OSPF-Open Shortest Path First De citit: http://fengnet.com/book/OSPFandISIS/ 1. Generalitati OSPF is an open-standard classless link-state protocol which was designed as a need for a high-functionality non-proprietary routing protocol for TCP/IP. A ajuns la versiunea 3 pentru IPv6 si probabil in viitoar OSPFv3 va schimba si informatii de rutare pentru IPv4. OSPF foloseste algoritmul Dijkstra (autor Edsger Dijkstra), numit si algoritmul SPF (Shortest Path First) pentru alegerea cailor optime, acelasi ca si pentru protocolul ISO IS-IS. Characteristic of link-state protocols: - respond quickly to network changes = fast convergence; - triggered updates are sent whenever ther is a topology change; - periodic update are sent at long intervals (like 30 minutes) known as link-state refresh. OSPF foloseste conceptul de design ierarhic multi-area optimizand: RAM – prin reducerea dimensiunii LSDB si a RIB-ului, CPU - timp si resurse procesor necesare gasirii cailor optime prin analiza unui LSDB mai redus, BW/RAM/CPU - reducerea numarului de mesaje OSPF trimise dintr-o arie in alta prin posibile sumarizari sau/si filtrari pe routerele ce separa ariile OSPF, BW/RAM/CPU – prin sumarizarea informatiilor prezente in LSA-uri 1 si 2 in LSA de tip 3 (asemanatoare informatiilor de tip distance vector) Alte protocoale link-state sunt IS-IS (pentru CLNS si IPv4/v6), DNA Phave IV (pentru DECNET), NLSP (pentru IPX). For reducing de CPU and memory overhead, OSPF is designed to partition network into multiple areas. Every router maintains a topological database. By default, a regular area (non-zero area) does not allow traffic from another area to use its link. All traffic must cross the tranzit area (area 0). Different types of OSPF routers: ● internal routers: have all their interfaces in the same area and have identical LSDB. ● backbone routers: have at least one interface in area 0. ● area border routers: have interfaces atached to multiple areas, have separate lsdb for each area. They are the exit point from a regular area. ABR can be configured to summarize information. ● autonomous system boundary routers: have at least one interface attached to an external internetwork and can redistribute networks into OSPF domain. 2. OSPF Operation (routerID, packets, adj state, DR/BDR) Router ID Scopul router ID este de a identifica routerul unic in domaniul de rutare. Este ales la pornirea procesului OSPF
1. GeneralitatiOSPF is an open-standard classless link-state protocol which was designed as a need for a high-functionality non-proprietary routing protocol for
TCP/IP. A ajuns la versiunea 3 pentru IPv6 si probabil in viitoar OSPFv3 va schimba si informatii de rutare pentru IPv4.OSPF foloseste algoritmul Dijkstra (autor Edsger Dijkstra), numit si algoritmul SPF (Shortest Path First) pentru alegerea cailor optime, acelasi ca si
pentru protocolul ISO IS-IS.Characteristic of link-state protocols:
- respond quickly to network changes = fast convergence;- triggered updates are sent whenever ther is a topology change;- periodic update are sent at long intervals (like 30 minutes) known as link-state refresh.
OSPF foloseste conceptul de design ierarhic multi-area optimizand:RAM – prin reducerea dimensiunii LSDB si a RIB-ului, CPU - timp si resurse procesor necesare gasirii cailor optime prin analiza unui LSDB mai redus, BW/RAM/CPU - reducerea numarului de mesaje OSPF trimise dintr-o arie in alta prin posibile sumarizari sau/si filtrari pe routerele ce separa ariile OSPF, BW/RAM/CPU – prin sumarizarea informatiilor prezente in LSA-uri 1 si 2 in LSA de tip 3 (asemanatoare informatiilor de tip distance vector)
Alte protocoale link-state sunt IS-IS (pentru CLNS si IPv4/v6), DNA Phave IV (pentru DECNET), NLSP (pentru IPX).
For reducing de CPU and memory overhead, OSPF is designed to partition network into multiple areas. Every router maintains a topological database. By default, a regular area (non-zero area) does not allow traffic from another area to use its link. All traffic must cross the tranzit area (area 0).
Different types of OSPF routers:● internal routers: have all their interfaces in the same area and have identical LSDB.● backbone routers: have at least one interface in area 0.● area border routers: have interfaces atached to multiple areas, have separate lsdb for each area. They are the exit point from a regular area. ABR can be
configured to summarize information.● autonomous system boundary routers: have at least one interface attached to an external internetwork and can redistribute networks into OSPF domain.
2. OSPF Operation (routerID, packets, adj state, DR/BDR)Router IDScopul router ID este de a identifica routerul unic in domaniul de rutare. Este ales la pornirea procesului OSPF
If no interface is up, ospf cannot start:R6(config)#router ospf 1*Apr 7 17:35:41.490: %OSPF-4-NORTRID: OSPF process 1 failed to allocate unique router-id and cannot start
Else, if the router is configured with:R6(config-router)#router-id 172.16.0.6 it uses this router id.
Else, if loopback interfaces are present and up, it will chose the highest ip as router ID.Else, it will chose the highest ip of a physical interface.Changing a router ID of a router whose router ID was set with the router-id command requires only that the OSPF process be cleared. However,
changing the OSPF router ID of a router whose router ID was set by configuring a loopback interface address may require you to either reboot the router or to disable and then enable OSPF.R1#clear ip ospf 1 processReset OSPF process? [no]: yes
Restartarea procesului genereaza trimiterea de noi LSA-uri, si implicit rularea SPF pe toate routerele din domeniu.NOTA: In conditiile in care procesul OSPF nu a stabilit vreo relatie de vecinatate, configurarea manuala a RID-ul va produce schimbarea sa imediata, fara a fi necesara repornirea procesului OSPF
Se poare cere ca in unele output-uri sa se afiseze numele din dns in locul router-id-ului:R4(config)#ip host Router1 1.1.1.1R4(config)#ip host Router4 4.4.4.4R4(config)#ip ospf name-lookupR4#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface Router1 1 FULL/BDR 00:00:36 10.0.145.1 FastEthernet0/0
R4#sh ip ospf database OSPF Router with ID (4.4.4.4) (Process ID 1)
Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 Router1 68 0x80000001 0x000DE1 1 4.4.4.4 Router4 67 0x80000002 0x005082 1
OSPF PacketLSA = Link State Advertisment. When a link-state changes, the device that detected the change creates a LSA. LSA are sent reliable and flooded through the area to multicast address 224.0.0.5. Each LSA have a seq. nr., a checksum and a lifetime. Seq Nr is 4 bytes in range: 0x80000001 - 0x7FFFFFFFLSU = Link State Update. Contains one or more LSA.LSDB = Link-State Database. SPF algorithm is run against the LSDB to find the best path. LSDB is a topology table in which LSA are stored.
OSPF is encapsulated directly in IP packets, and have a protocol type in ip header of 89. - Version. Is 2 or 3.- Type. Defines one of the 5 packet types.- Packet Legth. Length in bytes of ospf packet- Router ID. - Area ID. Can be a number of in the form of ip address- Checksum. OSPF packet integrity without authentication data.- Authentication type. No authentication, clear-text or encrypted MD5 for authentication.- Authentication. Empty, clear-text password or md5 hash.- Data: info depending of type.
Packet types:- Hello. Type 1. Discovers neighbors and builds adjacency between them. TTL = 1. Contains netmask of interface, hello timer, FLAGS, priority, dead interval, DR/BDR negociation (if applicable), a list of known neighbor;- DBD or DD DataBase Description. Type 2. Contains a summary of LSDB - all known router ID and their last seq nr. Sent reliable, multicast or unicast. Confirmarea se face prin trimiterea inapoi a unei copii a DBD primit anterior. Este folosit si pentru negocierea master/slave. Master controlls the synchronization process which will end when for all DD packet sent by master to describe his LSDB, receives a DD packet with M=0. DD has 3 flags:I - Initial. If is the first DD packetM - More. If set, means is not the last DDMS - Master. Is set by the master.DBD contine si MTU al interfetei care trebuie sa se potriveasca, altfel adiacentele ajung doar pana in Exstart/Exchange- LSR Link State Request. Type 3. Request specific link state information from a router and contains the type of LSU needed and the router ID that has the needed LSU. Sent Unicast or Multicast.- LSU Link State Update. Type 4. Sends specifically requested info and contains full LSA entry. One LSU can contain many LSA.- LSAck Link State Ack. Type 5. Used for ack purpose. Data is empty
OSPF AdjacenciesExista o distinctie intre o relatie de vecinatate (care poate sa fie si 2-way si starea de
adiacenta (FULL).Condition for neighbour adjacency:- same timers: hello and dead intervals.- same area- same stub flag- Router ID must be unique- MTU. R1(config-if)#ip ospf mtu-ignore //sh system mtu - to see the mtu of the system.- compatible network types. Compatibility is based on DR/BDR election.- IP connectivity (multi- and unicast) must exists and also the subnets from wich the primary ip addresses are part of must be the same. Not like EIGRP. In cazul configurarii ip unnumbered pe link-urile point-to-point, NM-ul trimis in Hello-uri va fi 0.0.0.0 (de testat). De testat:Conditia aceasta nu este obligatoriu a fi indeplinita daca cele doua routere se gasesc conectate la o retea OSPF de tip point-to-point si ambele routere folosesc pentru adresarea IP metoda ip unnumbered. Atentie! Desi nu este o conditie pentru a deveni vecini, este important pentru a obtine full reacheability ca toate routerele sa cada de comun acord asupra necesitatii alegerii sau nu a unui router DR pentru segment de retea comun, cat si (daca este cazul) sa cada de comun acord asupra identitatii acestuia.- authentication, if used, authentication type, key id and string must match
Adjacencies states:Bidirectional communication occurs when a router recognizes itself listed in a hello packet received. After that, the routers must exchange and
synchronize LSDB.Down state. No neighbor relationship. When a router is configured to run ospf, it starts sending hellos. On point-to-point and multiaccess broadcast it
multicast them to 224.0.0.5. On NBMA, point-to-multipoint and virtual links it sends unicast hellos. Se ajunge in starea Down si daca nu se primesc hello timp de dead-interval, daca se deconfigureaza neighborul static, sau daca pica interfata.
Attempt. Valid state when static configuring neighbors on NBMA - after sending a hello but before receiving any hello from that neighbor.Init state. When a router receives a hello from a new router, it adds him in the neighbor list in hello pachets. 2-Way state. When a router receives a hello from a new neighbor and sees his id in neighbour list. At this point all router have each other in their list
and bidirectional communication is established. If the link is a broadcast type, DR and BDR must be elected in the next step. Receiving a DBD packet from a neighbor in the init state will also cause a transition to 2-way state.
Exstart state. The routers are ready to discover link-state information. In this state a master-slave relationship is created and is choosed which router to start the exchange. Is the one with the highest ID chosen as master - not necesary the DR or BDR, because those can be chosen based on priority, not RID. Master will controll what sequence numbers to use in the exchange state. Initially both neighbor will claim to be master by sending an empty DD with MS (master bit) set. Each router sets his seq. nr. The neighbor with lower RID will become slave and will answer with a DD packet with MS unset and seq. nr set to master seq. nr. and will have LSA summaries. Now exchange starts
Exchange state. Neighbors synchronize LSDB. A Database Summary List is populated with the headers of all LSA and sent to other neighbor. Newer or missing LSA are put in a Link State Request List. Using LSR and LSU the LSA are exchanged.
Loading state. Routers request missing LSA with LSR and LSU.Full state. When the database are synchronized, and all LSA updates.
NOTE: If a router has entries in Link State Request lists it does not need to wait the loading state to send LSR. In this way, synchronization is more efficient.R1(config-router)#log-adjacency-changes [detail] //by default is on - adding detail, is somewhat like debug ip ospf adj.R1#debug ip ospf adj *Apr 3 13:58:38.982: OSPF: Interface Serial0/0/0 going Up *Apr 3 13:58:39.486: OSPF: Build router LSA for area 0, router ID 192.168.1.1, seq 0x80000001, process 1 *Apr 3 13:59:22.086: OSPF: Rcv DBD from 192.168.2.4 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x7 len 32 mtu 1500 state INIT //1900 = Master seq nr*Apr 3 13:59:22.086: OSPF: 2 Way Communication to 192.168.2.4 on Serial0/0/0, state 2WAY *Apr 3 13:59:22.086: OSPF: Serial0/0/0 Nbr 192.168.2.4: Prepare dbase exchange *Apr 3 13:59:22.086: OSPF: Send DBD to 192.168.2.4 on Serial0/0/0 seq 0x1A94 opt 0x52 flag 0x7 len 32
//1A94 = Slave seq nr *Apr 3 13:59:22.086: OSPF: NBR Negotiation Done. We are the SLAVE *Apr 3 13:59:22.086: OSPF: Serial0/0/0 Nbr 192.168.2.4: Summary list built, size 1 *Apr 3 13:59:22.086: OSPF: Send DBD to 192.168.2.4 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x2 len 52 *Apr 3 13:59:22.186: OSPF: Rcv DBD from 192.168.2.4 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x1 len 52 mtu 1500 state EXCHANGE *Apr 3 13:59:22.186: OSPF: Exchange Done with 192.168.2.4 on Serial0/0/0 *Apr 3 13:59:22.186: OSPF: Send LS REQ to 192.168.2.4 length 12 LSA count 1 *Apr 3 13:59:22.186: OSPF: Send DBD to 192.168.2.4 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x0 len 32 *Apr 3 13:59:22.286: OSPF: Rcv LS UPD from 192.168.2.4 on Serial0/0/0 length 64 LSA count 1 *Apr 3 13:59:22.286: OSPF: Synchronized with 192.168.2.4 on Serial0/0/0, state FULL *Apr 3 13:59:22.286: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.4 on Serial0/0/0 from LOADING to FULL, Loading Done *Apr 3 13:59:22.290: OSPF: Rcv LS REQ from 192.168.2.4 on Serial0/0/0 length 36 LSA count 1 *Apr 3 13:59:22.790: OSPF: Build router LSA for area 0, router ID 192.168.1.1, seq 0x80000002, process 1
R3#debug ip ospf adj *Apr 3 17:40:46.555: OSPF: Interface Serial0/0/0 going Up *Apr 3 17:40:46.623: OSPF: 2 Way Communication to 192.168.1.1 on Serial0/0/0, state 2WAY *Apr 3 17:40:46.623: OSPF: Serial0/0/0 Nbr 192.168.1.1: Prepare dbase exchange *Apr 3 17:40:46.623: OSPF: Send DBD to 192.168.1.1 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x7 len 32 *Apr 3 17:40:46.723: OSPF: Rcv DBD from 192.168.1.1 on Serial0/0/0 seq 0x1A94 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Apr 3 17:40:46.723: OSPF: First DBD and we are not SLAVE *Apr 3 17:40:46.727: OSPF: Rcv DBD from 192.168.1.1 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x2 len 52 mtu 1500 state EXSTART *Apr 3 17:40:46.727: OSPF: NBR Negotiation Done. We are the MASTER *Apr 3 17:40:46.727: OSPF: Serial0/0/0 Nbr 192.168.1.1: Summary list built, size 1 *Apr 3 17:40:46.727: OSPF: Send DBD to 192.168.1.1 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x1 len 52 *Apr 3 17:40:46.819: OSPF: Rcv LS REQ from 192.168.1.1 on Serial0/0/0 length 36 LSA count 1 *Apr 3 17:40:46.823: OSPF: Send UPD to 10.0.13.1 on Serial0/0/0 length 40 LSA count 1 *Apr 3 17:40:46.827: OSPF: Rcv DBD from 192.168.1.1 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE *Apr 3 17:40:46.827: OSPF: Exchange Done with 192.168.1.1 on Serial0/0/0 *Apr 3 17:40:46.827: OSPF: Send LS REQ to 192.168.1.1 length 12 LSA count 1 *Apr 3 17:40:47.023: OSPF: Rcv LS UPD from 192.168.1.1 on Serial0/0/0 length 64 LSA count 1 *Apr 3 17:40:47.023: OSPF: Synchronized with 192.168.1.1 on Serial0/0/0, state FULL *Apr 3 17:40:47.023: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on Serial0/0/0 from LOADING to FULL, Loading Done *Apr 3 17:40:47.023: OSPF: Serial0/0/0 Nbr 192.168.1.1: Clean-up dbase exchange *Apr 3 17:40:47.055: OSPF: Build router LSA for area 0, router ID 192.168.2.4, seq 0x80000002, process 1
DR and BDR election. Only on multiaccess network types (Broadcast and NonBroadcast). Elected in hello exchanges.After DR and BDR have been elected any router added will establish a full relationship with only DR and BDR.
Messages to DR and BDR are sent to 224.0.0.6.
DR Role is to generate LSA type 2 which represent that multiaccess segment to other routers.Election: When the interface becomes active, it sets DR and BDR to 0.0.0.0 and sets the wait timer = dead interval. In this time, it checks for DR/BDR
existence and if they are already set, will accept them. If no BDR exists, one is chosen based on highest priority (and router ID in case of tie). If there is no active DR, BDR is promoted to DR and a new election if held for BDR. In reality, the priority does not realy mater (except when is 0) that much as the order in which the router are started. But if a router sets his priority to 0 and is DR or BDR will immediately relinquish its status.
The BDR does not perform any DR functions when the DR is operating like LSA forwarding. To determine whether the DR is out of service, the BDR uses the wait timer (a reliability feature). If the BDR does not confirm that the DR is forwarding LSAs before the wait timer expires, it will take his place.R2#sh ip ospf int fa0/0Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Daca exista un singur router, acela va fi formal DR, dar nu va genera LSA de tip2 - TRUE (tested)
3. OSPF Configuration
On newer IOS ospf can be enabled directly on the interface with:R1(config-if)#ip ospf 1 area 0R6(config-if)#ip ospf priority 0 //Changes the priority. Default is 1. Range 0 -255. On JunOS prioritatea default este 128.
R1#sh ip ospf //shows a lot of informations.R1#sh ip ospf database //to see detailed info about LSA and the seq nr for each LSA.R1#sh ip ospf interface //among other info, the timers can be seenR1#sh ip ospf interface briefR1#sh ip ospf neighbors //shows all neighborsR6#clear ip ospf counters //clears neighbor state transitionsR1#sh ip ospf request-lists //show requested LSA not answered.R1#sh ip ospf retransmission-list //a list of LSA waiting to be resent.R5(config-router)#neighbor 172.16.0.6 //for defining neighbor in nonbroadcast environment.R1(config-if)#ip ospf hello-interval 5R1(config-if)#ip ospf dead-interval 15R1(config-if)#ip ospf dead-interval minimal hello-multiplier 5 //sets dead = 1 sec and hells=5 per second.R2(config-if)#ip ospf retransmit-interval 4 //how long to wait before retransmitting an unackwledge LSAR1#debug ip ospf adj //allows to see the all states from down to full.R1#debug ip ospf events //allows to see the all states from down to full.
R1(config-router)#distance ospf ... //change de default admin distance.OSPF Metric OSPF cost is a value on 16 bits for LSA type 1 and on 24 bits for LSA type 3,4,5,7
R1(config-if)#bandwidth 128R1(config-if)#ip ospf cost //modify ospf costR1(config-router)#auto-cost reference-bandwidth 1000 //set ref-bw to 1 GBR1(config-router)#neighbor 10.0.123.2 //static define a neighbor for nonbroadcast and p2m non-broadcastR1(config-router)#neighbor 10.0.123.2 cost 100 //router learned from this neighbor will consider the interface as having this cost, not the
interface specified cost. Valid only for p2m and p2m nonbroadcast network types.R1(config-router)#neighbor 10.0.123.2 poll-interval 5 //how often to send hello to a unresponsive static defined neighbor.R1(config-router)#neighbor 10.0.123.2 database-filter all out //does not flood lsa to that specified neighbor. Only for p2m networks.R1(config-router)#neighbor 10.0.123.2 pool-interval 200 //how often (sec) to send hello after the neighbor is declared down. Only on NBMA netw.R1(config-router)#neighbor 10.0.123.2 priority 5 //What priority to use with neighbors on Broadcast of Non-broadcast DR/BDR election.
4. OSPF network types.
- Broadcast. Default on Ethernet/TokenRing. Timers: hello=10 sec dead = 40 sec. DR and BDR election. Hellos send as multicast to DR/BDR to 224.0.0.6 and from DR to 224.0.0.5. Does not change next-hop. No neighbor statement.- Non-Broadcast (default for multipoint sub/interfaces). Hellos are sent as unicast always. Because of that neighbors must be manually configured at least at one side of the link. BestPractice is to configure manual neighbors on DR. DR/BDR must be elected. Typically used in full mesh. One ip subnet.Timers: hello=30 sec dead = 120 sec. So convergence is pretty slow. In a hub-and-spoke topology, for communication between spokes, manual mapping must be configured on interfaces of each spoke to the other spokes or create the interface on the spokes as a point-to-point subinterface and ip ospf network type non-broadcast (automatic mapping for all destination to the dlci of subinterface). Hub does not change next-hop for remote networks (nehind spokes)- Point-to-Point. Timers: hello=10 sec dead = 40 sec. No DR and BDR election. Hellos to 224.0.0.5. No neighbor statement required.- Point-to-Multipoint. Timers: hello=30 sec dead = 120 sec The router automatically identify neighbors so no manual neighbor statement is required, but DR/BDR is not elected. Typically in partially meshed networks. Hellos sent to 224.0.0.5. The remote networks will have as next-hop the hub, instead of other spokes. To avoid situation when IP of hub is learned as /32 from other sources, the hub anounces himself as /32 into ospf. Because of this behavior of point-to-multipoint, on spokes it is not required to map other spokes to have connectivity with them.- Point-to-Multipoint Non-Broadcast. Is not a default option, Hellos sent as unicast, requires static neighbor statement,no DR/BDR election, modifies nex-hop processing.
Path selection can be chosen by setting: neighbor w.x.y.z cost 100- Loopback. Is considered a stub network and advertised as a host route with /32 prefix.Compatibility is based on DR/BDR election. Network types that require DR/BDR election are compatible with eachother. Same as for those that have no DR.R1(config-if)#ip ospf network ? broadcast Specify OSPF broadcast multi-access network non-broadcast Specify OSPF NBMA network point-to-multipoint [non-broadcast] Specify OSPF [non-broadcast] point-to-multipoint network point-to-point Specify OSPF point-to-point network. Also makes a loopback ip to be advertised with its configured mask, not the
/32 mask which is by default.Note: Hello packets have allways TTL=1 and relationship between spoke neighbor is not posible like in EIGRP which has TTL=2
Type of Networks Hellos DR/BDR Election Neighbor configuration
Next-hop processing Hello/Dead [sec]
How many neighbors/interface
Broadcast Multicast DR/BDR Automatic No modification 10/40 Many
NonBroadcast Unicast DR/BDR Manual/Static No modification 30/120 Many
Point-to-Point Multicast No DR/BDR Automatic No modification 10/40 Only one
Point-to-Multipoint Multicast No DR/BDR Automatic Modifies next-hop processing 30/120 Many
Point-to-Multipoint NonBroadcast Unicast No DR/BDR Manual/Static Modifies next-hop processing 30/120 Many
5. LSA TypesRouter LSA - type 1. Flooded within its own area, does not cross ABR. LSA1 is used to describe the routers in the area. A router LSA 1 describes all the connected links in the area, role of the router ABR, ASBR or virtual-link endpoint etc, cost, link type, link id, IP, mask, neighbors Type 1 LSA link description can be one of the following types:Link type 1 (Point-to-point connection to another router). Link ID = neighbor router ID. Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 2.2.2.2 (Link Data) Router Interface address: 10.0.123.1 Number of MTID metrics: 0 TOS 0 Metrics: 64
Link type 2 (Connection to a transit network). Link ID = DR interface ip address. Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.145.1 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 1
Link type 3 (Connection to a stub network). Link ID = network prefix Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.123.1 (Link Data) Network Mask: 255.255.255.255 Number of MTID metrics: 0 TOS 0 Metrics: 0
Link type 4 (Virtual link). Link ID contains neighbor router ID. See virtual-links for details Link connected to: a Virtual Link (Link ID) Neighboring Router ID: 4.4.4.4 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 1
STUB networks are networks with only one router attachedTRANSIT networks have at least 2 routers attachedNetwork LSA - type 2. Flooded within its own area, does not cross ABR. Advertised only by DR on multiaccess networks. Contains: mask, RID al routerelor atasate (inclusiv DR).R1#sh ip ospf database network 10.0.145.1 OSPF Router with ID (1.1.1.1) (Process ID 1)
Net Link States (Area 145) Routing Bit Set on this LSA LS age: 431 Options: (No TOS-capability, DC) LS Type: Network Links Link State ID: 10.0.145.1 (address of Designated Router) Advertising Router: 1.1.1.1 LS Seq Number: 80000002 Checksum: 0xEF7C Length: 36 Network Mask: /24
NetSummary LSA - type 3. Sent by ABR. By default, no summarization.Contine prefixele anuntate intre arii diferite. Informatiile sunt de tip distance-vector (ce ABR l-a generat si cu ce metrica)R2#sh ip ospf database summary 10.0.145.0 OSPF Router with ID (2.2.2.2) (Process ID 1)
Summary Net Link States (Area 0) Routing Bit Set on this LSA LS age: 1139 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.145.0 (summary Network Number) Advertising Router: 1.1.1.1 //ABR ospf RID LS Seq Number: 80000001 Checksum: 0xB1EA Length: 28 Network Mask: /24
TOS: 0 Metric: 1 Metric for 10.0.145.0 on R2 will be 1 plus the cost to reach 1.1.1.1 into area 0.
O IA 10.0.145.0 [110/65] via 10.0.123.1, 00:13:26, Serial0/0
ASBRSummary LSA - type 4. Is generated by an ABR only when an ASBR exists in the area. The LSA identifies the ASBR and provide a route to it. It describes who is doing the redistribution.Autonomous System External LSA - type 5. Describes routes outside the OSPF domain. Those routes are advertise through the entire domain and owned by the ASBR. An LSA type 4 is needed to find the ASBR. In the ospf database they do not show up as bound to any particular area and they apear at the end of the ospf database. If multiple E2 type 5 LSA exists for the same subnet, and if they have the same metric, then ospf chooses the best route based on the lowest
cost to reach each ASBR. R5#sh ip ospf database
Summary ASB Link States (Area 145) Link ID ADV Router Age Seq# Checksum 2.2.2.2 1.1.1.1 59 0x80000001 0x00836C
Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 2.2.2.0 2.2.2.2 55 0x80000001 0x004F78 0
The first one is LSA type 4 injected by 1.1.1.1 into area 145 to explain to other routers how to reach the advertinsing router and owner (2.2.2.2) for the external network 2.2.2.0/24 represented by type 5 LSA.
The metric of type 5 LSA (222) is the metric assigned when redistributed.
The metric of type 4 LSA (64) is the metric from ABR of area 145 to reach the ASBR who redistributed the network.
If redistribution is using metric type 1, the total cost for R5 to reach 2.2.2.0/24 is the cost to reach ABR (1.1.1.1) in area 145 + cost of LSA 4 + cost of LSA 5 = 1+222+64O E1 2.2.2.0 [110/287] via 10.0.145.1
R5#sh ip ospf database external 2.2.2.0 //LSA type 5 OSPF Router with ID (5.5.5.5) (Process ID 1)
Type-5 AS External Link States Routing Bit Set on this LSA LS age: 119 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 2.2.2.0 (External Network Number ) Advertising Router: 2.2.2.2 LS Seq Number: 80000001 Checksum: 0x4F78 Length: 36 Network Mask: /24
Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 222 Forward Address: 0.0.0.0 External Route Tag: 0
R5#sh ip ospf database asbr-summary 2.2.2.2 //LSAtype 4 OSPF Router with ID (5.5.5.5) (Process ID 1)
Summary ASB Link States (Area 145) Routing Bit Set on this LSA LS age: 91 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 2.2.2.2 (AS Boundary Router address) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x836C Length: 28 Network Mask: /0
TOS: 0 Metric: 64
R6#clear ip ospf redistribution //will clear redistributed routes. Redistribution of routes must be restarted in order to redistribute routes again.
NSSA LSA - type 7. Originated by ASBR in NSSA and flooded only in that NSSA. When it reaches an ABR, it will be forwarded into another areas as type 5 LSA.
R6#sh ip ospf database nssa-external 6.6.6.0 OSPF Router with ID (6.6.6.6) (Process ID 1)
Type-7 AS External Link States (Area 456) LS age: 27 Options: (No TOS-capability, Type 7/5 translation, DC) LS Type: AS External Link Link State ID: 6.6.6.0 (External Network Number ) Advertising Router: 6.6.6.6 LS Seq Number: 80000001 Checksum: 0xD3A8 Length: 36 Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric) MTID: 0 Metric: 20 Forward Address: 192.168.1.6 External Route Tag: 0
Multicast OSPF LSA - type 6. Is not used in Cisco IOS.External attributes LSA for BGP - type 8.Opaque LSA - type 9,10,11. For Future extensions, used sometimes in MPLS TE
All LSA have a 20 bytes header. Types of routes
● O - OSPF intra-area. Type 1 and 2.● O IA - OSPF interarea. Summary LSA.
● O E1 - External type 1. The cost is summed up: the external cost + the internal cost. E1 routers for the same subnet are always prefered over E2 routes.● O E2 - External type 2. The cost does not change, it is just the external cost.● O N1 - External type 1 NSSA type 7 LSA.● O N2 - External type 2 NSSA type 7 LSA.
!!!Note. When chosing the best route, an intra-area route is always better than a competing inter-area route, regardless of metric. Also if an ABR learns a type 3 LSA inside a nonbackbone area, the ABR ignores that LSA when calculating its own routes.
5. MultiArea OSPF Stub, totally stubby, not-so-stubby areas and filtering LSA and ospf routes.Tipuri de routere:ABR. Pentru a schimba informatii de routare dintr-o arie in alta, ABR-ul trebuie sa detina cel putin o interfata conectata in area 0 in starea Up si Up si
configurata cu adresa IP. Poate fi chiar si o interfata de loopback. Daca insa nu se stabileste nici-o relatie de vecinatate OSPF in interiorul ariei 0 aceasta arie va apare drept inactiva (Inactive) in output-ul lui #show ip ospf, fara ca asta sa impiedice obtinerea de full reacheability in domeniul OSPF.
Pe de alta parte, daca aceasta unica interfata este down sau shutdown, ABR-ul nu va publica informatia de routare dintr-o arie in alta (nu va genera LSA-uri de tip 3), impiedicand de aceasta data obtinerea de full reacheability.
Interfata virtuala OSPF_VLx creata automat in urma configurarii unui virtual link (ce apartine mereu ariei 0) nu este suficienta pentru a fi “functionala” aria backbone atat timp cat nici-un router din domeniul OSPF nu are macar o interfata functionala fizica sau logica in aria 0. Rolul de ABR se transmite tuturor routerelor din aceeasi arie prin intermediul LSA-ului 1 generat de ABR pentru respectiva arie (bitul B setat in flags).R2#sh ip ospf border-routers //will show ABR in that area(except himself)Codes: i - Intra-area route, I - Inter-area route i 1.1.1.1 [64] via 10.0.123.1, Serial0/0, ABR, Area 0, SPF 16 //16 = number of SPF calculation to reach this ABR
ASBR este routerul in al carui proces OSPF s-a configurat redistribuire. Un router ABR aflat la granita intre o arie (totally) NSSA si aria 0 are automat si rolul de ASBR, el “fiind pregatit” sa translateze LSA-urile de tip 7 in LSA-uri de tip 5 (detine permanent rolul de ASBR, chiar daca inca nu exista LSA-uri 7 de tradus - nu exista prefixe redistribuite in aria NSSA). Rolul de ASBR se transmite tuturor routerelor din aceeasi arie prin intermediul LSA-ului 1 generat de ASBR pentru respectiva arie (bitul E setat din campul flags), cat si tuturor routerelor din process domain-ul OSPF aflate in arii normale prin intermediul LSA-urilor de tip 4 generat (sau regenerat) de ABR-uri.R2#sh ip ospfIt is an autonomous system boundary router Redistributing External Routes from, connected, includes subnets in redistributionR4#sh ip ospf border-routers //will show all ASBR know in all areas (except himself)Codes: i - Intra-area route, I - Inter-area route i 1.1.1.1 [1] via 10.0.145.1, FastEthernet0/0, ABR, Area 145, SPF 2 I 2.2.2.2 [65] via 10.0.145.1, FastEthernet0/0, ASBR, Area 145, SPF 2
A regular area can have different types: standard, stub, totally stubby, and not-so-stubby area.Stub area. Does not accept external LSA. Type 4 and 5 are blocked from entering the area. Cannot contain ASBR (except when ABR is the ASBR).
R6(config-router)#area 2 stub //configured on every router in area 2.This type of area removes external routes, and originates a LSA type 3 default route instead (with default metric of 1), from ABR. Default route is generated
even if type 5 LSA (which should be filtered) are not present on ABR.R1(config-router)#area 1 default-cost 10 //default metric of the default route is 1 if not specified. Area 1 is the stub area.
Totally stubby area. Does not accept external or summary LSA. Type 3,4,5 LSA are blocked (except for one type 3 default 0.0.0.0). Cannot contain ASBR (except when ABR is the ASBR). Cisco proprietary.R1(config-router)#area 1 stub no-summary //configured on ABR. The rest of the routers are configured with area 1 stub.R1(config-router)#area 1 default-cost 15 //the cost for injected default route is 1. But can be changed. Useful in selecting the best exit from area.Stub and totally stubby areas have some restrictions: cannot be area 0, no ASBR in the area and no virtual links go through area.R1#sh ip ospfArea 1 Number of interfaces in this area is 1 It is a stub area generates stub default route with cost 15
NSSA stubby area. ABR removes type 5 LSA, but does not generate a default route instead.Not-so-stubby area is like stub and totally stubby, but ASBR is allowed to inject external routes as LSA type 7. Type 7 LSA originated by the ASBR is blocked by ABR and transformed into a type 5 LSA and propagated through the domain. The ABR that translate the LSA is the owner of that type 5 LSA.NOTE: If there are multiple ABR, only the one with bigest RID will make the LSA translation and redistribution of type 5 LSA.R1(config-router)#area 1 nssa //this must be configured on all routers in nssa area. ABR in a NSSA area by default does not generate a default route for summary or external routes. Into a NSSA area, only the summary net LSA (type 3 intra-area) are injected by ABRs and ABRs do not inject a default route and external routes. The routes injected by any ASBR, apear as type 7 LSA (N1 or N2) in the NSSA area. If any ABR exists in an NSSA area, it will inject the external type 7 LSA into the backbone area as a type 5 External LSA (E1 or E2).
The problem with this design is that some connectivity can be lost because the default and external routes are not injected into nssa area. This can be fixed in 2 ways: injecting a default route into nssa, or making the nssa area a nssa totally.R1(config-router)#area 1 nssa default-information-originate //it makes the ABR to generate a default route type 7 into nssa for external networks.R6(config-router)#area 2 nssa no-redistribution //this command put on an ASBR, will block any external route to be redistributed inside the NSSA area. That ASBR can stii redistribute external routes to other areas where is connected.
NSSA totally stubby area.R1(config-router)#area 1 nssa no-summary //it makes the ABR to generate a default route for external network and for summary net. Does not require #area 1 nssa default-information-originate, because it removes LSA type 3,4,5 and replaces them with a default route.
A potential problems with all kinds of special areas is suboptimal routing when multiple ABRs are present.
Partitioned areas = Area in which a link failure causes one part of the area to be isolated from another. If partitioned area is nonbackbone and both isolated parts can reach an ABR, no service loss will occur. If partitioned are is backbone, then service loss can occur. Virtual links can help.
6. Route summarization
OSPF does not perform route summarization by default.Interarea route summarization. Only on ABR, does not apply to external routes.
R1#sh ip route 2.0.0.0 //Scenariu: advertise from area 0 only 2.0.0.0/16 to other areasRouting entry for 2.0.0.0/8, 4 known subnets Variably subnetted with 2 masks O 2.0.0.0/24 [110/74] via 10.0.123.2, 00:00:02, Serial0/0 O 2.0.1.0/24 [110/84] via 10.0.123.2, 00:00:02, Serial0/0O 2.0.2.0/24 [110/94] via 10.0.123.2, 00:00:02, Serial0/0 R1(config-router)#area 0 range 2.0.0.0 255.0.0.0 //area 0 is where the summarized networks comes from. The summary route is injected in all areas except area 0. Only the summary route is sent as type 3 LSA, more specific routes are suppresed. On the ABR that generates the summary, a route to null0 is locally installed for that summary net. If no metric is specified, it will be the best metric from all component subnets. To not generate the locally route to null0:R3(config-router)#no discard-route internal [AD] //on newer IOS AD of 0.0.0.0/0 can be specified.Router(config-router)#no compatible rfc1583 //If we want the metric of summarized route by be the worst of the component subnetsWithout compatible rfc1583 routers in other areas receive the summary with best metricO IA 2.0.0.0/16 [110/75] via 10.0.145.1, 00:01:45, FastEthernet0/0
With compatible rfc1583 routers in other areas receive the summary with worst metricO IA 2.0.0.0/16 [110/95] via 10.0.145.1, 00:00:01, FastEthernet0/0
The cost for summary route can also manually be specifiedR1(config-router)#area 0 range 2.0.0.0 255.255.0.0 cost 200O IA 2.0.0.0/16 [110/201] via 10.0.145.1, 00:00:08, FastEthernet0/0
Summarization of default cannot be done in this way:R1(config-router)#area 0 range 0.0.0.0 0.0.0.0 OSPF: Cannot add this range as 0.0.0.0/0 represents default
R1(config-router)#area 0 range 2.0.0.0 255.255.0.0 not-advertise //with not-advertise the component subnets and summary are not send and is not put to Null0R1#sh ip ospf Routing Process "ospf 1" with ID 1.1.1.1 Area BACKBONE(0) //din area 0 urmatoarele range-uri sunt configurate (anuntate sau nu) Area ranges are
2.0.0.0/16 Active(74) Advertise //prefix anuntat cu metrica calculata automat 2.0.0.0/16 Active(200 - configured) Advertise //prefix anuntat cu cost definit static 2.0.0.0/16 Passive Advertise //prefix neanuntat din cauza ca nu are subneturi componente 2.0.0.0/16 Passive DoNotAdvertise //prefix neanuntat din cauza folosirii "not-advertise"
External summarization. For external routes, only on ASBR or an NSSA ABR when translating type 7 to type 5. On the ASBR that generates the summary, a route to null0 is locally installed for that summary net. ABR receiving type 5 LSA cannot do this summarizationR2(config-router)#summary-address 2.0.0.0 255.255.0.0 //Only the summary route is sent as a type 5 LSA, more specific routes are suppresed. The attributes of the summary net (like metric-type) are inhereted from the more specific subnets that are aggregated. The summary metric is the best from component routes - is not influenced by #no compatible rfc1583R2(config-router)#summary-address 2.0.0.0 255.255.0.0 not-advertise //no summary or component routes are adevrtised.R2(config-router)#summary-address 0.0.0.0 0.0.0.0 //will not work. It will add in running config this:router ospf 1
summary-address 0.0.0.0 0.0.0.0 not-advertise //as a result, no exernal network will be advertised.R2(config-router)#summary-address 2.0.0.0 255.255.0.0 tag 123 //prefixelor sumarizate li se poate atasa un tag.R4(config-router)#no discard-route external //will not generate the locally route to null0Prefixele externe sumarizate se pot vedea cu:R2#sh ip ospf summary-address
OSPF Process 1, Summary-address 2.0.0.0/255.255.0.0 Metric 20, Type 2, Tag 0 //prefix anuntat, cost/type implicit, no tag set2.0.0.0/255.255.0.0 Metric 20, Type 2, Tag 123 //prefix anuntat, cost/type implicit, tag is set2.0.0.0/255.255.0.0 Metric 16777215, Type 0, Tag 0 //prefix neanuntat din cauza lipsei subneturilor componente sau not-advertise. Metrica este maxima 2^24
Default route in OSPFNOTE: OSPF does not accept redistribution of default route!!!
R4(config-router)#default-information originate alwaysIt always injects a default route as type 5 LSA, type 2, metric 1 and tag = local ospf process id, even if it does not have a default route. With that command, R4 is considered to be ASBRR4#sh ip ospf database router 4.4.4.4 Routing Bit Set on this LSA in topology Base with MTID 0 LS age: 23 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 4.4.4.4 Advertising Router: 4.4.4.4 LS Seq Number: 8000000C Checksum: 0x7203 Length: 48 Area Border Router AS Boundary Router Number of Links: 2
R1#sh ip ospf database external 0.0.0.0 OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States Routing Bit Set on this LSA LS age: 37 Options: (No TOS-capability, DC) LS Type: AS External Link //type 5 Link State ID: 0.0.0.0 (External Network Number ) Advertising Router: 4.4.4.4 LS Seq Number: 80000001 Checksum: 0xC2DF Length: 36 Network Mask: /0
Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 1 Forward Address: 0.0.0.0 External Route Tag: 1 //this is the process id started in ASBR
R4(config-router)#default-information originate //it injects a default route as type 5 LSA only if a default route exits.The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be
redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain.
Route map-ul permite generarea unei rute default conditionata de prezenta prefixelor in RIB identificate prin ACL-uri (doar prefixe classfull) sau identificate prin ip prefix-lists (inlcuding subnetworks). Daca se configureaza atat cuvantul cheie always cat si un route-map ce conditioneaza generarea routei default, OSPF va tine cont de conditiile route-map-ului, efectiv anuland efectul cuvantului cheie always.R1(config)#ip prefix-list P1 permit 1.0.0.0/24R1(config)#route-map RMR1(config-route-map)#match ip address prefix P1R1(config-router)#default-information originate always route-map RM
R1# OSPF: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0, adv 1.1.1.1, age 0, seq 0x80000001, metric 1, metric-type 2, fw-addr 0.0.0.0If 1.0.0.0/24 exists on R1 then on R2 default route apearsR2# O*E2 0.0.0.0/0 [110/1] via 10.0.123.1, 00:02:01, Serial1/0
If 1.0.0.0/24 dissapear (#debug ip routing + debug ip ospf external), default route is advertised as unreachable.RT: delete subnet route to 1.0.0.0/24OSPF: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0, adv 1.1.1.1, age 3600, seq 0x80000002, metric 16777215, metric-type 2, fw-addr 0.0.0.0
7. Virtual linksLSA learned via virtual links have the DoNotAge DNA option set to prevent excessive flooding over the virtual link. Virtual links are not allowed over
stub and nssa areas. The virual link is considerd to be in area 0. Inside the virtual link, ospf messages are encapsulated inside unicast ip packets.In LSA-ul de tip 1 al ariei tranzit, routerele vor seta bitul V (Virtual Link Endpoint). Dupa ce se stabileste adiacenta, nu se mai trimit mesaje OSPF
(nici hello-uri) decat atunci cand are loc un topology change. Functioneaza ca circuit-on-demand.R4(config-router)#area 456 virtual-link 6.6.6.6R6(config-router)#area 456 virtual-link 4.4.4.4
Area 456 is the transit area between area 0 and another non-backbone area. Without this virtual link, Area 0 will not receive routes from non-backbone area and viceversa. The cost of the virtual link is the cost to reach the other router over the transit area.R4#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 6.6.6.6 is up //meaning a route to neighbor id was found Run as demand circuit DoNotAge LSA allowed. Transit area 456, via interface FastEthernet0/1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed)
R6#sh ip ospf database //to see wich LSA have DNA set.R6#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 4.4.4.4 0 FULL/ - - 192.168.1.4 OSPF_VL2
Atentie la interpretarea output-ului comenzii #show ip ospf virtual-links: faptul ca link-ul virtual apare Up nu indica decat ca exista o ruta in RIB-ul routerului nostru catre celalalt capat al conexiunii virtuale, nu si ca aceasta conexiune virtuala este functionala. Pentru a ne asigura de acest din urma fapt se va cauta in output mentiunea: Adjacency State FULL. ( de testat cum apare cand autentificarea esueaza)Virtual link authentication: virtual link authentication is separate from normal neighbor authentication.R6(config-router)#area 456 virtual-link 4.4.4.4 hello-interval 10 //hello intervalR6(config-router)#area 456 virtual-link 4.4.4.4 dead-interval 30 //how many sec to wait for hellos. Must have same value on both endsSolution 1 - specify authentication particulary for a virtual link. Rack1R3(config-router)#area 134 virtual-link 150.1.5.5 authentication message-digestRack1R5(config-router)#area 134 virtual-link 150.1.3.3 authentication message-digestRack1R5(config-router)#area 134 virtual-link 150.1.3.3 message-digest-key 1 md5 cisco123
Solution 2 - specify authentication type globally for an area in which VL0 is placed.router ospf 1 area 0 authentication message-digest //if virtual link is part of area 0.R1#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 4.4.4.4 is up Run as demand circuit DoNotAge LSA allowed. Transit area 145, via interface FastEthernet0/0, Cost of using 1
O alta rezolvare asemanatoare cu VL sunt tunelarile GRE, IPIP etc
OSPF authentication
Types of authentication: Null/No authentication (type 0), Simple password auth - plaint text (type 1), MD5 authentication (type 2). There are 2 mode to configure authentication: Per area and per link.
Area authentication (the old aproach):- Simple authentication:R1(config-router)#area 1 authenticationR1(config-if)#ip ospf authentication-key parola
- No authentication:R1(config-router)#no area 0 authentication [message-digest] Per link disables authentication if area authentication is enabled:R1(config-if)#ip ospf authentication null
Link authentication (the new aproach):- Simple authentication:R5(config-if)#ip ospf authentication //enables simple authenticationR5(config-if)#ip ospf authentication-key parola //simple auth with passw parolaR4#debug ip ospf adjOSPF:Rcv pkt from 10.0.45.5, Serial1/0: Mismatch Authentication type.Input packet specified type 1,we use type 0 //different auth typesOSPF:Rcv pkt from 10.0.45.5, Serial1/0: Mismatch Authentication Key - Clear Text //different authentication passwords- MD5 authentication:R1(config-if)#ip ospf authentication message-digestR1(config-if)#ip ospf message-digest-key 1 md5 parola //same key and pass must be used.R4#debug ip ospf adjOSPF: Rcv pkt from 10.0.14.1, Serial1/2 : Mismatch Authentication type. Input packet specified type 2, we use type 0 //both auth type must match.OSPF: Rcv pkt from 10.0.14.1, Serial1/2 : Mismatch Authentication Key - No message digest key 1 on interface //both key must match.OSPF: Rcv pkt from 10.0.14.1, Serial1/2 : Mismatch Authentication Key - Message Digest Key 1 //both password must match.
If the authentication type 2 MD5 is used but no keys are defined, then messages are exchange with key id 0 and no hash in the header. Adjacencies can be formed in this way. R4#debug ip ospf adj //will show "OSPF: Send with youngest Key 0"
NOTE:!!!If multiple MD5 keys are configured, the router will send multiple copies of ospf packet with each key until will detect that his neighbors have adopted the new keys. This is used for changing the authentication md5 keys, without loosing the neighbor relationship.
Authentication types can be seen with:R4#sh ip ospf int se0/0Simple password authentication enabled
Message digest authentication enabled No key configured, using default key id 0
Message digest authentication enabled Youngest key id is 1
R4#sh ip ospf Area 45
Area has simple password authentication
R4#sh ip ospf Area 45
Area has message digest authentication
Changing MD5 password can be done without loosing connection.R2(conf-if)#ip ospf message-digest-key 1 md5 cisco1 //both neigh with same keyR2(conf-if)#ip ospf message-digest-key 2 md5 cisco2 //adding the second key
R2#sh ip ospf int fa0/0 R2 see that key 2 is newer, but until all neighbor use key 2, will send with boths keys Message digest authentication enabled Youngest key id is 2 Rollover in progress, 1 neighbor(s) using the old key(s): key id 1 OSPF: Send with key 1 //with #debug ip ospf eventsOSPF: Send with key 2
OSPF FilteringOSPF poate filtra prefixe astfel incat sa nu fie instalate in RIB, insa vor fi instalate in LSDB si anuntate mai departe. OSPF poate filtra si anumite tipuri de LSA-uri.
Filtrarea prefixelor la instalare in RIB.1. Controll the instalation of routes in RIB with #distribute-list <filtru> in. It does not prevent LSA from being propagated and installed in LSDB.With standard ACL (named/numbered)R6(config)#access-list 1 deny 50.0.0.0 0.0.0.255R6(config)#access-list 1 permit any
Before:O 50.0.0.0 [110/2] via 192.168.1.5, 00:00:10, FastEthernet0/1 O 50.0.1.0 [110/2] via 192.168.1.5, 00:00:00, FastEthernet0/1
R6(config-router)#distribute-list 1 inO 50.0.1.0 [110/2] via 192.168.1.5, 00:00:03, FastEthernet0/1
With prefix-listsR6(config)#ip prefix-list P1 deny 50.0.1.0/24R6(config)#ip prefix-list P1 permit 0.0.0.0/0 le 32
BeforeO 50.0.0.0 [110/2] via 192.168.1.5, 00:00:10, FastEthernet0/1 O 50.0.1.0 [110/2] via 192.168.1.5, 00:00:00, FastEthernet0/1
R6(config-router)#distribute-list prefix P1 inO 50.0.0.0 [110/2] via 192.168.1.5, 00:00:03, FastEthernet0/1
With extended ACL, the source matches the source of the LSA/neigh IP (not the router ID) and destination matches the prefixR6(config-router)#distribute-list 100 in //will not add 100.0.0.0/24 via 192.168.1.4access-list 100 deny ip host 192.168.1.4 100.0.0.0 0.0.0.255 access-list 100 permit ip any any R6(config-router)#distribute-list 1 in fa0/0 //will not add to RIB prefixes in ACL1 if learned through fa0/0
With route-maps...de completat exemple
2. Distribute-list out - used to prevent redistributed type 5 LSA routes from being installed in OSPF database. Does not work for inter or intra-area routes. Can be used with ACL, prefix-lists and route-maps (match on...de testat)R4#router ospf 1 //on R5 eigrp and connected are redistributed
On other routers E2 routes apear:O E2 10.0.145.0 [110/20] via 192.168.1.5 //from connectedO E2 11.0.0.0/24 [110/20] via 192.168.1.5 //from eigrpO E2 11.0.1.0/24 [110/20] via 192.168.1.5 //from eigrpO E2 50.0.0.0/24 [110/20] via 192.168.1.5 //from connectedO E2 50.0.1.0/24 [110/20] via 192.168.1.5 //from eigrp
R5(config)#ip prefix-list P1 deny 11.0.0.0/24 R5(config)#ip prefix-list P1 deny 50.0.0.0/24 R5(config)#ip prefix-list P1 permit 0.0.0.0/0 le 32 R5(config-router)#distribute-list prefix P1 outOn other routers, the denied prefixes dissapearO E2 10.0.145.0 [110/20] via 192.168.1.5O E2 11.0.1.0 [110/20] via 192.168.1.5O E2 50.0.1.0 [110/20] via 192.168.1.5
After applying the distribute list,R5 will announce the filtered routes with max age and metricOSPF: Generate external LSA 11.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base OSPF: Generate external LSA 50.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base
The filtering can be applied only when redistributing from specific sources like connected, static, eigrp etc
In this example, the filtering affects only redistributed routes from connected sources.R5(config-router)#distribute-list prefix P1 out connected
De completat exemple mai delicate cu match-uri in route-maps.
R1(config-router)#distribute-list prefix P1 out [source] //will redistribute only type5 LSA permited by P1 redistributed [from source]
Filtering LSA at ABRAny type of LSA filtering must be done at the ABR (for type 3 LSA) or ASBR (for type 5 LSA) and not
inside an area, because all router inside an area must have the same ospf database for the SPF algorithm to be consistent. router ospf 1 area 2 filter-list prefix NOT_R5_LOOPBACK in //filter what is sent into area 2 from any area area 1 filter-list prefix NOT_R5_LOOPBACK out //filter what is sent out from area 1 into any areaip prefix-list NOT_R5_LOOPBACK seq 5 deny 150.1.5.5/32 //deny reachability only to loopback 5.ip prefix-list NOT_R5_LOOPBACK seq 10 permit 0.0.0.0/0 le 32!!!NOTE. Type 3 filtering can be done with sumarization also:R9(config-router)#area 2 range 10.1.0.0 255.255.252.0 not-advertise //because 10.1.0.0/22 it is a summary, more specific lsa type 3 for example 10.1.0.0/24 and 10.1.1.0/24 are filtered. And with "not-advertise" the summary is also not sent, thus resulting in filtering those LSA type 3.
R1(conf-if)#ip ospf database-filter all out //prevent flooding of LSA on an interface. Can be used when redundant links exists between neighbors
Tunning OSPF performance!!!A compromise between scalability and performance must be made by changing SPF timers.
R1#sh ip ospf //default settings Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs
R1#sh ip ospf //after changes Initial SPF schedule delay 2000 msecs Minimum hold time between two consecutive SPFs 4000 msecs Maximum wait time between two consecutive SPFs 12000 msecs Incremental-SPF enabled Initial LSA throttle delay 1000 msecs Minimum hold time for LSA throttle 2000 msecs Maximum wait time for LSA throttle 7000 msecs Minimum LSA arrival 500 msecs LSA group pacing timer 200 secs Interface flood pacing timer 30 msecs Retransmission pacing timer 60 msecs
Incremental SPF = iSPF - improves performanceModern routers take maximum a few hundred miliseconds to run full SPF, event in complex networks. It can be further optimized by using iSPF. The
first Shortest Path Tree - SPT should be kept after first calculation (at the expense of extra memory) and further computation should be optimized. Has these properties:1. If a new node added appears to be a leaf a very simple computation is done (distance-vector computation)2. If there is a link failure not part of the tree, no computation is needed. Because different routers have diferent SPT, a link failure that does not affect one SPT, might affect the others.3. If there is a transit link failure, we only need to recalculate the paths for the node downstream of the failure.
Is best used in sparesly connected network. For "almost" full mesh network, any link failure would probably be a transit link and the SPF would run,
having the same performance as clasic SPF.R1(config-router)#ispf
Advertise connected subnets with network statement or redistribution. Which is better?1. With network statements. They are advertised in type 1 LSA and flooded only into one area. As a result will trigger SPF only into one area2. With redistribution. Advertised as type 5 (which has the biggest size of all LSA) in all OSPF domain, but does not trigger full SPF, only Partial Route Calculation. Will add a slightly config complexity.
LSA Pacing - improves performanceEach LSA has an age. In original LSA behavior the refreshing was done in a single timer so all the LSA were refreshed every 30 minutes by default =>
wasted CPU resources, possible sudden increase of traffic. The refreshing of LSA is needed, because if the age reaches 60 minutes it will be discarded. The problem is solved by having a separate age timer for each LSA but this will cause another issue: having many pachets sent for each LSA at diferent times resulting in inefficient usage of bandwidth. The final solution is to delay the refreshing for a time instead of performing individual refresh of each LSA - this period is called pacing interval. Default is 4 minutes. Recomandation: the more LSA, the less pacing interval should be and viceversa.
Best practices. For thousands of LSA, reducing the timer will help. If you have 40-100 LSA for example, setting timer to 10-20 minutes will help.R1(config-router)#timers pacing lsa-group 200
OSPF flood pacing timer = controls ospf interpacket spacing between consecutive LSU. Instead of flooding every LSA as soon as posible, the OSPF process would wait the “pacing interval” for more potential LSAs and pack them in a single update packet.
OSPF retransmission pacing timer = controls interpacket spacing between consecutive LSU from Retransmision Queue. Every time the router needs to retransmit an unacknowledged LSA over an adjacency, will wait this time to group it with other unacknowledged LSAs.R1(config-router)#timers pacing flood 30R1(config-router)#timers pacing retransmission 60
OSPF SPF and LSA Throttling - improves scalabilityThrottling is the general process of
slowing down responses to the frequently oscillating events such as link flaps.
SPF throttling. The general idea is to reduce resource wastage in unstable situations and wait till the situations calm down. When an event occurs, do not respond to it immediately (by generating an LSA or running SPF), but wait some time, hoping to accumulate more similar events. This could potentially save a lot of resources, by reducing the number of SPF runs or amount of LSAs flooded. The question is – how long should we hold or throttle the responses? Ideally, it would be nice to adapt this interval according to the network conditions – make it longer when the network is unstable and shorter under stable conditions. Cisco implements an exponential backoff timer to implement this idea.The exponential backoff is defined using three parameters – start interval, increment, and max_wait time specified using the command timers throttle spf start increment max_wait.
Suppose the network was stable for a relatively long time, and then an event such as LSA arrival has occurred. The router delays SPF computations for the start amount of milliseconds and sets the holdtime to increment milliseconds. Next, if an event occurs after the start window expired, the event would be held for processing until the holdtime window expire (increment msec), but the next holdtime would be doubled, i.e. set to 2*increment. Effectly, every time an event occurs during the current holdtime window, the processing is delayed until the current holdtime expires and the next holdtime interval is doubled. The holdtime grows exponentially until it reaches the max_wait value. After this, every event received during current holdtime window would result in the next interval being equal to the constant max_wait. This ensures that exponential growth is limited by a ceiling value. If there are no events for the duration of 2*max_wait milliseconds, the holdtime window is reset back to the start value, assuming the network returned to stable condition.R1(config-router)#timers throttle spf start increment max_wait //timers in miliseconds
LSA Throttling. The same principle and timers for spf process throttling can apply to the generation of new LSA as response to local link events.The first LSA is always generated immediately upon an OSPF topology change, and the same next LSA generated is controlled by the start interval.
The subsequent LSAs generated for the same LSA are rate-limited at increment interval and the rate-limit is doubled until the max_wait interval is reached. The "same LSA" is defined as an LSA instance that contains the same LSA ID number, LSA type, and advertising router ID. R1(config-router)#timers throttle lsa start increment max_wait //timers in milisecondsDefault timers for LSA throttling are start/increment/max_wait: 0/5000/5000. R2#sh ip ospf Minimum LSA interval 5 secs //because of the default timers Initial LSA throttle delay 1000 msecs //after changing the default timers Minimum hold time for LSA throttle 2000 msecs Maximum wait time for LSA throttle 7000 msecsR1#sh ip ospf timers rate-limit List of LSAs that are in rate limit Queue LSAID: 1.1.1.1 Type: 1 Adv Rtr: 1.1.1.1 Due in: 00:00:02.784 //can be seen when setting timers high and quickly shut/no shut an interfaceR4#sh ip ospf flood-list //will show if LSA are wainting to be flooded. OSPF Router with ID (4.4.4.4) (Process ID 1) Interface Loopback10, Queue length 0 Interface FastEthernet0/1, Queue length 0 Interface FastEthernet0/0, Queue length 0
The timers lsa arrival command controls the minimum interval (default 1000ms) for accepting the same LSA. If an instance of the same LSA arrives sooner than the interval that is set, the LSA is dropped. It is recommended that the arrival interval be less than or equal to the hold-time/increment interval of the #timers throttle lsa command. R1(config-router)#timers lsa arrival 500
NOTE: On some cisco documentation timers start/increment/max_wait are called: start/hold/max intervals
Prefix suppresion - for core routersOSPF represents a point-to-point connection between two routers via two link types in a router LSA: type 1 (connection to another router ID) and type
3 (describing the stub prefix). The network core prefixex does not need to be advertised so link type 3 can be suppressed for speeding SFP calculations. The result is the core prefixes will be unreachable, but end-to-end connectivity will work.
Global command will exclude all prefixes except loopbacks, secondary and passive interfaces. Will not sent router LSA type 3 - subtype 1 and network
LSA type 2.R6(config-router)#prefix-suppressionR6(config-if)#ip ospf prefix-suppression [disable]
OSPF: Suppressing 192.168.1.0/24 on FastEthernet0/1 from network LSA OSPF: Suppressing 60.0.0.0/24 on Loopback1 from router LSA //because Lo1 is configured as p2pOSPF: Suppressing 60.0.1.0/24 on Loopback2 from router LSA //because Lo2 is configured as p2p
R6#sh ip ospf Prefix-suppression is enabled
R6#sh ip ospf int Prefix-suppression is enabled
OSPF LSDB protection against LSA floodingIf the LSA count still exceed the threshold after 1 minute, the ospf process takes down all adjacencies and enter into the ignore state for a period
defined by ignore-time. In ignore state no ospf packet are sent or accepted. The ignore-count parameter defines the maximum number of times that the OSPF process can consecutively enter the ignore state before remaining
permanently down and requiring manual intervention (like changing the threshold).If the OSPF process remains normal for the time that is defined by the reset-time parameter, the ignore state counter is reset to 0.
R1(config-router)#max-lsa 200 //LSDB Overload protection. Can receive a maximum of 200 LSAR1(config-router)#max-lsa 200 80 //will generate warrning after 80% of 200 LSA are received. Default is 75%R1(config-router)#max-lsa 200 warning-only //will issue only a warning, and will accept over 200 LSA. Never enters ignore stateR1(config-router)#max-lsa 200 ignore-time 3 //set ignore-time period to 3 minutes. Default is 5 min.R1(config-router)#max-lsa 200 ignore-count 3 //default is 5 timesR1(config-router)#max-lsa 200 reset-time 7 //default is 10 minutesR6(config-router)#max-lsa 5 ignore-count 5 ignore-time 3 reset-time 7 50R6#sh ip ospf Maximum number of non self-generated LSA allowed 5 Current number of non self-generated LSA 0 Threshold for warning message 50% Ignore-time 3 minutes, reset-time 7 minutes Ignore-count allowed 5, current ignore-count 0
Maximum number of non self-generated LSA allowed 5 Current number of non self-generated LSA 0 Threshold for warning message 75% Ignore-time 1 minutes, reset-time 2 minutes Ignore-count allowed 2, current ignore-count 3 Permanently ignoring all neighbors due to max-lsa limit
%OSPF-4-OSPF_MAX_LSA: Maximum number of non self-generated LSA has been exceeded "ospf 1" - 6 LSAs //and after 1 min next message:%OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/1 from LOADING to DOWN, Neighbor Down: Interface down or detachedR6#sh ip ospf Ignoring all neighbors due to max-lsa limit, time remaining: 00:02:41 //this will apear if the router is in ignore stateOSPF: Do not send Hello over FastEthernet0/1, ignoring all neighbors due to max-lsa limit //#debug ip ospf adj will show this in ignore state
OSPF Demand Circuit Feature: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a8f.shtmlThe amount of traffic generated by ospf (hello every 10 sec, LSA refresh every 30 min) is undesirable on demand circuits. This feature suppresses hello and LSA refresh. OSPF can establish a demand link to form an adjacency and perform initial database synchronization, the adjacency remains active even after Layer 2 of the demand circuit goes down.
Periodic hellos are suppressed only on a point-to-point and point-to-multipoint network type. On any other network type, OSPF hellos are still sent over the interface.
Periodic LSA refreshes that take place every 30 minutes do not occur with OSPF demand circuit. When a demand circuit link is established a unique
option bit (the DC bit) is exchanged between neighboring routers. If two routers negotiate the DC bit successfully they make a note of it and set a specific bit in the LSA Age called the DoNotAge bit (DNA). The DNA bit is the most significant bit in the LS Age field. By setting this bit the LSA stops aging, and no periodic updates are sent. If there is a change in topology or if there is a router that do not understand demand circuits then the LSA refresh occurs.
You need to configure the demand circuit at one end of the link only. However, if you configure this command on both ends it does not cause any harm.R3(config-subif)#ip ospf demand-circuit //activates ospf demand circuit featureR3(config-subif)#ip ospf flood-reduction //activates flood reduction, only suppresses LSA refresh, but not hellos. LSA are first sent with DNA bit set.R3#sh ip ospf int se1/0.1Configured as demand circuit. Run as demand circuit. Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Hello suppressed) Suppress hello for 1 neighbor(s)
NonStopForwarding NSF - OSPF Gracefull Restart - http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/gr_ospf.htmlWhen a router that supports NSF (NSF capable) restarts the OSPF process, the CEF will continue to switch packets based on FIB until the OSPF is
started again (posibly on standby RP). The neighbor routers (helper routers) need to be NSF aware and when receiving a grace-lsa from a neighbor will consider him up for a period of time.R1(config-router)#nsf ietf Activates NFS on NFS capable routersR6(config-router)#nsf ietf helper //activated NFS aware routers.
R6#sh ip ospf IETF NSF helper support enabled Cisco NSF helper support enabled
DIVERSE
1. Forward Address FA http://blog.ine.com/2009/11/13/ospf-prefix-filtering-using-forwarding-addresshttp://www.mplsvpn.info/2009/01/forwardind-address-in-lsa-5_26.html http://packetlife.net/blog/2009/feb/25/making-use-ospf-forwarding-addresses/
FA was introduced to avoid extra-hops when traffic is routed to an external AS. Apear in type 5 and 7 LSA.0.0.0.0 = means the next hop is considered the originating router (ASBR)FA is set to non-zero when all this condition are meet:1. OSPF is enabled on the ASBR's next hop interface2. ASBR's next hop interface is non-passive under OSPF3. ASBR's next hop interface must be broadcast or non-broadcast 4. ASBR's next hop interface address falls under the network range.
R4,R5,R6 are running OSPF in area 0. R4 is redistributing a static route.R4(conf)#router ospf 1 redistribute static subnetsip route 1.1.1.0 255.255.255.0 10.0.145.1R4#sh ip ospf database external 1.1.1.0 OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24
R4#sh ip ospf int fa0/0 Network Type BROADCAST, Cost: 1 //next-hop int fa0/0 must be in OSPF and not passive
If one of the condition for setting FA is not meet, then FA=0.0.0.0R4#sh ip ospf database external 1.1.1.0 OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24
Metric Type: 2 (Larger than any link state path) Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0
If the forwarding address is non-zero, other routers look up the forwarding address in the routing table. The matching routing table entry must specify an intra-area or inter-area path; if no such path exists, do nothing with the LSA and consider the next in the list. So, R5 should have 10.0.145.0 as a conected network in his LSA type 1!!!On R5, if the FA is set and the interface towards FA is part of OSPF:R5#sh ip ospf database external 1.1.1.0 Routing Bit Set on this LSA in topology Base with MTID 0O E2 1.1.1.0 [110/20] via 10.0.145.1, 00:00:00, FastEthernet0/0
If ther FA is not setO E2 1.1.1.0 [110/20] via 192.168.1.4, 00:00:12, FastEthernet0/1
If FA is set but the interface towards FA is not part of OSPF, then Routing Bit is not set and the external route does not apear in RIB for that router.
R4(config-router)#redistribute static subnets metric-type 1R6 by default see 1.1.1.0 via both exit points:R6#sh ip route ospfO IA 10.0.145.0 [110/2] via 192.168.1.5, FastEthernet0/1 [110/2] via 192.168.1.4, FastEthernet0/1
R5(config-if)#ip ospf cost 100R6#sh ip route ospfO IA 10.0.145.0 [110/2] via 192.168.1.4, FastEthernet0/1
R4(config-if)#ip ospf cost 200R6#sh ip route ospfO IA 10.0.145.0 [110/101] via 192.168.1.5, FastEthernet0/1
2. Forwarding address suppresion in translated type 5 LSA.In the previos example, R4-R6 in area 0 and R1-R4 in area 145 NSSA. R1 redistributes a connected 1.1.1.0/24 as type 7 LSA and translated in type 5
by R4. If R4 does not send internal nssa routes like 10.0.145.0 (for RIB efficency reasons) then R6 cannot install in RIB the external type 5 LSA 1.1.1.0 which has a FA of 10.0.145.1.R4(config-router)#area 0 filter-list prefix P1 in //P1 deny 10.0.145.0
Before filtering internal nssa routes on R4:R6#sh ip route ospf O E1 1.1.1.0/24 [110/22] via 192.168.1.4, FastEthernet0/1 O IA 10.0.145.0/24 [110/2] via 192.168.1.4, FastEthernet0/1 R6#sh ip ospf database external 1.1.1.0
Type-5 AS External Link States LS Type: AS External Link Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric) Metric: 20 Forward Address: 10.0.145.1 External Route Tag: 0
After filtering 10.0.145.0:R6#sh ip route ospf //nothing shows up in RIB event though external LSA is presentR6#sh ip ospf database external 1.1.1.0
Type-5 AS External Link States LS Type: AS External Link Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric) Metric: 20 Forward Address: 10.0.145.1 External Route Tag: 0As a general rule, external prefixes in LSA type 5 with FA are installed only if FA is
reachable and learned via ospf.Solution - change on ABR the FA to 0.0.0.0 when translating type 7 to type 5. Then routers in area 0 will use the ABR as next-hop instead of FA.
R4(config-router)#area 145 nssa translate type7 suppress-faR6#sh ip route ospf O E1 1.1.1.0/24 [110/21] via 192.168.1.4, FastEthernet0/1
R6#sh ip ospf database external Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24
Forward Address: 0.0.0.0
Troubleshooting OSPF
DEBUGS:R1#debug ip ospf hello*Nov 16 17:09:41.395: OSPF: Mismatched hello parameters from 10.0.123.2 *Nov 16 17:09:41.395: OSPF: Dead R 36 C 40, Hello R 9 C 10*Nov 16 18:26:37.227: OSPF: Rcv hello from 2.2.2.2 area 23 from FastEthernet0/0 10.0.23.2 *Nov 16 18:26:37.227: OSPF: Hello from 10.0.23.2 with mismatched Stub/Transit area option bit
R1#debug ip ospf events //very usseful*Nov 16 17:10:41.655: OSPF: Mismatched hello parameters from 10.0.123.2 *Nov 16 17:10:41.659: OSPF: Dead R 36 C 40, Hello R 9 C 10 *Nov 16 18:27:05.967: OSPF: Rcv hello from 2.2.2.2 area 23 from FastEthernet0/0 10.0.23.2 *Nov 16 18:27:05.967: OSPF: Hello from 10.0.23.2 with mismatched Stub/Transit area option bit
Will show the process of establishing adjacencies and all adj statesR2#debug ip ospf adj OSPF: Rcv pkt from 10.0.23.3, FastEthernet0/0, area 0.0.0.23 mismatch area 0.0.0.233 in the header
Va arata mesaje ospf doar primite. Daca exista nepotriviri nu arata nimic.R2#debug ip ospf packetOSPF: rcv. v:2 t:1 l:44 rid:3.3.3.3 aid:0.0.0.23 chk:C57E aut:0 auk: from FastEthernet0/0
R1#debug ip ospf monitor //rulare SPF, tip SPF, timeri, ce LSA a cauzat rulare SPF OSPF: Schedule SPF in area 0, topology Base with MTID 0 Change in LS ID 1.1.1.1, LSA type R, spf-type Full OSPF: reset throttling to 5000ms next wait-interval 10000ms OSPF: schedule SPF in topology Base with MTID0: spf_time 01:16:18.080 wait_interval 5000ms OSPF: Begin SPF for topology Base with MTID 0 at 4583.084ms, process time 440ms spf_time 01:16:18.080, wait_interval 5000ms OSPF: Setting next wait-interval to 10000ms OSPF: End SPF for topology Base with MTID 0 at 4583.084ms, Total elapsed time 0ms Schedule time 01:16:23.084, Next wait_interval 10000ms
R1#debug ip ospf lsa-generationOSPF: Generate external LSA 1.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base OSPF: Generate external LSA 1.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base
R1#debug ip ospf spf external //used to see injection of type 5 LSAOSPF: Schedule partial SPF - type 5, LSID 0.0.0.0, adv_rtr 1.1.1.1OSPF: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0, adv 1.1.1.1, age 0, seq 0x80000001, metric 1, metric-type 2, fw-addr 0.0.0.0
debug ip ospf flood [1] //how LSA are sent and received. With acl 1 permit 10.0.0.0 0.0.0.255, only info about lsa id 10.0.0.X are showndebug ip ospf lsa-generation //info about generation and flooding of own lsa. (Only external?)debug ip ospf retransmission //display retransmission lsa eventsdebug ip ospf spf [externel|intre|inter...] //display SPF calculation
Details about SPF algorithmR1#sh ip ospf statistics OSPF Router with ID (1.1.1.1) (Process ID 1) Area 0: SPF algorithm executed 7 times Area 145: SPF algorithm executed 2 times Summary OSPF SPF statistic SPF calculation time Delta T Intra D-Intra Summ D-Summ Ext D-Ext Total Reason 00:41:49 4 0 4 0 0 0 8 R 00:40:32 0 0 0 4 0 0 4 R, SN 00:39:35 4 0 0 4 0 0 8 R, SN, X 00:23:19 16 0 0 0 4 0 20 R 00:21:40 0 4 0 0 0 4 8 R 00:20:27 4 4 0 0 0 0 8 R 00:20:02 4 4 0 4 0 0 12 R 00:13:58 0 0 0 0 0 0 0 X 00:07:20 4 4 0 0 0 0 8 R 00:04:56 4 4 0 0 0 0 20 R
R1#sh ip ospf statistics detail OSPF Router with ID (1.1.1.1) (Process ID 1) Area 0: SPF algorithm executed 7 times SPF 1 executed 00:47:21 ago, SPF type Full SPF calculation time (in msec): SPT Intra D-Intr Summ D-Summ Ext7 D-Ext7 Total 0 4 0 0 4 0 0 8 LSIDs processed R:2 N:0 Stub:5 SN:2 SA:0 X7:0 Change record 0x0 LSIDs changed 1 Changed LSAs. Recorded is LS ID and LS type: 1.1.1.1(R) SPF 2 executed 00:42:52 ago, SPF type Full SPF calculation time (in msec): SPT Intra D-Intr Summ D-Summ Ext7 D-Ext7 Total 0 4 0 4 0 0 0 8 LSIDs processed R:2 N:0 Stub:5 SN:2 SA:0 X7:0 Change record 0x0 LSIDs changed 1 Changed LSAs. Recorded is LS ID and LS type: 1.1.1.1(R)
Delta T = time since SPF had runIntra = time to calculate intra-area LSA and install them in RIBD-Intra = time to delete invalid intra-area routesSumm = time to calculate inter-area LSA and install them in RIBD-Summ = time to delete invalid inter-area routesExt = time to calculate external and NSSA LSA and install them in RIBD-Ext = time to delete invalid external and NSSA routesTotal = total time to run OSPF
R= Router link changeN= Network link changeSN = SummaryNet link changeSA = Summary on ASBR changeX = External change
Conditional debug on interface
R2#debug ip ospf hello //unconditionally show hello on all interfacesOSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 10.0.123.2OSPF: Send hello to 224.0.0.5 area 23 on FastEthernet0/0 from 10.0.23.2OSPF: Rcv hello from 1.1.1.1 area 0 from Serial1/0 10.0.123.1OSPF: Rcv hello from 3.3.3.3 area 23 from FastEthernet0/0 10.0.23.3
R2#debug interface Fa0/0 //show only hello on fa0/0R2#sh debugging IP routing: OSPF hello events debugging is on Condition 1: interface Fa0/0 (1 flags triggered) Flags: Fa0/0 OSPF: Send hello to 224.0.0.5 area 23 on FastEthernet0/0 from 10.0.23.2OSPF: Rcv hello from 3.3.3.3 area 23 from FastEthernet0/0 10.0.23.3
9. Redistribution from other protocols into OSPFrouter ospf 1
redistribute static metric 200 subnetsredistribute rip metric 200 subnets redistribute eigrp 1 metric 100 subnets redistribute isis metric 10 subnets!!!If a metric is not specifed when redistributing into ospf, a default metric of 20 is used, except for BGP which gets a metric of 1. Without subnets,
ospf will redistribute only the major net.
OSPF stub router advertismentThis feature should not be confused with ospf stub areas. Allows a router to advertise infinite metric (0xFFFF = 65535) for connected links in router
LSA type 1 and normal cost if the link is a stub network.
R1#sh ip ospfRouter is not originating router-LSAs with maximum metricR1#sh ip ospf database router 11.0.1.1Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.145.1 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 1R1(config-router)#max-metric router-lsaR1#sh ip ospf Originating router-LSAs with maximum metric Condition: always, State: active R1#sh ip ospf database router 11.0.1.1Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.145.1 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 65535
max-metric router-lsa All router LSA type 1, all subtypes exept subtype 1 (stub network) have metric set 65535max-metric router-lsa external-lsa [1000000] //+ all type 5 external advertised have metric set to [1000000].R1#sh ip ospf Originating router-LSAs with maximum metric Condition: always, State: active Advertise summary-LSAs with metric 2000000 Advertise external-LSAs with metric 1000000
TSHOOT OSPF:Troubleshooting adjacencies: (de vazut unde le mut)
INIT State. Local router has sees hello from the neighbor but the neighbor has not seen hello from local router. Why? ACL, NBMA frame-relay mappings.2-WAY State. This may be the right state between neighbors with priority 0 and between 2 DR-Other.EXSTART/EXCHANGE State. MTU problems, mtu must be the same. If mtu cannot be the same, then on interface:R1(conf-if)#ip ospf mtu-ignore //configurat pe interfata cu MTU mai mic.
Not all ethernet interfaces allow changing of MTU. Serial interfaces usualy allow MTU changes.Router# debug ip ospf adj - de testat“OSPF: Nbr 10.0.0.2 has smaller | bigger interface MTU”
