CO5023 Single Area OSPF Routing • So far, we’ve looked at issues concerning the distribution and access layers. Routing is the process used to interconnect VLANs and remote networks in the core and distribution layers. • Routers and L3 switches learn about routes in two ways • Static routes – manually configured • Dynamic routes – discovered by a routing protocol such as OSPF or EIGRP • We often use a mixture of the two in practice • Some routers only need to know a few routes and so it is best to configure static routing on these. OSPF is… All of this, according to CISCO… It has some useful features, in particular the ability to partition the network into multiple areas makes it very scalable and keeps the CPU and memory overhead low. That said, the shortest path algorithm has its weaknesses in general and there are better techniques being researched to enable more efficient, overall performance. CISCO does not mention these, however, because they aren’t implemented on CISCO routers. Basic OSPF Configuration (5.1.1.5) OSPF in Multiaccess Networks In multi-access networks (such as an Ethenet LAN with many routers), we need to keep the number of LSAs down. Adjacencies could be formed between every pair of routers on the LAN! Consequently OSPF elects a Designated Router (DR) which acts as a hub for the LAN, all other routers form an adjacency with the DR and no other router. OSPF will also have a backup DR (BDR) to take over immediately if the DR fails. Any router which is not a DR or BDR is called a DROTHER, apparently The DR/BDR are elected according to highest interface priority (default 1), or failing that, highest router id. Miscellaneous OSPF Trickery • OSPF can advertise default routes to other routers using the default-information originate router configuration mode command • This can be verified using show ip route • You can configure a default route with ip route 0.0.0.0 0.0.0.0 exit-interface • You can also modify the hello and dead intervals, to reduce traffic or enable OSPF to detect failures more quickly. This can be done in interface config mode with the following commands • ip ospf hello-interval seconds • ip ospf dead-interval seconds OSPF Security • Nasty people sometimes try to redirect data on your network. Perhaps they do this because they wish to steal information? Perhaps they do it to create routing loops? Maybe it’s just for attention? Who knows? • Still, you can authenticate routing updates in OSPF using the message digest 5 (MD5) hashing algorithm. • But MD5 hashing is insecure (CISCO don’t tell you this either). SHA-256 would be much better • What the authentication does is send a checksum with each routing update. The checksum can’t be calculated without the password, so the receiving router tests to see if the checksum is correct. • The actual routing information is not encrypted • To enable OSPF MD5 authentication globally, configure: • ip ospf message-digest-key key md5 password interface configuration mode command. • area area-id authentication message-digest router configuration mode command. • To provide more flexibility, authentication is now supported on a per-interface basis. To enable MD5 authentication on a per-interface basis, configure: • ip ospf message-digest-key key md5 password interface configuration mode command. • ip ospf authentication message-digest interface configuration mode command. OSPF troubleshooting commands • show ip protocols • show ip ospf neighbor - Used to verify that the router has formed an adjacency with its neighboring routers. • show ip ospf interface - Used to display the OSPF parameters configured on an interface, • show ip ospf - Used to examine the OSPF process ID and router ID. • show ip route ospf - Used to display only the OSPF learned routes in the routing table. • clear ip ospf [ process-id ] process - Used to reset the OSPFv2 neighbor adjacencies.