Module 6: OSPF
Open Shortest Path First (OSPF) is a link-state routing protocol based on open standards. Described in several RFCs, most recently RFC 2328, the Open in Open Shortest Path First means that OSPF is open to the public and nonproprietary. Among nonproprietary routing protocols, such as RIP v1 and RIP v2, OSPF is preferred because of its remarkable scalability. Recall that both versions of RIP are very limited. RIP cannot scale beyond 15 hops. It converges slowly, and it chooses suboptimal routes that ignore critical factors such as bandwidth. OSPF addresses all of these limitations and proves to be a powerful, scalable routing protocol.
The considerable capability that OSPF has to scale is achieved through hierarchical design and the use of areas. By defining areas in a properly designed network, an administrator can reduce routing overhead and improve performance. To achieve scalability OSPF relies on complex communications and relationships to maintain a comprehensive link-state database. However, as an OSPF network scales to 100, 500, or even 1000 routers, link-state databases can balloon to include thousands of links. To help OSPF routers route more efficiently and to preserve their CPU and memory resources for the business of switching packets, network engineers divide OSPF networks into multiple areas.
This module describes how to create and configure OSPF. Specifically, this module examines the different OSPF area types, which include stubby, totally stubby, and not-so-stubby areas (NSSAs). Each of these different area types uses a special advertisement to exchange routing information with the rest of the OSPF network. Therefore, link-state advertisements (LSAs) will be studied in detail. The Area 0 backbone rule and how virtual links can work around backbone connectivity problems will also be reviewed. Finally, this module surveys important show commands that can be used to verify multiarea OSPF operation.
6.1 OSPF Overview
6.1.1 Issues addressed by OSPF
OSPF uses link-state technology. OSPF will choose the path via the T3 links. This is opposed to distance vector technology used by protocols such as RIP. RIP will choose the path via the 64k links. Link-state routers maintain a common picture of the network and exchange link information upon initial discovery or network changes. Link-state routers do not broadcast their routing tables periodically like distance vector routing protocols do. While RIP is appropriate for small networks, OSPF was written to address the needs of large, scalable internetworks. OSPF addresses the following issues:
* Speed of convergence – In large networks, RIP convergence can take several minutes, since the entire routing table of each router is copied and shared with directly connected neighboring routers. In addition, a distance vector routing algorithm may experience hold down or route aging periods. With OSPF, convergence is faster because only the routing changes, not the entire routing table, are flooded rapidly to other routers in the OSPF network.
* Support for Variable-Length Subnet Masking (VLSM) – RIP v1 is a classful protocol and does not support VLSM. In contrast, OSPF, a classless protocol, supports VLSM.
RIP v2 supports VLSM.
* Network size – In a RIP environment, a network that is more than 15 hops away is considered unreachable. Such limitations restrict the size of a RIP network to small topologies. On the other hand, OSPF has virtually no distance limitations and is appropriate for intermediate to large size networks.
* Use of bandwidth – RIP broadcasts full routing tables to all neighbors every 30 seconds. This is especially problematic over slow WAN links because these updates consume bandwidth. Alternately, OSPF multicasts minimize the size of link-state updates and send the updates only when there is a network change.
* Path Selection – RIP selects a path by measuring the hop count, or distance, to other routers. It does not take into consideration the available bandwidth on the link or delays in the network. In contrast, OSPF selects optimal routes using cost as a factor.
"Cost" is a metric based on bandwidth.
* Grouping of members – RIP uses a flat topology and all routers are part of the same network. Therefore, communication between routers at each end of the network must travel through the entire network. Unfortunately, changes in even one router will affect every device in the RIP network. OSPF, on the other hand, uses the concept of ’areas’ and can effectively segment a network into smaller clusters of routers. By narrowing the scope of communication within areas, OSPF limits traffic regionally and can prevent changes in one area from affecting performance in other areas. This use of areas allows a network to scale efficiently.
Although OSPF was written for large networks, implementing it requires proper design and planning, which is especially important if the network has more than 50 routers. At this size, it is important to configure the network to let OSPF reduce traffic and combine routing information whenever possible.
6.1.2 OSPF terminology
As a link-state protocol, OSPF operates differently than the distance vector routing protocols. Link-state routers identify and communicate with their neighbors so that they can gather firsthand information from other routers in the network. The OSPF terminology is depicted in Figure . A brief description of each term is given.
The information gathered from OSPF neighbors is not a complete routing table. Instead, OSPF routers tell each other about the status of their connections, or links to the internetwork. In other words, OSPF routers advertise their link states. Figure shows how the routers process this information and build link-state databases. Figure , is essentially a picture of who is connected to what. All routers in a given area, as seen in Figure , should have identical link-state databases. Independently, each router then runs the Shortest Path First (SPF) algorithm, also known as the Dijkstra algorithm, on the link-state database to determine the best routes to a destination. The SPF algorithm adds up the cost, which is a value usually based on bandwidth, of each link between the router and the destination. This is shown in Figure . The router then chooses the lowest cost path to add to its routing table, also known as a forwarding database .
Figure shows how OSPF routers keep track of their neighbors in their adjacencies database. To simplify the exchange of routing information among several neighbors on the same network, OSPF routers may elect a Designated Router (DR) and a Backup Designated Router (BDR) as shown in Figure , to serve as focal points for routing updates.
6.1.3 OSPF states
OSPF routers establish relationships, or states, with their neighbors for efficiently sharing link-state information. In contrast, distance vector routing protocols, such as RIP, blindly broadcast or multicast their complete routing table out every interface, hoping that a router is out there to receive it. Every 30 seconds, by default, RIP routers send only one kind of message. This message is their complete routing table. OSPF routers, on the other hand, rely on five different kinds of packets to identify their neighbors and to update link-state routing information.
These five packet types make OSPF capable of sophisticated and complex communications. These packet types will be discussed in more detail later in the module. At this point, become familiar with the different relationships, or states, possible between OSPF routers, the different OSPF network types, and the OSPF Hello protocol.
The key to effectively designing and troubleshooting OSPF networks is to understand the relationships, or states, that develop between OSPF routers. OSPF interfaces can be in one of seven states. OSPF neighbor relationships progress through these states, one at a time, in the order presented in Figure .
1. Down State
In the Down state, the OSPF process has not exchanged information with any neighbor. OSPF is waiting to enter the next state, which is the Init state.
2. Init State
OSPF routers send Type 1 packets, or Hello packets, at regular intervals to establish a relationship with neighbor routers. These intervals are usually ten seconds. When an interface receives its first Hello packet, the router enters the Init state. This means the router knows a neighbor is out there and is waiting to take the relationship to the next step.
The two kinds of relationships are the two-way state and adjacency. A router must receive a Hello from a neighbor before it can establish any relationship.
3. Two-Way State
Using Hello packets, every OSPF router tries to establish a two-way state, or bidirectional communication, with every neighbor router on the same IP network. Among other things, Hello packets include a list of the sender's known OSPF neighbors. A router enters the two-way state when it sees itself in a neighbor's Hello. When RTB learns that RTA knows about RTB, RTB declares a two-way state to exist with RTA.
The two-way state is the most basic relationship that OSPF neighbors can have, but routing information is not shared between routers in this relationship. To learn about the link states of other routers and eventually build a routing table, every OSPF router must form at least one adjacency. An adjacency is an advanced relationship between OSPF routers that involves a series of progressive states that rely not just on Hellos, but also on the other four types of OSPF packets. Routers attempting to become adjacent to one another exchange routing information even before the adjacency is fully established. The first step toward full adjacency is the ExStart state, which is described next.
4. ExStart State
Technically, when a router and its neighbor enter the ExStart state, their conversation is characterized as an adjacency, but they have not become fully adjacent. ExStart is established using Type 2 database description (DBD) packets, also known as DDPs. The two neighbor routers use Hello packets to negotiate who is the "master" and who is the "slave" in their relationship and use DBD packets to exchange databases.
The router with the highest OSPF router ID "wins" and becomes the master. The OSPF router ID is discussed later in this module. When the neighbors establish their roles as master and slave, they enter the Exchange state and begin sending routing information.
5. Exchange State
In the Exchange state, neighbor routers use Type 2 DBD packets to send each other their link-state information. In other words, the routers describe their link-state databases to each other. The routers compare what they learn with their existing link-state databases. If either of the routers receives information about a link that is not already in its database, the router requests a complete update from its neighbor. Complete routing information is exchanged in the Loading state.
6. Loading State
After the databases have been described to each router, they may request information that is more complete by using Type 3 packets, link-state requests (LSRs). When a router receives an LSR, it responds with an update by using a Type 4 link-state update (LSU) packet. These Type 4 LSU packets contain the actual link-state advertisements (LSAs), which are the heart of link-state routing protocols. Type 4 LSUs are acknowledged using Type 5 packets, called link-state acknowledgments (LSAcks).
7. Full Adjacency
With the Loading state complete, the routers are fully adjacent. Each router keeps a list of adjacent neighbors, called the adjacency database. Do not confuse the adjacency database with the link-state database or the forwarding database.
6.1.4 OSPF network types
Adjacency is required to allow for OSPF routers to share routing information, a router will try to become adjacent to at least one other router on each IP network to which it is connected. Some routers may try to become adjacent to all their neighbor routers, and others may try with only one or two. OSPF routers determine which routers to become adjacent to based on what type of network connects them.
OSPF interfaces automatically recognize three types of networks: broadcast multiaccess, nonbroadcast multiaccess (NBMA), and point-to-point networks. An administrator can configure a fourth network type, a point-to-multipoint network.
The type of network dictates how OSPF routers should relate to each other. An administrator may have to override the detected network type in order for OSPF to operate properly.
Some networks are defined as multiaccess because it cannot be predicted just how many routers are connected to them. There may be one, two, or more routers. A campus that uses a switched Ethernet core may have half a dozen routers connected to the same backbone network. A school district might have 10, 12, or 25 remote-site routers connected by way of Frame Relay PVCs to the same IP subnet.
A significant number of routers can exist on a multiaccess network. The designers of OSPF developed a system to avoid the overhead that would be created if every router established full adjacency with every other router. This system restricts who can become adjacent to whom by employing the services of one of the following:
* Designated router (DR) – For every multiaccess IP network, one router will be elected the DR. The DR has two main functions. The first function is to become adjacent to all other routers on the network, and second, is to act as a spokesperson for the network. As spokesperson, the DR will send network LSAs for all other IP networks to every other router. Because the DR becomes adjacent to all other routers on the IP network, it is the focal point for collecting routing information (LSAs).
* Backup designated router (BDR) – The DR could represent a single point of failure, so a second router is elected as the BDR to provide fault tolerance. Therefore, the BDR must also become adjacent to all routers on the network and must serve as a second focal point for LSAs. However, unlike the DR, the BDR is not responsible for updating the other routers or sending network LSAs. Instead, the BDR keeps a timer on the update activity of the DR to ensure that it is operational. If the BDR does not detect activity from the DR before the timer expires, the BDR takes over the role of DR and a new BDR is elected.
On point-to-point networks, only two nodes exist. Therefore, a focal point for routing information is not needed. No DR or BDR is elected. Both routers become fully adjacent to one and other.
6.2.1 Steps of OSPF operation
OSPF routers progress through the following five distinct steps of operation:
1. Establish router adjacencies
2. Elect a DR and BDR, if necessary
3. Discover routes
4. Select the appropriate routes to use
5. Maintain routing information
6.2.2 Step 1: Establish router adjacencies
The first step a router takes in the OSPF operation is to establish router adjacencies. Each of the three routers shown in the figure attempts to become adjacent to another router on the same IP network.
To become adjacent with another router, RTB sends Hello packets, advertising its own router ID. Because no loopback interfaces are present, RTB chooses its highest IP address, 10.6.0.1, as its router ID.
Assuming that RTB is appropriately configured, RTB multicasts Hello packets out both S0 and E0. RTA and RTC should both receive the Hello packets. These two routers then add RTB to the Neighbor ID field of their respective Hello packets and enter the Init state with RTB.
RTB receives Hello packets from both of its neighbors and sees its own ID number, 10.6.0.1, in the Neighbor ID field. RTB declares a two-way state between itself and RTA, and a two-way state between itself and RTC.
At this point, RTB determines which routers to establish adjacencies with, based on the type of network that a particular interface resides on. If the network type is point-to-point, the router becomes adjacent with its sole link partner. If the network type is multiaccess, RTB enters the election process to become a DR or BDR. This happens unless both roles are already established, as advertised in the Hello packet header.
If an election is necessary, OSPF routers will proceed as described in the next section under Step 2: Elect a DR and a BDR. However, if an election is not necessary, the routers will enter the ExStart state, as described in the section, Step 3: Discover Routes.
6.2.3 Step 2: Elect a DR and a BDR
Because multiaccess networks can support more than two routers, OSPF elects a DR to be the focal point of all link-state updates and LSAs. The role of the DR is critical, therefore a BDR is elected to "shadow" the DR. In the event that the DR fails, the BDR can smoothly take over.
Like any election, the DR/BDR selection process can be rigged to change the outcome. The "ballots" are Hello packets, which contain the ID and priority fields of the router. The router with the highest priority value among adjacent neighbors wins the election and becomes the DR. The router with the second highest priority is elected the BDR. When the DR and BDR have been elected, they keep their roles until one of them fails, even if additional routers with higher priorities show up on the network. Hello packets inform newcomers of the identity of the existing DR and BDR.
By default, all OSPF routers all have the same priority value of 1. A priority number from 0 to 255 can be assigned on any given OSPF interface. A priority of 0 prevents the router from winning any election on that interface. A priority of 255 ensures at least a tie. The Router ID field is used to break ties. If two routers have the same priority, the router with the highest ID will be selected. The router ID can be manipulated by configuring an address on a loopback interface, although that is not the preferred way to control the DR/BDR election process. The priority value should be used instead because each interface can have its own unique priority value. A router can be easily configured to win an election on one interface, and lose an election on another.
How does the DR election process affect the example network? RTB and RTC are connected by way of PPP on a point-to-point link. Therefore, there is no need for a DR on the network 10.6.0.0/16 because only two routers can exist on this link.
Because 10.4.0.0/16 and 10.5.0.0/16 networks are multiaccess Ethernet networks, they may potentially connect more than two routers. Even if only one router is connected to a multiaccess segment, a DR is still elected. This is because the potential exists for more routers to be added to the network. Therefore, a DR must be elected on both 10.4.0.0/16 and 10.5.0.0/16.
DRs and BDRs are elected on a per-network basis. An OSPF area can contain more than one IP network. Therefore, each area can, and usually does, have multiple DRs and BDRs.
In the example topology, RTA serves a dual role as both the DR and the BDR. Because it is the only router on the 10.4.0.0/16 network, RTA elects itself as the DR. After all, the 10.4.0.0/16 network is a multiaccess Ethernet network. A DR is elected because multiple routers could potentially be added to this network. RTA is also the runner-up in the election for 10.5.0.0/16 and therefore the BDR for that network. Despite claiming equal priority value with RTA, RTB is elected as DR for 10.5.0.0/16 by virtue of the tiebreaker. The tiebreaker is having a higher router ID of 10.5.0.2 versus 10.5.0.1.
With elections complete and bidirectional communication established, routers are ready to share routing information with adjacent routers and build their link-state databases. This process is discussed in the next section.
6.2.4 Step 3: Discover routes
On a multiaccess network, the exchange of routing information occurs between the DR or BDR and every other router on the network. As the DR and BDR on the 10.5.0.0/16 network, RTA and RTB will exchange link-state information.
Link partners on a point-to-point or point-to-multipoint network also engage in the exchange process. That means that RTB and RTC will share link-state data.
However, who goes first? This question is answered in the first stage of the Exchange process, the ExStart state. The purpose of ExStart is to establish a master/slave relationship between the two routers. The router that announces the highest router ID in the Hello packet acts as master. The master router orchestrates the exchange of link-state information, while the slave router responds to prompts from the master. RTB engages in this process with both RTA and RTC.
After the routers define their roles as master and slave, they enter the Exchange state. The master leads the slave through a swap of DBDs that describe the link-state database in limited detail for each router. These descriptions include the link-state type, the address of the advertising router, the cost of the link, and a sequence number.
The routers acknowledge the receipt of a DBD by sending an LSAck (Type 5) packet, which echoes back the sequence number of the DBD. Each router compares the information that it receives in the DBD with the information that it already has. If the DBD advertises a new or more up-to-date link state, the router will enter the Loading state by sending an LSR (Type 3) packet about that entry. In response to the LSR, a router sends the complete link-state information, using an LSU (Type 4) packet. LSUs carry LSAs.
With the Loading state complete, the routers have achieved full adjacency and entered into the Full state. Figure shows that RTB is now adjacent to RTA and to RTC. Adjacent routers must be in the Full state before they can create their routing tables and route traffic. At this point, the neighbor routers should all have identical link-state databases.
6.2.5 Step 4: Select appropriate routes
After a router has a complete link-state database, it is ready to create its routing table so that it can forward traffic. As mentioned earlier in the module, OSPF uses the metric value called cost. This is used to determine the best path to a destination, as shown in the figure. The default cost value is based on media bandwidth. In general, cost decreases as the speed of the link increases. For example, the 10 Mbps Ethernet interface used by RTB has a lower cost than its T1 serial line because 10 Mbps is faster than 1.544 Mbps.
To calculate the lowest cost to a destination, RTB uses the SPF algorithm. In simple terms, the SPF algorithm adds up the total costs between the local router, called the root, and each destination network. If there are multiple paths to a destination, the lowest cost path is preferred. By default, OSPF keeps up to four equal cost route entries in the routing table for load balancing.
Sometimes a link, such as a serial line, will go up and down rapidly. This is a condition called flapping. If a flapping link causes LSUs to be generated, routers that receive those updates must rerun the SPF algorithm to recalculate routes. Prolonged flapping can severely affect performance. Repeated SPF calculations can overtax the router CPU. Also, the constant updates may prevent link-state databases from converging.
To resist this problem, the Cisco IOS uses an SPF hold timer. After receiving an LSU, the SPF hold timer determines how long a router will wait before running the SPF algorithm. The timers spf command enables the timer to be adjusted, which defaults to ten seconds.
After RTB has selected the best routes using the SPF algorithm, it moves into the final phase of OSPF operation.
6.2.6 Step 5: Maintain routing information
When an OSPF router has installed routes in its routing table, it must diligently maintain routing information. When there is a change in a link-state, OSPF routers use a flooding process to notify other routers on the network about the change. The dead interval from the Hello protocol provides a simple mechanism for declaring a link partner down. If RTB does not hear from RTA for a time period exceeding the dead interval, usually 40 seconds, RTB declares its link to RTA down.
RTB then sends an LSU packet containing the new link-state information, but to whom?
* On a point-to-point network, no DR or BDR exists. New link-state information is sent to the 126.96.36.199 multicast address. All OSPF routers listen at this address.
* On a multiaccess network, a DR and BDR exist and maintain adjacencies with all other OSPF routers on the network. If a DR or BDR needs to send a link-state update, it will send it to all OSPF routers at 188.8.131.52. However, the other routers on a multiaccess network are adjacent only to the DR and the BDR and therefore can send LSUs only to them. For that reason, the DR and BDR have their own multicast address, 184.108.40.206. Non DR and non BDR routers send their LSUs to 220.127.116.11, or all DR and BDR routers.
When the DR receives and acknowledges the LSU destined for 18.104.22.168, it floods the LSU to all OSPF routers on the network at 22.214.171.124. Each router acknowledges receipt of the LSU with an LSAck.
If an OSPF router is connected to another network, it floods the LSU to other networks by forwarding the LSU to the DR of the multiaccess network. It could also flood the LSU to an adjacent router if in a point-to-point network as shown in Figure . The DR multicasts the LSU to the other OSPF routers in that network.
Upon receiving an LSU that includes new information, an OSPF router updates its link-state database. It then runs the SPF algorithm using the new information to recalculate the routing table. After the SPF hold timer expires, the router switches over to the new routing table.
If a route already exists in a Cisco router, the old route is used while the SPF algorithm is calculating the new information. If the SPF algorithm is calculating a new route, the router will not use that route until after the SPF calculation is complete.
It is important to note that even if a change in link state does not occur, OSPF routing information is periodically refreshed. Each LSA entry has its own age timer. The default timer value is 30 minutes. After an LSA entry ages out, the router that originated the entry sends an LSU to the network to verify that the link is still active.
6.3.1 Configuring OSPF on routers within a single area
In this section, the student will learn how to configure OSPF on routers within a single area.
To configure OSPF, enable OSPF on the router and configure the network addresses and area information for the router according to the following steps:
1. Enable OSPF on the router using the following command:
Router(config)#router ospf process-id
The process ID is a process number on the local router. The process ID is used to identify multiple OSPF processes on the same router. The number can be any value between 1 and 65,535. The OSPF processes do not need to be started at one (1). Most network administrators keep the same process ID throughout the entire AS. It is possible to run multiple OSPF processes on the same router, but is not recommended because it creates multiple database instances that add extra overhead to the router.
2. Identify IP networks on the router, using the following command:
Router(config-router)#network address wildcard-mask area area-id
For each network, identify the area to which the network belongs. The network address value can be the network address, subnet, or the address of the interface. The router knows how to interpret the address by comparing the address to the wildcard mask. A wildcard mask is necessary because OSPF supports CIDR and VLSM, unlike RIP v1 and IGRP. The area argument is needed even when configuring OSPF in a single area. Again note that more than one IP network can belong to the same area.
6.3.2 Optional configuration commands
Configuring a Loopback Address
When the OSPF process starts, the Cisco IOS uses the highest local IP address as its OSPF router ID. If a loopback interface is configured, that address is used, regardless of its value. An IP can be assigned to a loopback interface with the following commands:
Router(config)#interface loopback number
Router(config-if)#ip address ip-address subnet-mask
A loopback derived router ID ensures stability because that interface is immune to link failure. The loopback interface must be configured before the OSPF process starts, to override the highest interface IP address.
It is recommended that the loopback address be used on all key routers in the OSPF based network. To avoid routing problems, it is good practice to use a 32-bit subnet mask when configuring a loopback IP address, shown as follows:
Router(config-if)#ip address 192.168.1.1 255.255.255.255
A 32-bit mask is sometimes called a host mask, because it specifies a single host and not a network or subnetwork.
To prevent propagation of bogus or fake routes, OSPF always advertises loopback addresses as host routes, with a 32-bit mask.
Modifying OSPF Router Priority
The DR or BDR elections can be manipulated by configuring the priority value to a number other than the default value, which is one (1). A value of zero (0) guarantees that the router will not be elected as a DR or BDR. Each OSPF interface can announce a different priority. Configure the priority value, a number from 0 to 255, with the ip ospf priority command, which has the following syntax:
Router(config-if)#ip ospf priority number
To set the E0 FastEthernet interface on a router with a priority of zero (0) use the commands that follow:
Set zero priority so it cannot win DR/BDR elections on that network.
RTB(config-if)#ip ospf priority 0
For the priority value to figure into the election, it must be set before the election takes place. The priority value and other key information on the interface can be displayed with the show ip ospf interface command. The output in this example tells which routers have been elected the DR and BDR, the network type, the cost of the link (10), and the timer intervals specific to this interface. In this case, the network type is broadcast multiaccess. The timer intervals configured are Hello (10), Dead (40), Wait (40), and Retransmit (5).
6.3.3 Optional configuration commands (continued)
OSPF routers use costs associated with interfaces to determine the best route. The Cisco IOS automatically determines cost based on the bandwidth of an interface using the following formula:
108/ bandwidth value = 100,000,000 / bandwidth value
Figure shows common default path costs for a variety of media. For OSPF to calculate routes properly, all interfaces connected to the same link must agree on the cost of that link. In a multi-vendor routing environment, the default cost of an interface may be overridden to match another vendor's value with the ip ospf cost command, which has the following syntax:
Router(config-if)#ip ospf costnumber
The new cost can be a number between 1 and 65,535. To override the default cost on the S0 interface of a router, use the following commands:
Router(config-if)#ip ospf cost 1000
The ip ospf cost command can also be used to manipulate the desirability of a route. This is because routers install the lowest-cost paths in their tables.
For the Cisco IOS cost formula to be accurate, serial interfaces must be configured with appropriate bandwidth values. Cisco routers default to T1, 1.544 Mbps, on most serial interfaces and require manual configuration for any other bandwidth, as shown in the following example:
Authentication is another interface specific configuration. Each OSPF interface on a router can present a different authentication key, which functions as a password among OSPF routers in the same area. The following command syntax is used to configure OSPF authentication:
Router(config-if)#ip ospf authentication-keypassword
After a password is configured, enable authentication on an area wide basis with the following syntax, which must be entered on all participating routers:
Although the message-digest keyword is optional, it is recommended that this keyword is always used with this command. By default, authentication passwords will be sent in clear text over the wire. A packet sniffer could easily capture an OSPF packet and decode the unencrypted password. However, if the message-digest argument is used, a message digest, or hash, of the password is sent over the wire in place of the password itself. Unless the recipient is configured with the proper authentication key, that person will not be able to make sense of the message digest.
If message-digest authentication is used, the authentication key will not be used. Instead, configure a message-digest key on the interface of the OSPF router. The syntax for this command is as follows:
Router(config-if)#ip ospf message-digest-keykey-idmd5 [encryption-type] password
Figure describes the ip ospf message-digest-key command parameters.
The following example sets the message-digest key to "itsasecret" and enables message-digest authentication within Area 0.
Router(config-if)#ip ospf message-digest-key 1 md5 7 itsasecret
Router(config-if)#ip ospf message-digest-key 1 md5 7 itsasecret
Router(config-if)#router ospf 1
Router(config-router)#area 0 authentication message-digest
Remember, the same parameters would have to be configured on the other routers in the same area.
Configuring OSPF Timers
In order for OSPF routers to exchange information, they must have the same Hello intervals and the same dead intervals. By default, the dead interval is four times the value of the Hello interval. That way, a router has four chances to send a Hello packet before being declared dead.
On broadcast OSPF networks, the default Hello interval is ten seconds, and the default dead interval is 40 seconds. On nonbroadcast networks, the default Hello interval is 30 seconds, and the default dead interval is two minutes or 120 seconds.
These default values typically result in efficient OSPF operation and therefore do not need to be modified. A situation may appear in which the Hello and dead intervals need to be adjusted either to improve performance or to match the timers on another router. The syntax of the commands needed to configure both the Hello and dead intervals is as follows:
Router(config-if)#ip ospf Hello-intervalseconds
Router(config-if)#ip ospf dead-intervalseconds
The following example sets the Hello interval to five seconds, and the dead interval to 20 seconds:
Router(config-if)#ip ospf Hello-interval 5
Router(config-if)#ip ospf dead-interval 20
Notice that, although it is advised, the Cisco IOS does not require the dead interval to be configured to be four times the Hello interval. If the dead interval is set to be less than that, the risk is increased that a router could be declared dead. In fact, a congested or flapping link has prevented one or two Hello packets from reaching their destination.
6.3.4 Show commands
Use the commands in Figure to verify that OSPF is working properly. Become familiar with these commands to ensure that the routers are configured correctly and are performing the way they should.
6.3.5 Clear and debug commands
The following commands and their associated options can be used when troubleshooting OSPF.
To clear all routes from the IP routing table, use the following command:
Router#clear ip route *
To clear a specific route from the IP routing table, use the following command:
Router#clear ip route A.B.C.DA.B.C.D Destination network route to delete
To debug OSPF operations, use the following debug options:
Router#debug ip ospf ?
adj OSPF adjacency events
events OSPF events
flood OSPF flooding
lsa-generation OSPF lsa generation
packet OSPF packets
retransmission OSPF retransmission events
spf OSPF spf
tree OSPF database tree
6.4.1 NBMA overview
This module has focused on two types of OSPF networks in detail, broadcast multiaccess and point-to-point networks. Even if there is only one router, broadcast multiaccess networks elect a DR and a BDR to serve as focal points for routing information. In contrast, point-to-point OSPF networks do not elect a DR because they can never include more than two nodes.
Another type of OSPF network, Nonbroadcast Multiaccess (NBMA), can include more than two nodes as shown in Figure . Therefore, NBMA will try to elect a DR and a BDR. Common NBMA implementations include Frame Relay, X.25, and SMDS. NBMA networks follow rules at Layer 2 that prevent the delivery of broadcasts and multicasts. Figure summarizes the OSPF network types.
NBMA networks can create problems with OSPF operation, specifically with the exchange of multicast Hello packets. RTA, RTB, and RTC belong to the same IP subnetwork and will attempt to elect a DR and a BDR. However, these routers cannot hold a valid election if they cannot receive multicast Hellos from every other router on the network. Without administrative intervention, a strange election takes place. As far as RTA is concerned, RTC is not participating. Likewise, RTC goes through the election process oblivious to RTA. This botched election can lead to problems if the central router, RTB, is not elected the DR.
The Cisco IOS offers several options for configuring OSPF to overcome NBMA limitations, including the OSPF neighbor command, point-to-point subinterfaces, and point-to-multipoint configuration. The solutions that are available depend on the current NBMA network topology.
6.4.2 Full-mesh Frame Relay
The different NBMA topologies must be understood before selecting an OSPF configuration strategy for a Frame Relay network, or legacy X.25 network. Fundamentally, two possible physical topologies exist for Frame Relay networks.
* Full-mesh topology
* Partial-mesh topology, including the hub-and-spoke topology
The following sections describe how to configure OSPF in both full-mesh and partial-mesh Frame Relay networks.
Full-Mesh Frame Relay
Organizations use Frame Relay primarily because it supports more than one logical connection over a single interface. This makes it an affordable and flexible choice for WAN links. A full-mesh topology takes advantage of the capabilities Frame Relay has to support multiple permanent virtual circuits (PVCs) on a single serial interface. In a full-mesh topology, every router has PVCs to every other router.
For OSPF to work properly over a multiaccess full-mesh topology that does not support broadcasts, each OSPF neighbor addresses must be manually entered on each router, one at a time. The OSPF neighbor command tells a router about the IP addresses of its neighbors so that it can exchange routing information without multicasts. The following example illustrates how the neighbor command is used:
RTA(config)#router ospf 1
RTA(config-router)#network 126.96.36.199 0.0.0.255 area 0
Specifying the neighbors for each router is not the only option to make OSPF work in this type of environment. The following section explains how configuring subinterfaces can eliminate the need for the neighbor command.
Configuring Subinterfaces to Create Point-to-Point Networks
The IOS subinterface feature can be used to break up a multiaccess network into a collection of point-to-point networks.
In Figure , a different IP subnet is assigned to each PVC. OSPF automatically recognizes this configuration as point-to-point, not NBMA, even with Frame Relay configured on the interfaces. Recall that OSPF point-to-point networks do not elect a DR. Instead, the Frame Relay router uses Inverse ARP or a Frame Relay map to obtain the link partner's address so that routing information can be exchanged.
A full-mesh topology offers numerous advantages, including maximum fault tolerance. Unfortunately, full-mesh topologies can get expensive because each PVC must be leased from a provider. An organization would have to lease 45 PVCs to support just ten fully meshed routers. If subinterfaces are used to create point-to-point networks, then the 45 IP subnets must also be allocated and managed, which is an additional expense.
6.4.3 Partial-mesh Frame Relay
Because a full-mesh topology is costly, many organizations implement a partial-mesh topology instead. A partial-mesh topology is any configuration in which at least one router maintains multiple connections to other routers, without being fully meshed. The most cost-effective partial-mesh topology is a hub-and-spoke topology. This is where a single router, the hub, connects to multiple spoke routers.
The hub-and-spoke topology is a cost effective WAN solution that introduces a single point of failure, the hub router. Organizations typically use Frame Relay because it is inexpensive, not because it is fault tolerant. Since dedicated leased lines typically carry mission critical data, an economical Frame Relay topology, such as hub-and-spoke, makes sense.
Unfortunately, the neighbor command that worked with a full-mesh topology does not work as well with the hub-and-spoke topology. The hub router in Figure sees all the spoke routers and can send routing information to them using the neighbor command, but the spoke routers can send Hellos only to the hub.
The DR or BDR election will be held, but only the hub router sees all of the candidates. Because the hub router must act as the DR for this OSPF network to function properly, configure an OSPF interface priority of zero (0) on all the spoke routers. Recall that a priority of zero (0) makes it impossible for a router to be elected as a DR or a BDR for a network.
A second approach to dealing with this topology is to avoid the DR and BDR issue altogether by breaking the network into point-to-point connections. Point-to-point networks will not elect a DR or a BDR.
Although they make OSPF configuration straightforward, point-to-point networks have major drawbacks when used with a hub-and-spoke topology. Subnets must be allocated for each link. This can lead to WAN addressing that is complex and difficult to manage. The WAN addressing issue can be avoided by using IP unnumbered, but many organizations have WAN-management policies that prevent using this feature. Are there any possible alternatives to a point-to-point configuration? Fortunately, the Cisco IOS offers a relatively new alternative. A hub-and-spoke physical topology can be manually configured as a point-to-multipoint network type, as described in the following section.
6.4.4 Point-to-Multipoint OSPF
In a point-to-multipoint network, a hub router is directly connected to multiple spoke routers, but all the WAN interfaces are addressed on the same subnet.
This logical topology was seen earlier in the module. However, it was also learned that OSPF does not work properly as an NBMA OSPF network type. By manually changing the OSPF network type to point-to-multipoint, this logical topology can then work. Routing between RTA and RTC will go through the router that has virtual circuits to both routers, RTB. Notice that it is not necessary to configure neighbors when using this feature. Inverse ARP will discover them.
Point-to-multipoint networks have the following properties:
* Adjacencies are established between all neighboring routers. There is no DR or BDR for a point-to-multipoint network. No network LSA is originated for point-to-multipoint networks. Router priority is not configured for point-to-multipoint interfaces or for neighbors on point-to-multipoint networks.
* When originating a router LSA, the point-to-multipoint interface is reported as a collection of point-to-point links to all the adjacent neighbors on the interface. This is together with a single stub link advertising the IP address of the interface with a cost of 0.
When flooding out a nonbroadcast interface, the LSU or LSAck packet must be replicated to be sent to each of the neighbors on the interface.
To configure point-to-multipoint, manually override the detected OSPF network type with the following syntax:
Router(config-if)#ip ospf network point-to-multipoint
Also configure the interface with a frame-relay map ip command, as in the following syntax:
Router(config-if)#frame-relay map ipaddress dlci broadcast
The broadcast keyword permits the router to send broadcasts by way of the specified DLCI to the mapped neighbor or neighbors. If applying the point-to-multipoint configuration to the example network shown in Figure , two separate frame-relay map statements would have to be configured on the hub router, RTB. Partial configurations for each router are shown in Figure .
In a point-to-multipoint configuration, OSPF treats all router-to-router connections on the nonbroadcast network as if they were point-to-point links. No DR is elected for the network. Neighbors can be manually specified using the neighbor command or can be dynamically discovered using Inverse ARP.
Ultimately, point-to-multipoint OSPF offers efficient operation without administrative complexity.
6.5.1 Creating multiple OSPF areas
Three issues can overwhelm an OSPF router in a heavily populated OSPF network:
* high demand for router processing and memory resources
* large routing tables
* large topology tables
In a very large internetwork, changes are inevitable. OSPF routers are likely to run SPF calculations frequently, which deprive the router of precious CPU cycles and memory resources.
Not only is the routing table frequently recalculated in a large OSPF network, but it also risks being overstuffed with multiple paths and hundreds of routes. Full routing tables make routers less efficient. Finally, the link-state database, which must contain a complete topology of the network, will also threaten to consume resources and slow down the router.
Fortunately, OSPF allows large areas to be separated into smaller, more manageable areas. These smaller areas can exchange summaries of routing information rather than exchange every detail. By splitting the network into manageable pieces, OSPF routers can scale gracefully.
Just how many routers can an OSPF area support? Field studies have shown that a single OSPF area should not stretch beyond 50 routers, although there is no set limit. Some areas may do fine with more than 50 routers. Other areas, particularly those with unstable links, may need to operate with fewer than 50 routers. Ultimately, it must be determined just how many routers a particular OSPF area can handle. Knowing the network, by tracking performance and monitoring usage, is the only way to accurately gauge whether an OSPF area can support 20, 30, or 60 routers.
The capability of OSPF to separate a large internetwork into multiple areas is referred to as hierarchical routing. Hierarchical routing enables the separation of large internetworks into smaller internetworks that are called interareas. With this technique, interarea routing still occurs. Interarea routing is the process of exchanging routing information between OSPF areas. However, interarea routing allows OSPF to summarize and contain area specific information so that many of the smaller internal routing operations, such as recalculating the database, are restricted within an area.
For example, if Area 1 is having problems with a link going up and down or flapping, routers in other areas do not need to run their shortest path first (SPF) calculation because they are isolated from the problems in Area 1.
The hierarchical topology possibilities of OSPF have the following important advantages:
* Reduced frequency of SPF calculations – Because detailed route information is kept within each area, it is not necessary to flood all link-state changes to all other areas. Therefore, only those routers affected by a change need to run the SPF calculation.
* Smaller routing tables – When using multiple areas, detailed route entries for specific networks within an area are kept inside the area. Rather than advertise these explicit routes outside the area, the routes can be summarized into one or more summary routes. Advertising these summaries reduces the amount of LSAs propagated between areas but allows all networks to remain reachable.
* Reduced link-state update (LSU) overhead – LSUs can contain a variety of LSA types, including link-state information and summary information. Rather than send an LSU about each network to every area, advertise a single route or a few summarized routes between areas to reduce the overhead associated with LSUs that cross multiple areas.
Hierarchical routing increases routing efficiency because it allows the ability to control the type of routing information that flows into and out of an area. OSPF provides for different types of routing updates, depending on the type of area and the number of areas that a router connects to. The following sections describe the different roles that an OSPF router can play, the types of LSAs that it can use, and the types of areas that it can connect to.
6.5.2 OSPF router types
The following are four different types of OSPF routers that exist:
* Internal router – As discussed previously, routers that have all their interfaces within the same area are called internal routers. Internal routers in the same area have identical link-state databases and run a single copy of the routing algorithm.
* Backbone router – Routers that are attached to the backbone area of the OSPF network are called backbone routers. They have at least one interface connected to Area 0, the backbone area. These routers maintain OSPF routing information using the same procedures and algorithms as internal routers.
* Area Border Router (ABR) – ABRs are routers with interfaces attached to multiple areas. They maintain separate link-state databases for each area to which they are connected, and they route traffic destined to or arriving from other areas. ABRs are exit points for the area, which means that routing information destined for another area can travel there only by way of the of the local area ABR. ABRs summarize information about the attached areas from their link-state databases and distribute the information into the backbone. The backbone ABRs then forward the information to all other connected areas. An area can have one or more ABRs.
* Autonomous System Boundary Router (ASBR) – ASBRs are routers that have at least one interface connected to an external internetwork, another autonomous system, such as a non-OSPF network. These routers can import non-OSPF network information to the OSPF network, and OSPF to non-OSPF. This is referred to as redistribution.
A router can be more than one router type. For example, if a router interconnects to Area 0 and Area 1, as well as to a non-OSPF network, it would be both an ABR and an ASBR.
6.5.3 OSPF LSA and area types
Multiarea OSPF is scalable because the link-state database of a router can include multiple types of LSAs. Designated routers (DRs) and routers that reside in multiple areas or autonomous systems use special LSAs to send or summarize routing information. The OSPF LSA types are described in Figure .
OSPF Area Types
The characteristics that are assigned to an area control the type of route information that it can receive. For example, the size of routing tables may need to be minimized in an OSPF area. In this case configure the routers to operate in an area that does not accept external routing information, Type 5 LSAs.
The following are several area types that are possible:
* Standard area – A standard area can accept link updates and route summaries.
* Backbone area (transit area) – When interconnecting multiple areas, the backbone area is the central entity to which all other areas connect. The backbone area is always Area 0. All other areas must connect to this area to exchange route information. The OSPF backbone has all the properties of a standard OSPF area.
* Stub area – A stub area is an area that does not accept information about routes external to the autonomous system, the OSPF internetwork, such as routes from non-OSPF sources. If routers need to reach networks outside the autonomous system, they use a default route. A default route is noted as 0.0.0.0/0.
* Totally stubby area – A totally stubby area is an area that does not accept external autonomous system (AS) routes and summary routes from other areas internal to the autonomous system. Instead, if the router needs to send a packet to a network external to the area, it sends it using a 0.0.0.0/0 default route. Totally stubby areas are a Cisco proprietary feature.
* Not-so-stubby area (NSSA) – An NSSA is an area that is similar to a stub area but allows for importing external routes as Type 7 LSAs and translation of specific Type 7 LSA routes into Type 5 LSAs.
A key difference among these OSPF area types is the way they handle external routes. External routes are injected into OSPF by an ASBR. The ASBR may learn these routes from RIP or some other routing protocol.
An ASBR can be configured to send out two types of external routes into OSPF. These types are denoted in the routing table as E1 for Type 1 and denoted in the routing table as E2 for Type 2. Depending on the type, OSPF calculates the cost of external routes differently, as follows:
* E1 – If a packet is an E1, then the metric is calculated by adding the external cost to the internal cost of each link that the packet crosses. Use this packet type when there are multiple ASBRs advertising a route to the same autonomous system.
* E2 – If a packet is an E2, then the packet will always have the external cost assigned, no matter where in the area it crosses, this is the default setting on ASBRs. Use this packet type if only one router is advertising a route to the autonomous system. Type 2 routes are preferred over Type 1 routes unless two equal cost routes exist to the destination.
For example, consider the network shown in Figure .
In this network, RTB will receive external RIP routes, including 188.8.131.52/8 from RTA. By default, RTA is sending external routing information using Type 2 metrics. Therefore, when RTB sends this route to RTC, the metric for the external route remains the same, in this case, 20. Click on the topology to compare the table for RTB with the table for RTC.
Now, configure RTA to use a Type 1 metric with external routes. OSPF will increment the metric value of the external route according to its standard cost algorithm. It can be seen that, in the show ip route output, the same routes now have very different metrics in each table. RTB now increments the metric for the external route.
6.5.4 Configuring OSPF operation across multiple areas
Internal routers, ABRs, ASBRs, and backbone routers each play a role in communicating OSPF routing information in a multiarea network. This section summarizes how the different types of OSPF routers flood information and how they build their routing tables when operating within a multiarea environment.
It was seen that a packet destined for a network within an area is merely forwarded from one internal router to another until it reaches the destination network.
However, what if a packet must traverse multiple areas as shown in the figure?
In this case, the packet must exit Area 1 by way of ABR1. ABR1 then sends the packet through the backbone area to ABR2. Finally, ABR2 can forward the packet to an internal router in Area 50. The internal router then delivers the message to the appropriate host on that network.
For the OSPF routers in this example to make these routing decisions, they must build sufficient routing tables by exchanging LSUs. The LSU exchange process within a single OSPF area relies on just two LSA types, Type 1 and Type 2. To distribute routing information to multiple areas efficiently, Type 3 and Type 4 LSAs must be used by ABRs. The following sections describe how LSUs containing the various LSA types are flooded to multiple areas, and how OSPF routers use this information to update their routing tables.
6.5.5 Flooding LSUs to multiple areas
An ABR is responsible for generating routing information about each area to which it is connected. Then it floods the information through the backbone area to the other areas to which the backbone is connected. The general process for flooding follows these steps:
1. The routing processes occur within the area, as discussed in Module 4. The entire area must be synchronized before the ABR can begin sending summary LSAs to other areas.
2. The ABR reviews the resulting link-state database and generates summary LSAs, using Type 3 or Type 4. By default, the ABR sends summary LSAs for each network that it knows about. To reduce the number of summary LSA entries, configure route summarization so that a single IP address can represent multiple networks. To use route summarization, the areas need to use contiguous IP addressing, as discussed in Module 2. The better this IP address plan is, the fewer the number of summary LSA entries an ABR will advertise.
3. The summary LSAs are placed in an LSU and distributed through all ABR interfaces, with the following exceptions:
* If the interface is connected to a neighboring router that is in a state below the exchange state, then the summary LSA is not forwarded.
* If the interface is connected to a totally stubby area, then the summary LSA is not forwarded.
* If the summary LSA includes a Type 5 (external) route and the interface is connected to a stub or totally stubby area, then the LSA is not sent to that area.
4. After an ABR or ASBR receives summary LSAs, it adds them to its link-state databases and floods them to the local area. The internal routers then assimilate the information into their databases. Remember that OSPF enables the ability to configure different area types so that the number of route entries that internal routers maintain can be reduced. To minimize routing information, define the area as a stub area, a totally stubby area, or an NSSA.
6.5.6 Updating the routing table
After all routers receive the routing updates, they add them to their link-state databases and recalculate their routing tables. The order in which paths are calculated is as follows:
1. All routers first calculate the paths to destinations within their area and add these entries into the routing table. These are learned by way of Type 1 and Type 2 LSAs.
2. All routers then calculate the paths to the other areas within the internetwork. These paths are learned by way of interarea route entries, or Type 3 and Type 4 LSAs. If a router has an interarea route to a destination and an intra-area route to the same destination, the intra-area route is kept.
3. All routers, except those that are in any of the stub area types, then calculate the paths to the AS external, Type 5, destinations.
At this point, a router can reach any network within or outside the OSPF autonomous system.
6.5.7 Opaque LSAs
Opaque LSAs provide a means to allow for the future extensibility of OSPF. The information contained in opaque LSAs may be used directly by OSPF or indirectly by applications wishing to distribute information throughout an OSPF domain. For example, the OSPF opaque LSA may be used for traffic engineering with MPLS.
Opaque LSAs are Types 9, 10, and 11 link-state advertisements. Opaque LSAs consist of a standard LSA header followed by a 32-bit aligned application specific information field. Like any other LSA, the opaque LSA uses the link-state database distribution mechanism for flooding this information throughout the topology. The link-state type field of the opaque LSA identifies the topological distribution range of LSA. This range is referred to as the flooding scope.
The flooding scope associated with each opaque link-state type is defined as follows:
* Link-state Type 9 denotes a link-local scope. Type 9 opaque LSAs are not flooded beyond the local network or subnetwork.
* Link-state Type 10 denotes an area-local scope. Type 10 opaque LSAs are only flooded within their associated area.
* Link-state Type 11 denotes that the LSA is flooded throughout the entire Autonomous System (AS). The flooding scope of Type 11 LSAs is equivalent to the flooding scope of AS-external, Type 5, LSAs.
6.6.1 Using and configuring OSPF multiarea components
The following paragraphs cover some of the multiarea OSPF capabilities and associated configurations in more detail. The student will learn how to configure an ABR and how to configure route summarization.
Configuring an ABR
There are no special commands to make a router an ABR or an ASBR. The router becomes an ABR as soon as two of its interfaces are configured to operate in different areas.
Configuring an ASBR
ASBRs are created when OSPF is configured to import, or redistribute, external routes into OSPF.
Notice that the ASBR configuration commands include the command redistribute rip. This command tells OSPF to import RIP routing information. A detailed discussion of route redistribution can be found in Module 8, Route Optimization.
6.6.2 Configuring OSPF route summarization
Recall that summarization is the consolidation of multiple routes into one single, supernet advertisement. See Module 2 for more details on this. Proper summarization requires contiguous, sequential, addressing. 184.108.40.206, 220.127.116.11, 18.104.22.168, and so on are examples of contiguous addressing. OSPF routers can be manually configured to advertise a supernet route, which is different from an LSA summary route.
Route summarization directly affects the amount of bandwidth, CPU, and memory resources that are consumed by the OSPF process. With summarization, if a network link fails or flaps, the topology change will not be propagated into the backbone, and other areas by way of the backbone. As discussed in previous modules, route summarization protects routers from needless routing table recalculations. Because the SPF calculation places a significant demand on a router CPU, proper summarization is an important part of OSPF configuration.
OSPF supports the following two types of summarization:
* Interarea route summarization – Interarea route summarization is done on ABRs and applies to routes from within each area. It does not apply to external routes injected into OSPF by way of redistribution. To take advantage of summarization, network numbers within areas should be contiguous.
* External route summarization – External route summarization is specific to external routes that are injected into OSPF by way of redistribution. Here again, it is important to ensure that external address ranges that are being summarized are contiguous. Summarization of overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Only ASBRs can summarize external routes.
To configure an ABR to summarize routes for a specific area before injecting them into a different area, use the following syntax:
To configure an ASBR to summarize external routes before injecting them into the OSPF domain, use the following syntax:
Use the following commands to configure RTA for external router summarization as shown in the Figure.
RTA(config)#router ospf 1
RTA(config-router)#summary-address 22.214.171.124 255.255.0.0
Once configured, RTA will send only a single summary route, 126.96.36.199/16, into the OSPF domain.
Because RTB sits on the border between Area 0 and Area 1, it should be configured to perform interarea summarization, shown as follows:
RTB(config)#router ospf 1
RTB(config-router)#area 1 range 192.168.16.0 255.255.252.0
Notice that the area 1 range command in this example specifies the area containing the range to be summarized before being injected into Area 0.
Also, depending on the network topology, summarizing Area 0 networks may not be wanted. If there is more than one ABR between an area and the backbone area, for example, sending a summary LSA with the explicit network information will ensure that the shortest path is selected. If the addresses are summarized, a suboptimal path selection may occur.
6.6.3 Verifying multiarea OSPF operation
In addition to the show commands discussed in Module 4, several key OSPF commands can be used to verify multiarea operation.
* show ip ospf border-routers – Displays the internal OSPF routing table entries to an ABR.
* show ip ospf virtual-links – Displays parameters about the current state of OSPF virtual links.
* show ip ospf process-id – Displays information about each area to which the router is connected, and indicates whether the router is an ABR, ASBR, or both. The process ID is a user defined identification parameter. It is locally assigned and can be any positive integer number. The number used here is the number assigned administratively when enabling the OSPF routing process.
* show ip ospf database – Displays the contents of the topological database maintained by the router. Several keywords can be used with this command to get specific information about the following links:
o show ip ospf [process-id area-id] database [router] – Displays individual router link-state information.
o show ip ospf [process-id area-id] database [network] – Displays network link-state information. The area ID is the area number associated with the OSPF address range defined in the network router configuration command when defining a particular area.
o show ip ospf [process-id area-id] database [summary] – Displays summary information about ABR link states.
o show ip ospf [process-id area-id] database [asbr-summary] – Displays information about ASBR link-states.
o show ip ospf [process-id area-id] database [external] – Displays information about autonomous system external link states.
o show ip ospf [process-id area-id] database [database-summary] – Displays database summary information and totals.
6.7.1 Using stub and totally stubby areas
An OSPF router interface can be configured to either operate as a stub area or a totally stubby area. A stub area does not accept information about routes external to the AS. A totally stubby area does not accept external AS routes and summary routes from other areas internal to the AS.
By configuring an area as stub, the size of the link-state database inside that area can be greatly reduced. As a result, this will reduce the memory requirements of area routers. Remember that stub areas do not accept Type 5, external, LSAs.
Because OSPF routers internal to a stub area will not learn about external networks, routing to the outside world is based on a 0.0.0.0/0 default route. When configuring a stub area, the ABR on the stub automatically propagates a 0.0.0.0/0 default route within the area.
Stub areas are typically created when using a hub-and-spoke topology, with the spokes configured as stub areas. The spokes could be the branch offices. In the case of a hub-and-spoke topology, the branch office may not need to know about every network at the headquarters site. It can instead use a default route to get there.
To further reduce the number of routes in a table, create a totally stubby area, which is a Cisco specific feature. A totally stubby area is a stub area that blocks external Type 5 LSAs and summary, Type 3 and Type 4, LSAs from entering the area. This way, intra-area routes and the default of 0.0.0.0/0 are the only routes known to the stub area. ABRs inject the default summary link 0.0.0.0/0 into the totally stubby area.
Therefore, totally stubby areas further minimize routing information and increase stability and scalability of OSPF internetworks. This is typically a better solution than creating stub areas, unless the target area uses a mix of Cisco and non-Cisco routers. The following sections describe the criteria for determining whether an area should be configured as stub or totally stubby, and the configuration commands necessary to implement these area types.
6.7.2 Stub and totally stubby area criteria
An area can be qualified as a stub or totally stubby when it meets the following criteria:
* There is a single exit point from that area.
* The area is not needed as a transit area for virtual links. Virtual links are discussed at the end of this module.
* No ASBR is internal to the stub area.
* The area is not the backbone area, or Area 0.
These criteria are important because a stub or totally stubby area is configured primarily to exclude external routes. If these criteria are not met, external links may be injected into the area, invalidating their stubby nature.
6.7.3 Configuring stub and totally stubby areas
To configure an area as a stub or totally stubby area, use the following syntax on all routers that are configured to belong to that area:
Router(config-router)#area area-id stub
The optional no-summary keyword is used only on ABRs. This keyword configures the ABR to block interarea summaries, Type 3 and Type 4 LSAs. The no-summary keyword creates a totally stubby area. The area stub command is configured on each router in the stub location, which is essential for the routers to become neighbors and exchange routing information. When this command is configured, the stub routers exchange Hello packets with the E bit set to 0. The E bit is in the Options field of the Hello packet. It indicates that the area is a stub area. The state of this bit must be agreed upon otherwise the routers will not become neighbors.
On ABRs only, there is the option of defining the cost of the default route that is automatically injected in the stub or totally stubby area. Use the following syntax to configure the cost of the default route:
Router(config-router)#areaarea-id default-cost cost
6.7.4 OSPF stub area configuration example
In the figure, Area 2 is configured as a stub area. No routes from the external autonomous system will be forwarded into the stub.
The last line in each configuration, area 2 stub, defines the stub area. The area stub default-cost has not been configured on R3, so this router will advertise 0.0.0.0, the default route, with a default cost metric of one plus any internal costs.
The only routes that will appear on the routing table for R4 are intra-area routes, the default route, and interarea routes. Intra-area routes are designated with an O in the routing table. Both the default and interarea routes are designated with an IA in the routing table. The default route will also be denoted with an asterisk.
Notice that each router in the stub must be configured with the area stub command. The area stub command determines whether the routers in the stub become neighbors. This command must be included on all routers in the stub area if they are to exchange routing information.
6.7.5 OSPF totally stubby area configuration example
In Figure , the keyword no-summary has been added to the area stub command on R3. This keyword causes summary routes, delivered by both Type 3 and Type 4 LSAs, to also be blocked from the stub. Each router in the stub picks the closest ABR as a gateway to all other networks outside the area.
The only routes that will appear on the routing table for R4 are intra-area routes, designated with an O in the routing table, and the default route. No interarea routes, designated with an IA in the routing table, will be included.
Notice that it is necessary to configure the no-summary keyword only on the totally stubby border routers, because the area is already configured as stub.
6.7.6 NSSA overview
NSSAs are a relatively new, standards based OSPF enhancement. To understand how to use NSSAs, consider the network shown in Figure.
RTA connects to an external RIP domain, and RTB currently serves as an ABR for Area 0. If the RIP domain is not under the administrative control, what options are there to exchange routing information between these two domains? If dynamic routing is going to be used, an OSPF standard area could be created.
However, what if the routers that are placed in Area 1 do not have the required processing power or memory to run OSPF? It has been learned that the burden on OSPF routers can be reduced by configuring them to participate in a stub or totally stubby area. Figure illustrates what would happen in this case.
A stub area cannot include an ASBR because Type 5, external LSAs are not allowed in a stub domain. The configuration shown in Figure would fail miserably.
So, how does external routing information dynamically exchanged without creating a standard OSPF area? Another routing protocol could be configured, such as RIP or IGRP, in place of creating an Area 1. This may prove to be a disadvantage. This is because an additional routing protocol must be maintained and imported into OSPF and because the RIP domain is not under the administrative control.
With the introduction of the NSSA, there is another, easier option. An NSSA acts like a stub network in the sense that it does not allow Type 5 LSAs. It can also be configured to prevent floods of Type 3 and Type 4 summary LSAs, just as a totally stubby area would. However, an NSSA does allow Type 7 LSAs, which can carry external routing information and be flooded throughout the NSSA.
NSSAs are supported in Cisco IOS version 11.2 and later.
6.7.7 How NSSA operates
By configuring an area as an NSSA, routing tables can be minimized within the area but still import external routing information into OSPF.
Figure illustrates the example network, including an NSSA implementation. RTA can import external routes as Type 7 LSAs, and ABRs will translate Type 7 LSAs into Type 5 LSAs as they leave the NSSA. A benefit of Type 7 LSAs is that they can be summarized. The OSPF specification prohibits the summarizing or filtering of Type 5 LSAs. It is an OSPF requirement that Type 5 LSAs always be flooded throughout a routing domain. When defining an NSSA, specific external routes can be imported as Type 7 LSAs into the NSSA. In addition, when translating Type 7 LSAs to be imported into nonstub areas, the LSAs can be summarized or filtered before importing them as Type 5 LSAs.
NSSAs are often used when a remote site, which uses RIP or IGRP, must be connected to a central site using OSPF. Use NSSA to simplify the administration of this kind of topology. Before NSSA, the connection between the corporate site ABR and the remote router used RIP or EIGRP. This meant maintaining two routing protocols. Now, with NSSA, OSPF can be extended to handle the remote connection by defining the area between the corporate router and the remote router as an NSSA.
Figure shows the central site and branch offices interconnected through a slow WAN link. The branch office is not using OSPF, but the central site is. If a standard OSPF area between the two networks is configured, the slow WAN link could be overwhelmed by the ensuing flood of LSAs. This is especially true for Type 5 external LSAs. As an alternative, configure a RIP domain between the two networks, but that would mean running two routing protocols on the central site routers. A better solution is to configure an OSPF area and define it as a NSSA.
In this scenario, RTA is defined as an ASBR. It is configured to redistribute any routes within the RIP or EIGRP domain to the NSSA. The following is a description of what happens when the area between the connecting routers is defined as an NSSA:
* RTA receives RIP or EIGRP routes for networks 10.10.0.0/16, 10.11.0.0/16, and 188.8.131.52/8.
* Because RTA is also connected to an NSSA, it redistributes the RIP or EIGRP routes as Type 7 LSAs into the NSSA.
* RTB, an ABR between the NSSA and the backbone Area 0, receives the Type 7 LSAs.
* After the SPF calculation on the forwarding database, RTB translates the Type 7 LSAs into Type 5 LSAs and then floods them throughout Area 0.
It is at this point that RTB could have summarized routes 10.10.0.0/16 and 10.11.0.0/16 as 10.0.0.0/8, or could have filtered one or more of the routes.
6.7.8 Configuring NSSA
To configure an OSPF area as a NSSA, configure all OSPF router interfaces that belong to the area using the following command syntax:
Router(config-router)#area area-id nssa [no-summary]
Typically, use the optional keyword no-summary when configuring NSSA on an ABR. This prevents Type 3 and Type 4 summary routes from flooding the NSSA area and minimizes the routing tables within the area. In effect, the no-summary keyword makes the NSSA totally stubby.
Optionally, the summarization or filtering can be controlled during the translation using the following syntax:
Router(config)#summary-address prefix mask [not-advertise][tagtag]
The not-advertise keyword is used to suppress routes that match the prefix and mask pair. This keyword applies to OSPF only. The tag value can also be assigned but is not required. Route tags can be used in policy routing and are discussed in Module 5, EIGRP.
To verify that NSSA is defined on a given router, use the show ip ospf command. This command shows the general OSPF configured parameters, including the number of NSSAs to which the router is attached and whether the router is performing LSA translation.
6.8.1 Meeting the backbone area requirements
OSPF has certain restrictions when multiple areas are configured. One area must be defined as Area 0, the backbone area. It is called the backbone because all inter-area communication must go through it. Therefore, all areas should be physically connected to Area 0 so that the routing information injected into this backbone can be disseminated to other areas. The backbone area must always be configured as Area 0. No other area ID can function as the backbone.
There are situations, however, when a new area is added after the OSPF internetwork has been designed, and it is not possible to provide that new area with direct access to the backbone. In these cases, a virtual link can be defined to provide the needed connectivity to the backbone area. The virtual link provides the disconnected area a logical path to the backbone. All areas must connect directly to the backbone area or through a transit area.
The virtual link has the following two requirements:
* It must be established between two routers that share a common area.
* One of these two routers must be connected to the backbone.
When virtual links are used, they require special processing during the SPF calculation. That is, the ’real’ next-hop router must be determined so that the true cost to reach a destination across the backbone can be calculated.
Virtual links serve the following purposes:
* They can link an area that does not have a physical connection to the backbone. This linking could occur, for example, when two organizations merge.
* They can patch the backbone if discontinuity in Area 0 occurs. Discontinuity of the backbone might occur, for example, if two companies merge their two separate OSPF networks into a single one with a common Area 0. The only alternative for the companies is to redesign the entire OSPF network and create a unified backbone.
Another reason for creating a virtual link is to add redundancy in cases when router failure might cause the backbone to be split into two.
In Figure , the disconnected Area 0s are linked through a virtual link through the common area, Area 3. If a common area does not already exist, one can be created to become the transit area. Area 0 could become partitioned, for example, if two OSPF networks were merged.
6.8.2 Configuring virtual links
To configure a virtual link, perform the following steps:
1. Configure OSPF, as described previously in the "Using and Configuring OSPF Multiarea Components" section.
2. On each router that will use the virtual link, create the ’virtual link’ configuration. The routers that make the links are the ABR that connects the remote area to the transit area and the ABR that connects the transit area to the backbone area.
Router(config-router)#areaarea-id virtual-link router-id
If the router ID of the neighbor is not known, telnet to it and type the show ip ospf command.
6.8.3 Virtual link configuration example
In Figure Area 3 does not have a direct physical connection to the backbone, Area 0, which is an OSPF requirement. This is because the backbone is a collection point for LSAs. ABRs forward summary LSAs to the backbone, which in turn forwards the traffic to all areas. All interarea traffic transits the backbone.
To provide connectivity to the backbone, a virtual link must be configured between R2 and R1. Area 1 will be the transit area and R1 will be the entry point into Area 0. R2 will have a logical connection to the backbone through the transit area.
Both sides of the virtual link must be configured, as follows:
* R2(config-router)#area 1 virtual-link 10.3.10.5 – With this command, Area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.
* R1(config-router)#area 1 virtual-link 10.7.20.123 – With this command, Area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.
6.9.1 Configuring OSPF
6.9.2 Examining the DR/BDR election process
6.9.3 Multiarea OSPF
6.9.4 Configuring a stub area and a totally stubby area
6.9.5 Configuring an NSSA
6.9.6 Configuring virtual links
6.10.1 OSPF challenge lab
OSPF is a scalable, standards based link-state routing protocol. The benefits of OSPF include no hop count limitation, the capability to multicast routing updates, faster convergence rates, and optimal path selection. The basic steps for OSPF operation are as follows:
1. Establish router adjacencies
2. Select a designated router and a backup designated router
3. Discover routes
4. Select appropriate routes to use
5. Maintain routing information
Learned in this module were the following:
* The advantages of multiarea OSPF configurations
* The OSPF components used in a large multiarea OSPF internetwork
* The benefits of multiarea configurations include reduced frequency of SPF calculations, smaller routing tables, and reduced LSU overhead.
* The types of areas including stub, totally stubby, and NSSA
* OSPF router types including ABRs and ASBRs
* Link-state advertisements
* Virtual links
- prepara tu examen ccna.
- prepara tu examen ccnp.
- prepara tu certificacion ccnp.
- prepara tu certificacion ccna.
- prepara tu examenes ccna.
- prepara tu examenes ccnp.
- prepara tu certificaciones ccnp.
- prepara tu certificacion ccna.