Advanced Features of OSPF Protocol 1 Our routing study thus far - idealization all routers identical network “flat” … not true in practice scale: with 200 million destinations: can’t store all destinations in routing tables! routing table exchange would swamp links! administrative autonomy – Autonomous Systems(AS) internet = network of networks each network admin may want to control routing in its own network 2 OSPF Advanatages No limitation on hop count Supports classless (VLSM) routing Routing updates sent only when there is a change or very rarely Faster convergence Better load balancing Logical definition of areas Authentication and external routes tagging 3 Review: Evaluation Criteria for Routing Protocols Bandwidth Metric calculation Sharing and managing routing information Scalability Convergence Performance Hierarchy Scalability Administration and Management Hardware and software resources Reliability Security 4 OSPF - Link State Protocol Link an interface on the router Link state description of the interface and the neighboring routers IP address, mask, type, routers connected to Link state database collection of link state advertisement for all routers and networks 5 OSPF Basic Configuration Example 172.16.5.3 E2 172.16.1.1 192.168.10.5 T0 E1 E0 Area 1 Token Ring 172.16.3.2 Area 0 router ospf 63 network 172.16.5.3 0.0.0.0. area 1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.5 0.0.0.0 area 1 Router (config) # router ospf process-id Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet mask 6 Bandwidth- The Metrics in OSPF formula: cost = 108 /bandwidth in bps 56 Kbps serial link 1758 64 Kbps serial link 1562 T1 (1.544 Mbps serial link) 65 E1 (2.048 Mbps serial link) 48 4 Mbps token ring 25 Ethernet 10 16 Mbps token ring 6 FDDI 1 The faster the link, smaller is the number => more desirable is the route 7 OSPF Metric - OptimisingBandwidth 10.10.10.0/24 Fa0/0 192.168.10.0/30 64kbps Fa0/0 .17 172.16.1.16/28 S0/0/0 DCE R1 Lo0 10.1.1.1 S0/0/0 R2 .2 Lo0 10.2.2.2 .1 .9 S0/0/1 DCE 192.168.10.8/30 128kbps S0/0/1 .10 .1 S0/0/1 .5 S0/0/0 DCE 192.168.10.4/30 .6 256kbps R1(config-router) auto-cost reference-bandwidth R3 Fa0/0 .33 172.16.1.32/29 Lo0 10.3.3.3 8 OSPF Metric - Cost 10.10.10.0/24 Fa0/0 192.168.10.0/30 64kbps Fa0/0 .17 172.16.1.16/28 Lo0 10.1.1.1 S0/0/0 DCE R1 S0/0/0 R2 .2 Lo0 10.2.2.2 .1 .9 S0/0/1 DCE 192.168.10.8/30 128kbps S0/0/1 .10 .1 S0/0/1 .5 S0/0/0 DCE 192.168.10.4/30 256kbps .6 R3 Fa0/0 .33 172.16.1.32/29 Lo0 10.3.3.3 9 Load Balancing and Link Cost •OSPF allows for Equal-Cost load balancing. •R6 has two routers to R7 networks Thru R5-R4 Thru R4-R7 •Which path will be taken? •If you want to load-balance using both paths: • 500 Kbps 1.5Mbps •R6 needs to believe that the path cost through R5 and R4 are the same. •Artificially increase the cost of the currently preferred link of R6, using IP ospf cost command, • Once the cost of the current preferred link is increased (made worse) and is made the same as the other path, equal cost load balancing will automatically begin. 10 Bandwidth: Managing Routing information Routing information is not exchanged in form of routes (Which protocol does that?) Each router generates link-state advertisements containing elements of network topology routers neighbor relationships Connected subnets and Others Link-state advertisements are flooded to all routers when areas are not configured: Issue : LSA flooding -> hampers performance Link-state database is used for storing network topology information Dijkstra’a SPF (Shortest path first) algorithm used to compute shortest path in terms of COST (OSPF metric), and result stored in RIB(routing information database) OSPF RIB is collection of best paths to each destination, installed in Routing table When information in link state database changes, only a partial calculation is necessary 11 Issue: Performance - Flooding LSAs • Multi-Access Networks: • To avoid flooding LSAs to all routers in the network, • Routers are designated: • Election of DR (Designated Router)- Routers send LSAs to the DR using the multicast address 224.0.0.6 • BDR (Backup Designated Router) : back up for DR, if DR fails • The DR is responsible for forwarding the LSAs from R1 to all other routers. The DR uses the multicast address 224.0.0.5 R5 - LSA 224.0.0.6 DR R5 - LSA 224.0.0.6 BDR R1 R5 - LSA 224.0.0.5 R2 R5 DRother R3 DRother R4 DRother R5 - LSA 224.0.0.5 R5 - LSA 224.0.0.5 12 Hierarchical Structure Introduced to put a boundary on the explosion of link- state updates Every area is connected to the backbone area Backbone Area #0 Area #1 Area #2 Area #3 13 OSPF Areas The border area is OSPF area 0 all routers belonging to the same area have identical database SPF calculations are performed separately for each area LSA flooding is bounded by area 14 OSPF: Multiple Areas Two-level hierarchy: local area, also called backbone.area Link-state advertisements only in area each nodes has detailed area topology; only knows direction (shortest path) to networks in other areas. Area border routers (ABR): “summarize” distances to networks in own area, advertise to other Area Border routers. Backbone routers: run OSPF routing limited to backbone. Autonomous System Boundary routers: connect to other AS’s. (Autonomous Systems) IR Interior Router (IR) Area 3 Area 2 to other AS area 0 Backbone ABR: Area Border routers ASBR Area 4 Area 1 Virtual link ASBR: Autonomous System Border Routers 16 Scaling OSPF Rule of thumb no more than 150 routers /area Reality no more than 500 routers/area Backbone area is an area that glue all the other areas always marked as area 0 proper use of areas reduces bandwidth summarized routes instability is limited within the area 17 OSPF Basic Configuration Example 172.16.5.3 E2 172.16.1.1 192.168.10.5 T0 E1 E0 Area 1 Token Ring 172.16.3.2 Area 0 router ospf 63 network 172.16.5.3 0.0.0.0. area 1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.5 0.0.0.0 area 1 Router (config) # router ospf process-id Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet mask 18 Route Summarization Example Area 0 Interface Addresses 172.16.96.0 - 172.16.127.0 255.255.255.0 172.16.127.1 172.16.96.1 Interface Addresses (255.255.255.0 mask) R2 172.16.32.1 R1 R2 (255.255.255.0 mask) 172.16.64.1 172.16.32.0 - 172.16.63.0 255.255.255.0 172.16.64.0 - 172.16.95.0 255.255.255.0 Area 1 Area 2 R1# router ospf 100 network 172.16.32.0 network 172.16.96.0 area 0 range 172.16.96.0 area 1 range 172.16.32.0 0.0.31.255 area 1 0.0.31.255 area 0 255.255.224.0 255.255.224.0 19 R2# router ospf 100 network 172.16.64.0 0.0.31.255 area 2 network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0 area 2 range 172.16.64.0 255.255.224.0 Area Link State Database Link state database for every area is different Area database is composed of router links advertisements network links advertisements summary links advertisements AS external advertisements 20 Stub Areas: Router performance OSPF allows certain areas to be configured as stub areas. Configuring a stub area reduces the topological database size inside an area and reduces the memory requirements of routers inside that area. RTC# interface Ethernet 0 ip address 203.250.14.1 255.255.255.0 interface Serial1 ip address 203.250.15.1 255.255.255.252 router ospf 10 network 203.250.15.0 0.0.0.255 area 2 network 203.250.14.0 0.0.0.255 area 0 area 2 stub RTE# interface Serial1 ip address 203.250.15.2 255.255.255.252 router ospf 10 network 203.250.15.0 0.0.0.255 area 2 area 2 stub 21 Link State Advertisement (LSA) Generated periodically or in response to any change Contains: source identification sequence number link state age list of neighbors 22 Load Balancing by Multiple Path R2 equal or proportional cost multiple paths path 1 N1 N2 path 2 R1 R4 R3 Unequal cost multiple paths not supported 23 Equal cost paths •Two routers are connected to each other via two p2p serial links of equal cost. R1 has Loopback 0 interface 1.1.1.1/32 and R2 has Loopback 0 interface 2.2.2.2/32. OSPF is used as the routing protocol. Hence, R1 can reach 2.2.2.2/32 via two equal-cost paths and R2 can reach 1.1.1.1/32 via two equal-cost paths. R1# show ip route 2.2.2.2 Routing entry for 2.2.2.2/32 Known via "ospf 1", distance 110, metric 65, type intra area Last update from 10.1.1.2 on Serial0/0, 00:02:10 ago Routing Descriptor Blocks: 10.2.2.2, from 2.2.2.2, 00:02:10 ago, via Serial0/1 Route metric is 65, traffic share count is 1 * 10.1.1.2, from 2.2.2.2, 00:02:10 ago, via Serial0/0 Route metric is 65, traffic share count is 1 1.1.1.1/32 R1 2.2.2.2/3 2 R2 R1# show ip route | begin Gateway Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/65] via 10.2.2.2, 00:01:44, Serial0/1 [110/65] via 10.1.1.2, 00:01:44, Serial0/0 10.0.0.0/30 is subnetted, 2 subnets C 10.2.2.0 is directly connected, Serial0/1 C 10.1.1.0 is directly connected, Serial0 24 Authenticated Routing Updates Two possibilities are defined no authentication (configured by default) authentication simple password authentication message digest authentication 25 Simple Password Authentication Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key. Drawback Vulnerable to passive attacks. Anybody with a link analyzer could easily get the password off the wire. interface Ethernet0 ip address 10.10.10.10 255.255.255.0 ip ospf authentication-key mypassword router ospf 10 network 10.10.0.0 0.0.255.255 area 0 area 0 authentication 26 Message Digest Authentication Cryptographic authentication A key (password) and key-id are configured on each router. The router uses an algorithm based on the OSPF packet, the key, and the keyid to generate a "message digest" that gets appended to the packet. Unlike the simple authentication, the key is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPF packet to protect against replay attacks. interface Ethernet0 ip address 10.10.10.10 255.255.255.0 ip ospf message-digest-key 10 md5 mypassword router ospf 10 network 10.10.0.0 0.0.255.255 area 0 area 0 authentication messagedigest 27 Memory Issues Usually come up when too many external routes are injected in the OSPF domain. A backbone area with 40 routers and a default route to the outside world would have less memory issues compared with a backbone area with 4 routers and 33,000 external routes injected into OSPF. The total memory used by OSPF is the sum of the memory used in the routing table (show ip route summary) and the memory used in the link-state database. Example: Each entry in the routing table will consume between approximately 200 and 280 bytes Each LSA will consume a 100 byte overhead plus the size of the actual link state advertisement This should be added to memory used by other processes and by the IOS itself. 28