OSPF CCNP DRAFT B by stariya


OSPF Summary
The characteristics of OSPF follow:

      Link-state routing protocol.
      Uses Dijkstra algorithm to calculate SPF tree, which is Built around a well-known
       algorithm from graph theory, E. W. Dijkstra's shortest path algorithm.

      Uses IP protocol 89.

      Classless protocol (supports VLSMs and CIDR).

      Metric is cost, based on interface bandwidth by default (10^8 / BW in bps).

      Sends partial route updates only when there are changes.

      Use LSA messages, LSA are sent in a Sequence manner. ( sequence number )

      Send hello packets every 10 sec with dead timer of 40 sec over P-P & BC

      Send hello packets every 30 sec with dead timer of 120 sec over NBMA

      If the network is stable and there have been no updates within 30 min
       (LSRefreshTime), a compressed update is sent.

      MaxAge (60 min), LSRefreshTime (30 min) and MaxAgeDiff (15 min) are OSPF
       architectural constants.

      LSRefreshTime is used to reset the MaxAge timer.

      The numbering scheme is a 4-byte number that begins with 0x80000001 and ends
       with 0x7FFFFFFF.

      Routes labeled as intra-area, interarea, external Type 1, or external Type 2.

      Support for authentication.

      Default administrative distance is 110.

      Uses multicast address (ALLSPFRouters).///mac adresss

      Uses multicast address (ALLDRouters). ).///mac adresss
       The reply for the hello is done in a unicast way./////////

       Up to 16 Links for load balance, Over equal Cost metric for same paths type
        default is 4 paths

       Recommended for large networks.

       For 2 routers to be adjacent :
                                         1st. Hello packets must be sent & received.
                                         2nd They must have the same hello & dead timers
                                              also same Net ID with subnet mask.
                                         3rd They must be in the same area.

                      OSPF Packet Types
All five packet types are used in the normal operation of OSPF.

Type Packet Name Description
1 Hello Discovers neighbors and builds adjacencies between them
2 DBD Checks for database synchronization between routers
3 LSR Requests specific link-state records from router to router
4 LSU Sends specifically requested link-state records; LSU may contain more than one LSA
5 LSAck Acknowledges the other packet types
         Exchanging and Synchronizing LSDBs
               Between two neighbors

Neighbors Establishment:
Exchanging and Synchronizing LSDBs
Neighbors Full Adjacency Establishment:
Neighbor State Machine

An OSPF router transitions a neighbor through several states before the neighbor is considered fully

      Down The initial state of a neighbor conversation indicates that no Hellos have been heard
       from the neighbor in the last RouterDeadInterval. Hellos are not sent to down neighbors
       unless those neighbors are on NBMA networks; in this case, Hellos are sent every
       PollInterval. If a neighbor transitions to the Down state from some higher state, the link state
       Retransmission, Database Summary, and Link State Request lists are cleared.
      Attempt This state applies only to neighbors on NBMA networks, where neighbors are
       manually configured. A DR-eligible router transitions a neighbor to the Attempt state when
       the interface to the neighbor first becomes Active or when the router is the DR or BDR. A
       router sends packets to a neighbor in Attempt state at the HelloInterval instead of the
      Init This state indicates that a Hello packet has been seen from the neighbor in the last
       RouterDeadInterval, but two-way communication has not yet been established. A router
       includes the Router IDs of all neighbors in this state or higher in the Neighbor field of the
       Hello packets.
      2-Way This state indicates that the router has seen its own Router ID in the Neighbor field of
       the neighbor's Hello packets, which means that a bidirectional conversation has been
       established. On multi-access networks, neighbors must be in this state or higher to be eligible
       to be elected as the DR or BDR. The reception of a Database Description packet from a
       neighbor in the init state also causes a transition to 2-Way.
      ExStart In this state, the router and its neighbor establish a master/slave relationship and
       determine the initial DD sequence number in preparation for the exchange of Database
       Description packets. The neighbor with the highest Router ID becomes the master.
      Exchange The router sends Database Description packets describing its entire link-state
       database to neighbors that are in the Exchange state. The router may also send Link State
       Request packets, requesting more recent LSAs, to neighbors in this state.
      Loading The router sends Link State Request packets to neighbors that are in the Loading
       state, requesting more recent LSAs that have been discovered in the Exchange state but have
       not yet been received.
      Full Neighbors in this state are fully adjacent, and the adjacencies appear in Router LSAs
       and Network LSAs.
                   Link-State Data Structures

To ensure an accurate database, OSPF use Sequencing, Checksum & Age.

OSPF floods (refresh) each LSA every LSRefreshTime (30 min). Each time a record is flooded, the sequence
number is incremented by one & This LSA (refresh) will reset the record MaxAge timer (60 min) when it
receives a new LSA update. An LSA (record) will never remain in the database longer than the MaxAge timer
(60 min / 3600 sec) without a refresh. And this is used to maintain & insure LSDB synchronized across the

Sequance number range: InitialSequenceNumber (0x80000001) to MaxSequenceNumber (0x7fffffff).

If the present sequence number is MaxSequenceNumber and a new instance of the LSA must be created, the
router must first flush the old LSA from all databases. This is done by setting the age of the existing LSA to
MaxAge (defined later in this section) and reflooding it over all adjacencies. As soon as all adjacent neighbors
have acknowledged the prematurely aged LSA, the new instance of the LSA with a sequence number of
InitialSequenceNumber may be flooded, Only the router that originated the LSA can prematurely age it.

The checksum is a 16-bit integer calculated using a Fletcher algorithm. The checksum is calculated over the
entire LSA with the exception of the Age field (which changes as the LSA passes from node to node and would
therefore require recalculation of the checksum at each node). The checksum of each LSA is also verified every
five minutes as it resides in the link-state database, to ensure that it has not been corrupted in the database.
When each router receives the LSU, it does the following:

1- If the LSA does not already exist, the router adds the entry to its LSDB, sends a link-state
Acknowledgment (LSAck) back, floods the information to other routers, runs SPF, and
Updates its routing table.

2- - If the entry already exists but the new received LSA includes newer information (it has a higher sequence
Number), the router adds the entry to its LSDB, sends an LSAck back, floods the information to other routers,
runs SPF, and updates its routing table.

3- If the sequence numbers are equal, then compare the checksums. The LSA with the highest
unsigned checksum is the more recent.

4- If the checksums are equal, then compare the age, If the difrence of ages of the LSAs is smaller than
15 minutes (known as MaxAgeDiff), then the new LSA is ignored.
Also . If only one of the LSAs has an age of MaxAge (3600 seconds), it is considered the more recent.

5- If the entry already exists but the LSA smaller Sequnce number, the router sends an LSU to the sender with
its newer information and its last update sequence number .

6- If none of the preceding conditions are met, the two LSAs are considered identical.
                         RID – DR & BDR Election

OSPF selects a router ID (RID) at startup time:
Manually: The router ID’s specified in the router-id cmd under the OSPF process.
If this command is used on an OSPF process that is already active, then the new RID is used after the next
Router reload or manual OSPF process restart (clearing).

Automatically: The highest IP address of an Active Logical interface (loopback), if no Logical
interface is configured & active, RID will be the highest IP address of an Active Physical interface.

DR & BDR Election steps:
1-The router with the highest OSPF priority is selected as the DR. The router with the second-
highest priority value is the BDR.

2-The default priority is 1 on all cisco interfaces so OSPF Use the router ID as the tiebreaker.

3-The router with the highest RID becomes the DR & The router with the second-highest
  RID becomes the BDR.

4- The DR election is non-preemptive, if a router with a higher priority value gets
added to the network, it does not preempt the DR and BDR. The only time that a
DR or BDR changes is when one of them is out of service. If the DR is out of service,
the BDR becomes the DR and a new BDR is selected. If the BDR is out of service, a
new BDR is elected.

A router with a priority set to 0 cannot become the DR or BDR. A router that is not the DR
or BDR is called a DROTHER. Priority range is 0 to 255.

Routers on the LAN also maintain a partial-neighbor relationship, a two-way adjacency state, with the other
routers on the LAN that are not the DR or BDR (DROTHERs).

After a DR and BDR have been selected, any router added to the network establishes adjacencies with the DR
and BDR only.
            The three types of networks defined by OSPF
                           on interfaces
• Point-to-point
• Broadcast
• Nonbroadcast (NBMA)

Point-to-point: A network that joins a single pair of routers, NO DR&BDR elected,
OSPF auto detects this interface type; OSPF packets are sent using multicast

Broadcast: A multi-access broadcast network, such as Ethernet. DR&BDR elected,
All neighbor routers form full adjacencies with the DR & BDR only.
Packets to the DR and the BDR use
Packets from DR to all other routers use

Nonbroadcast (NBMA): A network that interconnects more than two routers but that
has no broadcast capability. Frame Relay, ATM, and X.25 are considered as NBMA,
Five modes of OSPF operation are available for NBMA networks.

The default OSPF mode for NBMA networks:
Main Frame Relay interface is NBMA
On a point-to-point Frame Relay subinterface is point-to-point.
On a point-to-multipoint Frame Relay subinterface is NBMA

OSPF Mode Topology

   Standard area
      This default area accepts link updates, route summaries, and external routes.
   Backbone area (transit area)
       The backbone area is the central entity to which all other areas connect. The backbone area is labeled
      area 0. All other areas connect to this area to exchange and route information. The OSPF backbone
      includes all the properties of a standard OSPF area.
   Stub area
      This area does not accept information about routes external to the AS, such as routes from
       non-OSPF sources. (Type 5).
       If routers need to route to networks outside the AS, they use a default route, which is
       advertised into stub area by the ABR by default..
       Stub areas cannot contain (ASBRs) (except that the area border routers [ABRs] may
       also be ASBRs).
   Totally stubby area
        This area does not accept external AS routes or summary routes from other areas internal to the AS.
        No LSA Type 3 & 4 is allowed, If routers need to route to networks outside the AS, they use
        a default route, which is advertised into stub area by the ABR.
        Totally stubby areas cannot contain ASBRs (except that the ABRs may also be ASBRs).
   NSSA
      NSSA is an addendum to the OSPF RFC ( Cisco proprietary)This area defines a special LSA type 7.
      An NSSA offers benefits that are similar to those of a stub or totally stubby area.
      However NSSAs allow ASBRs, which is against the rule in a stub area.

OSPF Router Types:
     Internal routers: Routers that have all their interfaces in the same area and have identical LSDBs.
     Backbone routers: Routers that sit in the perimeter of the backbone area and have at least one
      interface connected to area 0. Backbone routers maintain OSPF routing information using the same
      procedures and algorithms as internal routers.
     ABRs: Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each
      area to which they connect, and route traffic destined for or arriving from other areas. ABRs are
      exit points for the area, which means that routing information destined for another area can get
      there only via the ABR of the local area. ABRs can be configured to summarize the routing
      information from the LSDBs of their attached areas. ABRs distribute the routing information into
      the backbone. The backbone routers then forward the information to the other ABRs. In a multiarea
      network, an area can have one or more ABRs.

     ASBRs: Routers that have at least one interface attached to an external internetwork (another
      autonomous system [AS]), such as a non-OSPF network. ASBRs can import non- OSPF network
      information to the OSPF network and vice versa; this process is called route redistribution.

For all types of LSAs, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID.
Every router generates router link advertisements for each area to which it belongs.

Type 1 ( O )
Router link advertisements describe the state of the links of the router to the area and are flooded only within
a particular area. The link-state ID of the type 1 LSA is the originating router ID.

Type 2       (O)
DRs generate network link advertisements for multi-access networks that describe the set of routers attached
to a particular multi-access network. Network link advertisements are flooded in the area that contains the
network. The link-state ID of the type 2 LSA is the IP interface address of the DR.

Types 3        ( OIA )
ABRs generate summary link advertisements.
These LSAs are flooded throughout the backbone area to the other ABRs. These link entries are not flooded
into totally stubby areas or not-so-stubby areas (NSSAs).
The link-state ID for type 3 LSAs is the destination network
Types 4 ( OIA )
I s generated by an ABR only when an ASBR exists within an area, It describes routes to ASBRs.
Its mainly used to let the ASBR reachable by all other Areas.
These link entries are not flooded into totally stubby areas or not-so-stubby areas (NSSAs).
The link-state ID for type 4 LSAs is the router ID of ASBR.

Type 5 ( OE1 & OE2 )
ASBRs generate AS external link advertisements. External link advertisements describe routes to destinations
external to the AS and are flooded everywhere with the exception of stub areas, totally stubby areas, and
Type 4 LSA is needed to find the ASBR.
The link-state ID of the type 5 LSA is the external network number.

Type 6
Type 6 LSAs are specialized LSAs that are used in multicast OSPF applications. (Group membership LSA)

Type 7
Type 7 is an LSA type that is used inside NSSAs. , its then Converted by the ABR to type 5 LSA.//////////

Type 8
Type 8 is a specialized LSA that is used in internetworking OSPF and Border Gateway
Protocol (BGP).

Types 9, 10, and 11
The opaque LSAs, types 9, 10, and 11, are designated for future upgrades to OSPF for
application-specific purposes. For example, Cisco Systems uses opaque LSAs for
Multiprotocol Label Switching (MPLS) with OSPF. Standard LSDB flooding mechanisms are
used for distribution of opaque LSAs. Each of the three types has a different flooding scope.
                              OSPF Convergence

The steps for OSPF convergence are as follows:

1- When a router detects a link failure, an LSA is sent to its
   neighbors. If the router is on a multi-access link, then the update is
    sent to the DR and BDR, not to all neighbors.

2- The path is removed from the originating router’s tables.

3- On receipt of the LSA, all routers update the topology table and at the same time
   flood the LSA out its interfaces.

4- The Dijkstra algorithm is run to rebuild the routing table.

Convergence is detection time, plus LSA flooding, plus 5 seconds before computing the
topology table. This comes to a few seconds. If convergence is deemed to be the topology
table being updated, this could take longer.
                             OSPF configurations

config)# router ospf <process #>
conf-router)# network < Net ID> < W.C > area <#>
conf-router)# network < Loopback ip add > < > area <#>                    (Optinal)

conf-router)#passive-interface <interface>

conf-router)#distance <N>                        (Define an administrative distance, default =110)

conf-router)#maximum –paths <N> (Up to 16 Links for load balance, Over equal                         Cost metric for same
paths type default is 4 paths)

conf-router)#default-information originate

conf-router)#        neighbor < ip-address> [priority #] [poll-interval # ] [cost # ] [database-filter all]
                                                                      (NBMA)   (NOT for NBMA)

conf-router)# router-id <ip add>
router# clear ip ospf process (clear ospf process or reload the router, For loopback                 to be a RID you must
reset the ospf by disable and enable it again or reload the router)

conf-router) # auto-cost reference-bandwidth <#>
                      (Default is 100, range from 1 to 4,294,967, cost=100/BW bps = 10^8/BW bps)


conf-router)# area <#> range <net ID + mask> cost <#> < advertise / not-advertise> (ABR )

conf-router)# summary-address <net ID + mask> < not-advertise > tag < tag>                                  (ASBR)
advertise: This is the default, to advertise the summary and its subnets for ABR.
not-advertise: NOT to advertise the summary range & suppress its subnets. (Suppress the summary & subnets),
               can be used in route filtering.
FOR ASBR, using summary address sends only summary routes & suppresses all subnets.
Clear txt authentication type 1
conf-router)# area <#> authentication
config)# int < Int >
config-if)# ip ospf authentication-key < key>
MD5 authentication type 2
conf-router)# area <#> authentication message-digest
config)# int < Int >
config-if)# ip ospf message-digest-key < key-ID> md5 < key>
Notes: passwords & key ID must be the same between neighbors, and all area must support authentication, as
authentication if enabled it must be enabled on the entire area.
Still OSPF doesn’t support key-chain config till the time of this writing.

                             Special area types
Stub config:

conf-router)# area <#> stub (configuring stub area, no LSA type 5 is allowed)
conf-router)# area <#> stub no-summary (configuring Totally stub area, no LSA type 3,4 & 5 is allowed)
conf-router)# area <#> default-cost <#> (add extra cost to default route, default is 1,
                                                                  valid range is 0 - 16777215)

NSSA config (no LSA type 5):

conf-router)# area <#> nssa metric-type (internal/external) metric <#>
no-summary no-redistribution default-information originate translate type7 supress-fa

no-summary: No LSA type 3 & 4 but inject a default route, as totally stub.

no-redistribution: No LSA type 7, no external routes is advertised from ABR/ASBR, & NO inject for default route,
                      but still receive type 3 & 4 LSA

default-information originate: Inject a default route. Useful with no-redistribution cmd.
                                 Special Link types

Virtual Link:
conf-router)# area <area-id> virtual-link <remote router-id > authentication <message-digest / null >
hello-interval <#> retransmit-interval <#> transmit-delay<#> dead-interval<#> authentication key key
message-digest-key <key-id> md5 <key>

# sh ip ospf virtual-link

Interface Commands:

config)# int < Int >
config-if)# ip ospf message-digest-key < key-ID> md5 < key>
config-if)# bandwidth <# in Kbps> (Optinal)
config-if)# ip ospf cost <cost>    (Optinal , range from 1 to 65,535.)
config-if)# ip ospf priority <#> (Optinal)
config-if)# ip ospf hello-interval <#> (Optinal)
config-if)# ip ospf dead-interval <#> (Optinal)
config-if)# ip ospf retransmit-interval <#> (Optinal, deault is 5 sec.)

config-if)# ip ospf         <process #> area <#> < secondaries none >
 ( used to enable OSPF explicitly on an interface & secondary none is used to Prevents secondary IP addresses on the
interface from being advertised )
Show Commands:

#sh ip route
#sh ip route ospf
# sh ip protocols

# sh ip ospf neighbors
# sh ip ospf neighbors < interface >< nei RID> <detail>

# sh ip ospf database
# sh ip ospf database database-summary
# sh ip ospf database router <link state-id > (display type 1 LSA in ospf database)
# sh ip ospf database network <link state-id > (display type 2 LSA in ospf database)
# sh ip ospf database summary <link state-id > (display type 3 LSA in ospf database)
# sh ip ospf database asbr-summary <link state-id > (display type 4 LSA in ospf database)
# sh ip ospf database external <link state-id > (display type 5 LSA in ospf database)
# sh ip ospf database nssa-external <link state-id > (display type 7 LSA in ospf database)

# sh ip ospf interface
# sh ip ospf interface <brief>

# sh ip ospf border-routers

# sh ip ospf virtual-link

# debug ip ospf events
# debug ip ospf adj
Configuring OSPF LSDB Overload Protection

conf-router)# max-lsa <maximum-number> <threshold-percentage> <warningonly>
ignore-time <min > ignore-count <count-number > reset-time <min >

This feature can limit the processing of non-self-generated LSAs for a defined OSPF process. As
Excessive LSAs generated by other routers can drain local router resources, available on Cisco IOS
Software Release 12.3(7)T and later + some specific earlier releases.

When this feature is enabled, the router keeps count of the number of received (non-self generated)
LSAs that it keeps in its LSDB.

 An error message is logged when this number reaches a configured threshold percentage, and a notification
is sent when it exceeds the threshold number.

If the LSA count still exceeds the threshold after one minute, the OSPF process takes down all
adjacencies and clears the OSPF database; this is called the “ignore” state.

In the ignore state, no OSPF packets are sent or received by interfaces that belong to that OSPF process.
The OSPF process remains in the ignore state for the time that is defined by the ignore-time Parameter,
default is 5 min.

The ignore-count parameter defines the maximum number of times that the OSPF process can consecutively
enter the ignore state before remaining permanently down and requiring manual intervention, default is 5

If the OSPF process remains normal for time that is defined by the reset-time parameter, the ignore -count is
reset to 0.

To top