CCNP OSPF MyBrief

Link-state routing protocols have the following characteristics: 
- Send triggered updates when a network change occurs

- Send periodic updates, known as link-state refresh, at long intervals, such as every 30 minutes

Таймеры протокола

• HelloInterval — Интервал времени в секундах, по истечении которого маршрутизатор отправляет следующий hello-пакет с интерфейса. Для широковещательных сетей и сетей точка-точка значение по умолчанию, как правило, равно 10 секундам. Для нешироковещательных сетей со множественным доступом значение по умолчанию — 30 секунд.
• RouterDeadInterval — Интервал времени в секундах, по истечении которого сосед будет считаться "мертвым" (dead). Этот интервал должен быть кратным значению HelloInterval. Как правило, RouterDeadInterval равен 4 интервалам отправки hello-пакетов, то есть 40 секундам.
• Wait Timer — Интервал времени в секундах, по истечении которого маршрутизатор выберет DR в сети. Его значение равно значению интервала RouterDeadInterval.
• RxmtInterval — Интервал времени в секундах, по истечении которого маршрутизатор повторно отправит пакет, на который не получил подтверждения о получении (например, Database Description пакет или Link State Request пакеты). Это интервал называется также Retransmit interval. Значение интервала — 5 секунд.

LSA - link-state advertisement

Link-state information must be synchronized between routers, which means the following:

- LSAs are reliable; there is a method for acknowledging the delivery of LSAs.
- LSAs are flooded throughout the area (or throughout the domain if there is only one area).
- LSAs have a sequence number and a set lifetime so that each router recognizes that it has the most up-to-date version of the LSA.
- LSAs are periodically refreshed to confirm topology information before the information ages out of the link-state database.

LSAs are propagated to all neighboring devices using the reserved class D multicast address 224.0.0.5

"Общение" между маршрутизаторами и DR/BDR осщуествляется с помощью
мультикаста - 224.0.0.5. 

"Общение" между DR и BDR происходит по своему
мультикаст адресу - 224.0.0.6

When a router receives an LSA, it updates its link-state database (LSDB) 

NEIGHBOR TABLE:

R5#sh ip os ne
Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.2        1   FULL/DR         00:00:33    172.16.0.2      FastEthernet1/0
172.16.0.4        1   2WAY/DROTHER    00:00:36    172.16.0.4      FastEthernet1/0
172.16.0.5        1   FULL/BDR        00:00:34    172.16.0.5      FastEthernet1/0
10.0.0.14         1   FULL/DR         00:00:30    10.0.0.10       FastEthernet2/0
10.0.0.13         1   FULL/DR         00:00:33    10.0.0.2        FastEthernet0/0

R2#sh ip os ne
Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.3        1   FULL/DROTHER    00:00:38    172.16.0.3      FastEthernet0/1
172.16.0.4        1   FULL/DROTHER    00:00:36    172.16.0.4      FastEthernet0/1
172.16.0.5        1   FULL/BDR        00:00:35    172.16.0.5      FastEthernet0/1


Маршрутизатор, выбранный DR или BDR в одной присоединенной к нему сети со множественным доступом, может не быть DR (BDR) в другой присоединенной сети. Роль DR (BDR) является свойством интерфейса, а не свойством всего маршрутизатора. 

 A router that is not the DR or BDR is called a DROTHER.

DATABASE:
R5#sh ip ospf database

            OSPF Router with ID (172.16.0.3) (Process ID 7)

                Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.13       10.0.0.13       454         0x80000005 0x00A603 2
10.0.0.14       10.0.0.14       454         0x80000005 0x002670 2
172.16.0.2      172.16.0.2      452         0x80000003 0x0045F0 1
172.16.0.3      172.16.0.3      448         0x80000005 0x00B61C 3
172.16.0.4      172.16.0.4      453         0x80000003 0x0041EE 1
172.16.0.5      172.16.0.5      452         0x80000003 0x003FED 1

                Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.2        10.0.0.13       454         0x80000001 0x006DD5
10.0.0.10       10.0.0.14       455         0x80000001 0x002118
10.0.0.14       10.0.0.14       1061        0x80000001 0x00C716
172.16.0.2      172.16.0.2      452         0x80000003 0x00D4E3

R2#sh ip ospf database

            OSPF Router with ID (172.16.0.2) (Process ID 7)

                Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.13       10.0.0.13       522         0x80000005 0x00A603 2
10.0.0.14       10.0.0.14       522         0x80000005 0x002670 2
172.16.0.2      172.16.0.2      519         0x80000003 0x0045F0 1
172.16.0.3      172.16.0.3      517         0x80000005 0x00B61C 3
172.16.0.4      172.16.0.4      520         0x80000003 0x0041EE 1
172.16.0.5      172.16.0.5      520         0x80000003 0x003FED 1

                Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.2        10.0.0.13       522         0x80000001 0x006DD5
10.0.0.10       10.0.0.14       523         0x80000001 0x002118
10.0.0.14       10.0.0.14       1130        0x80000001 0x00C716
172.16.0.2      172.16.0.2      519         0x80000003 0x00D4E3

 ROUTING TABLE

R5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/29 is subnetted, 1 subnets
C       172.16.0.0 is directly connected, FastEthernet1/0
     10.0.0.0/30 is subnetted, 3 subnets
C       10.0.0.8 is directly connected, FastEthernet2/0
O       10.0.0.12 [110/2] via 10.0.0.10, 00:16:49, FastEthernet2/0
                  [110/2] via 10.0.0.2, 00:16:49, FastEthernet0/0
C       10.0.0.0 is directly connected, FastEthernet0/0

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/29 is subnetted, 1 subnets
C       172.16.0.0 is directly connected, FastEthernet0/1
     10.0.0.0/30 is subnetted, 3 subnets
O       10.0.0.8 [110/2] via 172.16.0.3, 00:14:47, FastEthernet0/1
O       10.0.0.12 [110/3] via 172.16.0.3, 00:14:47, FastEthernet0/1
O       10.0.0.0 [110/2] via 172.16.0.3, 00:14:47, FastEthernet0/1  

• Internal routers: Routers that have all their interfaces in the same area and have identical LSDBs.
   
• Backbone routers: Routers that sit on the perimeter of the backbone area and have at least one interface connected to area 0. Backbone routers maintain OSPF routing information using the same procedures and algorithms as internal routers.
   
• Area border routers: Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each area to which they connect, and route traffic destined to or arriving from other areas. Area border routers (ABRs) are exit points for the area, which means that routing information destined for another area can get there only via the ABR of the local area.

ABRs can be configured to summarize the routing information from the LSDBs of their attached areas. ABRs distribute the routing information into the backbone. The backbone routers then forward the information to the other ABRs. In a multiarea network, an area can have one or more ABRs.

• Autonomous System Boundary Routers: Routers that have at least one interface attached to an external internetwork (another autonomous system), such as a non-OSPF network. Autonomous system boundary routers (ASBRs) can import non-OSPF network information to the OSPF network and vice versa; this process is called route redistribution.

 

Routers find best path to destinations by applying Dijkstra's SPF algorithm to the link-state database as follows:

• Every router in an area has the identical link-state database
• Each router in the area places itself into the root of the tree that is built
• The best path is calculated with respect to the lowest total cost of links to a specific destination
• Best routes are put into the forwarding database ( routing table )

Алгоритм OSPF:

Заголовок пакета OSPF

 

• Version number: For OSPF version 2 or 3
• Type: Differentiates the five OSPF packet types
• Packet length: Length of packet in bytes
• Router ID: Defines which router is the source of the packet
• Area ID: Defines the area where the packet originated
• Checksum: Used for packet-header error detection to ensure that the OSPF packet was not corrupted during transmission
• Authentication type: An option that specifies either no authentication, clear-text passwords, or encrypted Message Digest 5 (MD5) formats for router authentication
• Authentication: Used in the authentication scheme
• Data (for hello packet): Includes a list of known neighborsData (for DBD packet): Contains a summary of LSDB, which includes all known router IDs and their last sequence number, among a number of other fields
• Data (for LSR packet): Contains the type of LSU needed and the router ID that has the needed LSU
• Data (for LSU packet): Contains the full LSA entries; multiple LSA entries can fit in one OSPF update packet
• Data (for LSAck packet): Is empty

Пакет HELLO

 

Determining the Router ID

The OSPF router ID is used to uniquely identify each router in the OSPF routing domain. A router ID is simply an IP address. Cisco routers derive the router ID based on three criteria and with the following precedence:

1. Use the IP address configured with the OSPF router-id command.

2. If the router-id is not configured, the router chooses highest IP address of any of its loopback interfaces.

3. If no loopback interfaces are configured, the router chooses highest active IP address of any of its physical interfaces.

Router priority — приоритет маршрутизатора, 8-битное число, символизирующее приоритет маршрутизатора при выборе DR (англ. Designated router) и BDR (англ. Backup designated router), прописывается ручками при огромном желании вручную выбирать DR and BDR.

так же будут ещё:

Authentication password — if router authentication is enabled, two routers must exchange the same password.

Stub area flag — designating a stub area reduces routing updates by replacing them with a default route. Two routers must agree on the stub area flag in the hello packets. 

Установление соединения:

 All routers that received the hello packet send a unicast reply hello packet to router A with their corresponding information. The neighbor field in the hello packet includes all neighboring routers and router A.

When router A receives these hello packets, it adds all the routers that had its router ID in their hello packets to its own neighbor relationship database. This state is the two-way state. At this point, all routers that have each other in their list of neighbors have established bidirectional communication.

If the link type is a broadcast network, generally a LAN link like Ethernet, a DR and BDR must first be elected. The DR forms bidirectional adjacencies with all other routers on the LAN link. This process must occur before the routers can begin exchanging link-state information.

Periodically (every 10 seconds by default on broadcast networks), the routers within a network exchange hello packets to ensure that communication is still working. The hello updates include the DR, BDR, and the list of routers whose hello packets have been received by the router, where received means that the receiving router recognizes its router ID as one of the entries in the received hello packet.

 

 

Типы сетей и конфигурация:

 RFC 2328:

- NBMA - Nonbroadcast multiaccess

- Point-to-multipoint

Additional modes from Cisco:

- Point-to-multipoint nonbroadcast

- Broadcast

- Point-to-point

  

1. Broadcast mode

2. Nonbroadcast mode

 

3. Point-to-multipoint

Не забываем про sub интерфейсы по ситуации 

и дебаг:  
router# debug ip ospf adj

---------------------------------------------------- 

Обзор использования area

 

 

• Link ID: Identifies each LSA.
• ADV Router: Advertising router; the source router of the LSA.
• Age: The maximum age counter in seconds. The maximum age is 1 hour, or 3,600 seconds.
• Seq#: Sequence number of the LSA. This number begins at 0x80000001 and increases with each update of the LSA.
• Checksum: Checksum of the individual LSA to ensure reliable receipt of that LSA.
• Link count: Total number of directly attached links, used only on router LSAs. The link count includes all point-to-point, transit, and stub links. Each point-to-point serial link counts as two; all other links count as one, including Ethernet links.

• E1: Type O E1 external routes calculate the cost by adding the external cost to the internal cost of each link that the packet crosses. Use this type when there are multiple ASBRs advertising an external route to the same autonomous system to avoid suboptimal routing.
• E2 (default): The external cost of O E2 packet routes is just the external cost. Use this type if only one ASBR is advertising an external route to the AS.

 

----------------------------

Virtual Links

 

 

Не забывать про  
R4(config-router)# router-id 4.4.4.4

debug:

R1# sh ip ospf virtual-links

R1# sh ip ospf neighbors

R1# sh ip ospf database router <id>

-------------------------------

Summarization

• Interarea route summarization: Can be configured on ABRs and applies to routes from within each area. It does not apply to external routes injected into OSPF via redistribution. To perform effective interarea route summarization, network numbers within areas should be assigned contiguously so that these addresses can be summarized into a minimal number of summary addresses. Figure illustrates interarea summarization at the ABRs.
• External route summarization: Specific to external routes that are injected into OSPF via route redistribution. It is important to ensure that the external address ranges that are being summarized are contiguous. Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. External route summarization is configured on ASBRs only. 

Note
Summary LSAs (type 3) and external LSAs (type 5) by default do not contain summarized routes.

----------------------------------------------------

Аутентификация

OSPF поддерживает три типа аутентификации:

type 0 (none)

type 1 (clear text)

type 2 (MD5)

Фактически OSPF позволяет указать только тип аутентификации, без указания пароля. При такой ситуации отношения соседства установятся (если у соседей указан одинаковый тип аутентификации), но сама аутентификация не будет выполняться.

Тип аутентификации может быть настроен на интерфейсе или для всей зоны. А сам пароль только на интерфейсах.

Тип аутентификации может быть настроен на интерфейсе и для всей зоны. Настройки на интерфейсе являются более приоритетными.

Настройка типа аутентификации для зоны

Настройка аутентификации type 1 для зоны 1 (пароль надо задавать на интерфейсах):

router(config-router)# area 1 authentication

Настройка аутентификации type 2 для зоны 0 (пароль надо задавать на интерфейсах):

router(config-router)# area 0 authentication message-digest

Настройка типа аутентификации и пароля на интерфейсах

Настройка аутентификации type 0:

router(config-if)# ip ospf authentication null

Настройка аутентификации type 1:

router(config-if)# ip ospf authentication

router(config-if)# ip ospf authentication-key <key-value>

Настройка аутентификации type 2:

router(config-if)# ip ospf authentication message-digest

router(config-if)# ip ospf message-digest-key <key-number> md5 <key-value>

Аутентификация для virtual link

Аутентификация type 1 (plaintext) для virtual link:

router(config-router)# area <id> virtual-link <router-id> authentication-key <key-value>

Аутентификация type 2 (MD5) для virtual link:

router(config-router)# area <id> virtual-link <router-id> message-digest-key <key-number> md5 <key-value>