Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
1
2 v1.02
IXP & Routing Tutorial– OSPF Operations
W E B I N A R C O U R S E
3 v1.03
Overview
• OSPF Introduction
• Link State Routing Protocol
• OSPF Packets
• OSPF Topology
• OSPF Neighbor Discovery Process
4 v1.04
OSPF
• Open Shortest Path First
• Link State Protocol or SPF technology
• Developed by OSPF working group of IETF
• Comes with two versiono OSPFv2 (IPv4) standard described in (RFC 2328)
o OSPFv3 (IPv6) standard described in (RFC 5340)
o Support of address families in OSPFv3 (RFC 5838)
5 v1.05
OSPF
• Designed foro TCP/IP environment
o Fast convergence
o Route redistribution
o Variable length subnet masks (VLSM)
o Dis-contiguous subnets
o Incremental updates
o Route authentication
• OSPF runs on IP, Protocol 89
6 v1.06
Link State Routing Protocol
A
BD
C
20 10
3040
1560
A20 10
60 3015 40
40 30
A 10 20
B 20 30 60
C 30 40
D 10 15 40
Router place itself at the root of SPF tree when calculate the best path
Every router in an OSPF network maintain an identical topology database
7 v1.07
Link State Routing Protocol
8 v1.08
Basic OSPF Operation
R5
R3
R4
R2
R1
R4
R3R1
R2R5
R4
R1
R2R5
R3
9 v1.09
Router ID
• Uniquely identifies a link-state routero 4-byte Router ID
• Either:
o Explicitly configured =>
o Else, the highest/lowest IPv4 address of any active loopback interface
o If no loopbacks, the highest/lowest IPv4 address of any active physical interface
o ** Loopbacks preferred!
IOS:router-id <4-byte>
Junos:set routing-options router-id <4-byte>
10 v1.010
OSPF Metric
• Uses link/path cost as metric, can be configured manually
• Generally, inversely proportional to the link BWo Higher the BW lower the cost
- configurable
• The reference BW is generally 100Mbps (FE)o interfaces bigger than a FE would have a cost of 1
• For more granularity/accuracy of cost calculationo change reference BW for bigger links (all OSPF routers)
Cost = 𝒓𝒆𝒇𝒆𝒓𝒆𝒏𝒄𝒆 𝒃𝒘𝒊𝒏𝒕𝒆𝒓𝒇𝒂𝒄𝒆 𝒃𝒘
(𝒃𝒑𝒔)
IOS:router ospf/v3 <process-id>auto-cost reference-bandwidth <Mbps>
Junos:
set protocols ospf/3 reference-bandwidth <Gbps>
11 v1.011
OSPF Area
Area 0
Area 1
Area 2
Area 3
OSPF Area ID's are typically formatted as IPv4 addresses.
Backbone Area: Area 0.0.0.0
Non-Backbone Area: other areas
12 v1.012
OSPF Router Classification
Area 0
Area 1
Area 2
Area 3IR: Internal routersABR: Area border routersBR: Backbone routersASBR: AS boundary routers
ABR
ABR
ABR
IS-IS
ASBR
13 v1.013
Link State Data Structure
• Neighbor Tableo List of all recognized neighboring router to whom routing information will be interchanged
• Topology Tableo Also called LSDB which maintain list of routers and their link information i.e network destination, prefix
length, link cost etc
• Routing Tableo Also called forwarding table contains only the best path to forward data traffic
14 v1.014
OSPF Packet Types
• OSPF use following five packet types to flow routing information between routers:
Packet Type Function
Hello Discover/maintain neighbors
Database Description Summarize database contents
Link State Request Database download
Link State Update Database update
Link State Acknowledgment Flooding acknowledgment
15 v1.015
Format of OSPF Packet
• All five OSPF packets encapsulated in IP payload (Not TCP)
• To ensure reliable deliver using IP packet OSPF use its own Ack packet (Type 5)
Link Header IP HeaderOSPF
Packet Types
Link Trailer
Version No Type Packet Length Router ID Area ID Checksum Authenticati
on TypeAuthenticati
on Data
16 v1.016
Format of OSPF Packet Header Field
Version No Type Packet Length Router ID Area ID Checksum Authenticati
on TypeAuthenticati
on Data
Version No Either OSPF version 2 (IPv4) or version 3 (IPv6)
Packet Type Differentiates the five OSPF packet types [Type 1 to Type 5]
Packet Length Length of OSPF protocol packet in bytes
Router ID The Router ID of the packet's source.
Area ID A 32 bit number identifying the area that this packet belongs to.
Checksum Used for packet-header error-detection to ensure that the OSPF packet was not corrupted during transmission
Authentication Type An option in OSPF that describes either clear-text passwords or encrypted Message Digest 5 (MD5) formats for router authentication
17 v1.017
Neighbor States+----+|Down|+----+
+----+|Init|+----+
+-----+|2-way|+-----+
Hello received (no local Router-ID)
2-way received (local Router-ID seen)
DR/BDR selected from the “neighbor” list
+-------+|ExStart|+-------+
Master-Slave decision + DBD Seq#(higher router ID)
+--------+|Exchange|+--------+
Exchange DBD (local LSDB)
+--------+|Loading |+--------+
+----+|Full|+----+
LSRs sent to neighbor Adjacency established
Y - more recent LSAs req?N
18 v1.018
OSPF Neighbor Discovery Process
• Use IP packet to send hello message. At start routers are at OSPF Down State
• Use multicast address 224.0.0.5/FF02::5 to make sure single IP packet will be
forwarded to every router within OSPF network.
• Router now at OSPF Init State
192.168.1.1 192.168.1.2
192.168.1.1
19 v1.019
OSPF Neighbor Discovery Process
• All neighboring router with OSPF enabled receive the hello packet
• Checks contents of the hello message and if certain information match it reply (Unicast) to
that hello with sending its router ID in the neighbor list.
• This is OSPF Two-way State
RID 192.168.1.1 RID 192.168.1.2
Hello, Seen [null], RID 192.168.1.1
Hello, Seen [192.168.1.1], RID 192.168.1.2
Hello, Seen [192.168.1.1, 192.168.1.2], RID 192.168.1.1
20 v1.020
Discovering Network Information
• After creating 2-way neighbor relationship neighboring routers will start exchanging network related
information. At this stage they will decide who will send network information first. Router with the
highest router ID will start sending first. This stage is called OSPF Exstart State
• Then they will start exchanging link state database. This stage is Exchange State
RID 192.168.1.1 RID 192.168.1.2
Hello, DR = 192.168.1.2
21 v1.021
Adding Network Information
• When router receive the LSDB it perform following action:o Compare the information it received with the existing DB (if any)
o If the new DB is more up to date the router send link state request (LSR) for detail information of that
link. This is Loading State
• When all LSR have been
satisfied and all routers has an
identical LSDB this stage is
OSPF Full State. Neighbors in
this state are fully adjacent.
22 v1.022
OSPF Network Topology
Broadcast Multi-access
Point-to-Point
Non Broadcast Multi-access (NBMA)
23 v1.023
Broadcast Multi-access Network
• Generally LAN type of technologies like Ethernet
• Neighbor relationship are created automatically
• DR/BDR election is required
• Default OSPF hello is 10 sec dead interval is 40 sec
24 v1.024
Broadcast Network issues
• Number of adjacencieso Number of Adj = n(n-1)/2;
• Extensive LSA floodingo Initially, the whole LSDB
- LSAck too
o Periodic hellos for adjacencies
o Triggered updateso During topology changes, each router will send LSUs to
neighbors - contains the same info
o LSAck too
LSALSA
LSA LSALSA
LSALSALSA
LSA
25 v1.025
DR/BDR
• Hence, OSPF elects a Designated and Backup Designated router for
broadcast networkso Adjacencies only formed with DR and BDR
• LSAs sent only to DR (BDR listens)o 224.0.0.6/FF02::6
• DR floods to otherso 224.0.0.5/FF02::5
DR BDR
26 v1.026
DR/BDR Election
• Uses the Hello protocol (Router Priority)o Highest OSPF interface priority – DR
- Next highest priority – BDR
o Configurable:
o Else, highest router ID – DR- Next highest – BDR
o Recommended:- configure higher priority for routers meant to be DR and BDR!
IOS:(config-if)#ip/ipv6 ospf priority <0-255>
Junos:set protocols ospf/3 area <area-id> interface <id> priority <0-255>
27 v1.027
Point-to-Point Network
• Usually a serial interface running either PPP or HDLC
• Neighbor relationship are created automatically
• No DR or BDR election required
• Default OSPF hello is 10 sec and dead interval is 40 sec
28 v1.028
Non Broadcast Multi-access Network
• A single interface interconnects multiple sites like Frame Relay/ATM/X.25
• NBMA topologies support multiple routers, but without broadcasting capabilities
• OSPF neighbor relationships need to be created manually, DR/BDR will be elected
29 v1.029
Acknowledgements
• Philip Smith
• Cisco Systems
30
31 v1.031
IXP & Routing Tutorial– IS-IS Operations
W E B I N A R C O U R S E
32 v1.032
IS-IS
• Intermediate System to Intermediate System
• Designed for OSI networks to carry CLNS(Connectionless Network Service) traffic (RFC1142(Obsoleted by RFC7142) - ISO 10589)o CLNP(Connectionless Network Protocol) was to OSI, what IPv4/IPv6 is to TCP/IP
• TCP/IP (IPv4) support added with RFC 1195
• RFC 5308 added IPv6 capability (two new TLVs)
• RFC 5120 allowed multi-topologyo Separate topologies for IPv4 and IPv6 (separate SPF graphs for each AF)
33 v1.033
IS-IS Terminologies
• End System – Host
• Intermediate System – Router
• Circuit – Interface
• Domain – Autonomous System
33
34 v1.034
IS-IS
• Runs natively on Layer 2 (Data Link)
o Agnostic to Layer-3 protocolso Not vulnerable to IP based attacks!
• Is a link state routing protocol
• All IS-IS packets are sent to two well-known Layer2 multicast addresseso 0180-C200-0014 (Level 1)o 0180-C200-0015 (Level 2)
34
TLV (subTLV)IS-IS HeaderFrame Header
Frame Trailer
35 v1.035
Link State Operation
• Each IS (router) learns about its links and connected networkso builds a link state packet– LSP
• Floods LSP to all its neighborso Stores all LSPs learned from its neighbors in a LSDB, and floods to other neighbors
• Computes the best path to each destination using the SPF algorithmo Once all routers have received all LSPs (same view of the network!)
35
36 v1.036
IS-IS Addressing
• End-to-End communication requires a unique address at the network layero OSI networks use NSAP(Network Service Access Point) addressingo Assigned to an entire node (not on individual interfaces)
• IS-IS uses one NSAP address per routero Also called Network Entity Title (NET)o Similar to router-ID in uniquely identifying
36
37 v1.037
NSAP Address
• Example:o IPv4 loopback: 192.168.1.1o Router in Area-1
• NSAP address:o 49.0001.1921.6800.1001.00
37
AFI (1 byte)
Area-ID(2 bytes)
Sys-ID (6 bytes)
N-SEL (1 byte)
38 v1.038
NSAP Address
• NSEL (selector)o always zero (00) for IS-IS - indicates “this System”o No adjacency if otherwise
• System IDo Uniquely identifies the routero Link-state routing requires every router to be unique (router-id)o Generally using BCD encoding
38
Area Number(1-13 bytes)
Sys-ID (6 bytes)
N-SEL (1 byte)
192.168.2.1171921680021171921.6800.2117
39 v1.039
NSAP Address
• Authority and format indicator (first byte)
• Assigned domain (area) identifier, which can be from 0 through 12 byteso Ex: 0001 – Area-1
• More detailed on NSAP address, please refer to RFC1237
39
Area Number(1-13 bytes)
Sys-ID (6 bytes)
N-SEL (1 byte)
40 v1.040
IS-IS Routing Hierarchy
• Each link in IS-IS carries one of the three tagso L1 (Level 1), L2 (Level 2), or L1L2o Tells the router which topology/routing level the link participates in
• L1 routero Neighbors only in the same areao Advertise list of directly connected ES/hosts (directly connected networks)o Maintains Level-1 LSDB
40
41 v1.041
IS-IS Routing Hierarchy
• L2 routero Could have neighbors in different areas (area-ID does not have to match for
adjacency)o Exchange area prefixes (so that areas can reach each other)o Maintains L2 LSDB
• L1L2 router:o Can have neighbors in any areao Separate LSDBs for each Levelo Forms both L1 and L2 adjacencies
41
42 v1.042
IS-IS Routing Hierarchy
• Uses a 2-level hierarchy o Level-1 (areas/edge)o Level-2 (backbone)
• Level-1 routingo Routing within same area (intra-area)
• Level-2 routingo Routing between different areas (inter-area)
42
Area-2
Area-1
Area-3
L1L2
L1
L1
L1 L1
L1
L1
L1
L2 L2
L2
L1L2
L1L2
43 v1.043
IS-IS Route Advertisement
• Advertise routing information from L1 (areas) to L2 (backbone)o Similar to OSPF
• Does NOT advertise detailed routes down from L2 to L1o L1L2 routers set the Attach (ATT) bit in their routing messages (LSPDUs) to
respective areas (L1 routers).o L1 routers calculate shortest path to the nearest L1L2 router (that sent the message) o install a default route pointing to the nearest L1L2 router.
43
44 v1.044
IS-IS Packet Types
44
Category Packet Type Description
Hello Packets Level 1 LAN IS to IS Hello PDUs Hello packets are used to initialize and maintain adjacencies between neighboring routers.Level 2 LAN IS to IS Hello PDUs
Point-to-Point IS to IS Hello PDUs
Link State Packets (LSPs)
Level 1 Link State PDUs Link State Packets (LSPs) are used to exchange link state information.
Level 2 Link State PDUs
Sequence Number Packets (SNPs)
Level 1 Complete Sequence Numbers PDU Sequence number PDUs are used to ensure that neighboring routers have the same notion of what is the most recent LSP from each other router.
Level 2 Complete Sequence Numbers PDU
Level 1 Partial Sequence Numbers PDU
Level 2 Partial Sequence Numbers PDU
45 v1.045
IS-IS Packet Types -- CSNP
• CSNPo Complete sequence number PDUso Similar in function to DBDs in OSPF
▸ To synchronise the LSDB
o CSNP carries a complete list of LSPs in the sender’s LSDB▸ Receiver compares the LSPs in the CSNP with its LSPs▸ Requests missing LSPs
o CSNPs are exchanged:▸ P2P: during initial adjacency build up▸ Broadcast: originated periodically by the DIS
45
46 v1.046
IS-IS Packet Types -- PSNP
• PSNPo Partial sequence number PDUso Similar in function to LS Request and LS Ack in OSPF
▸ To request a particular LSPs or acknowledge a LSP
46
47 v1.047
IS-IS Neighbor Discovery
• Once IS-IS is enabled on an interfaceo The router sends out Hello to discover any IS-IS speaking router on the other end
o Generally uses 3-way handshake▸ A sends out Hello to B▸ B responds with its own Hello as an Ack▸ IS Neighbor TLV#6 – neighbor’s MAC address for bcast, and Adj State TLV#240 for P2P -
DIU▸ A responds with one more Hello to acknowledge B’s hello
o Once the 3-way handshake is complete, neighbor relationship is established!▸ IS-IS adjacency or neighbors
47
48 v1.048
LSP Flooding
• Once adjacency is formedo The router floods its link-state info (LSP) to all its neighborso Receiving routers store the LSP in LSDB, and floods it to all its other neighbors
▸ Eventually, every router receives the LSP
o New LSPs are generated and flooded whenever there is a topology change▸ Link failure or new networks being added▸ Rerun the SPF algorithm to compute best paths
48
49 v1.049
IS-IS Link Types
• Point-to-Point linkso Only one possible neighbor (adjacency) on the link
• Broadcast/Multi-access linkso More than one neighbor (adjacencies) on the link
49
50 v1.050
Designated IS
• To scale adjacencies on multi-access linkso Number of adjacencieso Number of LSPs flooded
▸ Contains the same information
• One DIS elected (pre-emptive!)o Router with highest IS-IS interface priority
▸ Priority filed in IIHo Else, router with highest MAC address
▸ Source SNPA (subnetwork point of attachment)
• All other routers form adjacency with the DISo LSPs only sent to DIS, DIS floods to otherso Else, router with highest MAC address
50
51 v1.051
IS-IS Multi-topology
• RFC5120o Single topology: both IPv4 and IPv6 shares the same SPF topology
▸ Per-link orientation
o Multi-topology: separate SPF topology for IPv4 and IPv6 AF▸ Per-AF/per-protocol orientation▸ Each router maintains separate adjacencies per topology and runs per-topology SPF▸ Allows incremental IPv6 rollout
o Topologies Supported TLV#229▸ 12-bit Top-ID in IIH▸ Informs that a link can be a part of both IPv4 (0) and IPv6 (2) topologies
51
52 v1.052
IS-IS Metric
• Cisco IOS- all interfaces have a default metric of 10o No granularity for different link capacities
• ISPs define static interface metric
o Sets the interface metric to 1000
• The path with the lowest cumulative metric to a destination is chosen as the best path!o Load balances over equal cost paths!
52
is-is metric 1000 level-2
53 v1.053
IS-IS Design Considerations
• IGP design goal is ensure scalability and convergenceo Fewer the prefixes carried, faster the convergenceo primarily used for BGP next-hop reachabilityo Only carries infra addresses (P2P and loopbacks) but NEVER customer routes
• Suppress unnecessary IIHo Where no adjacency is expected
• Suppress DIS election on p2p links
53
passive-interface <int-ID>
isis network point-to-point
54 v1.054
IS-IS Design Considerations
• Use wide-metrics onlyo Generate extended TLVs (suppress RFC1195 TLVs)
• Use single level (multi-level only if you must)o Multi-levels could slow convergence!
▸ For BGP reachability, we will need to leak /32 (/128) prefixes between levels (L1->L2) and rerun SPF
o Start with a single L2 network (extend to L1 if necessary)▸ Up to 500-800 routers in one L2▸ Areas must match in L1
54
metric-style wide
is-type level-2-only
55 v1.055
IS-IS Design Considerations
• Avoid black holeso Use the Overload bit (O-bit)
▸ When a router sends a LSP with the O-bit set, routers will ignore the LSPs from this router in their SPF calculation
▸ Compute paths that do no traverse this router!▸ BGP (iBGP!) has to wait for IS-IS to converge and is slower after that too
▸ Default 5 mins
55
set-overload-bit on-startup wait-for-bgp
56 v1.056
IS-IS Design Considerations
• Enable Authenticationo Authenticate source of IIH/LSPs
▸ No unauthorised neighbor relationships and route injectionso Either plain-text or HMAC-MD5 (recommended)
▸ Requires a key chain
o Per-interface authenticates IIH (adjacency)▸ Both levels on P2P; separate for each level on broadcast
o Per-level authenticates LSP/SNPs
56
(config-if)#isis authentication mode md5 [level-1/2]#isis authentication key-chain <name> [level-1/2]
key chain <name>key <ID>key-string <password>
(config-router)#authentication mode md5 [level-1/2]#authentication key-chain <name> [level-1/2]
57 v1.057
IS-IS Design Considerations
• Disable IIH Paddingo IIH has a dedicate Padding TLV#8 to test the MTU of a link (bloat the IIH up to 1492 bytes)
▸ Could waste bandwidth (IOS pads every IIH!)
o Disable IIH padding if the link supports 1492 bytes
• Enable neighbor aliveness trackingo Instead of relying on IIH timers (30s) use bidirectional failure detection (BFD)
▸ BFD detects link failures within milli/micro seconds
57
(config-if)#bfd interval 50 min_rx 50 multiplier 5#isis bfdOR
(config-router)#bfd all-interfaces
no hello padding
58 v1.058
IOS Configuration
58
router isis 17821net 49.0001.1921.6800.1001.00is-type level-2-onlymetric-style wideset-overload-bit on-startup wait-for-bgplog-adjaceny-changespassive-interface loopback0!address-family ipv6set-overload-bit on-startup wait-for-bgpmulti-topology
interface Loopback0 ip address 192.168.1.1 255.255.255.255ipv6 address 2406:6400::2/128 !interface GigaEthernet0/1/0 ip address 192.168.10.1 255.255.255.252ip router isis 17821ipv6 address 2406:6400:E::/127ipv6 router isis 17821isis network point-to-pointisis metric 1 level-2isis ipv6 metric 1 level-2!
- Start IS-IS process- Set the NSAP/NET address- Define it as a L2 router (default is
L1L2 – up to 800 routers in a level)- Log neighbor changes- Use wide metrics (extended TLVs)- Suppress IIH on Lo0
- use O-bit- Separate SPF topology for each AF
(protocol)
- Enable IS-IS for IPv4/IPv6 AF on the interface (advertise prefixes and send IIH for adjacency)
- Suppress DIS election (P-ID)- Set interface metric to 1 for both
topologies
- passive command enough to advertise the prefixes (without ip/ipv6 router isis 17821)
59 v1.059
IS-IS verification
59
sh isis/clns neighbor - To see neighbor adjacencies (Sys-ID replaced by hostname)
sh clns interface <int-ID> - Details about IS-IS on a interface
sh isis database - To see the LSDB for each level- LSP-ID (Sys-ID.PID.Frag), Seq#, Hold
time, ATT/P/OL
sh clns protocol - More details about IS-IS configuration- Process-ID, Sys-ID, area, IS-IS enabled
interfaces, metric type
6060 v1.0
Thank You!END OF SESSIONThank You!
END OF SESSION
61