Evaluating OSPF

advertisement
Advanced Features of OSPF Protocol
1
Our routing study thus far - idealization
all routers identical
 network “flat”
… not true in practice

scale: with 200 million
destinations:
 can’t store all destinations in
routing tables!
 routing table exchange would
swamp links!
administrative autonomy –
Autonomous Systems(AS)
 internet = network of networks
 each network admin may want
to control routing in its own
network
2
OSPF Advanatages
 No limitation on hop count
 Supports classless (VLSM) routing
 Routing updates sent only when there is a change
or very rarely
 Faster convergence
 Better load balancing
 Logical definition of areas
 Authentication and external routes tagging
3
Review: Evaluation Criteria for Routing Protocols








Bandwidth
 Metric calculation
 Sharing and managing routing information
Scalability
Convergence
Performance
 Hierarchy
 Scalability
Administration and Management
Hardware and software resources
Reliability
Security
4
OSPF - Link State Protocol
 Link
 an interface on the router
 Link state
 description of the interface and the neighboring
routers

IP address, mask, type, routers connected to
 Link state database
 collection of link state advertisement for all routers
and networks
5
OSPF Basic Configuration Example
172.16.5.3
E2
172.16.1.1
192.168.10.5
T0
E1
E0
Area 1
Token
Ring
172.16.3.2
Area 0
router ospf 63
network 172.16.5.3 0.0.0.0. area 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.10.5 0.0.0.0 area 1
Router (config) #
router ospf process-id
Router (config-router) # network address wildcard-mask
area area-id
Wild card mask: inverse of subnet mask
6
Bandwidth- The Metrics in OSPF
formula: cost = 108 /bandwidth in bps
56 Kbps serial link
1758
64 Kbps serial link
1562
T1 (1.544 Mbps serial link)
65
E1 (2.048 Mbps serial link)
48
4 Mbps token ring
25
Ethernet
10
16 Mbps token ring
6
FDDI
1
The faster the link, smaller is the number =>
more desirable is the route
7
OSPF Metric - OptimisingBandwidth
10.10.10.0/24
Fa0/0
192.168.10.0/30
64kbps
Fa0/0
.17
172.16.1.16/28
S0/0/0
DCE
R1
Lo0
10.1.1.1
S0/0/0
R2
.2
Lo0
10.2.2.2
.1
.9
S0/0/1
DCE
192.168.10.8/30
128kbps
S0/0/1
.10
.1
S0/0/1
.5
S0/0/0
DCE
192.168.10.4/30
.6
256kbps
R1(config-router) auto-cost reference-bandwidth
R3
Fa0/0
.33
172.16.1.32/29
Lo0
10.3.3.3
8
OSPF Metric - Cost
10.10.10.0/24
Fa0/0
192.168.10.0/30
64kbps
Fa0/0
.17
172.16.1.16/28
Lo0
10.1.1.1
S0/0/0
DCE
R1
S0/0/0
R2
.2
Lo0
10.2.2.2
.1
.9
S0/0/1
DCE
192.168.10.8/30
128kbps
S0/0/1
.10
.1
S0/0/1
.5
S0/0/0
DCE
192.168.10.4/30
256kbps
.6
R3
Fa0/0
.33
172.16.1.32/29
Lo0
10.3.3.3
9
Load Balancing and Link Cost
•OSPF allows for Equal-Cost load balancing.
•R6 has two routers to R7 networks
Thru R5-R4
Thru R4-R7
•Which path will be taken?
•If you want to load-balance using both paths:
•
500
Kbps
1.5Mbps
•R6 needs to believe that the path cost
through R5 and R4 are the same.
•Artificially increase the cost of the currently
preferred link of R6, using
IP ospf cost command,
• Once the cost of the current preferred link
is increased (made worse) and is made the
same as the other path, equal cost load
balancing will automatically begin.
10
Bandwidth: Managing Routing information
 Routing information is not exchanged in form of routes (Which protocol






does that?)
Each router generates link-state advertisements containing elements of
network topology
 routers
 neighbor relationships
 Connected subnets and Others
Link-state advertisements are flooded to all routers when areas are not
configured: Issue : LSA flooding -> hampers performance
Link-state database is used for storing network topology information
Dijkstra’a SPF (Shortest path first) algorithm used to compute shortest
path in terms of COST (OSPF metric), and result stored in RIB(routing
information database)
OSPF RIB is collection of best paths to each destination, installed in
Routing table
When information in link state database changes, only a partial
calculation is necessary
11
Issue: Performance - Flooding LSAs
• Multi-Access Networks:
• To avoid flooding LSAs to all
routers in the network,
• Routers are designated:
• Election of DR (Designated
Router)- Routers send LSAs to
the DR using the multicast
address 224.0.0.6
• BDR (Backup Designated
Router) : back up for DR, if DR
fails
• The DR is responsible for
forwarding the LSAs from R1 to
all other routers. The DR uses
the multicast address 224.0.0.5
R5 - LSA
224.0.0.6
DR
R5 - LSA
224.0.0.6
BDR
R1
R5 - LSA
224.0.0.5
R2
R5
DRother
R3
DRother
R4
DRother
R5 - LSA
224.0.0.5
R5 - LSA
224.0.0.5
12
Hierarchical Structure
 Introduced to put a boundary on the explosion of link-
state updates
 Every area is connected to the backbone area
Backbone
Area #0
Area #1
Area #2
Area #3
13
OSPF Areas
 The border area is OSPF area 0
 all routers belonging to the same area have identical
database
 SPF calculations are performed separately for each area
 LSA flooding is bounded by area
14
OSPF: Multiple Areas

Two-level hierarchy: local area,
also called backbone.area
 Link-state advertisements
only in area
 each nodes has detailed
area topology;
 only knows direction
(shortest path) to networks
in other areas.
 Area border routers (ABR):
“summarize” distances to
networks in own area, advertise
to other Area Border routers.
 Backbone routers: run OSPF
routing limited to backbone.
 Autonomous System
Boundary routers: connect to
other AS’s. (Autonomous
Systems)
IR
Interior
Router (IR)
Area 3
Area 2
to other AS
area 0
Backbone
ABR: Area
Border
routers
ASBR
Area 4
Area 1
Virtual
link
ASBR: Autonomous System Border
Routers
16
Scaling OSPF
 Rule of thumb
 no more than 150 routers /area
 Reality
 no more than 500 routers/area
 Backbone area is an area that glue all the other areas
 always marked as area 0
 proper use of areas reduces bandwidth
 summarized routes
 instability is limited within the area
17
OSPF Basic Configuration Example
172.16.5.3
E2
172.16.1.1
192.168.10.5
T0
E1
E0
Area 1
Token
Ring
172.16.3.2
Area 0
router ospf 63
network 172.16.5.3 0.0.0.0. area 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.10.5 0.0.0.0 area 1
Router (config) #
router ospf process-id
Router (config-router) # network address wildcard-mask
area area-id
Wild card mask: inverse of subnet mask
18
Route Summarization Example
Area 0
Interface Addresses
172.16.96.0 - 172.16.127.0
255.255.255.0
172.16.127.1
172.16.96.1
Interface Addresses
(255.255.255.0 mask)
R2
172.16.32.1
R1
R2
(255.255.255.0 mask)
172.16.64.1
172.16.32.0 - 172.16.63.0
255.255.255.0
172.16.64.0 - 172.16.95.0
255.255.255.0
Area 1
Area 2
R1#
router ospf 100
network 172.16.32.0
network 172.16.96.0
area 0 range 172.16.96.0
area 1 range 172.16.32.0
0.0.31.255 area 1
0.0.31.255 area 0
255.255.224.0
255.255.224.0
19
R2#
router ospf 100
network 172.16.64.0
0.0.31.255 area 2
network 172.16.96.0
0.0.31.255 area 0
area 0 range 172.16.96.0 255.255.224.0
area 2 range 172.16.64.0 255.255.224.0
Area Link State Database
 Link state database for every area is different
 Area database is composed of
 router links advertisements
 network links advertisements
 summary links advertisements
 AS external advertisements
20
Stub Areas: Router performance

















OSPF allows certain areas to be configured as
stub areas.
Configuring a stub area reduces the
topological database size inside an area and
reduces the memory requirements of routers
inside that area.
RTC#
interface Ethernet 0
ip address 203.250.14.1 255.255.255.0
interface Serial1
ip address 203.250.15.1 255.255.255.252
router ospf 10
network 203.250.15.0 0.0.0.255 area 2
network 203.250.14.0 0.0.0.255 area 0
area 2 stub
RTE#
interface Serial1
ip address 203.250.15.2 255.255.255.252
router ospf 10
network 203.250.15.0 0.0.0.255 area 2
area 2 stub
21
Link State Advertisement (LSA)
 Generated periodically or in response to any change
 Contains:
 source identification
 sequence number
 link state age
 list of neighbors
22
Load Balancing by Multiple Path
R2
equal or
proportional cost
multiple paths
path 1
N1
N2
path 2
R1
R4
R3
Unequal cost
multiple paths
not supported
23
Equal cost paths
•Two routers are connected to each other
via two p2p serial links of equal cost. R1
has Loopback 0 interface 1.1.1.1/32 and R2
has Loopback 0 interface 2.2.2.2/32. OSPF
is used as the routing protocol. Hence, R1
can reach 2.2.2.2/32 via two equal-cost
paths and R2 can reach 1.1.1.1/32 via two
equal-cost paths.
R1# show ip route 2.2.2.2
Routing entry for 2.2.2.2/32
Known via "ospf 1", distance 110, metric 65, type
intra area
Last update from 10.1.1.2 on Serial0/0, 00:02:10 ago
Routing Descriptor Blocks:
10.2.2.2, from 2.2.2.2, 00:02:10 ago, via Serial0/1
Route metric is 65, traffic share count is 1
* 10.1.1.2, from 2.2.2.2, 00:02:10 ago, via Serial0/0
Route metric is 65, traffic share count is 1
1.1.1.1/32
R1
2.2.2.2/3
2
R2
R1# show ip route | begin Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C
1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O
2.2.2.2 [110/65] via 10.2.2.2, 00:01:44,
Serial0/1
[110/65] via 10.1.1.2, 00:01:44, Serial0/0
10.0.0.0/30 is subnetted, 2 subnets
C
10.2.2.0 is directly connected, Serial0/1
C
10.1.1.0 is directly connected, Serial0
24
Authenticated Routing Updates
 Two possibilities are defined
 no authentication (configured by default)
 authentication


simple password authentication
message digest authentication
25
Simple Password Authentication
 Simple password
authentication allows a
password (key) to be
configured per area. Routers
in the same area that want to
participate in the routing
domain will have to be
configured with the same key.
Drawback
 Vulnerable to passive attacks.
Anybody with a link analyzer
could easily get the password
off the wire.
 interface Ethernet0
 ip address 10.10.10.10




255.255.255.0
ip ospf authentication-key
mypassword
router ospf 10
network 10.10.0.0 0.0.255.255
area 0
area 0 authentication
26
Message Digest Authentication
 Cryptographic authentication
 A key (password) and key-id are
configured on each router.
The router uses an algorithm based
on the OSPF packet, the key,
and the keyid
 to generate a "message digest"
that gets appended to the
packet. Unlike the simple
authentication, the
 key is not exchanged over the
wire. A non-decreasing
sequence number is also
included in each OSPF
 packet to protect against replay
attacks.
 interface Ethernet0
 ip address 10.10.10.10 255.255.255.0
 ip ospf message-digest-key 10
md5 mypassword
 router ospf 10
 network 10.10.0.0 0.0.255.255 area
0
 area 0 authentication messagedigest
27
Memory Issues
 Usually come up when too many external routes are injected in the




OSPF domain.
A backbone area with 40 routers and a default route to the outside
world would have less memory issues compared with a backbone area
with 4 routers and 33,000 external routes injected into OSPF.
The total memory used by OSPF is the sum of the memory used in the
routing table (show ip route
summary) and the memory used in the link-state database.
Example:
 Each entry in the routing table will consume between approximately
200 and 280 bytes
 Each LSA will consume a 100 byte overhead plus the size of the actual
link state advertisement
 This should be added to memory used by other processes and by the
IOS itself.
28
Download