Hour 45: OSPF Review Part 2

See Part 1 Here.

Consult the symbols legend at the end of the post for information on symbols.

OSPF LSA’s:

LSA1 Router:

  • [show ip ospf database router] Describes router interfaces in an area. Lists neighboring routers on each interface. LSIA = RID
  • Routing Bit Set on this LSA means that the route is in the routing table
  • V – (Virtual-link bit) set to one when the router is an endpoint of one or more fully adjacent virtual link
  • E – (External bit) set to one when the router is an ASBR
  • B – (Border bit) set to one when the router is an ABR
  • OSPF advertises host routes /32 as stub networks. Loopback interfaces are also considered stub networks and are advertised as host routes regardless of net mask, issue [(IF)ip ospf network point-to-point] to reflect correct net mask.

LSA2 Network:

  • [show ip ospf database network] Describes transit networks for which DR has been elected
  • Originated only by DR
  • LSID = DR’s interface address

LSA3 Network summary:

  • [show ip ospf database summary]  Lists LSA Type 3 in the database
  • ABR’s do not forward LSA1 and LSA2
  • ABR sends LSA3 with LSA1 and LSA2 subnets (simple vector –network and ABR’s cost to reach that net)
  • LSID is the network number
  • If an ABR knows multiple routes to the destination within its own area, it originates a single LSA3 into the backbone with the lowest cost of the multiple routes
  • ABR’s in the same area (non-backbone) ignore each-others LSA3 + cost to ABR
  • Routers in other areas perform 2-step cost calculation: cost in LSA3 + cost to ABR
  • If one network changes inside one area, all routers in this area perform full SPF calculation, but outside that area, only cost is updated by ABR
  • If router wants to remove the network it sets age to Maxage and re-floods LSA

LSA4 ASBR summary:

  • [show ip ospf database asbr-summary]
  • ABR closest to ASBR creates LSA4 with the cost to the ASBR (ASBR location)
  • Not generated in NSSA, as FA is already set to ASBR
  • ASBR generates LSA1 with special characteristics which is translated into LSA4
  • Created to support LSA5 External Type 1 (E1) metric calculations by adding the OSPF metric to get to the ASBR and the external metric from there on
  • LSID is the ASBR RID

LSA5 AS External:

  • [show ip ospf database external]
  • E1- External metric is added to the internal calculation
  • E2- Only external metric is used (default)
  • LSID – external network number
  • For E2 simple LSA5 is created and flooded into all areas
  • For E1 routers in different areas perform 3-way calculation: Cost to ABR (LSA1) + Cost to ASBR (LSA4) + cost of E1 route
  • E1 metrics – exits at the closest network exit point
  • E2 metrics – exits network at the closest point to external destination
  • Carries a FA field pointing to external source route of the ASBR only if external link is broadcast or non-broadcast. If the OSPF network statement is enabled on the ASBR it sets the FA as the NH address. If it is not in the routing table of OSPF then the FA is set to 0.0.0.0 and the router uses the LSA1,LSA2 or LSA4 to make the decision based on the advertising-route ID of the LSA5. For example: Inside the area, the router will use LSA1 to know how to get to advertising-RID and its metric. Outside the area, the router will use the RID of the router through the LSA4 it advertised.

LSA7 NSSA External:

  • [show ip ospf database nssa-external]
  • Created by ASBR within an NSSA area. LSA4 is not generated by ABR for ASBR, as FA used in place of LSA4.
  • Blocked by ABR and translated into LSA5. If many ABR’s exist, only the one with highest route-id does the translation
  • LSID – external network number
  • Flooded only within the NSSA area in which it was originated
  • P-bit = 1 – translate LSA7 into LSA5 and flood it throughout the other areas (Highest RID if multiple routers does translation)
  • P-bit = 0 – No translation and the destination in the LSA7 will not be advertised outside NSSA. P-bit is always set. So to stop translation ‘not-advertise’ option can be used with summary-address on ABR only.

[show ip ospf border-router] Shows ABR’s and ASBR’s from for whole routing domain, even from different areas

Other LSA:

  • LSA6 Group membership, use [(RTR)ignore lsa mospf], MOSPF LSA6 is not supported and when received syslog message is generated
  • LSA8 External Attributes LSA
  • LSA9 Opaque LSA (link-local scope)
  • LSA10 Opaque LSA (area-local scope)
  • LSA11: Opaque LSA (AS scope)

Route selection order is :1. Intra-area; 2. Inter-area, 3. External E1; 4. External E2

LSAtypes

Flooding:

  1. DBD with LSA headers exchange

1a. Each DBD has a SEQ number. Receiver ACKs DBD by sending identical DBD back

1b. Highest RID becomes master and starts DBD exchange

  1. Router Checks LSDB and requests Missing LSA’s

2a. LSA sequence starts with 0x80000000 (lollipop) and wraps back at 0x7FFFFFFF. If Max is reached, LSA is flooded with MaxAge, and re-flooded with initial Seq.

2b. LSA is requested with LSR. Each LSA checks seq, checksum and age

2c. Router responds with LSU with one or more LSA

2d. All LSA’s sent in Update packets must be ACKed

  • Explicit Acknowledgment – A LSAck packet containing the LSA header is received
  • Implicit Acknowledgment – An Update packet that contains the same instance of the LSA
  • The LSA is retransmitted every RxmInterval until ACKed or adjacency is down. LSU’s containing retransmissions are always unicast, regardless of the network type
  • Direct ACK: When duplicate LSA is received from a neighbor or When LSA’s age is MAxAge and receiving router is does not have that LSA

Stub areas and routers:

  • Stubby area: [(RTR)area <id> stub] Suppress LSA5 and generates a LSA3 default route with cost 1. All stub routers set E-bit = 0 flag in Hello. Adjacencies will not be established if stub flag is not on both sides.
  • Totally Stubby: [(RTR)area <id> stub no-summary] Configured only on ABR, suppress LSA3 (except default route). All stub routers set E-bit = 0 flag in Hello. Adjacencies will not be established if stub flag is not on both sides.
  • Not-so-stubby area (NSSA): [(RTR) area <id> nssa] Suppress LSA5. Default route is not generated automatically.
  • Totally NSSA:[(RTR)area <id> nssa no-summary] Configured only on ABR. Suppress LSA3, except LSA3 default route which is generated automatically with cost 1. Allows external LSA7 to be translated to LSA5 by the ABR

Modes:

Point to point:

  • [(IF)ip ospf network point-to-point]  No DR and BDR election. Hello sent as multicast 10/40 seconds

Non-Broadcast:

  • [(IF)ip opsf network non-broadcast] DR and BDR election. Hello sent as unicast 30/120 seconds
  • Interface serial0/0.1 multipoint  is NBMA, NOT point to multipoint
  • [(RTR)neighbor <ip> %priority <id> % %poll-interval <sec>%] Static neighbor configuration is required (usually on Hub)
  • so static L2/L3 mapping is required on FR  but without broadcast option because DR passes routes along but does not change any lookup attributes (next-hop),
  • Priority for spokes should be 0 so spokes do NOT become DR/BDR if hub flaps

Broadcast:

  • [(IF)ip opsf network broadcast] DR and BDR election. Hello sent as multicast 10/40 seconds
  • NH not changed on Hub-Spoke FR so L2/L3 mapping is required for spokes to communicate (with broadcast option)

Point to Multipoint:

  • [(IF)ip ospf network point-to-multipoint] NO DR and BDR election. Hello sent as multicast 30/120 seconds. PollInterval is 120 sec.
  • If static L2/L3 mapping is used, broadcast option must be used
  • Networks are treated as a collection of point-to-point links and so the segment is seen as a collection of /32 endpoints regardless of netmask, not a transit subnet.
  • Hub router changes FA to itself when passing routes between spokes
  • [(IF)ip ospf network point-to-multipoint non-broadcast] Used for unequal spokes. Cost for neighbor can be assigned only in this type. Hellos are sent unicast. Broadcast option is NOT required for static L2/L3 mapping.

Modes

DR/BDR Election:

  • DR and BDR reach full state, but DROther stops at 2Way with each other – no need to proceed to DBD exchange as DR/BDR is elected
  • DR limits flooding and generates LSA2 representing shared subnet
  • All routers send DBD to DR/BDR on 224.0.0.6
  • DR ACK’s with unicast by sending the same DBD
  • DR sends received DBD to all routers using 224.0.0.5
  • Each DROther ACKs with unicast to DR
  • Highest priority wins(0-255); 0 – do not participate, 1 is default. Highest RID wins if priority is the same
  • If router comes up and hears DR= 0.0.0.0 in Hello (other routers also just came up) it waits Wait Time = Dead Time after 2WAY for other routers to come up
  • Each router initially puts itself in Hellos as DR
  • Router not selected as DR, but with next highest Priority becomes BDR
  • If DR fails, BDR becomes DR and BDR is elected. No preemption
  • [(IF)ip ospf priority <#>] Sets priority in broadcast networks.
  • [(RTR)neighbor <ip> priority <#>] Sets priority in non-broadcast networks
  • The cost from attached router to DR is the cost of that router’s interface to broadcast link but the cost from DR to any attached router is 0.

DB overload protection:

  • [RTR) redistribute max-prefix <max routes> <%warning> %warning-only%] only external routes are counted. After warning level is reached, routes are still accepted but message is resent to syslog server.
  • [(RTR)max-lsa <max routes> <%warning> %warning-only% %ignore-time <min>% %ignore-count <#>% %reset-time <min>%] Only internal, non-self-originated routes are counted. When the warning-only keyword is used, the OSPF process never enters the ignore state. When max is reached the process goes into ignore-state for ignore-time (default 5 minutes). If going into ignore-mode repeats ignore-count (default 5 times) times the process is down forever. If process stays stable for reset-time (default 10 minutes) minutes the ignore-count timer is reset to 0. The [clear ip ospf process] does NOT clear this counter.

Virtual-link:

  • [area <transit-area> virtual-link <RID of router used for transit> Configured on ABR
  • VL can stay active after authentication is applied as it is an on-demand circuit (hellos suppressed)
  • VL cannot be used over Stub area, but GRE tunnel can
  • VL is an interface in area 0 (must be authenticated if area 0 is authenticated)
  • VL has no IP address, so it does not carry data traffic, only control-plan

VL_transit

  • The best path from D to A is through OC3 links via C. Normally, D would send traffic through area 0 via B (VL is in area 0) However, capability transit option (enabled by default) causes the best path to be chosen via C. Must disable this Feature [(RTR)no capability transit] if you want to use VL or traffic will always try to go through area 2.

Symbols Legend:

[ ] = command

<> = input

% % = optional

{  } = available options separated by |

(RTR) = in router ospf <process ID>

(IF) = interface <interface name> x/x , for example: interface fastethernet0/0

Thank you to Krzysztof Zaleski for his notes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s