BSCI Module 3 OSPF Edited

7/31/2019 BSCI Module 3 OSPF Edited

1/70

1 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicBSCI Module 3

OSPF

BSCI Module 3


2/70

2006 Cisco Systems, Inc. All rights reserved. Cisco PublicBSCI Module 3 2

Purpose of this Lesson

Coverage of topics new to the OSPF module of BSCI.

Whats new in this module?

Some new terminology and acronyms

More detailed explanation of LSAs and the Link-state Database

Several new OSPF configuration and verification commands

OSPF authentication configuration and verification commands


3/70


New Terminology


4/70


Minimizes routingtable entries

Localizes impact of

a topology changewithin an area

Detailed LSAflooding stops atthe area boundary

Requires ahierarchicalnetwork design

OSPF Areas

Review of OSPF area characteristics:


5/70


Transit Area

Also known asBackbone Area 0

Regular Area

Also known asNonbackbone areas

OSPF Areas

New terminology for areas:


6/70


OSPF Database

OSPF maintains three databases

Adjacency Database (show ip ospf neighbor)

Link-state Database (show ip ospf database)

Forwarding Database (show ip route)


7/70 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicBSCI Module 3 7

What is LSDB?

LSDB is an acronym for Link-state Database.



LSAs and the Link-state Database



LSA Sequence Numbering

Each LSA in the LSDB maintains a sequence number.

The sequence numbering scheme is a 4-byte numberthat begins with 0x80000001 and ends with0x7FFFFFFF.

OSPF floods each LSA every 30 minutes to maintainproper database synchronization. Each time the LSA isflooded, the sequence number is incremented by one.

Ultimately, an LSA sequence number will wrap aroundto 0x80000001. When this occurs, the existing LSA isprematurely aged to maxage (one hour) and flushed.

When a router encounters two instances of an LSA, itmust determine which is more recent. The LSA havingthe newer (higher) LS sequence number is more

recent.



The OSPF Link-State Database

The show ip ospf database command displaysthe current LSDB for the local router.

The next slide discusses the purpose of the Age andSeq# fields highlighted below.

RTC#show ip ospf database

OSPF Router with ID (192.168.1.253) (Process ID 3)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count192.168.1.249 192.168.1.249 1705 0x80000005 0x00D5B0 5

192.168.1.253 192.168.1.253 1578 0x80000006 0x009F91 5



Link-State Data Structures: LSAOperation



Basic OSPFConfiguration



Configuring OSPF

An excellent resource for information on the manydifferent OSPF configurations is the Cisco white paper,Configuring OSPF, which can be downloaded fromthe Cisco website:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.html



router ospfprocess-id

Router(config)#

Enable one or more OSPF routing processes.

Configuring Basic OSPF

network ip-address wildcard-maskarea area-id

Router(config-router)#

Define the interfaces that OSPF will run on.

Router(config-if)#

ip ospfprocess-idarea area-id[secondaries none]

Optional method to enable OSPF explicitly on aninterface.



Configuring OSPF for Multiple Areas



OSPF Router ID

The router is known to OSPF by the OSPF router ID number. LSDBs use the OSPF router ID to differentiate one router from

the next.

By default, the router ID is the highest IP address on an active

interface at the moment of OSPF process startup.If no interface is up when the OSPF process starts, you will get the following error message:

p5r2(config)#router ospf 1

2w1d: %OSPF-4-NORTRID: OSPF process 1 cannot start.

A loopback interface can override the OSPF router ID. If a

loopback interface exists, the router ID is the highest IP addresson any active loopback interface.

The OSPF router-idcommand can be used to override theOSPF router ID.

Using a loopback interface or a router-idcommand isrecommended for stability.



router-idip-address

This command is configured under the router ospf [process-id] command.

Any unique arbitrary 32-bit value in an IP address format (dotted

decimal) can be used.

If this command is used on an OSPF process that is already active,then the new router ID takes effect after the next reload or after amanual restarting of the OSPF process using:

OSPF router-idCommandRouter(config-router)#

Router(config)#router ospf 1

Router(config-router)#router-id 172.16.1.1

Router#clear ip ospf process

Router#clear ip ospf process


18/70



OSPF over NBMA Topology Modes ofOperation

RFC 2328-compliant modes are as follows:Nonbroadcast (NBMA)

Point-to-multipoint

Additional modes from Cisco are as follows:

Point-to-multipoint nonbroadcast

Broadcast

Point-to-point

ip ospf network [{broadcast | non-broadcast | point-to-

multipoint [non-broadcast] | point-to-point}]

This interface command defines OSPF network type.

Router(config-if)#



RFC-compliant Non-broadcast Mode

One IP subnet. Neighbors must be manually

configured.

DR and BDR elected.

DR and BDR need to have fullconnectivity with all otherrouters.

Typically used in a full meshtopology.

RTB(config-if)#ip ospf network non-broadcast--------RTB(config-router)#network 3.1.1.0 0.0.0.255 area 0RTB(config-router)#neighbor 3.1.1.1RTB(config-router)#neighbor 3.1.1.3



RFC-compliant Point-to-Multipoint Mode

One IP subnet. Uses multicast OSPF hello

packet to automaticallydiscover neighbors.

DR and BDR not required

Typically used in a partial-mesh or hub-and-spoketopology.

RTB(config-if)#ip ospf network point-to-multipoint--------RTB(config-router)#network 3.1.1.0 0.0.0.255 area 0



Ciscos Point-to-Multipoint Non-broadcast mode

RTB(config-if)#ip ospf network point-to-multipoint non-broadcast--------RTB(config-router)#network 3.1.1.0 0.0.0.255 area 0RTB(config-router)#neighbor 3.1.1.1 cost 10RTB(config-router)#neighbor 3.1.1.3 cost 20

Cisco extension to RFC-compliant

point-to-multipoint mode Must statically define neighbors,

like nonbroadcast mode

Like point-to-multipoint mode,DR/BDR not elected

Used in special cases whereneighborscannot be automaticallydiscovered



Ciscos Broadcast Mode

Makes a WAN interfaceappear to be a LAN

One IP subnet

Uses multicast hellos todiscover neighbors

DR and BDR elected

Requires a full mesh.

RTB(config-if)#ip ospf network broadcast--------RTB(config-router)#network 3.1.1.0 0.0.0.255 area 0



One IP subnet per subinterface pair

No DR or BDR election

Used when only two routers need toform an adjacency on a pair ofinterfaces

Same properties as any physicalpoint-to-point physical interface

RTB(config)#interface serial 0/0.1RTB(config-subif)#ip address 3.1.1.2 255.255.255.0RTB(config-subif)#interface serial 0/0.2RTB(config-subif)#ip address 4.1.1.2 255.255.255.0--------RTB(config-router)#network 3.1.1.0 0.0.0.255 area 0RTB(config-router)#network 4.1.1.0 0.0.0.255 area 0

Ciscos Point-to-Point mode


25/70


Using the neighbor Command

Used to statically define neighbor relationships in an

NBMA network

neighbor ip-address [priority number] [poll-interval

number] [cost number] [database-filter all]



26/70


OSPF over NBMA Topology Summary


27/70


28/70


29/70


Special Treatment for LSAs on Virtual Links

LSAs usually age out after 30 minutes

LSAs learned across virtual links have the DoNotAge(DNA) option set

Required to prevent excessive flooding over virtual links


30/70


31/70


Configuring and Verifying a Virtual Link


32/70


LSA Types


33/70


LSA Types


34/70


The Link ID in the OSPF Database

RouterA#show ip ospf database



Link ID ADV Router Age Seq# Checksum Link count

10.0.0.11 10.0.0.11 548 0x80000002 0x00401A 1

10.0.0.12 10.0.0.12 549 0x80000004 0x003A1B 1

100.100.100.100 100.100.100.100 548 0x800002D7 0x00EEA9 2

Net Link States (Area 0)Link ID ADV Router Age Seq# Checksum

172.31.1.3 100.100.100.100 549 0x80000001 0x004EC9

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

10.1.0.0 10.0.0.11 654 0x80000001 0x00FB11

10.1.0.0 10.0.0.12 601 0x80000001 0x00F516


35/70


LSA Type 1: Router LSA

One router LSA (type 1) for every router in an area:

Includes list of directly attached links

Identified by the router ID of the originating router

Floods within its area only; does not cross ABR

Link-state ID depends on link type


36/70


37/70


LSA Type 2: Network LSA

Advertised by the DR of the broadcast network

Floods within its area only; does not cross ABR

Link-state ID is the DR


38/70


39/70


LSA Type 4: Summary LSA

Summary (type 4) LSAs are used to advertise an ASBR to

all other areas in the autonomous system. They are generated by the ABR of the originating area.

They are regenerated by all subsequent ABRs to floodthroughout the autonomous system.

Link-state ID is the router ID of the ASBR.


40/70


LSA Type 5: External LSA

External (type 5) LSAs are used to advertise networks from

other autonomous systems.

Type 5 LSAs are advertised and owned by the originatingASBR.

The Link-state ID is the external network number.


41/70


Interpreting the OSPF Database

RouterA#show ip ospf database



Link ID ADV Router Age Seq# Checksum Link count

10.0.0.11 10.0.0.11 548 0x80000002 0x00401A 1

10.0.0.12 10.0.0.12 549 0x80000004 0x003A1B 1

100.100.100.100 100.100.100.100 548 0x800002D7 0x00EEA9 2

Net Link States (Area 0)Link ID ADV Router Age Seq# Checksum

172.31.1.3 100.100.100.100 549 0x80000001 0x004EC9

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

10.1.0.0 10.0.0.11 654 0x80000001 0x00FB11

10.1.0.0 10.0.0.12 601 0x80000001 0x00F516


42/70


43/70

Th l P t


44/70


Themax-lsa Parameters

Parameter Description

maximum-numberMaximum number of non-self-generated LSAs that the OSPF process can keepin the OSPF LSBD.

threshold-

percentage

(Optional) The percentage of the maximum LSA number, as specified by themaximum-numberargument, at which a warning message is logged. Thedefault is 75 percent.

warning-only(Optional) Specifies that only a warning message is sent when the maximumlimit for LSAs is exceeded; the OSPF process never enters ignore state.Disabled by default.

ignore-timeminutes

(Optional) Specifies the time to ignore all neighbors after the maximum limit ofLSAs has been exceeded. The default is 5 minutes.

ignore-countcount-number

(Optional) Specifies the number of times that the OSPF process canconsecutively be placed into the ignore state. The default is five times.

reset-time

minutes

(Optional) Specifies the time, in minutes, after which the ignore count is reset to0. The default is 10 minutes.

max-lsa maximum-number[threshold-percentage] [warning-

only] [ignore-time minutes] [ignore-count count-number]

[reset-time minutes]



45/70


Changing Cost


46/70


ip ospf cost interface-cost

Changing the Cost Metric

The cost, or metric, is an indication of the overhead tosend packets over an interface. Default = (100Mbps)/(bandwidth in Mbps).

auto-cost reference-bandwidth ref-bw

RouterA(config-if)#

RouterA(config-router)#

Overrides the default cost calculation. Values from 1 to65535 can be defined.

Sets the reference bandwidth to values other than 100Mbps (legal values range from 1 to 4,294,967 in Mbps).


47/70


Propagating DefaultRoutes in NSSAs


48/70


49/70


50/70


OSPFAuthentication


51/70


52/70


Configuring Simple Password Authentication

ip ospf authentication-keypasswordRouter(config-if)#

Assign a password to be used with neighboring routers.

Router(config-if)#

ip ospf authentication [message-digest | null]

Specifies the authentication type for an interface(since IOS 12.0).


area area-idauthentication [message-digest]

Specifies the authentication type for an area (was in IOSbefore 12.0).


53/70


Example Simple Password AuthenticationConfiguration


54/70


R2 Configuration for Simple PasswordAuthentication

interface Loopback0

ip address 10.2.2.2 255.255.255.0

interface Serial0/0/1

ip address 192.168.1.102 255.255.255.224

ip ospf authentication

ip ospf authentication-key plainpas

router ospf 10

log-adjacency-changesnetwork 10.2.2.2 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0


55/70


Verifying Simple Password Authentication

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1

R1#show ip route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksO 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1

C 10.1.1.0/24 is directly connected, Loopback0

192.168.1.0/27 is subnetted, 1 subnets

C 192.168.1.96 is directly connected, Serial0/0/1

R1#ping 10.2.2.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms


56/70


Configuring OSPF MD5 Authentication

Specifies the authentication type for an area (was in IOSbefore 12.0).

area area-idauthentication [message-digest]

Specifies the authentication type for an interface(since IOS 12.0).

ip ospf authentication [message-digest | null]

ip ospf message-digest-key key-idmd5 key

Router(config-if)#

Assign a key ID and key to be used with neighboring routers.

Router(config-if)#


E l MD5 A th ti ti


57/70


Example MD5 AuthenticationConfiguration


58/70


R2 Configuration for MD5 Authenticaiton

interface Loopback0

ip address 10.2.2.2 255.255.255.0

interface Serial0/0/1

ip address 192.168.1.102 255.255.255.224

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 secretpass

router ospf 10

log-adjacency-changesnetwork 10.2.2.2 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0


59/70


Verifying MD5 Authentication

R1#sho ip ospf neighbor


10.2.2.2 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1

R1#show ip route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksO 10.2.2.2/32 [110/782] via 192.168.1.102, 00:00:37, Serial0/0/1

C 10.1.1.0/24 is directly connected, Loopback0

192.168.1.0/27 is subnetted, 1 subnets

C 192.168.1.96 is directly connected, Serial0/0/1

R1#ping 10.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms


60/70


61/70


Troubleshooting Simple PasswordAuthentication Problems

R1#

*Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 :

Mismatch Authentication Key - Clear Text

R2#


Mismatch Authentication Key - Clear Text

Simple authentication on R1 and R2, but differentpasswords:

R1#


Mismatch Authentication type. Input packet specified type 0, we use type 1

R2#


Mismatch Authentication type. Input packet specified type 1, we use type 0

Simple authentication on R1, no authentication on R2:


62/70


Troubleshooting MD5 Authentication

R1#debug ip ospf adjOSPF adjacency events debugging is on

*Feb 17 17:14:06.530: OSPF: Send with youngest Key 1

*Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1,

state 2WAY

*Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt

0x52 flag 0x7 len 32

*Feb 17 17:14:06.546: OSPF: Send with youngest Key 1*Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F opt

0x52 flag 0x7 len 32 mtu 1500 state EXSTART

*Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE

*Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt

0x52 flag 0x2 len 72

*Feb 17 17:14:06.562: OSPF: Send with youngest Key 1

R1#show ip ospf neighbor


10.2.2.2 0 FULL/ - 00:00:35 192.168.1.102 Serial0/0/1


63/70


64/70


Summary

OSPF is an open-standard link-state routing protocol,offering quick convergence and the ability to scale largenetworks.

There are five OSPF packet types: hello, DBD, LSU,

LSR, and LSAck. Configuration of OSPF is a two-step process:

Enter OSPF configuration with the router ospf command.

Use the network command to describe which interfaces will run OSPF

in which area.

OSPF defines 3 types of networks: point-to-point,broadcast, and NBMA. On NBMA networks, OSPFmode options include nonbroadcast, broadcast, point-to-multipoint, point-to-multipoint nonbroadcast, and

oint-to- oint.


65/70


66/70


Activity

Using this simple three router diagram and the lessons

presented in the module, setup an OSPF multiareaconfiguration including authentication.

You can also verify your connections by running theshow commands discussed in this module.

show ip ospf database, show ip ospf neighbor

Using the debugging command: debug ip ospfadj, verify OSPF operation.


67/70


Self Check

LSA types fall into four categories, name them.

Identify each type of LSA within each category.

What are the three types of OSPF networks?

What authentication types are supported by OSPF?

What are the advantages of route summarization inOSPF?


68/70


Additional Links

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.html

http://www.cisco.com/en/US/tech/tk365/technologies_c

onfiguration_example09186a0080094069.shtml

http://www.cisco.com/en/US/products/ps6121/products_user_guide_chapter09186a00806a2f02.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtmlhttp://www.cisco.com/en/US/products/ps6121/products_user_guide_chapter09186a00806a2f02.htmlhttp://www.cisco.com/en/US/products/ps6121/products_user_guide_chapter09186a00806a2f02.htmlhttp://www.cisco.com/en/US/products/ps6121/products_user_guide_chapter09186a00806a2f02.htmlhttp://www.cisco.com/en/US/products/ps6121/products_user_guide_chapter09186a00806a2f02.htmlhttp://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b3f2e.html


69/70


Q and A


70/70

Documents

BSCI Module 3 OSPF Edited