Feb 07, 2011 | Post by: aaron No Comments

CCNP ROUTE 642-902 :: OSPF

OSPF, or Open Shortest Path First, is a link-state, open-standard, dynamic routing protocol.  OSPF uses an algorithm known as SPF, or Dijkstra’s Shortest Path First, to compute internally the best path to any given route.

OSPF is classless and converges fairly quickly, using cost as it’s metric.  A router running OSPF creates its own database which contains information on the entire OSPF network, not simply neighbor’s routes like EIGRP.  This allows the router to make intelligent choices about path selection on its own instead of relying exclusively on neighbor information.

OSPF routers do form neighbor relationships though.  They exchange hellos with neighboring routers and in the process learn their neighbor’s Router ID (RID) and cost.  Those values are then sent to the adjacency table.

Every router is responsible for computing their own best paths to all destinations within an OSPF domain.  Once the SPF algorithm selects the best paths, they are then eligible to be added to the routing table.


Link State Database

Once a router has exchanged hellos with its neighbors and captured Router IDs and cost information, it begins sending LSAs, or Link State Advertisements.  LSAs contain the RID and costs to the router’s neighbors.  LSAs are shared with every other router in the OSPF domain.  A router stores all of its LSA information (including info it receives from incoming LSAs) in the Link State Database (LSDB).

I apologize if the acronyms are starting to pile up.  OSPF, architecturally speaking, is more complicated than it’s counterpart EIGRP – and the long list of acronyms and definitions is part of that.

 


Areas

OSPF is different from EIGRP in that it uses areas to segment routing domains.  This helps partition routers into manageable groups if the layer 3 network begins to get large.

It all starts with area 0.  Every OSPF network must contain an area 0, sometimes referred to as the backbone area and every additional area must be physically connected to area 0.  From there, other areas are optional.

Note that the SPF algorithm only runs within a single area, so routers only compute paths within their own area.  Inter-area routes are passed using border routers.

All link state databases must match within an OSPF area.  This means that the more OSPF-enabled routers are configured for the same area, the more LSA advertisements that must be sent out.  After you reach about 50 routers, the high levels of LSA traffic and numerous routing table entries can become a problem.  That is why Cisco recommends limiting an OSPF area to no more than 50-100 routers.

The following three factors determine the maximum number of routers:

  • How easily the area’s subnets can be summarized
  • The type of areas being used
  • The number of external LSAs being injected

An added bonus of partitioning out your OSPF network into areas is that it is a natural fit for a hierarchical IP scheme.


Area Types

Backbone area
Another name for area 0

Regular area
Non-backbone area, with both internal and external routes

Stub area
Contains only internal routes and a default route

Totally Stubby Area
Cisco proprietary option for a stub area

Not-So-Stubby area (NSSA)
Contains internal routes, redistributed routes, and optionally a default route

Totally Stubby NSSA
Cisco proprietary option for NSSA

 


Router Roles

Internal: All interfaces in a single area (routers 1,4,5 in diagram above)

Backbone: At least one interface assigned to area 0 (routers 2,3 in diagram above)

Area Border Router (ABR): Have interfaces in two or more areas (routers 2 and 3 in diagram above)

ABRs contain a separate Link State Database, separating LSA flooding between areas, optionally summarizing routes, and optionally sourcing default routes.

Autonomous System Boundary Router (ASBR): Has at least one interface in an OSPF area and at least one interface outside of an OSPF area.


OSPF Metric

Each interface is assigned a cost value based purely on bandwidth.  The formula is:

Cost = (100Mbs/bandwidth)

Higher bandwidth means a lower cost.


Let’s run through some common examples quickly:

T1 line | 100,000 / 1544 = 64
10 Mbps | 100,000 / 10,000 = 10
100 Mbps | 100,000 / 100,000 = 1
1000 Mbps | 100,000 / 1,000,000 = .1 1(OSPF still uses 1 for this, see explanation below)


The cost is then accrued at each hop along the path based on the link’s bandwidth.  Unfortunately, OSFP was written when 100Mbs was considered fast.  Because of that, it assigns the same cost to any interface with speeds higher than 100Mbs.  To OSPF, a Fast Ethernet interface is weighted the same as a Gigabit Ethernet interface, both a cost of 1.


To fix that problem, you can use the auto-cost command under the OSPF process.

R1(config-router)# auto-cost reference-bandwidth 1000


Another option is to simply change the cost on a per-interface basis with  the ip ospf cost command (using any number between 1-65,535).

R1(config-if)# ip ospf cost 35

 

Link State Advertisements

LSAs contain a sequence number and a Router ID.  Sequence numbers are 32 bits, starting with 0×80000001.

The sequence number increases if:

  • a route is added or deleted
  • a LSA ages out

The largest sequence number is always the most current.  The default time that LSAs are aged out is 30 minutes. When an LSA enters a router, it checks it against its internal Link State Database (LSDB).

  • If it is new, it is added to the LSDB  and the SPF algorithm is re-run.
  • If it contains a Router ID (RID) that is already in the database, entries with an older sequence number are discarded.
  • If it receives an older version (according to its sequence number), it discards the LSA and sends back the newer version to the original sender.

The command show ip ospf database will display the sequence numbers and age (in seconds) for each entry.


LSDB Overload

In large OSPF networks, if major network changes occur, a flood of SLAs will immediately hit the entire network.  The number of incoming LSAs to each router could be substantial and bring the CPU and memory to its knees.

To mitigate that scenario, Cisco offers what it refers to as Link Sate Database  Overload Protection.  Once enabled, if the defined threshold is exceeded over one-minute time period, the router will enter the ignore state – dropping all adjacencies and clearing the OSPF database.  Know that this is a drastic response because routing will be disrupted during that period.

R1(config-router)# max-lsa number

 


LSA Definitions


OSPF Messaging

OSPF uses several different types of messages to maintain neighbor relationships and correct routing information.


OSPF Packet Types

 Hello
Discovers neighbors and works as a keepalive.

Link State Request (LSR)
Requests a Link State Update (LSU), see below.

Database Description (DBD)
Contains a summary of the LSDB, including RIDs and sequence numbers.

Link State Update (LSU)
Contains one or more complete LSAs.

Link State Acknowledgement (LSAck)
Acknowledges all other OSPF packets (except hellos).

 OSPF sends the five packet types listed above over IP directly, using IP port 89 with an OSPF packet header.  Multicast address 224.0.0.5 is used if sending to all routers, address 224.0.0.6 is used for sending to all OSPF DRs.

 


OSPF Neighbors

Hellos are sent out periodically using multicast on OSPF enabled routers.  The router forms an adjacency with a peer router when it sees its own Router ID in the neighbor field of another router’s hello message.  That indicates there is direct, bi-directional communication on the same subnet.

Note: On multi-access links, adjacencies are only formed between the router and the DR and BDR.

 All of the following fields in an OSPF hello message must match for an adjacency to form:

  • hello timer
  • dead timer
  • area ID
  • authentication type
  • password
  • stub area flag

As with many network protocols, hellos act as a form of keepalive or heartbeat.  With OSPF, if four consecutive hellos are not received (the dead time), the router is considered down.

Point-point interfaces: hellos every 10 seconds, 40 second dead timer

Nonbroadcast multiaccess (NBMA) interfaces: hellos every 30 seconds, 120 second dead timer

OSPF States

There are 7 different OSPF states when forming neighbor relationships.  Take the time to learn what states provide which functions.

1.  Down State
OSPF has not started and no hellos have been sent.

2.  Init State
Hellos are sent out all OSPF-participating interfaces

3.  Two-way State
A hello is received from another router with its own RID in the neighbor field.  All other required elements match and the routers become neighbors.

4.  Exstart State
Routers determine which one will begin the route exchange process with the other.

5.  Exchange State
Routers exchange DBDs.

6.  Loading State
Routers compare the DBD to their LS database.  LSrs are sent out for missing or outdated LSAs.  Each router then responds to the LSRs with a Link State Update.  Finally, the LSUs are acknowledged.

7.  Full State
The LSDB is completely synchronized with the OSPF neighbor.

    


OSPF Configuration

OSPF configuration is not too complicated, but has some important syntax distinctions from EIGRP.  First, it is configured from router configuration mode and requires a process ID appended to the router ospf command.  The process ID is only locally significant, so don’t worry if it doesn’t match on other OSPF routers.

R1(config)# router ospf process-id


The next step is to determine which router interfaces you want participating in OSPF.  Just like EIGRP, the network statements define which local router interfaces will participate.

R1(config)# router ospf 10
R1(config-router)# network 10.1.1.0 0.0.0.255 area 0
R1(config-router)# network 10.9.9.0 0.0.0.255 area 1
 
 

In the example above, interfaces in the 10.1.1.0/24 subnet will participate in OSPF area 0.  Interfaces in the 10.9.9.0/24 subnet will participate in OSPF area 1.  Unlike EIGRP, the subnet wildcard mask in the network statement is not optional because OSPF is classless by default.

 


Let’s do another example.

R1 has six interfaces, all within area 0:

  • GigabitEthernet 0/0: 192.168.100.1/24
  • GigabitEthernet 0/1: 192.168.101.1/24
  • GigabitEthernet 0/2: 192.168.102.1/24
  • GigabitEthernet 0/3: 192.168.103.1/24
  • Serial 1/0: 10.100.100.1/30
  • Serial 1/1: 10.100.100.5/30

The simplest way to configure OSPF an all interfaces into area 0 would be to use this command:

R1(config-router)# network 0.0.0.0 255.255.255.255 area 0

A second option is to break up the 10. and 192. networks into different statements:

R1(config-router)# network 10.0.0.0 0.255.255.255 area 0
R1(config-router)# network 192.168.100.0 0.0.3.255 area 0

The third way to configure the interfaces to participate in OSPF:

R1(config-router)# network 10.100.100.1 0.0.0.0 area 0
R1(config-router)# network 10.100.100.5 0.0.0.0 area 0
R1(config-router)# network 192.168.100.1 0.0.0.0 area 0
R1(config-router)# network 192.168.101.1 0.0.0.0 area 0
R1(config-router)# network 192.168.102.1 0.0.0.0 area 0
R1(config-router)# network 192.168.103.1 0.0.0.0 area 0

All three approaches achieve the exact same result.  The configuration you choose is up to you.

Interface Configuration

An alternative configuration option is to configure an interface to participate in OSPF directly.  The [ ip ospf process-id area area-id ] command takes precedence over the more common network commands.

R1(config)# int gig 0/1
R1(config-if)# ip ospf 10 area 0

 
Router ID

 The SPF algorithm uses a Router ID to identify hops along a path.  The problem, of course, is that routers don’t have a generic “router ID” lying around.

The designers of OSPF decided to use the highest IP address assigned to a loopback interface as the Router ID (RID) by default.  If no loopback is configured, it will use the highest IP address assigned to an active interface when the OSPF process begins.  OSPF will not change the RID, even if another interface with a higher IP address comes online unless the OSPF process is restarted.  This helps keep the network stable and happy. Note:  The clear ip ospf process command will also force the OSPF process to restart, but will cause an outage – so use it with caution.

Loopbacks are preferred for use as a router ID because they are virtual interfaces and are not affected by links going up and down.  To configure a loopback interface, first create it and assign it an IP address.

R1(config)# int loopback 0
R1(config-if)# ip address 10.100.100.1 255.255.255.255

Static RIDs

It is also possible to manually define a static Router ID within OSPF with the router-id command.

R1(config)# router ospf 10
R1(config-router)# router-id 10.100.100.1

 


DRs & BDRs

SPF works by mapping all paths to every destination on each router.  It uses the RID to identify hops along each path and uses bandwidth as a metric between those hops.  This whole system works really well when routers are connected with point-to-point links and OSPF traffic is simply sent using multicast address 224.0.0.5.

It doesn’t work well, however, when a router is connecting to multiaccess networks like an Ethernet VLAN.  Multiaccess OSPF links require a Designated Router (DR) be elected to represent the entire segment.  Another router is then elected as the Backup Designated Router, or BDR.  On that specifc multiaccess segment, routers only form adjacencies with the DR and BDR.

The DR uses type 2, network LSAs to advertise the segment over multicast address 224.0.0.5.  The Non-Designated routers then use IP address 224.0.0.6 to communicate directly with the DR. 

 


Elections

1. When the OSPF process on a router starts up, it listens for hellos.  If it does not receive any within its dead time, it elects itself the DR.

2. If hellos are received before the dead time expires, the router with the highest OSPF priority is elected as the DR.  Next, the same process happens to elect the BDR.

Note:  If a router’s OSPF priority is set to 0, it will not participate in the elections.

3. If two routers happen to have the same OSPF priority, the router with the highest Router ID will become DR.  The same is true for BDR.


Once a DR is elected, elections cannot take place again until either the DR or BDR go down.  This essentially means that there is no OSPF DR preemption if another router comes online with a higher OSPF priority.  In the case that the DR goes down, the BDR automatically is assigned the DR role and a new BDR election occurs.

Be aware that a router with a non-zero priority that happens to boots first can become the DR just because it did not recieve any hellos when the OSPF process was started – even though it may have a low OSPF priority.

The default OSPF priority is 1 and Cisco recommends manually changing that on routers you want to become the DR and BDR.  Remember that DRs are only used on multiaccess links, so they are only significant on an interface level.  A router with two different interfaces connected to two different multiaccess links will have separate DR elections for each segment.

To set the OPSF priority, use the ip ospf priority command on the interface connected to the multiaccess segment.  Values can be between 0-255.

R1(config)# int gig 0/1
R1(config-if)# ip ospf priority 255

 

OSPF over the WAN

Routing protocols assume both broadcast capabilities and full mesh connectivity on multiaccess networks.  For OSPF, there are a few points to consider:

  • Full mesh environments can use physical interfaces, but often times subinterfaces are used
  • Partial mesh environments should be configured using point-to-point subinterfaces
  • Hub-and-spoke environments should elect the hub as the DR or use point-to-point subinterfaces – which don’t require a DR
  • Frame Relay and ATM maps should include the broadcast attribute
  • In multiaccess environments, the DR and BDR should have full virtual circuit connectivity to all other routers

 


Summarization

First, it’s important to note that running the SPF algorithm on a router is extremely taxing on CPU resources and can easily consume them all.  The reason is because OSPF has to compute the best path to every destination within its area.  Avoiding running the alogrithm whenever it isn’t required is a big win.

Summarization has two importnat benefits for OSPF.  It prevents toplogy changes from being passed outside an area – thus reducing the number of routers re-running the SPF algorithm.  It also consolidates many routes in to a single statement, reducing the memory load and database size on OSPF-enabled routers.


There are two types of route sumarization, inter-area and external.


Inter-area Summarization (LSA Type 3)

This occurs on ABRs to summarize routes between areas.  This really only works well if the networks contained within an area are subnetted contiguously so that they can be easily summarized into a single statement.

The new summary route’s cost will be equal to the lowest cost route within the summary range.  After the command is entered, the router will automaticlly create a static route pointing to Null0.

Example:
ABR-R1(config)# router ospf 10
ABR-R1(config-router)# area 2 range 10.100.0.0 255.255.0.0

In this example, the summary network 10.100.0.0/16 is summarized from area 2.

 

External Summarization (LSA Type 5)

This occurs on ASBRs for routes that are injected into OSPF via route redistribution.  After the command is entered, the router will automatically create a static route pointing to Null0.

Example:
ASBR-R1(config)# router ospf 10
ASBR-R1(config-router)# summary-address 192.168.0.0 255.255.0.0

In this example, an external network has been summarized into 192.168.0.0/16 and is injected into OSPF via a single type 5 LSA.


OSPF Passive Interfaces

Like EIGRP, OSPF supports the use of passive interfaces. The passive-interface interface command disables OSPF hellos from being sent out, thus disabling the interface from forming adjacencies out that interface.


OSPF Default Routes

Default routes are injected into OSPF via type 5 LSAs.  There are multiple ways to inject default routes into OSPF, but Cisco recommends using the default-information originate command under the OSPF routing process.

R1(config)# router ospf 10
R1(config-router)# default-information originate [always] [metric metric]

If the always keyword is not used, OSPF will advertise a default route learned from another source, like a static route.  If the always keyword is present, a default route will be advertised regardless if the route exists in the routing table.

Another option is to use the area range and summary-address commands discussed in the summarization section above.  Using these will result in the router advertising a default route pointing to itself.


Stub and Not-So-Stubby Areas


 

 

Stub areas are another way to simplify route information that gets advertised.  Area 2 in the diagram above shows an example.

The ABR in a stub area drops all external routes and instead uses a default route of 0.0.0.0 (R3 in this example).  That is, they do not know about any non-OSPF route information outside their own area.

A Cisco proprietary version of a stubby area is a Totally Stubby Area, or TSA.  TSAs do not accept any external routes from non-OSPF sources AND they do not accept routes from other areas within their OSPF autonomous system.  If a router needs to send traffic to a route outside of its own area, it sends the traffic using a default route.

ABRs use default routes in Stub and Totally Stubby areas.

Stubby areas are made into Totally Stubby Areas by appending the no-summary keyword.

Example:
R5(config)# router ospf 10
R5(config-router)# area 2 stub no-summary
R5(config-router)# area 2 stub default-cost 8

The example above sets area 2 as a totally stubby area.  The default-cost command is optional and in this case changed the default route cost from 1 to 8.


Stub Limitations

  • Virtual links cannot be included
  • Cannot  include an ASBR
  • The stub configuration must be applied to every router within the stubby area
  • Area 0 cannot be a stub

Bullet point 3 is extremely important!  If two routers are connected, but one does not have the stub statement configured, the hello packets will be dropped and they will not form a neighbor adjacency.


Not-So-Stubby Areas, or NSSAs were an addendum to the original OSPF RFC and defined a new special LSA, type 7.  NSSAs are very similar to stubby areas, but they allow the use of ASBRs in the area – something stub areas prohibit.

External routes are advertised by the ASBR as type 7  LSAs and the ABR then converts them into type 5 external LSAs when it advertises them to adjacent areas.

NSSA is configured using the area area-number nssa command as can been seen in the example below.  Using the no-summary keyword turns the area into a Totally Stubby NSSA.  A Totally Stubby NSSA does not accept external or summary routes from other areas.

Lastly, the NSSA ABR does not by default advertise a default route back into the area.  The default-information-originate option does just that.

R4(config)# router ospf 10
R4(config-router)#area 1 nssa [no-summary] [default-information-originate]

The table below should help recap the different area type behaviors

[table id=16 /]


OSPF Virtual Links

OSPF has strict rules around how areas connect and where they can be located.  More specifically, every area must be physically connected to area 0 and area zero must be ‘contiguous’ – meaning it cannot broken into multiple, connected area 0s.

Virtual links were developed as a band-aid to situations that temporarily must violate those requirements.  Virtual links connect areas that do not connect directly to area 0.  It can also connect two area 0s together!  Keep in mind that Cisco recommends virtual links be a temporary workaround to a short-term problem,  not a permanent design.

The diagram below illustrates an example when a virtual link could be used.  Let’s pretend Company ABC and Company XYZ just announced a merger and now their corporate networks must do the same.  In this case, both routers R1 and R2 have now become ABRs and the virtual link configuration will be applied to them.

The command area area-number virtual-link router-id is applied to each ABR.  Note that the area used in the command is the transit area that the virtual link resides in.  Also, the RID identifies the RID of the OTHER router at the end of the link!


Example
R1(config)# router ospf 20
R1(config-router)# area 1 virtual-link 10.30.30.30

R2(config)# router ospf 20
R2(config-router)# area 1 virtual-link 10.50.50.50

OSPF Authentication

Out of the box, OSPF does not authenticate its protocol’s messages or route updates.  OSPF does, however, support two message authntication options:

  • Simple Authentication- using plaintext keys
  • MD5 Authentication

Matching authentication methods and keys must configured on  each interface on a segment.  Theoretically, different passwords could be applied to different router interfaces – the routers on the other ends of those links would just be required to have matching information.


Simple Authentication Example

R1(config)# int fa0/1
R1(config-if)# ip ospf authentication-key KEY123
R1(config-if)# ip ospf authentication
R1(config-if)# exit
R1(config)# router ospf 10
R1(config-router)# area 0 authentication


MD5 Authentication Example

R1(config)# int fa0/1
R1(config-if)# ip ospf message-digest-key 1 md5 KEY123
R1(config-if)# ip ospf authentication message-digest
R1(config-if)# exit
R1(config)# router ospf 10
R1(config-router)# area 0 authentication message-digest

**  The 1 in theip ospf message-digest-key 1 md5 KEY123 statement above is a key number.

 


OSPF Verification

The OSPF neighbor table can be viewed using the show ip ospf neighbor command.  It shows the status of the OSPF database loading process, status of neighbor adjacencies, as well as DR and BDR assignments.

To show which OSPF routers are being used by the routing table, issue the show ip route ospf command.

The show ip ospf command displays the RID, counters, and timers. 

To see which router interfaces are participating in OSPF (and their area assignments), use the show ip ospf interface command.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

  • Recent Testimonials

    I just wanted to thank you for your notes, they REALLY helped me put the SWITCH topics into perpesctive. 642-813 is as you know quite a difficult exam because it covers such a wide range of areas, and Im happy to say that with the help of your notes I successfully passed it today.

    Cheers,
    Sean from Ireland

    Really liked the design and makeup of the guide. Topics and hints and tips were right on the mark. Very helpful. a job well done and much appreciated!

    Derek

    Just thought that I’d take some time to write and thank-you for creating the CCNP Switch Guide, I bought the guide 10-days ago as final preparation for my exam which I sat this morning and I passed with 934 largely thanks to the guide!!! The guide has been absolutely invaluable, so concise and straight to [...]


    Hi, I passed the Route exam yesterday with a score of 965 and I couldn’t have done it without the use of your guide. I love the way in which your guide is so exam focussed, it cuts out all of the unnecessary padding that you find in the Cisco press! As I’ve now used [...]

    Cheers,
    Chris

  • Resource Downloads

Content Protected Using Blog Protector By: PcDrome.