Open Shortest Path First (OSPF) routing protocol, which is one of the most commonly used interior gateway protocols in IP networking. OSPF is an open-standard protocol based primarily on Requests For Comments (RFC) 2328. OSPF is a fairly complex protocol made up of several protocol handshakes, database advertisements, and packet types.
Open Shortest Path First (OSPF) routing protocol, which is one of the most commonly used interior gateway protocols in IP networking. OSPF is an open-standard protocol based primarily on Requests For Comments (RFC) 2328. OSPF is a fairly complex protocol made up of several protocol handshakes, database advertisements, and packet types.
Its immediate neighbor routers—If the router loses contact with a neighbor router, within a few seconds it invalidates all paths through that router and recalculates its paths through the network. For OSPF, adjacency information about neighbors is stored in the OSPF neighbor table, also known as an adjacency database.All the other routers in the network, or in its area of the network, and their attached networks—The router recognizes other routers and networks through LSAs, which are flooded through the network. LSAs are stored in a topology table or database (which is also called an LSDB).The best paths to each destination—Each router independently calculates the best paths to each destination in the network using Dijkstra’s (SPF) algorithm. All paths are kept in the LSDB. The best paths are then offered to the routing table (also called the forwarding database). Packets arriving at the router are forwarded based on the information held in the routing table.
The DR is responsible for updating all other OSPF routers (called DROthers) when a change occurs in the multiaccess network. The BDR monitors the DR and takes over as DR if the current DR fails.
Link-state information must be synchronized between routers. To accomplish this, LSAs have the following characteristics:LSAs are reliable; there is a method for acknowledging their delivery.LSAs are flooded throughout the area (or throughout the domain if there is only one area).LSAs have a sequence number and a set lifetime, so each router recognizes that it has the most current version of the LSA.LSAs are periodically refreshed to confirm topology information before they age out of the LSDB.
OSPF allows for the creation of multiple areas so that the network administrator can:Reduce the size of routing tablesIsolate topology changes as much as possible to the area in which they occurAllow only summary LSA updates to cross area boundariesReap all the benefits of using a hierarchical addressing scheme.
For interfaces faster than 100 Mbps, the cost reference can be altered using the auto-cost reference-bandwidth command which is covered later in this presentation.
Each OSPF packet begins with a header with the following fields:Version Number—Set to 2 for OSPF Version 2, the current version. Type—Differentiates the five OSPF packet types.Packet Length—The length of the OSPF packet in bytes.Router ID—Defines which router is the packet’s source.Area ID—Defines the area in which the packet originated.Checksum—Used for packet header error detection to ensure that the OSPF packet was not corrupted during transmission.Authentication Type—An option in OSPF that describes either no authentication, cleartext passwords, or encrypted Message Digest 5 (MD5) for router authentication.Authentication—Used with authentication type.
Ahello packet contains the following information:Router ID—A 32-bit number that uniquely identifies the router. The highest IP address on an active interface is chosen by default unless a loopback interface exists or the router ID is manually configured (this process is described later, in the “OSPF Router ID” section). For example, IP address 172.16.12.1 would be chosen over 172.16.1.1. This router ID is important in establishing neighbor relationships and coordinating LSU exchanges. The router ID is also used to break ties during the DR and BDR selection processes if the OSPF priority values are equal.Hello and dead intervals—The hello interval specifies how often, in seconds, a router sends hello packets (10 seconds is the default on multiaccess networks). The dead interval is the amount of time in seconds that a router waits to hear from a neighbor before declaring the neighbor router out of service (the dead interval is four times the hello interval by default). These timers must be the same on neighboring routers; otherwise an adjacency will not be established.Neighbors—The Neighbors field lists the adjacent routers with which this router has established bidirectional communication. Bidirectional communication is indicated when the router sees itself listed in the Neighbors field of the hello packet from the neighbor.Area ID—To communicate, two routers must share a common segment, and their interfaces must belong to the same OSPF area on that segment; they must also share the same subnet and mask. These routers will all have the same link-state information for that area.Router priority—An 8-bit number that indicates a router’s priority. Priority is used when selecting a DR and BDR.DR and BDR IP addresses—If known, the IP addresses of the DR and BDR for the specific multiaccess network.Authentication password—If router authentication is enabled, two routers must exchange the same password. Authentication is not required, but if it is enabled, all peer routers must have the same password.Stub area flag—A stub area is a special area. The stub area technique reduces routing updates by replacing them with a default route. Two neighboring routers must agree on the stub area flag in the hello packets. The "Configuring OSPF Special Area Types" section later in this chapter describes stub areas in greater detail.
Note:The difference between the terms Link-State Update (LSU) and Link-State Advertisement (LSA) can sometimes be confusing. At times, these terms are used interchangeably. An LSU contains one or more LSAs and either term can be used to refer to link-state information propagated by OSPF routers.
When a router is added to a link state topology it first learns about its directly connected networks when its interfaces reach the up state.It then builds a Link State Packet (LSP) containing the state and cost of each directly connected link.LSPs are then flooded to all neighbors upon initial startup. LSPs are also sent whenever a network topology change occurs.Neighbors immediately flood the LSPs out to other OSPF neighbors.Neighbors also use the LSPs to construct a complete map of the topology and compute the best path to each destination network. The final step is that SPF (Dijkstra algorithm) computes the best path to each destination network and populates the routing table.After the initial LSP flooding, OSPF routers require less bandwidth to communicate changes in a topology. Instead they send LSPs (triggered updates) when the network change to speed up convergence.
R1 is enabled on the LAN and is in a down state because it has not exchanged information with any other router. It begins by sending a hello packet through each of its interfaces participating in OSPF, even though it does not know the identity of the DR or of any other routers. The hello packet is sent out using the multicast address 224.0.0.5.All directly connected routers running OSPF receive the hello packet from R1 and add R1 to their list of neighbors. This state is the init state.On NBMA interfaces (such as Frame Relay), OSPF may also go into the Attempt state before the init state; this state indicates that no recent information has been received from the neighbor and that an effort will be made to contact the neighbor by sending hello packets at a reduced poll interval.All routers that received the hello packet send a unicast reply packet to R1 with their corresponding information. The Neighbor field in the hello packet includes all other neighboring routers, including R1.When R1 receives these hello packets, it adds all the routers that have its router ID in their hello packets to its own neighbor relationship database. These routers are now in the two-way state. At this point, all routers that have each other in their lists of neighbors have established bidirectional communication.If the link type is a broadcast network, generally a LAN link such as Ethernet, then a DR and BDR must be selected. The DR forms bidirectional adjacencies with all other routers on the LAN link. This process must occur before the routers can begin exchanging link-state information.Periodically (every 10 seconds by default on broadcast networks) the routers in a network exchange hello packets to ensure that communication is still working. Recall that the hello packets include the DR, the BDR, and the list of routers whose hello packets have been received by the router. Remember that “received” means that the receiving router recognizes itself as one of the neighbor list entries in the received hello packet.
While the hello packets (OSPF packet type 1) are used in the hello protocol, the other four types of OSPF packets are used during the process of exchanging and synchronizing LSDBs, as follows:OSPF type 2 DBD—Used to describe the LSAs available in the SLDB.OSPF type 3 LSR —Used to request missing LSA information.OSPF type 4 LSU —Used to send complete LSAs.OSPF type 5 LSAck —Used to acknowledge LSUs, to ensure reliable transport and information exchange.OSPF type 4 and type 5 packets are sent to the multicast IP address 224.0.0.5 or 224.0.0.6 if there are DRs on the link), except when retransmitting, when sent across a virtual link, and on non-broadcast networks. All other packets are sent to a unicast IP address.In the exstart state, a master and slave relationship is created between each router and its adjacent DR and BDR. The router with the higher router ID acts as the master during the exchange process.The master and slave routers exchange one or more DBD packets (also called DDPs). The routers are in the exchange state.A DBD includes information about the LSA entry header that appears in the router’s LSDB. The entries can be about a link or about a network. Each LSA entry header includes information about the link-state type, the address of the advertising router, the link’s cost, and the sequence number. The router uses the sequence number to determine the “newness” of the received link-state information.When the router receives the DBD, it performs the following actions, as shown in Figure 3-10:It acknowledges the receipt of the DBD using the LSAck packet.It compares the information it received with the information it has in its own LSDB. If the DBD has a more current link-state entry, the router sends an LSR to the other router. The process of sending LSRs is called the loading state.The other router responds with the complete information about the requested entry in an LSU packet. Again, when the router receives an LSU, it sends an LSAck.The router adds the new link-state entries into its LSDB.After all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a full state.
If the LSA entry does not already exist, the router adds the entry to its LSDB, sends back a link-state acknowledgment (LSAck), floods the information to other routers, runs SPF, and updates its routing table.If the entry already exists and the received LSA has the same sequence number, the router ignores the LSA entry.If the entry already exists but the LSA includes newer information (it has a higher sequence number), the router adds the entry to its LSDB, sends back an LSAck, floods the information to other routers, runs SPF, and updates its routing table.If the entry already exists but the LSA includes older information, it sends an LSU to the sender with its newer information.
IP addressing plan: The IP addressing plangoverns how OSPF can be deployed and how well the OSPF deployment will scale. A detailed hierarchical IP subnet and addressing plan must be produced, to enable OSPF summarization, allow the network to scale more easily, and to optimize OSPF behavior.Network topology: The topology consists of the devices (routers, switches, and so on) and the links connecting them. A detailed network topology should be created to assess OSPF scalability requirements and to determine which OSPF features might be required (for example, OSPF summarization, stub areas, and redistribution). The topology should include back up links where necessary.OSPF areas: Dividing an OSPF network into areas decreases the LSDB size and limits the propagation of link-state updates when the topology changes.
Although the two examples shown are a commonly used combination of a network statement and a wildcard mask, others could also work. For instance, a range of subnets could be specified. Notice that the process-ids do not need to match.
Although the two examples shown are a commonly used combination of a network statement and a wildcard mask, others could also work. For instance, a range of subnets could be specified. Notice that the process-ids do not need to match.
Notice that the 10.2.1.0/24 network is now advertised in area 1.
To demonstrate an alternative, interface S0/0/1 of R2 is configured to be in area 1.
The OSPF database uses the OSPF router ID to uniquely describe each router in the network. Remember that every router keeps a complete topology database of all routers and links in an area (or network); therefore each router should have a unique router ID.As a review, remember that the router ID is a unique IP address that can be assigned in the following ways:By default, the highest IP address of any active physical interface when OSPF starts is chosen as the router ID. The interface does not have to be part of the OSPF process, but it has to be up. There must be at least one up IP interface on the router for OSPF to use as router ID. If no up interface with an IP address is available when the OSPF process starts, the “OSPF process cannot start” message occursIf there is a loopback interface, its address will always be preferred as the router ID instead of a physical interface address, because a loopback interface never goes down. If there is more than one loopback interface, then the highest IP address on any active loopback interface becomes the router ID.Finally, you can use the router-id command to set the router ID. This is the preferred way to establish a router ID and should always used in preference to the other two procedures.Once the OSPF router ID is set, it does not change, even if the interface that the router is using for the router ID goes down. The OSPF router ID changes only if the router reloads or if the OSPF routing process restarts.If no interface is up when the OSPF process starts, you will get the following error message:p5r2(config)#router ospf 12w1d: %OSPF-4-NORTRID: OSPF process 1 cannot start.
Configured router ID:Use IP address configured with OSPF router-id commandHighest Loopback IP address:If the router-id command not used then the router chooses highest IP address of any loopback interfacesHighest active interface IP address:If no loopback interfaces are configured then the highest IP address on any active interface is used. The router ID is selected when OSPF is configured with its first OSPF network command.
To demonstrate an alternative, interface S0/0/1 of R2 is configured to be in area 1.
The DR and BDR add value to the network in the following ways:Reducing routing update traffic—The DR and BDR act as a central point of contact for link-state information exchange on a given multiaccess broadcast network; therefore, each router must establish a full adjacency with the DR and the BDR only. Instead of each router exchanging link-state information with every other router on the segment, each router sends the link-state information to the DR and BDR only. The DR represents the multiaccess broadcast network in the sense that it sends link-state information from each router to all other routers in the network. This flooding process significantly reduces the router-related traffic on a segment.Managing link-state synchronization—The DR and BDR ensure that the other routers on the network have the same link-state information about the internetwork. In this way, the DR and BDR reduce the number of routing errors.Note: DR/BDR elections DO NOT occur in point-to-point networks.
If a router joins a broadcast network in which there is already a DR and BDR, it will get to the two-way state with all routers, including the DR and BDR, and those that are DROTHER (not DR or BDR). The joining router will form full bidirectional adjacencies only with the DR and BDR.Only the DR exchanges and synchronizes link-state information with the routers to which it has established adjacencies. Having the DR represent the network in this capacity reduces the amount of routing update traffic.
If two routers have the same priority, the router with the highest router ID (IP Address) will be selected. The router ID can be manipulated by configuring an address on a loopback interface.A router can be configured to win an election on one interface, and lose an election on another.
Typically fully-meshed but can also be partial mesh.In nonbroadcast mode, neighbor statements are required only on the DR and BDR. In a full-mesh NBMA topology, you might need neighbor statements on all routers unless the DR and BDR are statically configured using the ip ospf priority command.
In a hub-and-spoke topology, neighbor statements must be placed on the hub, which must be configured to become the DR by being assigned a higher priority. Neighbor statements are not mandatory on the spoke routers. If the routers are not fully meshed, the DR and BDR should be selected manually to ensure that the selected DR and BDR have full connectivity to allother neighbor routers. Neighboring routers are statically defined to start the DR/BDR election process. When using nonbroadcast mode, all routers are on one IP subnet. For flooding over a nonbroadcast interface, the LSU packet must be replicated for each PVC. The updates are sent to each of the interface’s neighboring routers, as defined in the neighbor table.The priority parameter is set to 0 forR2 and R3 to ensure that R1 becomes the DR. Only R1 has full connectivity to the other two routers because the topology is not a full-mesh. No BDR will be elected in this case.When few neighbors exist in the network, nonbroadcast mode is the most efficient way to run OSPF over NBMA networks because it has less overhead than point-to-multipoint mode.
In large networks, using point-to-multipoint mode reduces the number of PVCs required for complete connectivity, because you are not required to have a full-mesh topology. In addition, not having a full-mesh topology reduces the number of neighbor entries in the neighborship table.Point-to-multipoint mode has the following properties:Does not require a full-mesh network—This environment allows routing to occur between two routers that are not directly connected but that are connected through a router that has VCs to each of the two routers. All three routers connected to the Frame Relay network in Figure 3-21 could be configured for point-to-multipoint mode.Does not require a static neighbor configuration—In nonbroadcast mode, neighboring routers are statically defined to start the DR election process, and allow the exchange of routing updates. However, because point-to-multipoint mode treats the network as a collection of point-to-point links, multicast hello packets discover neighboring routers dynamically. Statically configuring neighboring routers is not necessary.Uses one IP subnet—As in nonbroadcast mode, when using point-to-multipoint mode, all routers are on one IP subnet.Duplicates LSA packets—Also as in nonbroadcast mode, when flooding out a nonbroadcastinterface in point-to-multipoint mode, the router must replicate the LSU. The LSU packet is sent to each of the interface’s neighboring routers, as defined in the neighbor table.
The point-to-multipoint non-broadcast mode is a Cisco extension of the RFC-compliant point-to-multipoint mode and is used when the media does not support broadcast (such as classic IP over ATM: see “Configuring OSPF” white paper). You must statically define neighbors, and you can modify the cost of the link to the neighboring router to reflect the different bandwidths of each link. The RFC point-to-multipoint mode was developed to support underlying point-to-multipoint VCs that support multicast and broadcast; therefore, this mode allows dynamic neighboring router discovery. If multicast and broadcast are not enabled on the VCs, the RFC-compliant point-to-multipoint mode cannot be used because the router cannot dynamically discover its neighboring routers using the hello multicast packets; this Cisco mode should be used instead.Also, it is a good idea to configure the neighbor cost. Otherwise, the local router will assume equal cost to the configured neighbors. In the example, RTA is configured as a neighbor with a cost of 10 and RTC is configured as a neighbor with a cost of 20. These cost values are purely arbitrary and are only meant for demonstration purposes. You would, of course, configure an accurate cost value in a live network configuration.
The Cisco broadcast mode is a workaround so that you don’t have to statically listing all existing neighbors. The interface is set to broadcast and behaves as though the router connects to a LAN. DR and BDR election is still performed; therefore, take special care to ensure either a full-mesh topology or a static election of the DR based on the interface priority.This mode has the following characteristics:Makes the WAN interface appear to be a LAN.One IP subnet.Uses multicast OSPF hello packet to automatically discover the neighbors.DR and BDR elected.Requires a full-mesh topology.
It is important to remember that OSPF defaults to:Point-to-point mode on point-to-point subinterfacesNonbroadcast mode on the multipoint subinterfaces.
As we already know, a physical interface can be split into multiple logical interfaces, called subinterfaces. Each subinterface is defined as a point-to-point or a point-to-multipoint interface. Subinterfaces were originally created to better handle issues caused by split horizon over an NBMA for distance vector-based routing protocols. Each subinterface requires an IP subnet. There is no need to use the ip ospf network command since IOS treats these interfaces like physical point-to-point interfaces.This mode can also be used in a hub-and-spoke topology and includes that following characteristics:One IP subnet.No DR or BDR election.Used when only two routers need to form an adjacency on a pair of interfaces.Interfaces can be either LAN or WAN.
Multipoint Frame Relay subinterfaces default to OSPF nonbroadcast mode, which requires neighbors to be statically configured and a DR and BDR election.
In this configuration, routing updates are no longer sent on interface Fa0/0 of R1 and R2.The alternative configuration makes all interfaces passive and then makes interface S0/0/0 not passive. This method is efficient when there are many interface that should be passive and only a few that should not be passive.Commands to verify include:show ip protocolsshow ip ospf neighbors
In this example the OSPF network multihomed to dual ISPs and therefore it makes no sense to redistribute all the ISP’s routes into OSPF. In this case, default routes are sent into OSPF. The optional metric parameter has been used to prefer the default route to ISP A with its metric of 10, over the backup connection to ISP B with its metric of 100. The default route being generated has a metric-type of E2 by default, so the metric does not increase as it goes through the area. As a result, all routers, regardless of their proximity to the border router, prefer ISP A over ISP B. Because the always parameter is not used on these routers, a default route must exist in the IP routing table for the router to advertise a default route into OSPF. Both routers have a default static route configured.
With route summarization, the ABR or ASBR routers consolidate multiple routes into fewer advertisements. ABR routers summarize type 3 LSAs and ASBR routers summarize type 5 LSAs. Instead of advertising many specific prefixes, the ABR routers and ASBR routers advertise only one summary prefix.
RIPv2 routes must also be redistributed into OSPF in this example; redistribution is covered in Chapter 4.
In this example, area 0 is discontiguous. A virtual link is used as a backup strategy to temporarily connect area 0; area 1 is used as the transit area. R1 builds a virtual link to R2, and R2 builds a virtual link to R1. Each router points at the other router’s router ID.
Virtual Link OSPF_VL0 to router 10.2.2.2 is up: Specifies the OSPF neighbor and whether the link to that neighbor is up or downTransit area 1: Specifies the transit area through which the virtual link is formed Via interface Serial0/0/1: Specifies the interface through which the virtual link is formedCost of using 781: Specifies the cost of reaching the OSPF neighbor through the virtual linkTransmit Delay is 1 sec: Specifies the transmit delay on the virtual linkState POINT_TO_POINT: Specifies the state of the OSPF neighborTimer intervals configured: Specifies the various timer intervals configured for the linkHello due in 0:00:07: Specifies when the next hello is expected from the neighbor Adjacency State FULL: Specifies the adjacency state between the neighbors
Stub areaThis area type does not accept information about routes external to the autonomous system, such as routes from non-OSPF sources. If routers need to route to networks outside the autonomous system, they use a default route, indicated as 0.0.0.0. Stub areas cannot contain ASBRs (except that the ABRs may also be ASBRs).Totally stubby areaThis Cisco proprietary area type does not accept external autonomous system routes or summary routes from other areas internal to the autonomous system. If a router needs to send a packet to a network external to the area, it sends the packet using a default route. Totally stubby areas cannot contain ASBRs (except that the ABRs may also be ASBRs).NSSANSSA is an addendum to the OSPF RFC. This area type defines a special LSA type 7. NSSA offers benefits that are similar to those of a stub area. They do not accept information about routes external to the autonomous system, but instead use a default route for external networks. However, NSSAs allow ASBRs, which is against the rules in a stub area.Totally stubby NSSACisco routers also allow an area to be configured as a totally stubby NSSA, which allows ASBRs, but does not accept external routes or summary routes from other areas. A default route is used to get to networks outside of the area.
The last line in each router configuration (area 2 stub) defines the stub area. The R3 router (the ABR) automatically advertises 0.0.0.0 (the default route) with a default cost metric of 1 into the stub area.Each router in the stub area must be configured with the area stub command.
Notice that R4 still requires the area 1 stub command, yet the no-summary keyword is not required. Only ABRs (R3) use the no-summary keyword to keep summary LSAs from being propagated into another area.
The NSSA feature allows an area to retain the other stub area features—the ABR sends a default route into the NSSA instead of external routes from other ASBRs—while also allowing an ASBR to be inside of the area. Recall that one of the rules of stub areas is that there must not be an ASBR inside of a stub area. An NSSA—a not-so-stubby area— bends this rule.
R1 is the ASBR that redistributes RIP routes into area 1, the NSSA. R2 is the NSSA ABR; this router converts type 7 LSAs into type 5 LSAs for advertisement into backbone area 0. R2 is also configured to summarize the type 5 LSAs that originate from the RIP network; the 172.16.0.0 subnets are summarized to 172.16.0.0/16 and are advertised into area 0. To cause R2 (the NSSA ABR) to generate an O*N2 default route (O*N2 0.0.0.0/0) into the NSSA, the default-information-originate parameter is used on the area area-id nssa command on R2.
The NSSA feature allows an area to retain the other stub area features—the ABR sends a default route into the NSSA instead of external routes from other ASBRs—while also allowing an ASBR to be inside of the area. Recall that one of the rules of stub areas is that there must not be an ASBR inside of a stub area. An NSSA—a not-so-stubby area— bends this rule.
Notice that the ABR is using the area 1 nssa no-summary command. This command works exactly the same as the totally stubby technique. A single default route replaces both inbound external (type 5) LSAs and summary (type 3 and 4) LSAs into the area. The NSSA ABR, Router R2, automatically generates the O*N2 default route into the NSSA area when the no-summary option is configured at the ABR, so the default-information-originate parameter is not required.
Standard area 11 accepts link updates, summaries, and external routes.Stub area 14 does not accept type 4 summary or type 5 external LSAs, but does accept type 3 summary LSAs.Totally stubby area 12 does not accept summary or external LSAs.NSSA area 10 does not accept type 4 summary or type 5 external LSAs, but does accept type 3 summary LSAs and allows an ASBR.Totally stubby NSSA area 13 does not accept summary or external LSAs, but allows an ASBR.
Notice that the connecting interfaces on both R1 and R2 are configured for the same type of authentication with the same authentication key. Simple password authentication is configured on interface serial 0/0/1 on both routers, with the ip ospf authentication command. The interfaces are configured with an authentication key of PLAINPAS.
Notice that the connecting interfaces on both R1 and R2 are configured for the same type of authentication with the same authentication key. Simple password authentication is configured on interface serial 0/0/1 on both routers, with the ip ospf authentication command. The interfaces are configured with an authentication key of PLAINPAS.