Hour 36: OSPF Review Part 1

OSPF

Consult the symbols legend at the end of the post for information on symbols.

Metric:

  • AD of 110
  • Metric is defined as Cost,
  • Cost =  reference bandwidth/ interface bandwidth
  •  [(RTR)auto-cost reference-bandwidth <bw in Mbps>] Default autocost reference: 100000000/BW bps (100 Mbps)
  • [(IF)ip ospf cost <cost>] overrides the cost
  • [(RTR)neighbor <ip> cost <cost>] only for point to multipoint and point-to-multipoint non-broadcast links (spokes with different CIR’s)

Neighbors:

  • Hello is always sourced from interface primary subnet with destination MAC 0100.5E00.0005 and multicast 224.0.0.5. For DR routers multicast address is 224.0.0.6 and destination MAC is 0100.5E00.0006. Protocol is 89.
  • Adjacency
  1. To form adjacency these parameters must match: Authentication, Area, DR/BDR capability, Timers, Stub Area Flag, MTU and subnet (unless p2p that does not check subnet).
  2. Adjacency will not form with secondary addresses but will advertise the prefix
  3. Unnumbered interfaces with different subnets are possible because it does not check the source IP. Also, primary interface must be covered by network statement [(RTR)network <net><wildcard> area <id>] not an interface statement[(IF) ip ospf <process> area <area>].
  • States:
  1. Down: No Hello’s have been received from neighbor. Hello’s sent every Hellointerval.
  2. Attempt – applies only to manually configured neighbors on NBMA networks. A router sends unicast hello packets to a neighbor in at PollInterval instead of HelloInterval (see timers)
  3. Init – Hello packet has been seen from neighbor in the last RouterDeadInterval
  4. 2-Way – Router has seen its own Router ID (RID) in the Neighbor field of the neighbor’s hello packets
  5. ExStart – Routers establish a master/slave relationship and determine the initial Database Descripton (DD) sequence. Highest RID becomes the master. Lower MTU is accepted. Use [(RTR)ip ospf mtu-ignore] if router is stuck on ExStart because of mismatching MTU, only has to be configured on one side.
  6. Exchange – The router sends DD packets
  7. Loading – Router sends LSR and LSU packets

Timers:

  • Hello: 10 seconds on LAN, 30 sec NBMA
  • Deads:4X Hello, 40 sec LAN, 120 sec NBMA – Counts down
  • LSARefresh: 30 mins, each router originating LSA re-floods id with incremented seq every 30 min (Link State Refresh Interval)
  • LSA Maxage: 60 min, Each router expects LSA to be refreshed within 60 minutes
  • [(IF)ip ospf dead-interval minimal hello multiplier 4]  250ms hello with 1 sec dead (Fast Hello Feature)
  • [(IF)ip ospf hello-interval <sec>] Hold will be automatically set to 4x Hello
  • [(IF) ip ospf transmit-delay <sec>] age is incremented by a InfTransDelay variable  (default 1sec) on transited routers. It is also incremented as it resides in the database.
  • [(RTR)neighbor <ip> poll-interval <interval in sec>] PollInterval on NBMA how often to send hello messages to neighbors which are in the “Attempt” state (Default 120 sec)
  • Pacing:
  1. [(RTR) timers pacing retransmissions <msec>] Time at which LSA in retransmission queue are paced, default  66ms
  2. [(RTR) timers pacing flood <msec>] Time in msec between consecutive LSU’s when flooding LSA, default 33 msec
  3. [(RTR) timers pacing lsa-group <sec>] By delaying the refresh, more LSA’s can be grouped together (default 240 sec)
  • [(IF) ip ospf flood-reduction] Stop LSA flooding every 30 min by setting DoNotAge flag, removing requirement for periodic refresh interfaces

Summary:

  • [(RTR)summary-address <prefix> <mask> %no-advertise% %tag <tag>%] Use this command to advertise external routes; external routes can be summarized only on an ASBR which redistributed those routes. Cost is taken from the lowest cost of component routes.
  • [(RTR)area <id> range <prefix> <mask> %cost <cost>%] Inter-area (LSA1 and LSA2 only) can be summarized on ABR. Component route must exist in area id. Cost of summary is the lowest cost of more specific prefixes.
  • [(RTR)no discard-route {internal | external}] Since 12.1+ summary address will create null0 route to prevent loops. Use this command to disable creation of Null0.
  • [(RTR) area <id> nssa translate type7 supress-fa] If summarization is used the Forwarding Address(FA) is lost in NSSA. This command sets the FA to 0.0.0.0, this means that other routers will use the ABR as FA.

Default route:

  • OSPF does not support summary-address 0.0.0.0 to generate a default route
  • [(RTR)default-information originate %always%] Makes a router originate a 0.0.0.0 type 5 LSA even if the router does not have a default route in its routing table. If you have [ip route 0.0.0.0 0.0.0.0 <ip next hop>] you do not need the always option.
  •  [(RTR)area <id> default-cost <cost>] Sets cost for a default route automatically generetad by an ABR. Useful if many ABR’s exist. By default cost of default is 1.
  • [(RTR)area <id> nssa no-summary default-information originate] Default will be originated as N2 with cost 1 and LSA3. No-summary option overrides LSA7 in the routing table but both LSA’s will be in the database. If no-summary option is removed, default is originated as LSA7.
  • Setting an area to T Stub, Stub and T NSSA generates a default route automatically. NSSA does NOT by generate a default route by default.

Security:

  • 3 authentication types: type0 is none (default), type1 is text, type2 is md5
  • [(RTR)area <ID> { authentication | authentication message-digest}] Authentication is checked when forming adjacency. All routers in an area must be enabled for authentication if per-area authentication is used, but not all links must have a password set (only link which need to be protected). All routers within an area are not required to have authentication enabled if per-interface authentication is used.
  • [(IF)ip ospf authentication null] type0 authentication, disables authentication on an interface if it is enabled for whole area.
  • [(IF)ip ospf authentication] type 1 authentication  + [(IF)ip ospf authentication-key <value>]
  • [(IF)ip ospf authentication message-digest] type 2 authentication + [(IF)ip ospf message-digest-key <key#> md5 <key value>] Multiple keys can be configured to support key rotation or to support multiple peers on one interface, however, currently configured key numbers must match. Youngest key is 1.
  • [(RTR)area <ID> virtual-link <rid> authentication {null | authentication authentication-key <value> | authentication message-digest message-digest-key <key#> md5 <value>}] Configures authentication for virtual-link

Filtering:

  • Using Distribute list:
  1. [(RTR)distribute-list <name> {in | out} %<interface>%] “In” filters ANY routes from routing table but not from the LSDB Can be used on ANY router, as it affects only local router’s routing table.
  2. The only exception to “in” is when prefix is being filtered coming from area 0, then the prefix will be filtered from routing table AND the LSDB.
  3. “Out” works only on ASBR’s or also on ABR’s if area is NSSA. Used to filter ONLY LSA5 and LSA7 from the database. Local router still has the prefix in the routing table, but it’s not announced to peers.
  4. If route-map is used route can be matched with “match ip route-source <ACL>” matching RID, not NH.
  • [(RTR)area <id> filter-list prefix <name> {in | out }] filters ONLY LSA3, configured on ABR where the LSA would be created.
  • [(RTR)area <id> range <prefix> <mask> not-advertise] No LSA3 is propagated. The effect is the same as filter-list.
  • [(RTR)summary-address <prefix> <mask> not-advertise] No LSA5/7 is propagated. Filters LSA 5 and 7.
  • Database filtering
  1. [(IF)ip ospf database-filter out]. All outgoing LSA’s are filtered and on multipoint interfaces all neighbors are filters
  2. [(RTR) neighbor <ip database-filter-all out] Only on P2Multipoint interface, per neighbor.
  • [(RTR)area <id> nssa no-redistribution] Used if the same router is an ABR and ASBR at the same time, and there is no need to redistribute routes into NSSA (especially if no-summary is used). Routes are then redistributed only to area 0 as LSA5, but not into an NSSA area as LSA7. Useful if ABR is the only exit point from NSSA area.
  • [(RTR)distance <AD> <network> <wildcard> %access list%] Sets AD locally for routers. You can use 255 to filter out local route entries.
  • [(RTR)prefix-suppression] Suppress all prefixes except loopbacks and passive interfaces
  • [(IF) ip ospf prefix-suppression %disable%] Suppress all prefixes on interface (loopbacks and passive included). Takes precedence over route-mode command. Disable keyword makes OSPF advertise the interface ip prefix, regardless of router mode configuration

Redistribution:

  • If “subnets” keyword is omitted, router redistributes classful routes only, not subnets of those routes (172.16.0.0/16 will be advertised, 172.17.1.0/24 will not)
  • OSPF default metric (E2) of redistributed IGP routes = 20 and 1 for BGP

Symbols Legend:

[ ] = command

<> = input

% % = optional

{  } = available options separated by |

(RTR) = in router ospf <process ID>

(IF) = interface <interface name> x/x , for example: interface fastethernet0/0

Thank you to Krzysztof Zaleski for his notes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s