show ip ospf

advertisement
CO5023
Single Area OSPF
Routing
• So far, we’ve looked at issues concerning the
distribution and access layers. Routing is the
process used to interconnect VLANs and
remote networks in the core and distribution
layers.
• Routers and L3 switches learn about routes
in two ways
• Static routes – manually configured
• Dynamic routes – discovered by a routing
protocol such as OSPF or EIGRP
• We often use a mixture of the two in
practice
• Some routers only need to know a few
routes and so it is best to configure static
routing on these.
OSPF is…
All of this, according to CISCO…
It has some useful features, in particular the
ability to partition the network into multiple
areas makes it very scalable and keeps the
CPU and memory overhead low.
That said, the shortest path algorithm has its
weaknesses in general and there are better
techniques being researched to enable more
efficient, overall performance. CISCO does
not mention these, however, because they
aren’t implemented on CISCO routers.
Basic OSPF Configuration (5.1.1.5)
OSPF in Multiaccess Networks
In multi-access networks (such as an Ethenet LAN with many
routers), we need to keep the number of LSAs down.
Adjacencies could be formed between every pair of routers
on the LAN!
Consequently OSPF elects a Designated Router (DR) which
acts as a hub for the LAN, all other routers form an adjacency
with the DR and no other router.
OSPF will also have a backup DR (BDR) to take over
immediately if the DR fails. Any router which is not a DR or
BDR is called a DROTHER, apparently
The DR/BDR are elected according to highest interface
priority (default 1), or failing that, highest router id.
Miscellaneous OSPF Trickery
• OSPF can advertise default routes to other routers using the
default-information originate router configuration mode
command
• This can be verified using show ip route
• You can configure a default route with
ip route 0.0.0.0 0.0.0.0 exit-interface
• You can also modify the hello and dead intervals, to
reduce traffic or enable OSPF to detect failures more
quickly. This can be done in interface config mode
with the following commands
• ip ospf hello-interval seconds
• ip ospf dead-interval seconds
OSPF Security
• Nasty people sometimes try to redirect data on your
network. Perhaps they do this because they wish to
steal information? Perhaps they do it to create
routing loops? Maybe it’s just for attention? Who
knows?
• Still, you can authenticate routing updates in OSPF
using the message digest 5 (MD5) hashing
algorithm.
• But MD5 hashing is insecure (CISCO don’t tell you
this either). SHA-256 would be much better
• What the authentication does is send a checksum
with each routing update. The checksum can’t be
calculated without the password, so the receiving
router tests to see if the checksum is correct.
• The actual routing information is not encrypted
• To enable OSPF MD5 authentication globally,
configure:
• ip ospf message-digest-key key md5
password interface configuration mode command.
• area area-id authentication message-digest router
configuration mode command.
• To provide more flexibility, authentication is now
supported on a per-interface basis. To enable MD5
authentication on a per-interface basis, configure:
• ip ospf message-digest-key key md5
password interface configuration mode command.
• ip ospf authentication message-digest interface
configuration mode command.
OSPF troubleshooting commands
• show ip protocols
• show ip ospf neighbor - Used to verify that the
router has formed an adjacency with its neighboring
routers.
• show ip ospf interface - Used to display the OSPF
parameters configured on an interface,
• show ip ospf - Used to examine the OSPF process ID
and router ID.
• show ip route ospf - Used to display only the OSPF
learned routes in the routing table.
• clear ip ospf [ process-id ] process - Used to reset
the OSPFv2 neighbor adjacencies.
Download