OSPF Part IV – Sticking it together
Today I will continue with my OSPF series and dive into some command line. I will hopefully gel together what we have touched on thus far and show off the OSPF database. Before we start I wanted to share some good news. I resigned from my currently employee about a week ago. I will be moving into a much faster pace, mission critical environment where redundancy is paramount in every single aspect. More will come as I get started (skill level is going to a sharp vertical climb) but for now lets continue with today's blog post.
I have slowly been introducing you to OSPF at this stage from a theory side and explained some of the basic concepts. Shortest Path First, OSPF Database and LSA's, and how neighbor adjacency forms. Today I will go through on the CLI and explain this further. Let's hope today we can put our theory into practice.
Understanding LSA's at the CLI will make you happy
So today we will start with a simple topology of two routers directly connected via a switch. Each device will have a loop back adapter with an IP address. Simple multi-area OSPF coupled with some honest to goodness OSPF routing. Below is the topology we are going to use.
Area 51....err. yeah..
Alright. Today we are going to achieve the following tasks. I will outline them first and then we shall progress through them.
- Assign IP addresses to interfaces and devices.
- Configure and Verify basic connectivity
- Configure and Verify Area 0 OSPF. Set the OSPF ID to 1.1.1.1 for R1 and 2.2.2.2 for R2.
- Configure and Verify multi-area OSPF.
Easy enough. Let's get started.
Task 1
Configure and Verify IP addressing
R1 interface Loopback0 description Lo0_A1 ip address 10.10.10.10 255.255.255.0 ! interface FastEthernet0/0 description LINK_TO_R2 ip address 192.168.1.1 255.255.255.0 R2 interface Loopback0 description Lo0_A0 ip address 20.20.20.20 255.255.255.0 ! interface FastEthernet0/0 description LINK_TO_R1 ip address 192.168.1.2 255.255.255.0
Task Two
Verify connectivity.
R1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 20/23/28 ms R1#sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.1 - c000.0dff.0000 ARPA FastEthernet0/0 Internet 192.168.1.2 0 c001.0dff.0000 ARPA FastEthernet0/0
The Initial lost ping is ARP doing it's thing.
Task Three
OSPF time. We are going to initially set router id's on each of the switches and enable OSPF on the 192.168.1.0/24 network for Area 0.
R1 router ospf 1 router-id 1.1.1.1 network 192.168.1.0 0.0.0.255 area 0 R2 router ospf 1 router-id 2.2.2.2 network 192.168.1.0 0.0.0.255 area 0
This simple configuration will broadly enable OSPF on each router. First thing to notice is that OSPF uses the wildcard mask. It is the inverse of the subnet mask. I do believe that this is a great concept and quite easily remember. How I remember the wildcard mask is in my head have 255.255.255.255 and subtract the subnet mask of the network.
Example
255.255.255.255 -255.255.255.0 ------------------- 0 . 0 . 0 . 255
Notice the neighbor relationship's now have come up. This is confirmed by what is printed by the logging,
R2 *Mar 1 01:31:07.599: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done R1 *Mar 1 01:31:07.907: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
Remember back to the previous piece that LSA's are generated and there were Router, Network and Summary. At this stage we should see Type 1 and 2 LSAs. Let's confirm this.
R2#sh ip ospf database OSPF Router with ID (2.2.2.2) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 100 0x80000001 0x003515 1 2.2.2.2 2.2.2.2 99 0x80000002 0x00F44B 1 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.1.2 2.2.2.2 99 0x80000001 0x0009B0 R1#sh ip ospf database OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 112 0x80000001 0x003515 1 2.2.2.2 2.2.2.2 113 0x80000002 0x00F44B 1 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.1.2 2.2.2.2 113 0x80000001 0x0009B0
Easy done! OSPF is running and sharing advertisements. You can see the Link ID which is the IP of the interface that is advertising the OSPF and the router-id being used for 2.2.2.2/1.1.1.1 respectively.
Task Three verified and complete
Task Four
Multi-Area OSPF
Now we come to the fun of OSPF. As mentioned prior, Area's can define branches, routing groups or physical portions of the network. The loopback we are adding to this network (simulating the 10.10.10.10.0 network in our case) will be assigned to Area 1.
router ospf 1 network 10.10.10.0 0.0.0.255 area 1
Simple yet subtle change can make all the difference. First of all let's check R2's routing table.
R2#sh ip route ospf 10.0.0.0/32 is subnetted, 1 subnets O IA 10.10.10.10 [110/11] via 192.168.1.1, 00:07:43, FastEthernet0/0
Look at that. O IA - OSPF inter area route. Just what we wanted. Now let's check out the LSA database of R2.
R2#sh ip ospf data summ
OSPF Router with ID (2.2.2.2) (Process ID 1)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 519
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 10.10.10.10 (summary Network Number)
Advertising Router: 1.1.1.1
LS Seq Number: 80000001
Checksum: 0xA768
Length: 28
Network Mask: /32
TOS: 0 Metric: 1
Notice the advertising router. Coming from R1. This is great. Now let's compare and confirm with the OSPF database on R1
OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 601 0x80000002 0x003612 1 2.2.2.2 2.2.2.2 623 0x80000003 0x00B528 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.1.2 2.2.2.2 1172 0x80000001 0x0009B0 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.10.10.10 1.1.1.1 597 0x80000001 0x00A768 Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 601 0x80000001 0x0007F9 1 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 20.20.20.20 1.1.1.1 602 0x80000001 0x003E9F 192.168.1.0 1.1.1.1 604 0x80000001 0x0013B1
Here you can see that there is both areas. This router is an Area Border Router (ABR) and has an interface in each area. Notice there is database entries for each area. Take your time and get used to this.
This is a brief entry into OSPF but we will dig deeper as we get through this series.
I think I've opened a can of worms.
OSPF Part III – Link State Advertisements
Welcome back to part three of my series on OSPF. Here we dig deeper into OSPF and find out what makes this fantastic protocol tick. Today we are going to talk about Link State Advertisements (LSA) and their role in a OSPF network.
Don't worry if not all of these make sense at the start as I get around to explaining them all throughout the series.
Link-state advertisements are crucial to OSPF and building the topology. It is how routers know about each other's links and who connects to who across an area. OSPF uses area's to define sets of routers. They can be as small or as large as you want within reason. All areas MUST connect back to Area 0 - virtual links are an exception - so it is paramount that Area 0 is stable.
LSA's and their types are the fundamentals of OSPF. It is what builds the topology and makes it stable, what allows routers to be sent and for an area and inter area's to know where a router has come from, what interface and it's cost to get there.
Type 1 LSA - ROUTER
Router LSA identifies a OSPF router by RID. Each router creates a Type 1 LSA for itself and floods the LSA throughout the same area. The routers flood Type 1 LSAs to all neighbours and in turn they do the same until all neighbours in an area have a copy of the LSA.
Type 1 LSAs also list the following information
- When there is no DR elected, it lists routers interface subnet number and mask and the interface OSPF cost. (stub networks)
- When a DR has been elected it lists the IP address of the DR and notes it links to a transit network ( type 2 LSA exists for that network)
- No DR but neighbour is reachable it lists the neighbours RID.
Type 1 LSA use a 32-bit link state identifier (LSID). Uses our OSPF RID as value. Even if router is in multiple areas, RID is the same.
Type 2 LSA - Network
Used to help model the network topology. Represents the nodes and the links between the pairs of nodes. Choose to use Network LSA based on if DR is being used.
OSPF uses a DR in a subnet for two reasons
- - To create and flood Type 2 network LSA for that subnet
- - To aid in the detailed process of database exchange over that subnet
DR election takes place based on information in OSPF Hello messages. Hello lists RID and priority. The election rules are as follows
- Choose the router with highest priority.
- If tied, highest RID
- Choose BDR with next highest.
When DR and BDR exist no elections are made until one fails. If a DR fails the BDR is elected DR (even if better possible DR joins the network) and a new BDR is elected. If a BDR fails, DR remains as is and a new BDR is elected.
Type 3 LSA - Net Summary
ABR do NOT forward Type 1 or Type 2 LSAs. Type 3 allows areas to learn about other areas. ABRs generate Type 3 LSAs for each subnet in one area and advertises each Type 3 LSA into other areas.
Type 3 LSAs do not contain detailed topology information. It appears to be another subnet connected to the ABR that created and advertised the Type 3 LSA. Routers inside the given area calculate their best router to reach the ABR. This gives the router a good loop-free route to reach the subnet in the Type 3 LSA
Remember that the Type 3 summary is not used for route summarization
Type 4 LSA - ASBR Summary
Like a Type 3 LSA, except it advertises a host route used to reach an ASBR
Type 5 LSA - AS External
Created by ASBRs for external routes injected into OSPF
Type 6 LSA - Group Membership
For MOSPF - not supported by IOS
Type 7 LSA - NSSA External
Created by ASBR's inside an NSSA area instead of a type 5 LSA
Type 8 LSA - External Attributes
Not used by IOS
Type 9-11 LSA - Opaque
Used for later use. Type 10 used in MPLS
EXCHANGING THE LSAs
When two neighbours share a view of the list of LSIDs they transition to loading and start exchanging. This time, full LSAs.
- 1. Transition to loading
- 2. Any missing LSAs, send LSR, listing LSID of requested LSA
- 3. Respond to LSR with a LSU. Lists one or more LSAs in each.
- 4. ACK receipt by either sending LSACK or sending same LSA in a LSU
- 5. When all LSA sent, received and acknowledged, neighbour-ship moves to the FULL state.
Because there is no DR, multicasts move to 224.0.0.5.
Alright. That is enough about LSA's. If you aren't quite gelling just yet then don't stress. Next up we have some practical demonstrations outlining the theory we have gone though thus far. I may dabble with a screen cast. We shall find out. Until next time, take care and study hard!
OSPF Part II – Building Neighbor relationships
Welcome back for part two. Neighbor relationships. This is an important part before we dive into discussing the details of exchanging routers with LSA's in part III. Before we start that we need to know how neighbors for and what happens area wide amongst routers.
Before we dig down deeper I am going to put up a list of acronyms to help the various components of OSPF piece together.
OSPF TERMS
- LinkState Data Base (LSDB) - database held by router - stores the topology table.
- Shortest Path First (SPF) - Algorithm used by OSPF to analyse the LSDB. Determines best, lowest cost router for each prefix
- LinkState Update (LSU) - OSPF message that holds detailed topology information(LSA)
- LinkState Advertisement (LSA) - OSPF data structures that hold detailed topology information. LSA's are held in the memory inside LSDB. They are communicated inside LSU's
- Area - Contiguous collection of routers. Actively learn all topology information within an area.
- Area Border Router - Has interfaces connected to two or more areas. One interface must be connected to the backbone. Holds topology data for each area it is connected too. Calculates and advertises routes between areas
- Backbone Router (BB) - Any router with an interface in area 0.
- Internal Router (INT) - Only has interfaces in one area
- Designated Router (DR) - Elected by OSPF to generate area wide LSA's
- Backup Designated Router (BDR) - Is a backup DR if DR fails.
Let us start with the Database Exchange Process.
THE DATABASE EXCHANGE PROCESS
- Hello - Discovers neighbours. Has values that allow neighbour-ship, brings to a 2-way state and monitors link status
- Database Descriptor - Exchange brief versions of each LinkState Advertisement during initial topology. Allows router to know list of neighbour's known LinkState Advertisments.
- LinkState Request - Lists LinkState ID of Link State Advertisement sender of the LinkState Request would the like recipient of LinkState Request to supply during exchange.
- LinkState Update - Contains fully detailed LinkState Advertisement. Response to LinkState Request
- LinkState ACKnowledgement - Confirms receipt of LinkState Update
OSPF NEIGHBOUR STATES
When starting OSPF on a router and assigning interfaces to participate in the process the following occurs.
- Down - No hellos before dead interval expires
- Attempt - Neighbour defined with neighbour command.After hello TX before RX
- Init - Hello Received. No local RID or does not pass verification check.
- 2Way - Hello Received. RID and local neighbour checks pass.
- ExStart - Negotiating DBD sequence numbers. Uses Master/Slave logic.
- Exchange - Finished negotiating. Exchanging DBD packets
- Loading - DBD exchanged. Sending LSR, LSU and LSAck. Exchange full LSAs
- Full - Neighbours are fully adjacent. LSDBs for that area are identical.
What is a Designated router?
A designated router is the router that is unique to an area. OSPF uses a DR in an area for two reasons. One is to create and flood Type 2 network LSA's for that subnet. The second is to aid in the process of a database exchange in the subnet. An election for a router to become a DR takes place based on the information in the OSPF hello messages. Hello's list the priority and the RID. The election rules are as follows
- Choose the router with the highest priority
- If tied, highest RID
- The BDR is the next highest
The DR adopts the pseduonode ip address of 225.0.0.6. All routers in the area send their Type 1 LSA's and their ROUTER LSA's to this node. The Type 2 network LSA which the DR sends out is composed of the ROUTER LSA's that are connected to it. The DR creates that T2 LSA for the subnet. The DR assigns the LinkState ID of the DR's interface IP in that subnet. It also lists the DR's RID as the router advertising the LSA.
R1 R2
x
R3 R4
x = pseudonode - emits Type 2 LSA
When a DR and a BDR exist, no elections are made until one failts. If a DR fails then the BDR is elected the DR. This is the case even if a better DR joins the network. A new BDR is elected to fill the place. If a BDR fails the DR remains the same then only a new BDR is elected.
BREATHER!
Phwoar. A lot to start with. As we go through feel free to cross reference posts. I do appreciate the feedback as well as my peers calling me out if there are mistakes. I am no expert but this is a way for me to reinforce what I know. I will do a whole post on LSA's and the exchanging of routes next. Then we can configure some routers and check some output. Theory before the lab makes the lab gel better!
OSPF Part I – Basic OSPF
Welcome to my new series focussing on technologies and expanding on it. Working from basic to thorough we will establish the skills and knowledge required to understand and configure each technology.
Open Shortest Path First is what is known as a link state protocol. Every router in an area has the exact same routing information. By using a cost based metric it is possible to determine the shortest/fastest path a destination prefix. Think of it as having two exits to a maze. One exit is 200 meters ahead but covered in long grass that would slow you down. The other exit is a paved brick path that 250 meters long. OSPF knows the paved brick path is the fastest path out of the maze. OSPF does the same with routes. It knows where a given route is, how to take the quickest of multiple paths and deliver the packet efficiently.
Let's start with the basics.
OSPF - Open Shortest Path First
- Transport: IP
- Port Number: 89
- Metric: Cumulative costs of all outgoing interfaces in a router
- Update: 224.0.0.5 / 224.0.0.6 for Designated Routers
- Updates: Full table for new neighbours, partial otherwise
- Authentication: null, cleartext, and MD5
- VLSM: Includes mask with each route
- Tags: Supports route tagging
- Summarization: Supported at Area Border Routers
- Next-Hop: supports advertising routes with a different next-hop
OSPF uses a link state logic to calculate its routers. During the process of running OSPF between two neighbours the following occurs over three steps.
Step 1 - Neighbour Discovery involves finding the neighbouring routers running OSPF and exchanges enough information so routers know if they should become neighbours and exchange topology data. OSPF keeps a list of neighbours in the neighbour table. OSPF sends hellos to the multicast address of 224.0.0.5.
Step 2 - Topology exchange requires all OSPF routers in the area to send messages to each other. Information about the topology table is stored in the topology database known as the Link State Database. Stored in the LSDB is the router-id for each routers, each routers interface, IP address, mask, subnet, and finally the list of routers reachable by each router on each interface.
Step 3 - Router computation consists of each router analyzing the top data to choose the best from its OWN perspective. The link-state algorithm used is SPF. SPF choose the shortest route for each reachable subnet/next-hop/exit interface.
Enabling OSPF can be performed under the global router process or on an interface level. Remember that on a global level that any interface that has an IP address that is covered by a network range statement in OSPF will be included in the routing process. OSPF will check for additional information when forming adjacencies with neighbours.
The following information is sent in a hello. Hello packets are a critical part of the process of establishing and maintaining OSPF neighbours.
OSPF RID, Area ID,
Stub Area flag, Router Priority,
Dead Interval, Hello Interval,
DR IP, BDR IP, Subnet Mask,
Authentication Digest,
List of Neighbours.
Alright - The first part is done for now. Tune into part II shortly for more information regarding Designated and Backup Designated Routers, Router ID's and an introduction to LSA types.
Who is this guy?
About Me- Network Engineer, blogger and CCIE wannabe. I am a guest blogger on PacketPushers, my own content here at blog.ciscoinferno.net and on Twitter @pandom_
Twitterfeed
- Labbed - Rootguard (with answer key) blog.ciscoinferno.net/lab-rootguard Try your hand at stabilizing your L2 topology today. 1 day ago
- RT @fetep: Four 9s is 4.32 minutes of downtime per (30 day) month. You will not reach four 9s if it takes 10 minutes to escalate an outage. 2 days ago
- Looking at Mi-Token 2FA and now looking at you @networkjanitor , @cooperlees 2 days ago