OSPF

From Network Security Wiki
Jump to navigation Jump to search


Introduction

  • Attributes:
Type Link-State
Algorithm Dijkstra
Metric Cost (Bandwidth)
AD 110
Standard RFC 2328, RFC 2740
Protocols IP
Transport IP/89
Authentication Plaintext, MD5
AllSPF Address 224.0.0.5
AllDR Address 224.0.0.6
  • OSPF Hello Packet has TTL=1. It cannot cross a hop.[1]
  • Change AD in OSPF:
# router ospf 1
# distance 250 		   (useful in Protocol Migration)
# distance 255              (invalid; do not use these routes)


  • Metric Formula
OSPF-Metric.jpg

This can be modifiable with cmd:

router ospf 1
auto-cost reference-bandwidth 1000
  • All routers in an area have same Topology Table.
  • ABR localizes updates to an Area.
  • All Areas must connect to Area 0.
  • Hello message is sent:
Every 10 sec on Broadcast/Point-to-point network.
Every 30 sec on NBMA Network
  • Dead Timer is 4 times Hello message
40 sec  Broadcast/Point-to-point network.
120 sec NBMA Network
  • On receiving a hello, If my Router-ID is already listed, reset Dead Timer, stop further processing, else start Neighbor relationship processing.
OSPF Hello neighbor list.png
  • EIGRP keeps a backup path in case primary path fails. OSPF does not keep backup path, so needs to re-run SPF again.
  • Loopback interface is advertized as /32 address even if it is defined as /24, change this behavior:
int lo1
ip ospf network point-to-point


OSPF Databases and Tables

OSPF has 3 Databases used to create 3 Tables:

Database Table Name Description
Adjacency Database Neighbor Table
  • List of all neighboring routers to which a router has established bidirectional Communication.
  • This table is unique for each router.
  • show ip ospf neighbor
Link-State Database Topology Table
  • List of information about all other routers in the networks.
  • Shows the Network Topology
  • All routers within an area have identical link-state databases.
  • show ip ospf database
Forwarding Database Routing Table
  • List of routes generated when SPF is run on the Link-State Database.
  • Each router's routing table is unique.
  • show ip route

Packet types in OSPF

Type Packet Name Description
1 Hello Discovers Neighbors & builds adjacencies between them
2 Database Description(DBD)
  • Checks for database sync between routers
  • Summary of LSDB
3 Link-State request(LSR) Requests specific link-state records from other router
4 LSU Sends specifically requested link-state records(contain LSAs)
5 LSAck
  • Acknowledges the other packet types;
  • Sent for all packet types except for Hello & LSAck itself
  • Hello packet contains:
Router-ID                   Router Priority
Neighbors                   Area ID
Hello/Dead Timers           DR/BDR IP Address
Netmask                     Authentication Password

DR BDR

  • The DR serves as a common point for all adjacencies on a multiaccess segment
  • The BDR also maintains adjacencies with all routers in case the DR fails
  • Election does not occur on point-to-point or multipoint links, these routers listen only on 224.0.0.5 address.
  • Neighbor Table shows:
Ethernet -> Full/DR, Full/BDR
Serial   -> Full/-
  • DR preemption will not occur unless the current DR is reset
  • DR/BDR is not Area/AS specific; There is a DR/BDR for every shared Segment.
  • DROTHER is the name for other routers.
  • Router will be in Full state with only DR & BDR; all other routers will be in 2-way state.
  • Does not matter much which router becomes DR/BDR; except for Frame relay, where if Router with no access to full topology becomes DR, can cause serious issues.
  • Election:
Default priority (0-255) is 1
Highest priority wins
0 cannot be elected
In case of tie, Router with Highest Router ID wins election
  • Set priority 0:
int eth0/0
ip ospf priority 0

Virtual Links

  • Tunnel formed to join two areas across an intermediate Area.
  • Not a permanent solution but a temporary fix in case no direct link exists, else it is a poor design.
  • Depends on Router-ID. Needs to be hardcoded.
  • We link ABR to ABR in a virtual Link.
  • Forms a tunnel interface.
  • Both end routers must share a common area
  • At least one end must reside in area 0
  • Cannot traverse stub areas
  • Scenario
                         e0    e1           
[R1]---------[R2}----------[R3]-----------[R4]
     area0         area10        area 20
Here R3's e0 Interface is not having any issues
e1 Interface is problematic as it lies in area 20; not connected to BB.
  • Configuration:
R1> router ospf 1
R1> area 2 virtual-link 10.0.0.1
R2> router ospf 1
R2> area 2 virtual-link 10.0.0.2

Here:

10.0.0.1 & 10.0.0.2 are Router-IDs
Area 2 is the area of the transit area.
R1 & R2 are the ABRs of Area 2 & Area 3.

Verify:

show ip ospf virtual-link

Demand Circuit vs Flood Reduction

Source: cisco.com
  • OSPF sends hellos every 10 seconds and refreshes its LSAs every 30 minutes.
  • These functions maintain neighbor relationships and ensure that the link-state databases are accurate and use far less bandwidth than similar functions in RIP & IGRP.
  • However, even this amount of traffic is undesirable on demand circuits.
  • Using OSPF demand circuit options suppresses hello and LSA refresh functions.
  • OSPF can establish a demand link to form an adjacency and perform initial database synchronization, the adjacency remains active even after Layer 2 of the demand circuit goes down.
  • Cisco IOS version 12.1(2)T introduces the flooding reduction feature for OSPF.
  • This feature is intended to minimize traffic created by a periodic refresh of LSAs in OSPF domains with large number of LSAs.
  • Unlike the OSPF demand circuit feature, flooding reduction is usually configured on leased lines.
  • Flooding reduction uses same technique as demand circuits to suppress the periodic LSA refresh.
  • This feature is submitted for standardisation into the IETF OSPF working group.
  • The main difference between flooding reduction and demand circuits is that former suppresses only periodic LSA refreshes; it does not suppress periodic hello packets.
  • Thus, the flooding reduction feature does not impair the detection of a neighbor router going down.
ip ospf demand-circuit

Areas

  • We divide into areas when SPF runs too often i.e. when networks become too large.
  • ABR will have all information; Internal routers will have default routes.


Standard areas
Contain LSAs of type 1, 2, 3, 4, and 5, and may contain an ASBR. 
The backbone is considered a standard area.
Stub areas
Contain type 1, 2, and 3 LSAs.
Block Type 5 LSAs.
A default route is substituted for external routes.
Config:
  # router ospf 1
  # area 2 stub
Totally stubby area (Cisco propietary)
Only contain type 1 and 2 LSAs, and a single type 3 LSA.
Block LSAs Type 3,4,5.
The type 3 LSA describes a default route, substituted for all external and inter-area routes.
Config:
  # router ospf 1
  # area 2 stub no-summary
Not-So-Stubby areas
Implement stub or totally stubby functionality yet contain an ASBR.
Type 7 LSAs generated by the ASBR are converted to type 5 by ABRs when entering Backbone Area to be flooded to the rest of the OSPF domain.
Config:
  # router ospf 1
  # area 2 nssa
Not-So-Stubby Totally-Stubby areas
  # router ospf 1
  # area 2 nssa no-summary

Backbone Area

Why do we use Backbone Area?

Source: stackexchange.com

The reason for this star-like topology is that OSPF inter-area routing uses the distance-vector approach and a strict area hierarchy permits avoidance of the "counting to infinity" problem. 
OSPF prevents inter-area routing loops by implementing a split-horizon mechanism, allowing ABRs to inject into the backbone only Summary-LSAs derived from the intra-area routes, 
and limiting ABRs' SPF calculation to consider only Summary-LSAs in the backbone area's link-state database.
  • Simple example of OSPF's distance-vector behavior:
 <-- Area 5 --><-- Area 0 --><-------------- Area 4 ----------->
 R5-----------R1-----------R2------------R3---------------------R4
      Cost 3      Cost 5        Cost 7            Cost 12

               LSA-->          LSA-->
               Type3 LSA       Type3 LSA
               {From R1}       {From R2}
               R5 cost is 3    R5 cost is 8
  • Consider what happens to a /32 Loopback route for R5:
 R5 sends a Type1 LSA containing the /32 Loopback
 R1 (Area 5 ABR), is connected to Area 0; it translates the Type1 LSA into a Type3 LSA with a cost of 3.
 R2 (Area 4 ABR) receives R1's Type3 LSA (metric 3) and changes the metric to R5's Loopback, based on R2's cost to R1. 
 Now R2's Type3 LSA for R5 has a cost of 8. This is the distance-vector behavior.
  • Requiring all non-backbone routes to go through the backbone is a loop-prevention mechanism.
  • Connecting non-backbone OSPF areas at an ABR:
If 2 areas aren't connected through area 0 (discontiguous), how does OSPF behaving as a link state protocol increase the possibility of routing loops?
As we saw above, OSPF uses distance-vector behavior to send routes through the Area 0 backbone. 
Distance-vector protocols have well-known limits, such as the count-to-infinity problem. 
OSPF would be vulnerable to the same issues, if we didn't have boundaries on its behavior.
Can we use OSPF without area 0?
There is only one way to use OSPF without an Area 0, and that is to use OSPF with a single area. 
If you only have one OSPF area, you can number it any way you like, but if you have even two areas, you must have an Area 0.


LSA

  • LSA Details:
Type 1 - Router LSAs
Sent from a router to other routers in the same area. 
It contains information regarding the routers interfaces in the same area, relevant interfaces IPs, its adjacent routers on those interfaces and sub networks
Type 2 - Network LSAs
Generated by the DR on a multi access segment
Represents the pseudonode(DR) for a multiaccess link. 
Provides similar information to an LSA type 1 for the multi access segment and subnet which it belongs
Type 3 - Network Summary LSA / ABR Summary Route
Generated by ABRs
Contain the subnets & costs 
Omit the topological data from all subnets in one area and sent to another area via the ABR
Type 4 - ASBR summary LSA / ASBR Location
Same as summary LSA except the destination advertised by ABR is ASBR.
ABR which is in the same area as the ASBR will originate the Type 4 LSA.
The (assumed) presence of an ASBR is communicated from its immediate ABR via a type 1 LSA with the E flag set(which does not constitute a type 4 LSA) sent into backbone area 0. 
The only type 4 LSA generated in this example is sent from router C into area 2,
Type 5 - AS external LSA / ASBR Summary Route
Generated by ASBRs
Flooded throughout the AS to advertise a route external to OSPF
Type 7 - NSSA External LSA
Generated by the ASBR in an NSSA area
Used in stub areas in place of a type 5 LSA.
Converted into a type 5 LSA by the ABR when leaving the area
  • LSA as per Areas[2]:-
OSFF LSA 2.png


Adjacency

  • OSPF neighbor requirements:
  1. Same area
  2. Same authentication config
  3. Same subnet
  4. Same Hello/Dead interval
  5. Matching stub flags


  • Difference between Adjacency & Neighbor:
  1. Only Adjacent Routers can sync Link State DB
  2. Point-to-Point Links: If Neighbors, Adjcency automatically established
  3. Broadcast Link: Adjacency established with DR & BDR only, rest are in 2-way state[3]
  4. Point-to-Multipoint:_________
  5. Neighbor means Physical Connectivity(Direct)
  6. Adjacency means Database Syncronization
  7. Neighbor Requirements:
    1. Hello exchange => Subnet Mask, Subnet Number, Hello/Dead Interval, Area ID, Authentication must match.
    2. Exchange hellos but not LSAs(2-Way State).
  8. Adjacency Requirements:
    1. Exchange LSAs
    2. Both routers are in Stable(Full) State.
  9. Still final LSDB is same even in Neighbors as well as Adjacent routers.


OSPF Neighbor Relationship

1. Determine you own Router-ID:

Highest Active Interface IP < HIghest Active Loopback Interface IP < Router-ID Command
Router-ID is determined during 1st neighbor establishment process.
It only changes when:
   - OSPF process is restarted (# clear ip ospf process)
   - Rebooted Router

2. Add Interfaces to Link State Database (Network command):


Neighbor States[4]
State Details
1. Down
  • OSPF process not yet started, No hellos sent.
  • Starting state for all OSPF routers.
  • A start event, such as configuring the protocol, transitions the router to the Init state.
  • The local router may list a neighbour in this state when no hello packets have been received within the specified router dead interval for that interface.
2. Attempt
  • Valid only for Non-Broadcast Multi-Access (NBMA) networks.
  • Similar to Down state, router is in the process of concerted efforts to establish a conversation with another router.
  • A hello packet has not been received from the neighbor and the local router is going to send a unicast hello packet to that neighbor within the specified hello interval period.
3. Init
  • Hello packets sent out from all interfaces, but two-way conversation is not established.
  • OR when an OSPF router receives a hello packet but the local router ID is not listed in the received Neighbour field.
  • This means that bidirectional communication has not been established between the peers.
4. 2-Way
  • Received a hello from another router that contains its own router ID in neighbor list.
  • Thus, bidirectional communication has been established and the peers are now OSPF neighbors.
  • Only Neighborship has been formed, databases haven’t been exchanged.
5. ExStart
  • Determine which router is in charge of the database synchronization process.
  • Determined by priority, Router-ID breaks Tie if all have same priority
6. Exchange
  • The local router and its neighbor exchange DBD packets listing LSAs in their LS database by RID & sequence number that describe their local databases.
  • Master sends DBD first, then Slave sends it.
7. Loading
  • Each router compares the DBD received to the contents of its LS database.
  • It then sends a LSR for missing or outdated LSAs.
  • Each router responds to its neighbor's LSR with a LSU.
  • Slave sends LSR first, Master sends LSU with multiple LSAs.
  • Master sends LSR, Slave sends LSU with multiple LSAs.
  • Each LSU is acknowledged.
8. Full
  • The LSDB of neighbors are fully synchronized.
  • It represents a fully functional OSPF adjacency.
  • Local router is having received a complete link-state database from its peer.
  • Both neighboring routers in this state add the adjacency to their local database and advertise the relationship in a link-state update packet.
  • SPF algorithm is run to find best paths to each route & put it in Routing Table.


Routing

Summarization

  • Only ABR & ASBR can do Summarization in OSPF. In EIGRP Summarization can be done anywhere.
  • Summarization at ABR:
area 20 range 10.20.0.0 255.255.252.0
  • Summarization at ASBR:
summary-address 172.16.0.0 255.255.252.0
  • Summarization:
10.10.0.0/24 => 10.10.0.0 - 10.10.3.255
10.10.1.0/24
10.10.2.0/24
10.10.3.0/24
1st method

3rd octet is:

128 64 32 16 8 4 2 1
 1   1  1  1 1 1 0 0 => 6
10.10.0.0/24
8+8+6+0 = /22
2nd Method

3rd octet is:

0 0 0 0 0 0|0 0
0 0 0 0 0 0|0 1
0 0 0 0 0 0|1 0
0 0 0 0 0 0|1 1
6 bits remain same
8+8+6+0 = /22

So best summary route will be:

10.10.0.0/22

Route Types

OSPF external type 1 - E1
  • Metric Increments as they traverse through network.
  • Used when multiple exit paths exist
[Ext network]---------[R1]-----------[R2]
                200            10
Cost for E1 route in R2 will be 200 + 10 = 210


OSPF external type 2 - E2 (Default)
  • Cost does not increment in Network
  • Used only when one Exit point exists.
  • Bit easy for processor.
[Ext network]---------[R1]-----------[R2]
                200            10
Cost for E2 route in R2 will be 200
OSPF NSSA external type 1 - N1
   Paste.png     This section is under construction.
OSPF NSSA external type 2 - N2
   Paste.png     This section is under construction.
OSPF inter area - IA
   Paste.png     This section is under construction.
OIA
   Paste.png     This section is under construction.
Route Selection Hierarchy - E1, E2, N1, N2
   Paste.png     This section is under construction.

N1 N2 E1 E2

  • Type 5 is E and Type 7 is N.
  • An external route will be tagged as a Type 5 LSA (E route).
  • This LSA is circulated throughout the OSPF domain except for Stub, Totally Stubby and NSSA.
  • Stub areas are not allowed to have external routes there should be no ASBR in a Stub area, else configure it as NSSA.
  • A route redistributed inside an NSSA area is a Type 7 LSA or N route.
  • This LSA is circulated only within the NSSA area.
  • E1 or E2 or N1 or N2 type routes are based upon cost of the route.
  • E2 or N2 routes tell OSPF routers to set the metric as the metric at the point of redistribution.(At the ASBR)
  • E1 or N1 routes tell OSPF routers to add the internal costs to reach the ASBR to the cost set at the point of redistrbution (At the ASBR)
1. N1 & E1 are preferred over N2 & E2 for the same route
2. When N1 & E1 have the same route to the destination, the one that have lower cost / Metric will win and get into the route table
3. If both N1 & E1 have the same cost, P-bit in N1 will be used to break the tide.
4. If P-bit is 0 (Then it would become E1) then we will have 2 E1 routes install into the routing table. (otherwise if maximum-path = 1, LSA with Higher Router-ID will get installed


Withdraw OSPF Routes

  • Router LSA:
When a link fails, the connected OSPF routers send an updated LSA which omits the now shutdown link from it’s list of connected links.  
This new LSA has an incremented sequence number which replaces the old LSA in the LSDB of all routers in that area.
OSPF will kick off a new SFP run, calculate a new topology and remove any routes associated with that link.
  • Summary LSA
If no summarisation done on ABR, it will create a Type-3 Summary LSA for every Type-1 stub-network prefix.
The ABR senda a new Summary LSA with updated sequence number flagged as unreachable by setting it’s 24-bit metric field to all Ones called LSInfinity with decimal value of 16777215.  
The LSA requests that it be flushed from the receiver’s LSDB by setting it’s LSAge to MaxAge (3600 seconds).
  • External LSA
When the link goes down the ASBR will send an updated Type-5 LSA for the prefix with an updated sequence number with link cost of LSIninity and LSAge to MaxAge.  
Type-5 prefix withdrawal is simpler as Type-5 LSAs have domain-wide flooding scope.
As such the poisoned LSA will immediately be flooded to all routers in the OSPF domain, regarded as unreachable and flushed from the receivers LSDB and routing tables.

R&S Quick Notes

    The Neighbor IP used with OSPF distance command is the Neighbors Router-ID.
    “area range” summarize type 3 LSA’.
    “summary-address” summarize type 5 & 7 LSA’s.
    Auto-cost reference BW (Default = 100mb), formula = Ref-BW/Int-Bw.
    Switches do no support the interface command “ip ospf {pid} area {area-id}” .
    OSPF path selection: O > O*IA > O*E1 > O*E2.
    Using E1 metric type : Packets will be routed out the closest exit point of the network.
    Using E2 metric type : If you want packets to exit your network at the closest point to their external destination.
    Don’t forget with hub and spoke topology, “ip ospf priority 0″.
    PITFALL, when forbid to use RID, Loopbacks created later on might change the DR on you network after a reload.
    PITFALL, when forbid to use RID, Later requested to configure the same loopback on two routers, could break your adjacencies, as two router cant peer with the same RID.
    “no capability transit” – Mimics OSPFv1 behaviour for all data traffic to pass through Area-0.
    “max-metric” – Configures OSPF stub configurations
    “max-lsa” – Limit amount of non-local LSA’s
    “timers throttle lsa all” – Slow down update rate.
    “timers pacing lsa-group” – Group more LSA’s together in updates.
    “no ip ospf flood-reduction” – Disables every 30-min LSA DB refresh.
    “ip ospf database filter all out” – Breaks RFC, Stop sending LSA’s, but still receive LSA’s

Concept Recap

Protocol Number = 89, TTL=1, DES IP = 224.0.0.5 & 6
Network Types:
    PTP:
        No DR, BDR and ospf packets are sent to MC address.
    Broadcast: (ethernet, token ring, FDDI)
        DR, BDR election occurs and communicates using .5 and .6 address.
        DR and BDR listen to .5 and .6 addresses.
    NBMA network: (Frame relay, ATM)
        Manual configuration of neighbors and DR/BDR.
        All communication via unicast
    Point to multipoint:
        No DR and BDR. Neighbor statement not necessary.
        Unicast
    Virtual link:
        Packets are unicast.
OSPF packet types:
    Hello – type 1
    Database description – type 2
    LS request – type 3
    LS update – type 4
    LS ACK – type 5
To bring neighborship up, following fields should be matched:
    Hello interval, Dead interval, area ID, network mask, option fields and authentication, if any
Neighborship will not form via secondary address. Other words, router will not generate hello packet with SRC IP = secondary IP.
DR/BDR election:
    Highest Priority
    Tie, highest router ID
    Tie, highest interface address.
    No preempt. So, first come will elect as DR, BDR, DRother. So, always start the router which has to be DR and then BDR and then other routers.
    Priority=0 means ineligible to become DR/BDR.
    When interface comes up, it sets DR,BDR to 0.0.0.0 and wait for ‘wait timer’= router dead interval. Within that period, if it receives hello with DR/BDR filled, accept those. Else if the time period elapse, move to BDR and then to DR.
Timers:
    Default H=10 sec and D= 40 sec
    InfTransDelay = 1 sec. change by “ip ospf transmit-delay’
    RxmtInterval = 5 sec. Change by “ip ospf retramit-delay’
Neighbor state machine:
    Down: at initial
    Attempt: Only in NBMA
    Init: Hello packet received. But couldn’t see our ID in its active neighbor list.
    2-way:Could see our ID in neighbor list
    Exstart: Start electing master/slave to exchange DBD packets. Highest router ID becomes master.
    Exchange: exchange the LSA headers using DBD packets.
    Loading: Syn the LSD using LS request and LS update. In real scenario, both Exchange and loading occurs parallel.
    Full: Database was sync-ed.
DBD packet:
    Have Interface MTU settings.
    Initial(I) bit, More (M) bit and Master/Slave (MS) bit
        First DBD packet sent with I/M/MS = 1/1/1 with seq =x
        Neighbor sends DBD with I/M/MS = 1/1/1 with seq = y
        After master selection, slave send DBD with I/M/MS = 0/1/0 with seq = master seq + 1.
Retransmission packets are always unicast.
Use stub concept and summarization to reduce memory and CPU utilization.
Sequence number, checksum and age uniquely defines as LSA:
    Seq #:
        From 0×80000001 to 0x7fffffff
        If the seq# reaches 0x7ffffff, router flushes those LSA with age = MAXage.
    Checksum:
        Calculated entire LSA except age field.
        Checksum is verified every 5 mins as it resides in LSD.
    Age:
        0 to 3600 (1 Hr-MaxAge)
        Age increments when it resides in LSA and also incremented by ‘Infdelay’ value as it transits an interface.
Virtual Links:
    Must be configured between 2 ABRs alone.
    Transit area must have full routing information.
    Transit area cannot be stub.
    Usually it is the worst design and needs to be changed.
    Can temporarily deploy to avoid partitioned area.
LSA types:
    Router LSA:
        Type-1. Generated by all routers with all active networks which has ospf configured.
        Show ip ospf database router
        LSAs are flooded within an area only.
        Above command should have same output in all routers in an area. Seq #,checksum etc should be same.
    Network LSA:
        Type-2: Generated by the DR with network ID of the BC network.
        Show ip ospf database network
        No metric field as in router LSA.
        LSAs are flooded within an area only.
    N/w summary LSA:
        Type-3:  Generated by ABR to advertise the networks in another area.
        If there are multiple routes to a destination, ABR advertise only the lowest cost route to its area along with cost metric.
        Means, intra area routers use distance-vector protocol to know about inter-area routes.
        Show ip ospf database summary
    ASBR summary LSA:
        Type-4; Same as summary LSA except the destination advertised by ABR is ASBR.
        Show ip ospf database asbr-summary
    AS external LSA:
        Type-5; Advertise routes external to OSPF domain.
        Typically redistribution of RIP, ISIS etc
        Show ip ospf database external
        Not associated with any area.
    Group-Membership LSA:
        Type-6; Used in MOSPF- multicast ospf
    NSSA external LSA:
        Type-7; originated by ASBR within NSSA
        Show ip ospf database nssa-external
        Flooded within NSSA region only.
        ASBR can set/reset “P-bit” under “options field” of every LSA.
        Only if NSSA-ABR receives type-7 LSA with P-bit set, it will translate into type-5 LSA and flood to other areas.
    External Attribute LSA:
        Type-8. Can be used as alternative to iBGP
        Not deployed yet.
    Opaque LSA:
        Type- 9,10,11
        Extension to OSPF. Used for TE in MPLS.
Areas:
    Backbone area:
        Area-0. Need for inter-area communication.
        If there is only one area, no need for area-0
        All types of LSAs except type-7 can be seen.
    Stub area:
        Single exist point for inter-area communication. But still can have more than one ABR.
        Have info about OSPF domain areas. Both intra and inter-area routes.
        No info about external (other domain) routes. Hence, ABR sends a default route.
        Type-1,2 and 3 LSAs can be seen.
        All the routers should have “E-bit” set to 0 in their hello packets to form adjacency.
        Command: “area x stub”
    Totally stubby area:
        Router has info about its area alone. No info about inter-area routes.
        Can see type-1, type-2 LSAs and single default route type-3 LSA by ABR.
        Command: ‘area x stub no-summary’
    NSSA:
        Same property as stub area (not totally-stub area) with exception of allowing other domain routes as Lype-7 LSA.
        No default route from ABR. (unless ‘default-info originate’ CLI configured where N2 default route (or) ‘area x nssa no-summary’ configured. In later, IA routes will not be available and default route has IA tag)
        Can see Type-1,2,3,4 and type-7 LSAs.
        Command: ‘area x nssa’.
Path types:
    Intra-area paths
    Inter-area paths. Denoted by “IA” in show ip route.
    E1:
        Cost = advertised by ASBR + cost to ASBR
    E2:
        Cost = advertised by ASBR. Enabled by default.
        If there is only one ASBR in OSPF, there is no necessity of adding cost to ASBR. Hence E2 is default.
        If there are more than on ASBR, enable E1.
Authentication:
    No authentication: Type-0
    Simple password: Type-1
    MD5 password: Type-2
Few points:
    Router LSA of ABR will have “B-bit” set in router-lsa packet
    Router LSA of ASBR will have “E-bit” set in router-lsa packet
    When NSSA ABR, translates type-7 LSA to type-5 LSA, it advertise with “Advertising Router” field set to its own router ID and it changes to ASBR. It could be confirmed by seeing “E” bit set in router LSA packet.
    “Options field” in OSPF hello, DBD and every LSA: From MSB
        DN – used in MPLS VPN. To detect loop.
        O- Set to indicate routers’ opaque LSA support.
        DC- OSPF over Demand circuit.
        EA – external attribute support
        N/P bit
            N bit in hello: Set to indicate support for NSSA external LSAs. Mismatch will not bring adjacency
            P-bit in NSSA external LSA header: to inform ABR to translate T-7 to T-5 LSAs.
        MC – set to indicate multicast ospf capability
        E – E bit=0 to indicate stub area.
        MT – set to indicate Multi-topology OSPF support. Under development.
Troubleshooting point of view: few
    Neighborship not coming UP:
        Check for Hello packet parameter match
        Network ID in correct area??
        Access-list blocking OSPF packets??
        Packet dropped on the way to CP incase if interface multicast count is incrementing??
        Check Stub-area configuration?? Virtual link via stub area??
    Neighborship UP but no advertised  routes in database:
        Enable debug and check for LSupdate packets.
    Routes in OSPF database but not in routing table:
        Routes via another protocol which has AD less than OSPFs??
        One end of router has “ip ospf network PTP’ whereas other end router has default BC network type.
        In case of external routes not installed in routing table, check whether the forwarding address is reachable. If not, configure ‘suppress-fa’ option at the NSSA ABR.
    If an LSA has less age or high sequence number among others, we need to look for why this network was keep flapping and flooding updates. Might be reason for high CPU utilization.
Observations:
    ABR with area-1 and area-2 only.
        Routes from area-1 are not leaked into area-2 using type-3 network summary LSA.
    Authentication:
        Configure ‘ip ospf authentication’ to change to type-1. No user-defined password possible.
    For loopback IP to become router-id either remove and reapply the ospf configuration or configure ‘router-id’ command.
    DBD packet can have multiple LSA headers each can be of different type.(T1/T2)
    When we change the network type to ‘point-point’, the interface will send a hello with DR,BDR =0 and no neighbor IDs in active neighbor field. This makes other end router to move to init.
    In BC network: DBD, LS request and LS updates are exchanged via unicast. LS update (repeat) and LS ACK are sent to 224.0.0.5
    In  PTP, all communications via 224.0.0.5
    Changing hello packet parameters (hello interval, dead interval etc) on one end makes the other end router to ignore those hello packets which has modified parameters.
    Both side of router configured with priority =0 with default n/w type, they will stuck in 2way/DRother.
    In an already existing stub network, if we change to totally stub, border router send an update with IA routes’ age= 3600 for flushing from database. Same as in ‘clear ip ospf process’
    Redistributing RIP to ospf in a router which is inside a stub network:
        “%OSPF-4-ASBR_WITHOUT_VALID_AREA: Router is currently an ASBR while having only one area which is a stub area”
    Summarization has no effect of external routes (E1/E2).

LAB

Troubleshooting

  • If OSPF is stuck in INIT State, check Netmask, Hello/Dead Timer, Area ID, Authentication password.
  • On a shared/ethernet network, only 2 router, DR & BDR will form full relationship, all others will stay in 2-way state.[5]
  • If OSPF is stuck in ExStart State, MTU mismatch may be the cause, as it is requirement to successfully pass DBD Packets.

Matching MTU is not a Adjacency Requirement, but is required to successfully pass Database Descriptor Packets

  • In OSPF, MTU Mismatch causes neighbors swinging between ExStart state to Down state
Mar  1 00:10:09.535: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.10.1 on Ethernet0/0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions

Basic OSPF Lab

Topology.png

GNS3 Project: File:CBT Nuggets OSPF Lab.zip

Objectives

1. Config OSPF:

R1 will act as ASBR by redistributing static routes into OSPF.  
Metric of these routes should not increase as they pass through network and should have initial OSPF cost of 200. 
All routers have should have router-id as their hostname.

2. Find out which router is DR & BDR.
3. R1 should become DR, R2 & R3 should not be DR or BDR.

Find out relation between R1 & R2; R2 & R3. 

4. Implement summarization on ABRs to make routing table most efficient
5. Implement summarization on ASBRs; Summary routes should have same attributes as original routes.
6. Change Metric to accurately calculate cost for Gigabit Ethernet links.

Configurations

R1 Config:

!
interface Ethernet0/0
 ip address 172.30.0.1 255.255.255.0
 half-duplex
!
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 auto-cost reference-bandwidth 1000
 summary-address 172.16.0.0 255.255.252.0
 redistribute static metric 200 subnets
 network 172.30.0.1 0.0.0.0 area 0
!
!
ip route 172.16.0.0 255.255.255.0 Null0
ip route 172.16.1.0 255.255.255.0 Null0
ip route 172.16.2.0 255.255.255.0 Null0
ip route 172.16.3.0 255.255.255.0 Null0
!

R2 Config:

!
interface Ethernet0/0
 ip address 172.30.0.2 255.255.255.0
 ip ospf priority 0
 half-duplex
!
interface Serial1/0
 ip address 172.30.10.2 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 auto-cost reference-bandwidth 1000
 area 10 range 10.10.0.0 255.255.252.0
 network 172.30.0.2 0.0.0.0 area 0
 network 172.30.10.2 0.0.0.0 area 10
!
!

R3 Config:

!
interface Ethernet0/0
 ip address 172.30.0.3 255.255.255.0
 ip ospf priority 0
 half-duplex
!
!
interface Serial1/0
 ip address 172.30.20.3 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 auto-cost reference-bandwidth 1000
 area 20 range 10.20.0.0 255.255.252.0
 network 172.30.0.3 0.0.0.0 area 0
 network 172.30.20.3 0.0.0.0 area 20
!
!

R4 Config:

interface Loopback1
 ip address 10.20.0.1 255.255.255.0
!
interface Loopback2
 ip address 10.20.1.1 255.255.255.0
!
interface Loopback3
 ip address 10.20.2.1 255.255.255.0
!
interface Loopback4
 ip address 10.20.3.1 255.255.255.0
!
!
interface Serial1/0
 ip address 172.30.20.4 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 auto-cost reference-bandwidth 1000
 network 10.0.0.0 0.255.255.255 area 20
 network 172.30.20.4 0.0.0.0 area 20
!
!

R5 Config:

!
interface Loopback1
 ip address 10.10.0.1 255.255.255.0
 ip ospf network point-to-point
!
interface Loopback2
 ip address 10.10.1.1 255.255.255.0
!
interface Loopback3
 ip address 10.10.2.1 255.255.255.0
!
interface Loopback4
 ip address 10.10.3.1 255.255.255.0
!
!
interface Serial1/0
 ip address 172.30.10.5 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 auto-cost reference-bandwidth 1000
 network 10.10.0.0 0.0.255.255 area 10
 network 172.30.10.5 0.0.0.0 area 10
!
!

Command Line Outputs

show ip interface brief
  • R1:
R1# show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                172.30.0.1      YES manual up                    up      
Ethernet0/1                unassigned      YES unset  administratively down down    
Ethernet0/2                unassigned      YES unset  administratively down down    
Ethernet0/3                unassigned      YES unset  administratively down down    
Serial1/0                  unassigned      YES unset  administratively down down    
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
  • R2:
R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                172.30.0.2      YES manual up                    up      
Ethernet0/1                unassigned      YES unset  administratively down down    
Ethernet0/2                unassigned      YES unset  administratively down down    
Ethernet0/3                unassigned      YES unset  administratively down down    
Serial1/0                  172.30.10.2     YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
  • R3:
R3#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                172.30.0.3      YES manual up                    up      
Ethernet0/1                unassigned      YES unset  administratively down down    
Ethernet0/2                unassigned      YES unset  administratively down down    
Ethernet0/3                unassigned      YES unset  administratively down down    
Serial1/0                  172.30.20.3     YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
  • R4:
R4# show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES unset  administratively down down    
Ethernet0/1                unassigned      YES unset  administratively down down    
Ethernet0/2                unassigned      YES unset  administratively down down    
Ethernet0/3                unassigned      YES unset  administratively down down    
Serial1/0                  172.30.20.4     YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
Loopback1                  10.20.0.1       YES manual up                    up      
Loopback2                  10.20.1.1       YES manual up                    up      
Loopback3                  10.20.2.1       YES manual up                    up      
Loopback4                  10.20.3.1       YES manual up                    up      
  • R5:
R5#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES unset  administratively down down    
Ethernet0/1                unassigned      YES unset  administratively down down    
Ethernet0/2                unassigned      YES unset  administratively down down    
Ethernet0/3                unassigned      YES unset  administratively down down    
Serial1/0                  172.30.10.5     YES manual up                    up      
Serial1/1                  unassigned      YES unset  administratively down down    
Serial1/2                  unassigned      YES unset  administratively down down    
Serial1/3                  unassigned      YES unset  administratively down down    
Loopback1                  10.10.0.1       YES manual up                    up      
Loopback2                  10.10.1.1       YES manual up                    up      
Loopback3                  10.10.2.1       YES manual up                    up      
Loopback4                  10.10.3.1       YES manual up                    up      
Routing Tables
  • R1:
     172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
S       172.16.0.0/24 is directly connected, Null0
O       172.16.0.0/22 is a summary, 01:05:49, Null0
S       172.16.1.0/24 is directly connected, Null0
S       172.16.2.0/24 is directly connected, Null0
S       172.16.3.0/24 is directly connected, Null0
     172.30.0.0/24 is subnetted, 3 subnets
O IA    172.30.20.0 [110/747] via 172.30.0.3, 00:53:45, Ethernet0/0
C       172.30.0.0 is directly connected, Ethernet0/0
O IA    172.30.10.0 [110/747] via 172.30.0.2, 00:53:46, Ethernet0/0
     10.0.0.0/22 is subnetted, 2 subnets
O IA    10.10.0.0 [110/748] via 172.30.0.2, 00:53:46, Ethernet0/0
O IA    10.20.0.0 [110/748] via 172.30.0.3, 00:53:46, Ethernet0/0
  • R2:
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.0.0 [110/200] via 172.30.0.1, 00:53:15, Ethernet0/0
     172.30.0.0/24 is subnetted, 3 subnets
O IA    172.30.20.0 [110/747] via 172.30.0.3, 00:53:15, Ethernet0/0
C       172.30.0.0 is directly connected, Ethernet0/0
C       172.30.10.0 is directly connected, Serial1/0
     10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O       10.10.1.1/32 [110/648] via 172.30.10.5, 00:53:15, Serial1/0
O       10.10.0.0/24 [110/648] via 172.30.10.5, 00:53:17, Serial1/0
O       10.10.0.0/22 is a summary, 00:53:17, Null0
O       10.10.3.1/32 [110/648] via 172.30.10.5, 00:53:17, Serial1/0
O       10.10.2.1/32 [110/648] via 172.30.10.5, 00:53:17, Serial1/0
O IA    10.20.0.0/22 [110/748] via 172.30.0.3, 00:53:17, Ethernet0/0
  • R3:
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.0.0 [110/200] via 172.30.0.1, 00:53:37, Ethernet0/0
     172.30.0.0/24 is subnetted, 3 subnets
C       172.30.20.0 is directly connected, Serial1/0
C       172.30.0.0 is directly connected, Ethernet0/0
O IA    172.30.10.0 [110/747] via 172.30.0.2, 00:53:37, Ethernet0/0
     10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA    10.10.0.0/22 [110/748] via 172.30.0.2, 00:53:37, Ethernet0/0
O       10.20.3.1/32 [110/648] via 172.30.20.4, 00:53:38, Serial1/0
O       10.20.2.1/32 [110/648] via 172.30.20.4, 00:53:38, Serial1/0
O       10.20.1.1/32 [110/648] via 172.30.20.4, 00:53:38, Serial1/0
O       10.20.0.0/22 is a summary, 00:53:38, Null0
O       10.20.0.1/32 [110/648] via 172.30.20.4, 00:53:38, Serial1/0
  • R4:
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.0.0 [110/200] via 172.30.20.3, 00:53:42, Serial1/0
     172.30.0.0/24 is subnetted, 3 subnets
C       172.30.20.0 is directly connected, Serial1/0
O IA    172.30.0.0 [110/747] via 172.30.20.3, 00:53:42, Serial1/0
O IA    172.30.10.0 [110/1394] via 172.30.20.3, 00:53:42, Serial1/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA    10.10.0.0/22 [110/1395] via 172.30.20.3, 00:53:42, Serial1/0
C       10.20.2.0/24 is directly connected, Loopback3
C       10.20.3.0/24 is directly connected, Loopback4
C       10.20.0.0/24 is directly connected, Loopback1
C       10.20.1.0/24 is directly connected, Loopback2
  • R5:
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.0.0 [110/200] via 172.30.10.2, 00:53:27, Serial1/0
     172.30.0.0/24 is subnetted, 3 subnets
O IA    172.30.20.0 [110/1394] via 172.30.10.2, 00:53:27, Serial1/0
O IA    172.30.0.0 [110/747] via 172.30.10.2, 00:53:27, Serial1/0
C       172.30.10.0 is directly connected, Serial1/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C       10.10.0.0/24 is directly connected, Loopback1
C       10.10.1.0/24 is directly connected, Loopback2
C       10.10.2.0/24 is directly connected, Loopback3
C       10.10.3.0/24 is directly connected, Loopback4
O IA    10.20.0.0/22 [110/1395] via 172.30.10.2, 00:53:29, Serial1/0
Topology Tables
  • R1:
R1#sh ip ospf database 

            OSPF Router with ID (1.1.1.1) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         1583        0x80000009 0x0029FC 1
2.2.2.2         2.2.2.2         1320        0x80000007 0x00EB34 1
3.3.3.3         3.3.3.3         1425        0x8000000E 0x009F70 1

		Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
172.30.0.1      1.1.1.1         82          0x80000004 0x0098B2

		Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.10.0.0       2.2.2.2         1320        0x80000005 0x00A2F2
10.20.0.0       3.3.3.3         1425        0x80000003 0x001079
172.30.10.0     2.2.2.2         1320        0x80000004 0x0008CB
172.30.20.0     3.3.3.3         1425        0x8000000A 0x006F50

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
172.16.0.0      1.1.1.1         82          0x80000006 0x003AEE 0
  • R2:
R2#sh ip ospf database 

            OSPF Router with ID (2.2.2.2) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         1600        0x80000009 0x0029FC 1
2.2.2.2         2.2.2.2         1335        0x80000007 0x00EB34 1
3.3.3.3         3.3.3.3         1442        0x8000000E 0x009F70 1

		Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
172.30.0.1      1.1.1.1         98          0x80000004 0x0098B2

		Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.10.0.0       2.2.2.2         1335        0x80000005 0x00A2F2
10.20.0.0       3.3.3.3         1442        0x80000003 0x001079
172.30.10.0     2.2.2.2         1335        0x80000004 0x0008CB
172.30.20.0     3.3.3.3         1442        0x8000000A 0x006F50

                Router Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         1335        0x8000000B 0x0072C4 2
5.5.5.5         5.5.5.5         1323        0x8000000B 0x003F4C 6

		Summary Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum
10.20.0.0       2.2.2.2         1337        0x80000004 0x001810
172.30.0.0      2.2.2.2         1337        0x80000004 0x0005FD
172.30.20.0     2.2.2.2         1337        0x80000005 0x0083E0

		Summary ASB Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         2.2.2.2         1337        0x80000004 0x00F6D1

		Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
172.16.0.0      1.1.1.1         101         0x80000006 0x003AEE 0
  • R3:
R3#sh ip ospf database 

            OSPF Router with ID (3.3.3.3) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         1606        0x80000009 0x0029FC 1
2.2.2.2         2.2.2.2         1343        0x80000007 0x00EB34 1
3.3.3.3         3.3.3.3         1446        0x8000000E 0x009F70 1

		Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
172.30.0.1      1.1.1.1         105         0x80000004 0x0098B2

		Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.10.0.0       2.2.2.2         1343        0x80000005 0x00A2F2
10.20.0.0       3.3.3.3         1446        0x80000003 0x001079
172.30.10.0     2.2.2.2         1343        0x80000004 0x0008CB
172.30.20.0     3.3.3.3         1446        0x8000000A 0x006F50

                Router Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum Link count
3.3.3.3         3.3.3.3         1446        0x8000000D 0x0063B8 2
4.4.4.4         4.4.4.4         1325        0x8000000B 0x0070E2 6

		Summary Net Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum
10.10.0.0       3.3.3.3         1447        0x80000007 0x006CBE
172.30.0.0      3.3.3.3         1447        0x8000000A 0x00DA1E
172.30.10.0     3.3.3.3         1447        0x80000005 0x00D396

		Summary ASB Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         3.3.3.3         1447        0x80000004 0x00D8EB

		Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
172.16.0.0      1.1.1.1         106         0x80000006 0x003AEE 0
  • R4:
R4#sh ip ospf database 

            OSPF Router with ID (4.4.4.4) (Process ID 1)

		Router Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum Link count
3.3.3.3         3.3.3.3         1453        0x8000000D 0x0063B8 2
4.4.4.4         4.4.4.4         1329        0x8000000B 0x0070E2 6

		Summary Net Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum
10.10.0.0       3.3.3.3         1453        0x80000007 0x006CBE
172.30.0.0      3.3.3.3         1453        0x8000000A 0x00DA1E
172.30.10.0     3.3.3.3         1453        0x80000005 0x00D396

		Summary ASB Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         3.3.3.3         1453        0x80000004 0x00D8EB

		Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
172.16.0.0      1.1.1.1         112         0x80000006 0x003AEE 0
  • R5:
R5#sh ip ospf database 

            OSPF Router with ID (5.5.5.5) (Process ID 1)

		Router Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         1353        0x8000000B 0x0072C4 2
5.5.5.5         5.5.5.5         1338        0x8000000B 0x003F4C 6

		Summary Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum
10.20.0.0       2.2.2.2         1353        0x80000004 0x001810
172.30.0.0      2.2.2.2         1353        0x80000004 0x0005FD
172.30.20.0     2.2.2.2         1353        0x80000005 0x0083E0

		Summary ASB Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         2.2.2.2         1353        0x80000004 0x00F6D1

		Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
172.16.0.0      1.1.1.1         117         0x80000006 0x003AEE 0
Neighbor Table
  • R1:
R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/DROTHER    00:00:30    172.30.0.2      Ethernet0/0
3.3.3.3           0   FULL/DROTHER    00:00:34    172.30.0.3      Ethernet0/0
  • R2:
R2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:32    172.30.0.1      Ethernet0/0
3.3.3.3           0   2WAY/DROTHER    00:00:35    172.30.0.3      Ethernet0/0
5.5.5.5           0   FULL/  -        00:00:39    172.30.10.5     Serial1/0
  • R3:
R3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:39    172.30.0.1      Ethernet0/0
2.2.2.2           0   2WAY/DROTHER    00:00:39    172.30.0.2      Ethernet0/0
4.4.4.4           0   FULL/  -        00:00:39    172.30.20.4     Serial1/0
  • R4:
R4#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           0   FULL/  -        00:00:36    172.30.20.3     Serial1/0
  • R5:
R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/  -        00:00:34    172.30.10.2     Serial1/0
Show ip ospf interface
  • R1:
R1#show ip ospf interface 
Ethernet0/0 is up, line protocol is up 
  Internet Address 172.30.0.1/24, Area 0 
  Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 100
  Transmit Delay is 1 sec, State DR, Priority 1 
  Designated Router (ID) 1.1.1.1, Interface address 172.30.0.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:09
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 4
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 2, Adjacent neighbor count is 2 
    Adjacent with neighbor 2.2.2.2
    Adjacent with neighbor 3.3.3.3
  Suppress hello for 0 neighbor(s)
  • R2:
R2#show ip ospf interface
Ethernet0/0 is up, line protocol is up 
  Internet Address 172.30.0.2/24, Area 0 
  Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 100
  Transmit Delay is 1 sec, State DROTHER, Priority 0 
  Designated Router (ID) 1.1.1.1, Interface address 172.30.0.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:06
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 2, maximum is 6
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 2, Adjacent neighbor count is 1 
    Adjacent with neighbor 1.1.1.1  (Designated Router)
  Suppress hello for 0 neighbor(s)
Serial1/0 is up, line protocol is up 
  Internet Address 172.30.10.2/24, Area 10 
  Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 647
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Index 1/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 7
  Last flood scan time is 4 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 5.5.5.5
  Suppress hello for 0 neighbor(s)
  • R3:
R3#show ip ospf interface
Ethernet0/0 is up, line protocol is up 
  Internet Address 172.30.0.3/24, Area 0 
  Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 100
  Transmit Delay is 1 sec, State DROTHER, Priority 0 
  Designated Router (ID) 1.1.1.1, Interface address 172.30.0.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 2, maximum is 4
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 2, Adjacent neighbor count is 1 
    Adjacent with neighbor 1.1.1.1  (Designated Router)
  Suppress hello for 0 neighbor(s)
Serial1/0 is up, line protocol is up 
  Internet Address 172.30.20.3/24, Area 20 
  Process ID 1, Router ID 3.3.3.3, Network Type POINT_TO_POINT, Cost: 647
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:08
  Supports Link-local Signaling (LLS)
  Index 1/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 4
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 4.4.4.4
  Suppress hello for 0 neighbor(s)
  • R4:
R4#show ip ospf interface
Loopback4 is up, line protocol is up 
  Internet Address 10.20.3.1/24, Area 20 
  Process ID 1, Router ID 4.4.4.4, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
Loopback3 is up, line protocol is up 
  Internet Address 10.20.2.1/24, Area 20 
  Process ID 1, Router ID 4.4.4.4, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
Loopback2 is up, line protocol is up 
  Internet Address 10.20.1.1/24, Area 20 
  Process ID 1, Router ID 4.4.4.4, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
Loopback1 is up, line protocol is up 
  Internet Address 10.20.0.1/24, Area 20 
  Process ID 1, Router ID 4.4.4.4, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
Serial1/0 is up, line protocol is up 
  Internet Address 172.30.20.4/24, Area 20 
  Process ID 1, Router ID 4.4.4.4, Network Type POINT_TO_POINT, Cost: 647
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 3.3.3.3
  Suppress hello for 0 neighbor(s)
  • R5:
R5#show ip ospf interface
Loopback1 is up, line protocol is up 
  Internet Address 10.10.0.1/24, Area 10 
  Process ID 1, Router ID 5.5.5.5, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0 
  Suppress hello for 0 neighbor(s)
Serial1/0 is up, line protocol is up 
  Internet Address 172.30.10.5/24, Area 10 
  Process ID 1, Router ID 5.5.5.5, Network Type POINT_TO_POINT, Cost: 647
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:08
  Supports Link-local Signaling (LLS)
  Index 5/5, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 2.2.2.2
  Suppress hello for 0 neighbor(s)
Loopback4 is up, line protocol is up 
  Internet Address 10.10.3.1/24, Area 10 
  Process ID 1, Router ID 5.5.5.5, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
Loopback3 is up, line protocol is up 
  Internet Address 10.10.2.1/24, Area 10 
  Process ID 1, Router ID 5.5.5.5, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
Loopback2 is up, line protocol is up 
  Internet Address 10.10.1.1/24, Area 10 
  Process ID 1, Router ID 5.5.5.5, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host

OSPF Areas Lab

OSPF Areas Lab Topology.png

GNS3 Project: File:Cbt nuggets ospf areas lab.zip

Objectives

  • Configure basic OSPF:
Advertize all networks attached.
On R1 redistribute static routes to inject external routes.
These routes should be marked as type E1.
  • R1 should never form neighbor relation on any interface where OSPF router is not connected.
  • All routers in Area 0 should use MD5 auth with password cisco.
  • Area 23 should use clear-text authentication.
  • Routers in Area 45 are weak, should never receive external to OSPF routes(config Stub area).
These routes should reach external network using default route which cannot be statically configured.
  • Routers in Area 23 should not receive Type 3,4,5 LSAs.
They should reach external network using a default route with initial OSPF cost of 100.
  • You should be able to ping every router in OSPF Routing Table (configure virtual link for area 78)

Configurations

R1 config
!
interface Ethernet0/0
 ip address 10.100.1.1 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 half-duplex
!
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 redistribute static metric 50 metric-type 1 subnets
 passive-interface default
 no passive-interface Ethernet0/0
 network 10.100.1.1 0.0.0.0 area 0
!
ip route 172.31.0.0 255.255.255.0 Null0
ip route 172.31.1.0 255.255.255.0 Null0
ip route 172.31.2.0 255.255.255.0 Null0
ip route 172.31.3.0 255.255.255.0 Null0
!


R2 config
!
interface Ethernet0/0
 ip address 10.100.1.2 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 half-duplex
!
interface Serial1/0
 ip address 10.23.1.2 255.255.255.0
 ip ospf authentication
 ip ospf authentication-key cisco
 serial restart-delay 0
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 area 23 stub no-summary
 area 23 default-cost 100 
 network 10.23.1.2 0.0.0.0 area 23
 network 10.100.1.2 0.0.0.0 area 0
!


R3 config
!
interface Loopback0
 ip address 172.30.0.1 255.255.255.0
!
interface Loopback1
 ip address 172.30.1.1 255.255.255.0
!
interface Loopback2
 ip address 172.30.2.1 255.255.255.0
!
interface Loopback3
 ip address 172.30.3.1 255.255.255.0
!
!
interface Serial1/0
 ip address 10.23.1.3 255.255.255.0
 ip ospf authentication
 ip ospf authentication-key cisco
 serial restart-delay 0
!
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 area 23 stub
 network 10.23.1.3 0.0.0.0 area 23
 network 172.30.0.0 0.0.255.255 area 23
!
R4 config
!
interface Ethernet0/0
 ip address 10.100.1.4 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 half-duplex
!
!
interface Serial1/0
 ip address 10.45.1.4 255.255.255.0
 serial restart-delay 0
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 area 45 stub
 network 10.45.1.4 0.0.0.0 area 45
 network 10.100.1.4 0.0.0.0 area 0
!
R5 config
!
interface Serial1/0
 ip address 10.45.1.5 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 area 45 stub
 network 10.45.1.5 0.0.0.0 area 45
!
R6 config

!
interface Ethernet0/0
 ip address 10.100.1.6 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 half-duplex
!
!
interface Serial1/0
 ip address 10.67.1.6 255.255.255.0
 serial restart-delay 0
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 area 67 virtual-link 7.7.7.7
 network 10.67.1.6 0.0.0.0 area 67
 network 10.100.1.6 0.0.0.0 area 0
!
R7 config
!
interface Serial1/0
 ip address 10.67.1.7 255.255.255.0
 serial restart-delay 0
!
interface Serial1/1
 ip address 10.78.1.7 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 7.7.7.7
 log-adjacency-changes
 area 67 virtual-link 6.6.6.6
 network 10.67.1.7 0.0.0.0 area 67
 network 10.78.1.7 0.0.0.0 area 78
!
R8 config
!
interface Serial1/1
 ip address 10.78.1.8 255.255.255.0
 serial restart-delay 0
!
!
router ospf 1
 router-id 8.8.8.8
 log-adjacency-changes
 network 10.78.1.8 0.0.0.0 area 78
!

Command Line Outputs


References

  1. www.wipro.com
  2. www.ericsson.com/in
  3. www.wipro.com
  4. www.3i-infotech.com
  5. www.wipro.com


blog comments powered by Disqus