1

2 v1.02

IXP & Routing Tutorial– OSPF Operations

W E B I N A R C O U R S E

3 v1.03

Overview

• OSPF Introduction

• Link State Routing Protocol

• OSPF Packets

• OSPF Topology

• OSPF Neighbor Discovery Process

4 v1.04

OSPF

• Open Shortest Path First

• Link State Protocol or SPF technology

• Developed by OSPF working group of IETF

• Comes with two versiono OSPFv2 (IPv4) standard described in (RFC 2328)

o OSPFv3 (IPv6) standard described in (RFC 5340)

o Support of address families in OSPFv3 (RFC 5838)

5 v1.05

OSPF

• Designed foro TCP/IP environment

o Fast convergence

o Route redistribution

o Variable length subnet masks (VLSM)

o Dis-contiguous subnets

o Incremental updates

o Route authentication

• OSPF runs on IP, Protocol 89

6 v1.06

Link State Routing Protocol

A

BD

C

20 10

3040

1560

A20 10

60 3015 40

40 30

A 10 20

B 20 30 60

C 30 40

D 10 15 40

Router place itself at the root of SPF tree when calculate the best path

Every router in an OSPF network maintain an identical topology database

7 v1.07

Link State Routing Protocol

8 v1.08

Basic OSPF Operation

R5

R3

R4

R2

R1

R4

R3R1

R2R5

R4

R1

R2R5

R3

9 v1.09

Router ID

• Uniquely identifies a link-state routero 4-byte Router ID

• Either:

o Explicitly configured =>

o Else, the highest/lowest IPv4 address of any active loopback interface

o If no loopbacks, the highest/lowest IPv4 address of any active physical interface

o ** Loopbacks preferred!

IOS:router-id <4-byte>

Junos:set routing-options router-id <4-byte>

10 v1.010

OSPF Metric

• Uses link/path cost as metric, can be configured manually

• Generally, inversely proportional to the link BWo Higher the BW lower the cost

- configurable

• The reference BW is generally 100Mbps (FE)o interfaces bigger than a FE would have a cost of 1

• For more granularity/accuracy of cost calculationo change reference BW for bigger links (all OSPF routers)

Cost = 𝒓𝒆𝒇𝒆𝒓𝒆𝒏𝒄𝒆 𝒃𝒘𝒊𝒏𝒕𝒆𝒓𝒇𝒂𝒄𝒆 𝒃𝒘

(𝒃𝒑𝒔)

IOS:router ospf/v3 <process-id>auto-cost reference-bandwidth <Mbps>

Junos:

set protocols ospf/3 reference-bandwidth <Gbps>

11 v1.011

OSPF Area

Area 0

Area 1

Area 2

Area 3

OSPF Area ID's are typically formatted as IPv4 addresses.

Backbone Area: Area 0.0.0.0

Non-Backbone Area: other areas

12 v1.012

OSPF Router Classification

Area 0

Area 1

Area 2

Area 3IR: Internal routersABR: Area border routersBR: Backbone routersASBR: AS boundary routers

ABR

ABR

ABR

IS-IS

ASBR

13 v1.013

Link State Data Structure

• Neighbor Tableo List of all recognized neighboring router to whom routing information will be interchanged

• Topology Tableo Also called LSDB which maintain list of routers and their link information i.e network destination, prefix

length, link cost etc

• Routing Tableo Also called forwarding table contains only the best path to forward data traffic

14 v1.014

OSPF Packet Types

• OSPF use following five packet types to flow routing information between routers:

Packet Type Function

Hello Discover/maintain neighbors

Database Description Summarize database contents

Link State Request Database download

Link State Update Database update

Link State Acknowledgment Flooding acknowledgment

15 v1.015

Format of OSPF Packet

• All five OSPF packets encapsulated in IP payload (Not TCP)

• To ensure reliable deliver using IP packet OSPF use its own Ack packet (Type 5)

Link Header IP HeaderOSPF

Packet Types

Link Trailer

Version No Type Packet Length Router ID Area ID Checksum Authenticati

on TypeAuthenticati

on Data

16 v1.016

Format of OSPF Packet Header Field

Version No Type Packet Length Router ID Area ID Checksum Authenticati

on TypeAuthenticati

on Data

Version No Either OSPF version 2 (IPv4) or version 3 (IPv6)

Packet Type Differentiates the five OSPF packet types [Type 1 to Type 5]

Packet Length Length of OSPF protocol packet in bytes

Router ID The Router ID of the packet's source.

Area ID A 32 bit number identifying the area that this packet belongs to.

Checksum Used for packet-header error-detection to ensure that the OSPF packet was not corrupted during transmission

Authentication Type An option in OSPF that describes either clear-text passwords or encrypted Message Digest 5 (MD5) formats for router authentication

17 v1.017

Neighbor States+----+|Down|+----+

+----+|Init|+----+

+-----+|2-way|+-----+

Hello received (no local Router-ID)

2-way received (local Router-ID seen)

DR/BDR selected from the “neighbor” list

+-------+|ExStart|+-------+

Master-Slave decision + DBD Seq#(higher router ID)

+--------+|Exchange|+--------+

Exchange DBD (local LSDB)

+--------+|Loading |+--------+

+----+|Full|+----+

LSRs sent to neighbor Adjacency established

Y - more recent LSAs req?N

18 v1.018

OSPF Neighbor Discovery Process

• Use IP packet to send hello message. At start routers are at OSPF Down State

• Use multicast address 224.0.0.5/FF02::5 to make sure single IP packet will be

forwarded to every router within OSPF network.

• Router now at OSPF Init State

192.168.1.1 192.168.1.2

192.168.1.1

19 v1.019

OSPF Neighbor Discovery Process

• All neighboring router with OSPF enabled receive the hello packet

• Checks contents of the hello message and if certain information match it reply (Unicast) to

that hello with sending its router ID in the neighbor list.

• This is OSPF Two-way State

RID 192.168.1.1 RID 192.168.1.2

Hello, Seen [null], RID 192.168.1.1

Hello, Seen [192.168.1.1], RID 192.168.1.2

Hello, Seen [192.168.1.1, 192.168.1.2], RID 192.168.1.1

20 v1.020

Discovering Network Information

• After creating 2-way neighbor relationship neighboring routers will start exchanging network related

information. At this stage they will decide who will send network information first. Router with the

highest router ID will start sending first. This stage is called OSPF Exstart State

• Then they will start exchanging link state database. This stage is Exchange State

RID 192.168.1.1 RID 192.168.1.2

Hello, DR = 192.168.1.2

21 v1.021

Adding Network Information

• When router receive the LSDB it perform following action:o Compare the information it received with the existing DB (if any)

o If the new DB is more up to date the router send link state request (LSR) for detail information of that

link. This is Loading State

• When all LSR have been

satisfied and all routers has an

identical LSDB this stage is

OSPF Full State. Neighbors in

this state are fully adjacent.

22 v1.022

OSPF Network Topology

Broadcast Multi-access

Point-to-Point

Non Broadcast Multi-access (NBMA)

23 v1.023

Broadcast Multi-access Network

• Generally LAN type of technologies like Ethernet

• Neighbor relationship are created automatically

• DR/BDR election is required

• Default OSPF hello is 10 sec dead interval is 40 sec

24 v1.024

Broadcast Network issues

• Number of adjacencieso Number of Adj = n(n-1)/2;

• Extensive LSA floodingo Initially, the whole LSDB

- LSAck too

o Periodic hellos for adjacencies

o Triggered updateso During topology changes, each router will send LSUs to

neighbors - contains the same info

o LSAck too

LSALSA

LSA LSALSA

LSALSALSA

LSA

25 v1.025

DR/BDR

• Hence, OSPF elects a Designated and Backup Designated router for

broadcast networkso Adjacencies only formed with DR and BDR

• LSAs sent only to DR (BDR listens)o 224.0.0.6/FF02::6

• DR floods to otherso 224.0.0.5/FF02::5

DR BDR

26 v1.026

DR/BDR Election

• Uses the Hello protocol (Router Priority)o Highest OSPF interface priority – DR

- Next highest priority – BDR

o Configurable:

o Else, highest router ID – DR- Next highest – BDR

o Recommended:- configure higher priority for routers meant to be DR and BDR!

IOS:(config-if)#ip/ipv6 ospf priority <0-255>

Junos:set protocols ospf/3 area <area-id> interface <id> priority <0-255>

27 v1.027

Point-to-Point Network

• Usually a serial interface running either PPP or HDLC

• Neighbor relationship are created automatically

• No DR or BDR election required

• Default OSPF hello is 10 sec and dead interval is 40 sec

28 v1.028

Non Broadcast Multi-access Network

• A single interface interconnects multiple sites like Frame Relay/ATM/X.25

• NBMA topologies support multiple routers, but without broadcasting capabilities

• OSPF neighbor relationships need to be created manually, DR/BDR will be elected

29 v1.029

Acknowledgements

• Philip Smith

• Cisco Systems

30

31 v1.031

IXP & Routing Tutorial– IS-IS Operations

W E B I N A R C O U R S E

32 v1.032

IS-IS

• Intermediate System to Intermediate System

• Designed for OSI networks to carry CLNS(Connectionless Network Service) traffic (RFC1142(Obsoleted by RFC7142) - ISO 10589)o CLNP(Connectionless Network Protocol) was to OSI, what IPv4/IPv6 is to TCP/IP

• TCP/IP (IPv4) support added with RFC 1195

• RFC 5308 added IPv6 capability (two new TLVs)

• RFC 5120 allowed multi-topologyo Separate topologies for IPv4 and IPv6 (separate SPF graphs for each AF)

33 v1.033

IS-IS Terminologies

• End System – Host

• Intermediate System – Router

• Circuit – Interface

• Domain – Autonomous System

33

34 v1.034

IS-IS

• Runs natively on Layer 2 (Data Link)

o Agnostic to Layer-3 protocolso Not vulnerable to IP based attacks!

• Is a link state routing protocol

• All IS-IS packets are sent to two well-known Layer2 multicast addresseso 0180-C200-0014 (Level 1)o 0180-C200-0015 (Level 2)

34

TLV (subTLV)IS-IS HeaderFrame Header

Frame Trailer

35 v1.035

Link State Operation

• Each IS (router) learns about its links and connected networkso builds a link state packet– LSP

• Floods LSP to all its neighborso Stores all LSPs learned from its neighbors in a LSDB, and floods to other neighbors

• Computes the best path to each destination using the SPF algorithmo Once all routers have received all LSPs (same view of the network!)

35

36 v1.036

IS-IS Addressing

• End-to-End communication requires a unique address at the network layero OSI networks use NSAP(Network Service Access Point) addressingo Assigned to an entire node (not on individual interfaces)

• IS-IS uses one NSAP address per routero Also called Network Entity Title (NET)o Similar to router-ID in uniquely identifying

36

37 v1.037

NSAP Address

• Example:o IPv4 loopback: 192.168.1.1o Router in Area-1

• NSAP address:o 49.0001.1921.6800.1001.00

37

AFI (1 byte)

Area-ID(2 bytes)

Sys-ID (6 bytes)

N-SEL (1 byte)

38 v1.038

NSAP Address

• NSEL (selector)o always zero (00) for IS-IS - indicates “this System”o No adjacency if otherwise

• System IDo Uniquely identifies the routero Link-state routing requires every router to be unique (router-id)o Generally using BCD encoding

38

Area Number(1-13 bytes)

Sys-ID (6 bytes)

N-SEL (1 byte)

192.168.2.1171921680021171921.6800.2117

39 v1.039

NSAP Address

• Authority and format indicator (first byte)

• Assigned domain (area) identifier, which can be from 0 through 12 byteso Ex: 0001 – Area-1

• More detailed on NSAP address, please refer to RFC1237

39

Area Number(1-13 bytes)

Sys-ID (6 bytes)

N-SEL (1 byte)

40 v1.040

IS-IS Routing Hierarchy

• Each link in IS-IS carries one of the three tagso L1 (Level 1), L2 (Level 2), or L1L2o Tells the router which topology/routing level the link participates in

• L1 routero Neighbors only in the same areao Advertise list of directly connected ES/hosts (directly connected networks)o Maintains Level-1 LSDB

40

41 v1.041

IS-IS Routing Hierarchy

• L2 routero Could have neighbors in different areas (area-ID does not have to match for

adjacency)o Exchange area prefixes (so that areas can reach each other)o Maintains L2 LSDB

• L1L2 router:o Can have neighbors in any areao Separate LSDBs for each Levelo Forms both L1 and L2 adjacencies

41

42 v1.042

IS-IS Routing Hierarchy

• Uses a 2-level hierarchy o Level-1 (areas/edge)o Level-2 (backbone)

• Level-1 routingo Routing within same area (intra-area)

• Level-2 routingo Routing between different areas (inter-area)

42

Area-2

Area-1

Area-3

L1L2

L1

L1

L1 L1

L1

L1

L1

L2 L2

L2

L1L2

L1L2

43 v1.043

IS-IS Route Advertisement

• Advertise routing information from L1 (areas) to L2 (backbone)o Similar to OSPF

• Does NOT advertise detailed routes down from L2 to L1o L1L2 routers set the Attach (ATT) bit in their routing messages (LSPDUs) to

respective areas (L1 routers).o L1 routers calculate shortest path to the nearest L1L2 router (that sent the message) o install a default route pointing to the nearest L1L2 router.

43

44 v1.044

IS-IS Packet Types

44

Category Packet Type Description

Hello Packets Level 1 LAN IS to IS Hello PDUs Hello packets are used to initialize and maintain adjacencies between neighboring routers.Level 2 LAN IS to IS Hello PDUs

Point-to-Point IS to IS Hello PDUs

Link State Packets (LSPs)

Level 1 Link State PDUs Link State Packets (LSPs) are used to exchange link state information.

Level 2 Link State PDUs

Sequence Number Packets (SNPs)

Level 1 Complete Sequence Numbers PDU Sequence number PDUs are used to ensure that neighboring routers have the same notion of what is the most recent LSP from each other router.

Level 2 Complete Sequence Numbers PDU

Level 1 Partial Sequence Numbers PDU

Level 2 Partial Sequence Numbers PDU

45 v1.045

IS-IS Packet Types -- CSNP

• CSNPo Complete sequence number PDUso Similar in function to DBDs in OSPF

▸ To synchronise the LSDB

o CSNP carries a complete list of LSPs in the sender’s LSDB▸ Receiver compares the LSPs in the CSNP with its LSPs▸ Requests missing LSPs

o CSNPs are exchanged:▸ P2P: during initial adjacency build up▸ Broadcast: originated periodically by the DIS

45

46 v1.046

IS-IS Packet Types -- PSNP

• PSNPo Partial sequence number PDUso Similar in function to LS Request and LS Ack in OSPF

▸ To request a particular LSPs or acknowledge a LSP

46

47 v1.047

IS-IS Neighbor Discovery

• Once IS-IS is enabled on an interfaceo The router sends out Hello to discover any IS-IS speaking router on the other end

o Generally uses 3-way handshake▸ A sends out Hello to B▸ B responds with its own Hello as an Ack▸ IS Neighbor TLV#6 – neighbor’s MAC address for bcast, and Adj State TLV#240 for P2P -

DIU▸ A responds with one more Hello to acknowledge B’s hello

o Once the 3-way handshake is complete, neighbor relationship is established!▸ IS-IS adjacency or neighbors

47

48 v1.048

LSP Flooding

• Once adjacency is formedo The router floods its link-state info (LSP) to all its neighborso Receiving routers store the LSP in LSDB, and floods it to all its other neighbors

▸ Eventually, every router receives the LSP

o New LSPs are generated and flooded whenever there is a topology change▸ Link failure or new networks being added▸ Rerun the SPF algorithm to compute best paths

48

49 v1.049

IS-IS Link Types

• Point-to-Point linkso Only one possible neighbor (adjacency) on the link

• Broadcast/Multi-access linkso More than one neighbor (adjacencies) on the link

49

50 v1.050

Designated IS

• To scale adjacencies on multi-access linkso Number of adjacencieso Number of LSPs flooded

▸ Contains the same information

• One DIS elected (pre-emptive!)o Router with highest IS-IS interface priority

▸ Priority filed in IIHo Else, router with highest MAC address

▸ Source SNPA (subnetwork point of attachment)

• All other routers form adjacency with the DISo LSPs only sent to DIS, DIS floods to otherso Else, router with highest MAC address

50

51 v1.051

IS-IS Multi-topology

• RFC5120o Single topology: both IPv4 and IPv6 shares the same SPF topology

▸ Per-link orientation

o Multi-topology: separate SPF topology for IPv4 and IPv6 AF▸ Per-AF/per-protocol orientation▸ Each router maintains separate adjacencies per topology and runs per-topology SPF▸ Allows incremental IPv6 rollout

o Topologies Supported TLV#229▸ 12-bit Top-ID in IIH▸ Informs that a link can be a part of both IPv4 (0) and IPv6 (2) topologies

51

52 v1.052

IS-IS Metric

• Cisco IOS- all interfaces have a default metric of 10o No granularity for different link capacities

• ISPs define static interface metric

o Sets the interface metric to 1000

• The path with the lowest cumulative metric to a destination is chosen as the best path!o Load balances over equal cost paths!

52

is-is metric 1000 level-2

53 v1.053

IS-IS Design Considerations

• IGP design goal is ensure scalability and convergenceo Fewer the prefixes carried, faster the convergenceo primarily used for BGP next-hop reachabilityo Only carries infra addresses (P2P and loopbacks) but NEVER customer routes

• Suppress unnecessary IIHo Where no adjacency is expected

• Suppress DIS election on p2p links

53

passive-interface <int-ID>

isis network point-to-point

54 v1.054

IS-IS Design Considerations

• Use wide-metrics onlyo Generate extended TLVs (suppress RFC1195 TLVs)

• Use single level (multi-level only if you must)o Multi-levels could slow convergence!

▸ For BGP reachability, we will need to leak /32 (/128) prefixes between levels (L1->L2) and rerun SPF

o Start with a single L2 network (extend to L1 if necessary)▸ Up to 500-800 routers in one L2▸ Areas must match in L1

54

metric-style wide

is-type level-2-only

55 v1.055

IS-IS Design Considerations

• Avoid black holeso Use the Overload bit (O-bit)

▸ When a router sends a LSP with the O-bit set, routers will ignore the LSPs from this router in their SPF calculation

▸ Compute paths that do no traverse this router!▸ BGP (iBGP!) has to wait for IS-IS to converge and is slower after that too

▸ Default 5 mins

55

set-overload-bit on-startup wait-for-bgp

56 v1.056

IS-IS Design Considerations

• Enable Authenticationo Authenticate source of IIH/LSPs

▸ No unauthorised neighbor relationships and route injectionso Either plain-text or HMAC-MD5 (recommended)

▸ Requires a key chain

o Per-interface authenticates IIH (adjacency)▸ Both levels on P2P; separate for each level on broadcast

o Per-level authenticates LSP/SNPs

56

(config-if)#isis authentication mode md5 [level-1/2]#isis authentication key-chain <name> [level-1/2]

key chain <name>key <ID>key-string <password>

(config-router)#authentication mode md5 [level-1/2]#authentication key-chain <name> [level-1/2]

57 v1.057

IS-IS Design Considerations

• Disable IIH Paddingo IIH has a dedicate Padding TLV#8 to test the MTU of a link (bloat the IIH up to 1492 bytes)

▸ Could waste bandwidth (IOS pads every IIH!)

o Disable IIH padding if the link supports 1492 bytes

• Enable neighbor aliveness trackingo Instead of relying on IIH timers (30s) use bidirectional failure detection (BFD)

▸ BFD detects link failures within milli/micro seconds

57

(config-if)#bfd interval 50 min_rx 50 multiplier 5#isis bfdOR

(config-router)#bfd all-interfaces

no hello padding

58 v1.058

IOS Configuration

58

router isis 17821net 49.0001.1921.6800.1001.00is-type level-2-onlymetric-style wideset-overload-bit on-startup wait-for-bgplog-adjaceny-changespassive-interface loopback0!address-family ipv6set-overload-bit on-startup wait-for-bgpmulti-topology

interface Loopback0 ip address 192.168.1.1 255.255.255.255ipv6 address 2406:6400::2/128 !interface GigaEthernet0/1/0 ip address 192.168.10.1 255.255.255.252ip router isis 17821ipv6 address 2406:6400:E::/127ipv6 router isis 17821isis network point-to-pointisis metric 1 level-2isis ipv6 metric 1 level-2!

- Start IS-IS process- Set the NSAP/NET address- Define it as a L2 router (default is

L1L2 – up to 800 routers in a level)- Log neighbor changes- Use wide metrics (extended TLVs)- Suppress IIH on Lo0

- use O-bit- Separate SPF topology for each AF

(protocol)

- Enable IS-IS for IPv4/IPv6 AF on the interface (advertise prefixes and send IIH for adjacency)

- Suppress DIS election (P-ID)- Set interface metric to 1 for both

topologies

- passive command enough to advertise the prefixes (without ip/ipv6 router isis 17821)

59 v1.059

IS-IS verification

59

sh isis/clns neighbor - To see neighbor adjacencies (Sys-ID replaced by hostname)

sh clns interface <int-ID> - Details about IS-IS on a interface

sh isis database - To see the LSDB for each level- LSP-ID (Sys-ID.PID.Frag), Seq#, Hold

time, ATT/P/OL

sh clns protocol - More details about IS-IS configuration- Process-ID, Sys-ID, area, IS-IS enabled

interfaces, metric type

6060 v1.0

Thank You!END OF SESSIONThank You!

END OF SESSION

61