CCNP Route Notes OSPF

CCNP Route Notes OSPF

OSPF Overview

OSPF is an open-standard, classless routing protocol that converges quickly and uses cost as a metric. (Cisco IOS automatically associates cost with bandwidth.)

OSPF is a link-state routing protocol and uses Dijkstra’s Shortest Path First (SPF) algorithm to determine its best path to
each network. The first responsibility of a link-state router is to create a database that reflects the structure of the network. Link state routing protocols learn more information on the structure of the network than other routing protocols and thus can make more informed routing decisions.

OSPF routers exchange Hellos with each neighbor, learning Router ID (RID) and cost. Neighbor information is kept in the adjacency database.

The router then constructs the appropriate Link State Advertisements (LSA), which include information such as the RIDs
of, and cost to, each neighbor. Each router in the routing domain shares its LSAs with all other routers. Each router keeps the complete set of LSAs in a table—the Link State Database (LSDB).

Each router runs the SPF algorithm to compute best paths. It then submits these paths for inclusion in the routing table, or forwarding database.

OSPF Network Structure

OSPF routing domains are broken up into areas. An OSPF network must contain an area 0 and might contain other areas. The SPF algorithm runs within an area, and interarea routes are passed between areas. A two-level hierarchy to OSPF areas exists; area 0 is designed as a transit area, and other areas should be attached directly to area 0 and only to area 0. The link-state database must be identical for each router in an area. OSPF areas typically contain a maximum of 50 routers to 100 routers, depending on network volatility. 3-1 shows a network of five routers that has been divided into three areas: area 0, area 1, and area 2.

ccnp-route-notes-ospf

FIGURE 3-1 OSPF Areas

Dividing an OSPF network into areas does the following:

  • Minimizes the number of routing table entries
  • Contains LSA flooding to a reasonable area
  • Minimizes the impact of a topology change
  • Enforces the concept of a hierarchical network design

Following are several types of areas:

  • Backbone area: Area 0, which is attached to every other area.
  • Regular area: Nonbackbone area; its database contains both internal and external routes.
  • Stub area: It’s database contains only internal routes and a default route.
  • Totally Stubby Area: Cisco proprietary area designation. Its database contains routes only for its own area and a default route.
  • Not-so-stubby area (NSSA): Its database contains internal routes, routes redistributed from a connected routing process, and optionally a default route.
  • Totally NSSA: Cisco proprietary area designation. Its database contains only routes for its own area, routes redistributed from a connected routing process, and a default route.

OSPF defines router roles as well. One router can have multiple roles:

  • An internal router has all interfaces in one area. In Figure 3-1, R1, R2, and R5 are all internal area routers. They maintain a link-state database for their own area only.
  • Backbone routers have at least one interface assigned to area 0. R3, R4, and R5 are backbone routers.
  • An Area Border Router (ABR) has interfaces in two or more areas. In Figure 3-1, R3 and R4 are ABRs. ABRs separates LSA flooding areas, can summarize area routes, and can source default routes. They maintain a link-state database for each area to which they are connected.
  • An Autonomous System Boundary Router (ASBR) has interfaces inside and outside the OSPF routing domain. In Figure 3-1, R3 additionally functions as an ASBR because it has an interface in an EIGRP routing domain.
OSPF Metric

By default, Cisco assigns a cost to each interface that is inversely proportional to 100 Mbps (100,000,000 bps). The cost for each link is then accrued as the route advertisement for that link traverses the network. 3-2 shows the default OSPF formula.

ccnp-route-notes-ospf-2

The default formula doesn’t differentiate between interfaces with speeds faster than 100 Mbps. It assigns the same cost to a Fast Ethernet interface and a Gigabit Ethernet interface, for example. In such cases, the cost formula can be adjusted using the auto-cost command under the OSPF routing process. Values for bandwidth (in kbps) up to 4,294,967 are permitted (1 Gbps is shown in the following line):

The cost can also be manually assigned under the interface configuration mode. The cost is a 16-bit number, so it can be any value from 1 to 65,535.

Link State Advertisements (LSA)

Each router maintains a database, called the link-state database (LSDB), containing the latest received LSAs. A separate LSDB is maintained for each area connected to the router.

LSA Operation

Each LSA is numbered with a sequence number, and a timer is run to age out old LSAs. The default timer is 30 minutes.

When a LSA is received, it’s compared to the LSDB. If it is new, it is added to the database, and the SPF algorithm is run. If it is from a Router ID that is already in the database, the sequence number is compared, and older LSAs are discarded. If it is a new LSA, it is incorporated in the database, and the SPF algorithm is run. If it is an older LSA, the newer LSA in memory is sent back to whoever sent the old one.

OSPF sequence numbers are 32 bits. The first legal sequence number is 0x80000001. Larger numbers are more recent. The sequence number changes only under two conditions:

  • The LSA changes because a route is added or deleted.
  • The LSA ages out. (LSA updates are flooded within the area every half hour, even if nothing changes.)

The command show ip ospf database shows the age (in seconds) and sequence number for each router.

LSDB Overload Protection

Because each router sends an LSA for each link, routers in large networks might receive—and must process—numerous LSAs. This can tax the router’s CPU and memory resources, and adversely affect its other functions. LDSB overload protection monitors the number of LSAs received and placed into the LSDB. If the specified threshold is exceeded for one minute, the router enters the “ignore” state by dropping all adjacencies and clearing the OSPF database. The router resumes OSPF operations after things have been normal for a specified period. Be careful because this feature disrupts routing when invoked.

Configure LSDB overload protection with the OSPF router process command max-lsa maximum-number [ thresholdpercentage] [ warningonly][ ignore-time minutes] [ ignore-count number] [ reset-time minutes].

LSA Types

OSPF uses different types of LSAs to advertise different types of routes, such as internal area or external routing domain. Many of these are represented in the routing table with a distinctive prefix. Table 3-1 describes these LSA types.

Table 3-1 OSPF LSA Types

Type Description Routing Table Symbol
1 Router LSA. Advertises intra-area routes. Generated by each OSPF router. Flooded only within the area. O
2 Network LSA. Advertises routers on a multiaccess link. Generated by a DR. Flooded only within the area. O
3 Summary LSA. Advertises interarea routes. Generated by an ABR. Flooded to adjacent areas. O IA
4 Summary LSA. Advertises the route to an ASBR. Generated by an ABR. Flooded to adjacent areas. O IA
5 External LSA. Advertises routes in another routing domain. Generated by an ASBR. Flooded to adjacent areas.
E1–metric increases at each router as it is passed through the network.
E2–metric does not increase (this is the default).
O
6 Multicast LSA. Used in multicast OSPF operations.
7 Not-so-stubby area (NSSA) LSA. Advertises routes in another routing domain. Generated by an ASBR
within a not-so-stubby area.
N1–metric increases as it is passed through the network.
N2–metric does not increase (default).
O
8 External attributes LSA. Used in OSPF and BGP interworking
9,10,11 Opaque LSAs. Used for specific applications, such as OSPF and MPLS interworking

OSPF Operation

OSPF uses several different message types to establish and maintain its neighbor relationships and to maintain correct routing information. When preparing for the exam, be sure you understand each OSPF packet type and the OSPF neighbor establishment procedure.

OSPF Packets

OSPF uses five packet types. It does not use UDP or TCP for transmitting its packets. Instead, it runs directly over IP (IP protocol 89) using an OSPF header. One field in this header identifies the type of packet being carried. The five OSPF

packet types follow:

  • Hello: Identifies neighbors and serves as a keepalive.
  • Link State Request (LSR): Request for a Link State Update (LSU). Contains the type of LSU requested and the ID of the router requesting it.
  • Database Description (DBD): A summary of the LSDB, including the RID and sequence number of each LSA in the LSDB.
  • Link State Update (LSU): Contains a full LSA entry. An LSA includes topology information; for example, the RID of this router and the RID and cost to each neighbor. One LSU can contain multiple LSAs.
  • Link State Acknowledgment (LSAck): Acknowledges all other OSPF packets (except Hellos).

OSPF traffic is multicast to either of two addresses: 224.0.0.5 for all OSPF routers or 224.0.0.6 for all OSPF DRs.

OSPF Neighbor Relationships

OSPF routers send out periodic multicast packets to introduce themselves to other routers on a link. They become neighbors when they see their own router ID included in the Neighbor field of the Hello from another router. Seeing this tells each router that they have bidirectional communication. In addition, two routers must be on a common subnet for a neighbor relationship to be formed. (Virtual links are sometimes an exception to this rule.) Certain parameters within the OSPF Hellos must also match for two routers to become neighbors. They include

  • Hello/dead timers
  • Area ID
  • Authentication type and password
  • Stub area flag

OSPF routers can be neighbors without being adjacent. Only adjacent neighbors exchange routing updates and synchronize their databases. On a point-to-point link, an adjacency is established between the two routers when they can communicate. On a multiaccess link, each router establishes an adjacency only with the DR and the backup DR (BDR).

Hellos also serve as keepalives. A neighbor is considered lost if no Hello is received within four Hello periods (called the dead time). The default Hello/dead timers are as follows:

  • 10 seconds/40 seconds for LAN and point-to-point interfaces
  • 30 seconds/120 seconds for nonbroadcast multiaccess (NBMA) interfaces

Establishing Neighbors and Exchanging Routes

The process of neighbor establishment and route exchange between two OSPF routers is as follows:
Step 1. Down state: OSPF process not yet started, so no Hellos sent.
Step 2. Init state: Router sends Hello packets out all OSPF interfaces.
Step 3. Two-way state: Router receives a Hello from another router that contains its own router ID in the neighbor list. All other required elements match, so routers can become neighbors.
Step 4. Exstart state: If routers become adjacent (exchange routes), they determine which one starts the exchange process.
Step 5. Exchange state: Routers exchange DBDs listing the LSAs in their LSD by RID and sequence number.
Step 6. Loading state: Each router compares the DBD received to the contents of its LS database. It then sends a

LSR for missing or outdated LSAs. Each router responds to its neighbor’s LSR with a Link State Update. Each LSU is acknowledged.
Step 7. Full state: The LSDB has been synchronized with the adjacent neighbor.

Planning for OSPF

Planning an OSPF implementation is more stringent than planning for EIGRP, because OSPF has specific network design requirements. Gather the following information:

  • Current network setup and future requirements: Document the IP addressing used and the network topology, including links types, bandwidth, and utilization. Document the current router utilization. Create an IP addressing design that allows summarization at the ABRs.
  • Network design: OSPF requires a hierarchical network design. You must create a backbone area (area 0) and normal areas. Area 0 must be contiguous. Normal areas must be connected to area 0 either directly or via a virtual link. Decide where the area boundaries should fall. Ensure that the normal areas have sufficient connectivity to area 0, and that all ABRs have the resources to handle the OSPF traffic in addition to the user traffic.
  • Plans for OSPF scaling options: These would include summarization and stub areas. Your final implementation plan needs to include detailed parameters such as the exact topology, IP networks to be advertised, OSPF process number, lists of routers to run OSPF, and any changes needed to the default interface metric. It needs to list implementation tasks for each router in the network. Finally it needs to provide verification tasks for each router such as verifying neighbors, IP routing tables, OSPF topology tables, and network connectivity. Document the new network configurations.

Basic OSPF Configuration

OSPF is configured by entering router configuration mode and identifying the range of interface addresses on which it should run and the areas they are in. When setting up OSPF, a process ID must be used (8 is used in the example), but the process ID does not need to agree on different OSPF devices for them to exchange information. The network statement uses a wildcard mask and can specify any range from a single address to all addresses. Unlike EIGRP, the wildcard mask is not optional. The following example shows a router configured as an ABR. Interfaces falling with the 192.168.1.0 network are placed in area 0, and interfaces falling within the 172.16.1.0 network are placed in area 1.

Alternatively, you can enable OSPF directly on an interface, rather than using a network statement. This is especially helpful on unnumbered interfaces and enables more granular control over which interfaces run OSPF.

The ip ospf area interface command takes precedence over a network command.

Router ID

The SPF algorithm maps the shortest path between a series of nodes. This causes an issue with IP because an IP router is not identified by a single IP address; its interfaces are. For this reason, a single IP address is designated as the “name” of the router: the Router ID (RID).

By default, the RID is the highest loopback IP address. If no loopback addresses are configured, the RID is the highest IP address on an active interface when the OSPF process is started. The RID is selected when OSPF starts and—for reasons of stability—is not changed until OSPF restarts. The OSPF process can be restarted by rebooting or by using the command clear ip ospf process. Either choice affects routing in your network for a period of time and should be used only with caution.

A loopback interface is a virtual interface, so it is more stable than a physical interface for RID use. A loopback address is configured by creating an interface and assigning an IP address.

The loopback address does not need to be included in the OSPF routing process, but if you advertise it, you can ping or
trace to it. This can help in troubleshooting.

A way to override the default RID selection is to statically assign it using the OSPF router-id command. Router ID is typically statically assigned for predictability should a process be forced to unexpectedly restart.

Verify and Troubleshoot OSPF

The neighbor initialization process can be viewed using the debug ip ospf adjacencies command. The neighbor table can be seen with show ip ospf neighbors, which also identifies adjacency status and reveals the designated router and backup designated router. Use the debug ip ospf packet command to view all OSPF packets in real time.

Often, the first place OSPF issues are noticed is when inspecting the routing table: show ip route. To filter the routing table and show only the routes learned from OSPF, use show ip route ospf.

The command show ip protocols offers a wealth of information for any routing protocol issue. Use this command to verify parameters, timer values, identified networks, and OSPF neighbors (routing information sources).

Use show ip ospf to verify the RID, timers, and counters. Because wildcard masks sometimes incorrectly group interfaces to areas, another good place to check is show ip ospf interface. This shows the interfaces on which OSPF runs and their current correct assigned area.

OSPF Network Types

The SPF algorithm builds a directed graph—paths made up of a series of points connected by direct links. One of the consequences of this directed-graph approach is that the algorithm has no way to handle a multiaccess network, such as an Ethernet VLAN. The solution used by OSPF is to elect one router, called the Designated Router (DR), to represent the entire segment. Point-to-point links fit the SPF model perfectly and don’t need any special modeling method. On a pointto-point link, no DR is elected, and all traffic is multicast to 224.0.0.5.

OSPF supports five network types:

  • NBMA: Default for multipoint serial interfaces. RFC-compliant mode that uses DRs and requires manual neighbor configuration.
  • Point-to–multipoint (P2MP): Doesn’t use DRs so adjacencies increase logarithmically with routers. Resilient RFC compliant mode that automatically discovers neighbors.
  • Point-to-multipoint nonbroadcast (P2MNB): Proprietary mode that is used on Layer 2 facilities where dynamic neighbor discovery is not supported. Requires manual neighbor configuration.
  • Broadcast: Default mode for LANs. Uses DRs and automatic neighbor discovery. Proprietary when used on WAN interface.
  • Point-to–point (P2P): Proprietary mode that discovers neighbors and doesn’t require a DR.

If the default interface type is unsatisfactory, you can statically configure it with the command ip ospf network under interface configuration mode:

When using the NBMA or P2MP nonbroadcast mode, neighbors must be manually defined under the routing process:

The command show ip ospf interface displays the network type for each link.

Designated Routers

On a multiaccess link, one of the routers is elected as a DR and another as a backup DR (BDR). All other routers on that link become adjacent only to the DR and BDR, not to each other. (They stop at the two-way state.) The DR is responsible

for creating and flooding a network LSA (type 2) advertising the multiaccess link. NonDR (DROTHER) routers communicate with DRs using the IP address 224.0.0.6. The DRs use IP address 224.0.0.5 to pass information to other routers.

The DR and BDR are elected as follows:
Step 1. A router starting the OSPF process listens for OSPF Hellos. If none are heard within the dead time, it declares itself the DR.
Step 2. If Hellos from any other routers are heard, the router with the highest OSPF priority is elected DR, and the election process starts again for BDR. A priority of zero removes a router from the election.
Step 3. If two or more routers have the same OSPF priority, the router with the highest RID is elected DR, and the election process starts again for BDR.

After a DR is elected, elections do not take place again unless the DR or BDR are lost. Because of this, the DR is sometimes the first device that comes online with a nonzero priority.

The best way to control DR election is to set OSPF priority for the DR and BDR for other routers. The default priority is one. A priority of 0 means that a router cannot act as DR or BDR; it can be a DROTHER only. Priority can be set with the ip ospf priority command in interface configuration mode.

Nonbroadcast Multiaccess (NBMA) Networks

Routing protocols assume that multiaccess links support broadcast and have full-mesh connectivity from any device to any device. In terms of OSPF, this means the following:

  • All Frame Relay or ATM maps should include the broadcast attribute.
  • The DR and BDR should have full virtual circuit connectivity to all other devices.
  • Hub-and-spoke environments should either configure the DR as the hub or use point-to-point subinterfaces, which require no DR.
  • Partial-mesh environments should be configured using point-to-point subinterfaces, especially when no single device has full connectivity to all other devices. If there is a subset of the topology with full connectivity, that subset can use a

multipoint subinterface.

  • Full-mesh environments can be configured using the physical interface, but often logical interfaces are used to take advantage of the other benefits of subinterfaces.
  • It might be necessary to statically identify neighbor IP addresses.
OSPF over Layer 2 and Layer 3 MPLS

Layer 2 and Layer 3 MPLS-based solutions were described in Chapter 2, “EIGRP.” A Layer 2 connection uses EoMPLS, and OSPF operates just as it would on any other Ethernet network. It forms a neighbor relationship with the CE router across the WAN, and they elect a DR and BDR. The OSPF network type is Multiaccess Broadcast.

A Layer 3 MPLS VPN requires that the CE routers form an OSPF neighbor relationship with their connected PE router. The PE router appears to the enterprise as just another router within their network. The OSPF network type is determined by the type of link between the CE and PE. Carefully consider your area design when using this type of WAN.

Advanced OSPF Configuration

OSPF provides many different ways to customize its operation to fit your network needs. This section discusses route summarization, passive interfaces, default routes, stub areas, and virtual links.

OSPF Summarization

Summarization helps all routing protocols scale to larger networks, but OSPF especially benefits because its processes tax the memory and CPU resources of the routers. The SPF algorithm consumes all CPU resources when it runs.

Summarization prevents topology changes from being passed outside an area and thus saves routers in other areas from having to run the SPF algorithm. OSPF’s multiple databases use more memory the larger they are. Summarization decreases the number of routes exchanged, and thus the size of the databases. It localizes the impact of a topology change. OSPF can produce summaries within a classful network (VLSM) or summaries of blocks of classful networks

(CIDR). There are two types of summarizations:

  • Inter-area (LSA type 3) route summarizations are created on the ABR under the OSPF routing process using the area range command. A summary route will be advertised as long as at least one subnet within the summary is active in the area. The summary route’s metric is the lowest cost route within the summary range. The router automatically creates a static route for the summary, pointing to Null0.

The following command advertises 172.16.0.0/12 from area 1:

  • External (LSA type 5) route summarization is done on an ASBR using the summary-address command under the OSPF routing process. It can also be done on the ABR of a NSSA to summarize type 7 routes before advertising them as type 5. The router automatically creates a static route for the summary, pointing to Null0. The following example summarizes a range of external routes to 192.168.0.0/16 and injects a single type 5 route into OSPF.

Passive Interface

The passive-interface command prevents OSPF from sending Hello messages out an interface. Thus an OSPF router does not discover neighbors or form an adjacency out that interface. To disable the protocol on one interface, use the routing protocol configuration command passive-interface interface. To turn off the protocol on all interfaces, use passive-interface default. You can then use no passive-interface interface for the ones that should run the protocol. See Chapter 2 for a configuration example.

OSPF Default Routes

The default route is a special type of summarization; it summarizes all networks down to one route announcement. This provides the ultimate benefit of summarization by reducing routing information to a minimum:

  • Routers have a smaller routing table.
  • Less use of router resources to advertise multiple routes.
  • Routers do not need to keep information on external routes.

A default route is injected into OSPF as a type 5 route. There are several ways to use the router IOS to place a default route into OSPF. The best-known way is to use the default-information command under the OSPF routing process. This command, without the keyword always, advertises a default route learned from another source (such as a static route) into OSPF. If the always keyword is present, OSPF advertises a default even if that route does not already exist in the routing table. The metric keyword sets the starting metric for this route.

Alternatively, a default summary route can also be produced using the summary-address command or the area range command. These commands can cause the router to advertise a default route pointing to itself.

Reducing routing information in nonbackbone areas is a common requirement because these routers are typically the most vulnerable in terms of processor and speed, and the links that connect them usually have the least bandwidth. A specific concern is that an area will be overwhelmed by external routing information.

Stub and Not-So-Stubby Areas

Another way to reduce the route information advertised is to make an area a stub area. Configuring an area as a stub area forces its ABR to drop all external (type 5) routes and replaces them with a default route. To limit routing information even more, an area can be made totally stubby using the no-summary keyword on the ABR only. In that case, all interarea and external routes are dropped by the ABR and replaced by a default route. The default route starts with a cost of 1; to change it, use the area default-cost command. The example that follows shows area 2 configured as a totally stubby area, and the default route injected with a cost of 5:

Stub areas are attractive because of their low overhead. They do have some limitations, including the following:

  • Stub areas can’t include a virtual link.
  • Stub areas can’t include an ASBR.
  • Stubbiness must be configured on all routers in the area.
  • Area 0 cannot be a stub area.

Another kind of stub area is a not-so-stubby area (NSSA). NSSA is like a stub or totally stub area but enables an ASBR within the area. External routes are advertised as type 7 routes by the ASBR. The ABR converts them to type 5 external routes when it advertises them into adjacent areas. NSSA is configured with the area nssa command under the OSPF routing process. The no-summary keyword on the ABR configures the area as totally NSSA; this is a Cisco proprietary feature. By default, the ABR does not inject a default route back into an NSSA area. Use the default-informationoriginate keyword on the ABR or ASBR to create this route.

Virtual Links

OSPF requires that all areas be connected to area 0 and that area 0 must be contiguous. When this is not possible, you can use a virtual link to bridge across an intermediate area. Virtual links

  • Connect areas that do not have a physical link to area 0. (This should be a temporary solution.)
  • Connect a discontiguous area 0 (when merging two company networks, for instance. This should also be a temporary solution!) 3-3 shows a virtual link connecting two portions of the backbone area 0.

ccnp-route-notes-ospf-1

FIGURE 3-3 OSPF Virtual Link

Area 1 is the transit area for the virtual link. Configure each end of a virtual link on the ABRs of the transit area with the command area area-number virtual-link router-id. Each end of the link is identified by its RID. The area listed in the command is the transit area, not the area being joined by the link. The configuration for R1 is

Verify that the virtual link is up with the show ip ospf virtual-links command. Additionally, virtual interfaces are treated as actual interfaces by the OSPF process, and thus, their status can be verified with the show ip ospf interface interface id command.

OSPF Authentication

For security purposes, you can configure OSPF to authenticate every OSPF packet and the source of every OSPF routing update. By default, the router does no authentication. OSPF supports two types of authentication:

  • Simple (plain text) authentication
  • MD5 authentication

The following example shows a router configured for simple password authentication in OSPF area 1, using a password (or key) of “simple.” Note that authentication commands are necessary both under the OSPF process and the interface configuration. All OSPF neighbors reachable through an interface configured for authentication must use the same password. You can, however, use different passwords for different interfaces.

The next example shows the same router configured for OSPF MD5 authentication for area 0, using a password of “secure.” Note that the commands are slightly different. The optional keyword message-digest is required in two of the commands, and a key number must be specified. Any neighbors reachable through the Gi0/1 interface must also be configured with the same key.

Use the following commands to verify and troubleshoot OSPF authentication:

  • debug ip ospf adj: The debug shows an error message if there is a key mismatch.
  • show ip ospf neighbor: If a neighbor relationship has been established, you can assume the authentication worked properly.
  • show ip route: Verify that route information is being exchanged between the two authenticating routers.

More Resources

About the author

Prasanna

Leave a Comment