OSPF OSPF Summary The characteristics of OSPF follow: Link-state routing protocol. Uses Dijkstra algorithm to calculate SPF tree, which is Built around a well-known algorithm from graph theory, E. W. Dijkstra's shortest path algorithm. Uses IP protocol 89. Classless protocol (supports VLSMs and CIDR). Metric is cost, based on interface bandwidth by default (10^8 / BW in bps). Sends partial route updates only when there are changes. Use LSA messages, LSA are sent in a Sequence manner. ( sequence number ) Send hello packets every 10 sec with dead timer of 40 sec over P-P & BC networks. Send hello packets every 30 sec with dead timer of 120 sec over NBMA networks. If the network is stable and there have been no updates within 30 min (LSRefreshTime), a compressed update is sent. MaxAge (60 min), LSRefreshTime (30 min) and MaxAgeDiff (15 min) are OSPF architectural constants. LSRefreshTime is used to reset the MaxAge timer. The numbering scheme is a 4-byte number that begins with 0x80000001 and ends with 0x7FFFFFFF. Routes labeled as intra-area, interarea, external Type 1, or external Type 2. Support for authentication. Default administrative distance is 110. Uses multicast address 220.127.116.11 (ALLSPFRouters).///mac adresss Uses multicast address 18.104.22.168 (ALLDRouters). ).///mac adresss The reply for the hello is done in a unicast way.///////// Up to 16 Links for load balance, Over equal Cost metric for same paths type default is 4 paths Recommended for large networks. For 2 routers to be adjacent : 1st. Hello packets must be sent & received. 2nd They must have the same hello & dead timers also same Net ID with subnet mask. 3rd They must be in the same area. . OSPF Packet Types All five packet types are used in the normal operation of OSPF. Type Packet Name Description 1 Hello Discovers neighbors and builds adjacencies between them 2 DBD Checks for database synchronization between routers 3 LSR Requests specific link-state records from router to router 4 LSU Sends specifically requested link-state records; LSU may contain more than one LSA 5 LSAck Acknowledges the other packet types Exchanging and Synchronizing LSDBs Between two neighbors Neighbors Establishment: Exchanging and Synchronizing LSDBs Neighbors Full Adjacency Establishment: Neighbor State Machine An OSPF router transitions a neighbor through several states before the neighbor is considered fully adjacent: Down The initial state of a neighbor conversation indicates that no Hellos have been heard from the neighbor in the last RouterDeadInterval. Hellos are not sent to down neighbors unless those neighbors are on NBMA networks; in this case, Hellos are sent every PollInterval. If a neighbor transitions to the Down state from some higher state, the link state Retransmission, Database Summary, and Link State Request lists are cleared. Attempt This state applies only to neighbors on NBMA networks, where neighbors are manually configured. A DR-eligible router transitions a neighbor to the Attempt state when the interface to the neighbor first becomes Active or when the router is the DR or BDR. A router sends packets to a neighbor in Attempt state at the HelloInterval instead of the PollInterval. Init This state indicates that a Hello packet has been seen from the neighbor in the last RouterDeadInterval, but two-way communication has not yet been established. A router includes the Router IDs of all neighbors in this state or higher in the Neighbor field of the Hello packets. 2-Way This state indicates that the router has seen its own Router ID in the Neighbor field of the neighbor's Hello packets, which means that a bidirectional conversation has been established. On multi-access networks, neighbors must be in this state or higher to be eligible to be elected as the DR or BDR. The reception of a Database Description packet from a neighbor in the init state also causes a transition to 2-Way. ExStart In this state, the router and its neighbor establish a master/slave relationship and determine the initial DD sequence number in preparation for the exchange of Database Description packets. The neighbor with the highest Router ID becomes the master. Exchange The router sends Database Description packets describing its entire link-state database to neighbors that are in the Exchange state. The router may also send Link State Request packets, requesting more recent LSAs, to neighbors in this state. Loading The router sends Link State Request packets to neighbors that are in the Loading state, requesting more recent LSAs that have been discovered in the Exchange state but have not yet been received. Full Neighbors in this state are fully adjacent, and the adjacencies appear in Router LSAs and Network LSAs. Link-State Data Structures To ensure an accurate database, OSPF use Sequencing, Checksum & Age. OSPF floods (refresh) each LSA every LSRefreshTime (30 min). Each time a record is flooded, the sequence number is incremented by one & This LSA (refresh) will reset the record MaxAge timer (60 min) when it receives a new LSA update. An LSA (record) will never remain in the database longer than the MaxAge timer (60 min / 3600 sec) without a refresh. And this is used to maintain & insure LSDB synchronized across the Area. Sequance number range: InitialSequenceNumber (0x80000001) to MaxSequenceNumber (0x7fffffff). If the present sequence number is MaxSequenceNumber and a new instance of the LSA must be created, the router must first flush the old LSA from all databases. This is done by setting the age of the existing LSA to MaxAge (defined later in this section) and reflooding it over all adjacencies. As soon as all adjacent neighbors have acknowledged the prematurely aged LSA, the new instance of the LSA with a sequence number of InitialSequenceNumber may be flooded, Only the router that originated the LSA can prematurely age it. The checksum is a 16-bit integer calculated using a Fletcher algorithm. The checksum is calculated over the entire LSA with the exception of the Age field (which changes as the LSA passes from node to node and would therefore require recalculation of the checksum at each node). The checksum of each LSA is also verified every five minutes as it resides in the link-state database, to ensure that it has not been corrupted in the database. When each router receives the LSU, it does the following: 1- If the LSA does not already exist, the router adds the entry to its LSDB, sends a link-state Acknowledgment (LSAck) back, floods the information to other routers, runs SPF, and Updates its routing table. 2- - If the entry already exists but the new received LSA includes newer information (it has a higher sequence Number), the router adds the entry to its LSDB, sends an LSAck back, floods the information to other routers, runs SPF, and updates its routing table. 3- If the sequence numbers are equal, then compare the checksums. The LSA with the highest unsigned checksum is the more recent. 4- If the checksums are equal, then compare the age, If the difrence of ages of the LSAs is smaller than 15 minutes (known as MaxAgeDiff), then the new LSA is ignored. Also . If only one of the LSAs has an age of MaxAge (3600 seconds), it is considered the more recent. 5- If the entry already exists but the LSA smaller Sequnce number, the router sends an LSU to the sender with its newer information and its last update sequence number . 6- If none of the preceding conditions are met, the two LSAs are considered identical. RID – DR & BDR Election OSPF selects a router ID (RID) at startup time: Manually: The router ID’s specified in the router-id cmd under the OSPF process. If this command is used on an OSPF process that is already active, then the new RID is used after the next Router reload or manual OSPF process restart (clearing). Automatically: The highest IP address of an Active Logical interface (loopback), if no Logical interface is configured & active, RID will be the highest IP address of an Active Physical interface. DR & BDR Election steps: 1-The router with the highest OSPF priority is selected as the DR. The router with the second- highest priority value is the BDR. 2-The default priority is 1 on all cisco interfaces so OSPF Use the router ID as the tiebreaker. 3-The router with the highest RID becomes the DR & The router with the second-highest RID becomes the BDR. 4- The DR election is non-preemptive, if a router with a higher priority value gets added to the network, it does not preempt the DR and BDR. The only time that a DR or BDR changes is when one of them is out of service. If the DR is out of service, the BDR becomes the DR and a new BDR is selected. If the BDR is out of service, a new BDR is elected. Notes: A router with a priority set to 0 cannot become the DR or BDR. A router that is not the DR or BDR is called a DROTHER. Priority range is 0 to 255. Routers on the LAN also maintain a partial-neighbor relationship, a two-way adjacency state, with the other routers on the LAN that are not the DR or BDR (DROTHERs). After a DR and BDR have been selected, any router added to the network establishes adjacencies with the DR and BDR only. The three types of networks defined by OSPF on interfaces • Point-to-point • Broadcast • Nonbroadcast (NBMA) Point-to-point: A network that joins a single pair of routers, NO DR&BDR elected, OSPF auto detects this interface type; OSPF packets are sent using multicast 22.214.171.124. Broadcast: A multi-access broadcast network, such as Ethernet. DR&BDR elected, All neighbor routers form full adjacencies with the DR & BDR only. Packets to the DR and the BDR use 126.96.36.199. Packets from DR to all other routers use 188.8.131.52. Nonbroadcast (NBMA): A network that interconnects more than two routers but that has no broadcast capability. Frame Relay, ATM, and X.25 are considered as NBMA, Five modes of OSPF operation are available for NBMA networks. The default OSPF mode for NBMA networks: Main Frame Relay interface is NBMA On a point-to-point Frame Relay subinterface is point-to-point. On a point-to-multipoint Frame Relay subinterface is NBMA Timer OSPF Mode Topology OSPF AREA Types: Standard area This default area accepts link updates, route summaries, and external routes. Backbone area (transit area) The backbone area is the central entity to which all other areas connect. The backbone area is labeled area 0. All other areas connect to this area to exchange and route information. The OSPF backbone includes all the properties of a standard OSPF area. Stub area This area does not accept information about routes external to the AS, such as routes from non-OSPF sources. (Type 5). If routers need to route to networks outside the AS, they use a default route, which is advertised into stub area by the ABR by default.. Stub areas cannot contain (ASBRs) (except that the area border routers [ABRs] may also be ASBRs). Totally stubby area This area does not accept external AS routes or summary routes from other areas internal to the AS. No LSA Type 3 & 4 is allowed, If routers need to route to networks outside the AS, they use a default route, which is advertised into stub area by the ABR. Totally stubby areas cannot contain ASBRs (except that the ABRs may also be ASBRs). NSSA NSSA is an addendum to the OSPF RFC ( Cisco proprietary)This area defines a special LSA type 7. An NSSA offers benefits that are similar to those of a stub or totally stubby area. However NSSAs allow ASBRs, which is against the rule in a stub area. OSPF Router Types: Internal routers: Routers that have all their interfaces in the same area and have identical LSDBs. Backbone routers: Routers that sit in the perimeter of the backbone area and have at least one interface connected to area 0. Backbone routers maintain OSPF routing information using the same procedures and algorithms as internal routers. ABRs: Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each area to which they connect, and route traffic destined for or arriving from other areas. ABRs are exit points for the area, which means that routing information destined for another area can get there only via the ABR of the local area. ABRs can be configured to summarize the routing information from the LSDBs of their attached areas. ABRs distribute the routing information into the backbone. The backbone routers then forward the information to the other ABRs. In a multiarea network, an area can have one or more ABRs. ASBRs: Routers that have at least one interface attached to an external internetwork (another autonomous system [AS]), such as a non-OSPF network. ASBRs can import non- OSPF network information to the OSPF network and vice versa; this process is called route redistribution. OSPF LSA Types For all types of LSAs, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID. Every router generates router link advertisements for each area to which it belongs. Type 1 ( O ) Router link advertisements describe the state of the links of the router to the area and are flooded only within a particular area. The link-state ID of the type 1 LSA is the originating router ID. Type 2 (O) DRs generate network link advertisements for multi-access networks that describe the set of routers attached to a particular multi-access network. Network link advertisements are flooded in the area that contains the network. The link-state ID of the type 2 LSA is the IP interface address of the DR. Types 3 ( OIA ) ABRs generate summary link advertisements. These LSAs are flooded throughout the backbone area to the other ABRs. These link entries are not flooded into totally stubby areas or not-so-stubby areas (NSSAs). The link-state ID for type 3 LSAs is the destination network Types 4 ( OIA ) I s generated by an ABR only when an ASBR exists within an area, It describes routes to ASBRs. Its mainly used to let the ASBR reachable by all other Areas. These link entries are not flooded into totally stubby areas or not-so-stubby areas (NSSAs). The link-state ID for type 4 LSAs is the router ID of ASBR. Type 5 ( OE1 & OE2 ) ASBRs generate AS external link advertisements. External link advertisements describe routes to destinations external to the AS and are flooded everywhere with the exception of stub areas, totally stubby areas, and NSSAs , Type 4 LSA is needed to find the ASBR. The link-state ID of the type 5 LSA is the external network number. Type 6 Type 6 LSAs are specialized LSAs that are used in multicast OSPF applications. (Group membership LSA) Type 7 Type 7 is an LSA type that is used inside NSSAs. , its then Converted by the ABR to type 5 LSA.////////// Type 8 Type 8 is a specialized LSA that is used in internetworking OSPF and Border Gateway Protocol (BGP). Types 9, 10, and 11 The opaque LSAs, types 9, 10, and 11, are designated for future upgrades to OSPF for application-specific purposes. For example, Cisco Systems uses opaque LSAs for Multiprotocol Label Switching (MPLS) with OSPF. Standard LSDB flooding mechanisms are used for distribution of opaque LSAs. Each of the three types has a different flooding scope. OSPF Convergence The steps for OSPF convergence are as follows: 1- When a router detects a link failure, an LSA is sent to its neighbors. If the router is on a multi-access link, then the update is sent to the DR and BDR, not to all neighbors. 2- The path is removed from the originating router’s tables. 3- On receipt of the LSA, all routers update the topology table and at the same time flood the LSA out its interfaces. 4- The Dijkstra algorithm is run to rebuild the routing table. Convergence is detection time, plus LSA flooding, plus 5 seconds before computing the topology table. This comes to a few seconds. If convergence is deemed to be the topology table being updated, this could take longer. OSPF configurations config)# router ospf <process #> conf-router)# network < Net ID> < W.C > area <#> conf-router)# network < Loopback ip add > < 0.0.0.0 > area <#> (Optinal) conf-router)#passive-interface <interface> conf-router)#distance <N> (Define an administrative distance, default =110) conf-router)#maximum –paths <N> (Up to 16 Links for load balance, Over equal Cost metric for same paths type default is 4 paths) conf-router)#default-information originate conf-router)# neighbor < ip-address> [priority #] [poll-interval # ] [cost # ] [database-filter all] (NBMA) (NOT for NBMA) conf-router)# router-id <ip add> router# clear ip ospf process (clear ospf process or reload the router, For loopback to be a RID you must reset the ospf by disable and enable it again or reload the router) conf-router) # auto-cost reference-bandwidth <#> (Default is 100, range from 1 to 4,294,967, cost=100/BW bps = 10^8/BW bps) Summarization: conf-router)# area <#> range <net ID + mask> cost <#> < advertise / not-advertise> (ABR ) conf-router)# summary-address <net ID + mask> < not-advertise > tag < tag> (ASBR) advertise: This is the default, to advertise the summary and its subnets for ABR. not-advertise: NOT to advertise the summary range & suppress its subnets. (Suppress the summary & subnets), can be used in route filtering. FOR ASBR, using summary address sends only summary routes & suppresses all subnets. Authentication: Clear txt authentication type 1 conf-router)# area <#> authentication config)# int < Int > config-if)# ip ospf authentication-key < key> MD5 authentication type 2 conf-router)# area <#> authentication message-digest config)# int < Int > config-if)# ip ospf message-digest-key < key-ID> md5 < key> Notes: passwords & key ID must be the same between neighbors, and all area must support authentication, as authentication if enabled it must be enabled on the entire area. Still OSPF doesn’t support key-chain config till the time of this writing. Special area types Stub config: conf-router)# area <#> stub (configuring stub area, no LSA type 5 is allowed) conf-router)# area <#> stub no-summary (configuring Totally stub area, no LSA type 3,4 & 5 is allowed) conf-router)# area <#> default-cost <#> (add extra cost to default route, default is 1, valid range is 0 - 16777215) NSSA config (no LSA type 5): conf-router)# area <#> nssa metric-type (internal/external) metric <#> no-summary no-redistribution default-information originate translate type7 supress-fa no-summary: No LSA type 3 & 4 but inject a default route, as totally stub. no-redistribution: No LSA type 7, no external routes is advertised from ABR/ASBR, & NO inject for default route, but still receive type 3 & 4 LSA default-information originate: Inject a default route. Useful with no-redistribution cmd. Special Link types Virtual Link: conf-router)# area <area-id> virtual-link <remote router-id > authentication <message-digest / null > hello-interval <#> retransmit-interval <#> transmit-delay<#> dead-interval<#> authentication key key message-digest-key <key-id> md5 <key> # sh ip ospf virtual-link Interface Commands: config)# int < Int > config-if)# ip ospf message-digest-key < key-ID> md5 < key> config-if)# bandwidth <# in Kbps> (Optinal) config-if)# ip ospf cost <cost> (Optinal , range from 1 to 65,535.) config-if)# ip ospf priority <#> (Optinal) config-if)# ip ospf hello-interval <#> (Optinal) config-if)# ip ospf dead-interval <#> (Optinal) config-if)# ip ospf retransmit-interval <#> (Optinal, deault is 5 sec.) config-if)# ip ospf <process #> area <#> < secondaries none > ( used to enable OSPF explicitly on an interface & secondary none is used to Prevents secondary IP addresses on the interface from being advertised ) Show Commands: #sh ip route #sh ip route ospf # sh ip protocols # sh ip ospf neighbors # sh ip ospf neighbors < interface >< nei RID> <detail> # sh ip ospf database # sh ip ospf database database-summary # sh ip ospf database router <link state-id > (display type 1 LSA in ospf database) # sh ip ospf database network <link state-id > (display type 2 LSA in ospf database) # sh ip ospf database summary <link state-id > (display type 3 LSA in ospf database) # sh ip ospf database asbr-summary <link state-id > (display type 4 LSA in ospf database) # sh ip ospf database external <link state-id > (display type 5 LSA in ospf database) # sh ip ospf database nssa-external <link state-id > (display type 7 LSA in ospf database) # sh ip ospf interface # sh ip ospf interface <brief> # sh ip ospf border-routers # sh ip ospf virtual-link # debug ip ospf events # debug ip ospf adj Configuring OSPF LSDB Overload Protection conf-router)# max-lsa <maximum-number> <threshold-percentage> <warningonly> ignore-time <min > ignore-count <count-number > reset-time <min > This feature can limit the processing of non-self-generated LSAs for a defined OSPF process. As Excessive LSAs generated by other routers can drain local router resources, available on Cisco IOS Software Release 12.3(7)T and later + some specific earlier releases. When this feature is enabled, the router keeps count of the number of received (non-self generated) LSAs that it keeps in its LSDB. An error message is logged when this number reaches a configured threshold percentage, and a notification is sent when it exceeds the threshold number. If the LSA count still exceeds the threshold after one minute, the OSPF process takes down all adjacencies and clears the OSPF database; this is called the “ignore” state. In the ignore state, no OSPF packets are sent or received by interfaces that belong to that OSPF process. The OSPF process remains in the ignore state for the time that is defined by the ignore-time Parameter, default is 5 min. The ignore-count parameter defines the maximum number of times that the OSPF process can consecutively enter the ignore state before remaining permanently down and requiring manual intervention, default is 5 times. If the OSPF process remains normal for time that is defined by the reset-time parameter, the ignore -count is reset to 0.
Pages to are hidden for
"OSPF CCNP DRAFT B"Please download to view full document