metric
metric] [metric-type value] [no-summary]
When use keyword [no-summary] totally stubby NSSA is configured
ROUTE FILTERING
No
route filtering permitted inside area due to LSDB convergence
Route
filtering can be applied for:
Type 3 LSAs on ABR
Type 5 LSAs on ASBR “Route redistribution”
Filtering OSPF routes when adding to IP routing table
TYPE 3 LSA FILTERING
No
route filtering permitted inside area due to LSDB convergence
area number filter-list prefix name in | out
ip prefix-list {name | number} {seq number} {deny | permit}
netowrk/length [ge value] [le value]
Example:
ip prefix-list filter-into-area-34 seq 5 deny 10.16.3.0/24
ip prefix-list filter-into-area-34 seq 10 permit 0.0.0.0/0 le 32
router ospf 1
area 34 filter-list prefix filter-into-area-34 in
FILTERING OSPF ROUTES ADDED TO ROUTING TABLE
Don’t
affect LSAs, LSDB flooding process, and SPF calculation
It
is enabled by using “distribute-list in” in OSPF subcommand
It
filter the routes from being added to router’s IP routing table
Routes
match ACL statement with permit are added to routing table
while that match deny are filtered
“interface
interfaceNo” can be used to compare parameters to the
route’s outgoing interface
Example:
ip prefix-list filter-1 seq 5 deny 10.16.1.0/24
ip prefix-list filter-1 seq 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix filter-1 in
OSPF Authentication
By default OSPF do not use authentication
Two methods: simple password, MD5
To configure simple authentication:
Router(config-if)# ip ospf authentication
Router(config-if)# ip ospf authentication-key password
Router(config-router)# area area-id authentication
To configure MD5 authentication:
Router(config-if)# ip ospf authentication [message-digest|null]
Router(config-if)# ip ospf message-digest-key key-id md5 key
You must configure:
service password-encryption
PLANNING FOR OSPF
IP
Addressing Plan
IP subnets and addressing plan considering summarization
Network
Topology
Detailed network topology include link types, backup links, stub areas,
redistribution
OSPF Areas
LSDB table size should be considered when dividing networks into
areas, ABR and ASBR routers should be identified
OSPF routing parameters (times, areas, authentication, RID, …)
should be determined
