Abstract image of a woman sitting on books and studying on a laptop

OSPF.pptx

Download as PPTX, PDF
Atakan ATAK, profile picture
Atakan ATAK

The document provides a comprehensive overview of the Open Shortest Path First (OSPF) routing protocol, including its features, components, and operational characteristics. It explains key topics such as neighbor adjacency, packet types, and link-state advertisements (LSAs), along with how OSPF handles database synchronization and path selection. The document serves as a detailed guide for network security specialists looking to understand and implement OSPF in enterprise networks.

Technology
Related topics:
Data Center Overview
1 of 47
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Open Shortest Path First (OSPF) Atakan ATAK Network Security Specialist atakannatak16@gmail.com
Course Topics 1. Introduction 1.1. Features 1.2. Components 1.3. Header Format 2. Neighbor Adjacency 2.1. Packet Types 2.2. LSA Types 2.3. LSDB Flooding 2.4. Path Selection 2.5. Router ID 2.6. Discovery Process 2.7. DR/BDR Election 3. Network Types 4. Area Types 5.1. Reference Bandwidth 5.2. Default Route 5.3. Passive Interface 5.4. Authentication 5.5. Summarization 6. Multi Area Design 6.1. Virtual Link 6.2. Transit Capability 7. Troubleshooting Path 8. LAB 5. Configurable Features
1. Introduction 1.1. Features INTRODUCTION / FEATURES It is an IGP standardized by the IETF and commonly used in large Enterprise networks. OSPF is a link-state routing protocol providing fast convergence and excellent scalability. Like all link-state protocols, OSPF is very efficient in its use of network bandwidth. OSPF also has the following operational characteristics; Dynamically adjust to changes in network topology Support VLSM, CIDR and route summarization Provides for the authentication of routing updates Uses the cost as the route metric Determines routing by computing a graph, abstracting the topology of the network by using the SPF (Dijkstra) algorithm so this way a loop-free topology construction The protocol itself minimizes the operation overhead such as the hello messages that not contain routing information Trigger updates for fast convergence Load balancing with equal-cost routes for the same destination
1.2. Components INTRODUCTION / COMPONENTS All routing protocols share similar components. They all use routing protocol messages to exchange route information. The messages help build data structures, which are then processed using a routing algorithm. These tables contain a list of neighboring routers to exchange routing information with and are kept and maintained in RAM. DATABASE TABLE INFORMATION Neighbor Neighbor  List of all routers that a router communicates bidirectional  Vary according to each routers  show ip ospf neighbors Link State Database (LSDB) Topology  Keeps information about all other routers in the  Represents network topology  Same LSBD for all routers in the same area  show ip ospf database Forwarding Routing  An algorithm, a route list created when the link state is run in the database  The routing table for each router is unique  show ip route
1.3. Header Format INTRODUCTION / HEADER FORMAT Link Header IP Header OSPF Packet Types Link Trailer Version Type Packet Length Router ID Area ID Check sum Auth. Type Auth. Data Hello Value=1 DBD Value=2 LSR Value=3 LSU Value=4 LSACK Value=5 Unlike other routing protocols, the OSPF will not carry the data through the transport protocol such as TCP and UDP . Rather than, the OSPF forms the IP datagram directly, packaging it using the protocol number of 89 for an IP protocol field. In the OSPF, there are 5 different types of packets. The format of the common OSPF header is shown right side.
FIELD LENGTH (Bits) DESCRIPTION Version 8 OSPF version number. For OSPFv2, the value is 2. Type 8 OSPF packet type. Packet Length 16 Length of the OSPF packet with the packet header, in bytes. Router ID 32 ID of the Router that sends the OSPF packet. Area ID 32 ID of the area to which the Router that sends the OSPF packet belongs. Checksum 16 Checksum of the OSPF packet that does not carry the Authentication field. AuType 16 The values are as follows:  0: none  1: simple  2: MD5 Authentication 64 This field has different meanings for different AuType values:  0: This field is not defined.  1: This field defines password information.  2: This field contains the key ID, MD5 authentication data length, and sequence number. INTRODUCTION / HEADER FORMAT
2. Neighbor Adjacency 2.1. Packet Types NEIGHBOR ADJACENCY / PACKET TYPES Hello Packet The hello message will perform 4 major functions such as; 1. It discovers the other OSPF speaking routers on the common subnets 2. Verify the bidirectional visibility between the routers 3. Check for the agreement on a particular configuration parameter 4. Monitor the neighbor's health to react suppose the neighbor fails If any below items do not match, then the 2 routers do not form the neighbor relationship. 1. The dead timers and OSPF hello must be equal 2. No duplicate for the RID 3. Important to pass an authentication process 4. Important to be in a same OSPF area 5. Important to be in a same primary subnet as well as same subnet mask 6. Important to be a same area types such as stub, regular, not-so-stubby area
NEIGHBOR ADJACENCY / PACKET TYPES Database Descriptor Packet (DBD) For the link state routing protocols, it is essential that the link state database for all the routers remain synchronized. This synchronization will begin as soon as an adjacency formed between the neighbors. The OSPF uses the DBD - database descriptor packets for that purpose. The OSPF router summarizes the DBD packets and local database carry the set of LSA belongs to the database. When the neighbor sees the LSA, which is more recent than the own database copy, then it request the newer LSA from a neighbor. When 2 routers hear Hello and parameter check passes, it will not send packets immediately which holds the LSA. Rather, each router will create and send the database description packets, that contain the header of the each LSA. This header includes the needed information to uniquely identify the LSA and the revision without transmitting the body.
Link State Request Packet (LSR) After all the LSA header exchanged using the DD packets, each neighboring router has the list of the LSA known by a neighbor. Using this knowledge, the router need to request the full copy of the each LSA, which is missing from the own LSDB. To determine whether the neighbor has the most recent copy of the certain LSA, the router looks at a sequence number of an LSA in the LSDB and also compares with the sequence number of that of the same LSA learned from a DD packet. Each LSA sequence number is increased each time the LSA re-originated or changes. If the router gets the LSA header with the later sequence number for the specific LSA, that router knows that a neighbor has the most recent LSA. The Routers will use the link state packets to request 1 or more LSA from the neighbor. The LSR packet is one of the OSPF packets. After the DBD packet exchange process, a router can find that it has not any up-to-date database. An LSR packet is mainly used to request the pieces of a neighbors database which is more up-to-date. NEIGHBOR ADJACENCY / PACKET TYPES
Link State Update Packet (LSU) This packet implements the LSA flooding. Every LSA comprises the metric, topology information and routing to describe the OSPF network portion. A local router will advertise the LSA within the LSU packet to the neighboring router. Additionally, a local router advertises an LSU packet with the information in response to the LSR packet. The primary router sends the database description, one at a time and a secondary router acknowledges the everyone and includes in the own database descriptions. The record is compared with the type, link state ID and advertising router. The sequence number in a record will determines whether the record is older or newer. The flooding of the link state advertisement is mainly implemented by these packets. The collection of the lick state advertisements is mostly carried by the each link state update packet, one hop further from the origin. The packet can be included by the several link state advertisements. Both the routers will sit in the loading state when the LSR and LSA process continues. After the process gets over, it will settle into the full state that means the 2 routers must have fully exchanged their database, results in the identical copies of a LSDB entry. NEIGHBOR ADJACENCY / PACKET TYPES
Link State Acknowledgment Packet (LSack) The OSPF needs acknowledgement for a receipt of the each LSA. The multiple LSA may be acknowledged in the single LSAck packet. The LSR/LSA process will use the reliable protocol, which has 2 options, in that link state acknowledgement is among them. The LSU can be acknowledged by a receiver of an LSU simply repeating a same LSU back to the sender. Alternatively, the router will send back the LSAck packet to acknowledge the packets that contain the acknowledged LSA header list. As s result, the LSDB must be identical. At this point, it can independently run a Dijkstra shortest path first algorithm to calculate the best path from own perspective. The reliability of the flooding link state advertisements is made by explicitly acknowledging the flooded advertisements. NEIGHBOR ADJACENCY / PACKET TYPES
2.2. LSA Types NEIGHBOR ADJACENCY / LSA TYPES Type 1 – Router LSA OSPF uses a LSDB (link state database) and fills this with LSAs (link state advertisement). Each router within the area will flood a type 1 router LSA within the area. In this LSA you will find a list with all the directly connected links of this router. Keep in mind that the router LSA always stays within the area. Link Type Description Link ID 1 P2P connection to another router Neighbor router ID 2 Connection to transit network IP address of DR 3 Connection to stub network IP network 4 Virtual Link Neighbor router ID  Routers advertise their directly connected OSPF-enabled links in a type 1  They are flooded only within the area in which they originated  ALL OSPF speaking routers generate type 1 BUT, how do we identify a link with perspective of entire OSPF process? So, there are two parameters which are looking;  The IP prefix on an interface  The link type
NEIGHBOR ADJACENCY / LSA TYPES Type 2 – Network LSA It is created for each multi-access network. The broadcast and non-broadcast network types require a DR/BDR. If this is the case you will see these network LSAs being generated by the DR. In this LSA we will find all the routers that are connected to the multi- access network, the DR and of course the prefix and subnet mask.  Only found on NBMA networks  Contain the router ID and IP address of the DR  Give other routers information about multi-access networks within the same area  They are flooded only within the area in which they originated  This is a form of internal OSPF summarization  Link State ID = IP Address of DR
NEIGHBOR ADJACENCY / LSA TYPES Type 3 – Summary LSA The name “summary” LSA is very misleading. By default OSPF is not going to summarize anything for you.  Describes networks that are within the OSPF AS but outside of the particular OSPF area that is receiving the LSDB  Summary LSA has a flooding scope of being transmitted only into the area where the network or subnet is not found  Generated only by ABR and describe inter area routes to various networks  Link State ID = Destination Network Type 1 router LSAs always stay within the area. OSPF however works with multiple areas and you probably want full connectivity within all of the areas. Routers which are connected different areas are going to create a Type 3 summary LSA and flood it into area 0. This LSA will flood into all the other areas of our OSPF network. This way all the routers in other areas will know about the prefixes from other areas.
NEIGHBOR ADJACENCY / LSA TYPES Type 4 – Summary ASBR LSA  They identify an ASBR and provide a route to it  They are generated by an ABR only when an ASBR exists within an area  They are flooded to other areas by ABRs  It enables other routers to find and reach the ASBR  Link State ID = Router ID of the ASBR This is needed because Type 5 External LSAs are flooded to all areas and the detailed next-hop information may not be available in those other areas. This is solved by an Area Border Router (ABR) flooding the information for the router where the type 5 originated.
NEIGHBOR ADJACENCY / LSA TYPES Type 5 – External LSA  Generated by the ASBR  These LSA describe routes to destinations that are external to the AS  Flooded everywhere, with the exception of Stub Area  Link State ID = External Network These routes are redistributed into OSPF from other routing protocols or by the redistribution of connected or static routes. Type 7 – Not-so-stubby area LSA  Generated by the ASBR  Can be summarized and converted into Type-5 LSA by the ABR for the transmission into other OSPF area  These LSA describe routes within a NSSA These packets are used for some special area types that do not allow external distributed routes to go through and thus block LSA Type 5 packets from flooding through them, LSA Type 7 packets act as a mask for LSA Type 5 packets to allow them to move through these special areas and reach the ABR that is able to translate LSA Type 7 packets back to LSA Type 5 packets.
2.3. LSDB Flooding NEIGHBOR ADJACENCY / LSDB FLOODING When a router receives an LSA, it checks its LSDB. If the LSA is new, the router floods the LSA out the its neighbors. After the new LSA is added to the LSDB, the router reruns SPF algorithm. This recalculation by the SPF is essential to prevising accurate routing tables. The SPF is responsible for calculating the routing table, and any LSA change might also cause a change in the routing table. OSPF routers in the same area all have the same LSDB and run same SPF algorithm with themselves as the root. The characteristics of the LSDB are as follows;  All router belonging to the same area have the identical LSDB  Calculating routes by using the SPF is performed separately by each router in area  LSA flooding is contained within the area that experienced the change  The LSDB is comprised of LSA entries  A router has a separate LSDB for each area to which it belongs
NEIGHBOR ADJACENCY / LSDB FLOODING Flooding in OSPF is responsible for validating and distributing LSU to the LSDB, whenever a change or update occurs to a link. Flooding is part of the LSDB synchronization mechanism. The goal of this mechanism is to keep the LSDBs of the routers in an OSPF domain synchronized within time in the presence of topological changes. Also, the primary goal of flooding is to ensure that every router receives the changed or updated LSA within the flooding scope. Flooding occurs differently between neighbors in OSPF depending on a the following factor;  LSA Type 1-2-3-4-7 are flooded within an area  LSA Type 5 is flooded throughout the OSPF domain, with exception of Stub area  When a DR is present, only non-DRs flood to the DR. The DR then floods to everyone as required  When two OSPF routers have not established an adjacency, they do not flood each other
2.4. Path Selection NEIGHBOR ADJACENCY / PATH SELECTION OSPF will use cost as the metric to choose the shortest path for each destination, this is true but it’s not entirely correct. OSPF will first look at the “type of path” to make a decision and secondly look at the metric. This is the preferred path list that OSPF uses;  Intra-Area [O]: Routes originated within an area, are known by the routers in the same area as Intra-Area routes. These routes are flagged as O. Also called OSPF Internal routes, as they are generated by OSPF itself, when an interface is covered with the OSPF network command.  Inter-Area [O IA]: When a route crosses an ABR, the route is known as an OSPF Inter-Area route. These routes are flagged as O IA. Also called OSPF Internal routes, as they are generated by OSPF itself, when an interface is covered with the OSPF network command.  NSSA Type 1 [N1]: When an area is configured as a NSSA, and routes are redistributed into OSPF, the routes are known as NSSA External Type-1. These routes are flagged as O N1.  External Type 1 [E1]: Routes which were redistributed into OSPF, such as connected, static, or other routing protocol, are known External Type-1. These routes are flagged as O E1. A cost is the addition of the external cost and the internal cost used to reach that route.  NSSA Type 2 [N2]: The definition for type O N1 is valid for this route type. Also, these routes are flagged as O N2.  External Type 2 [E2]: The definition for type E1 is valid for this route type, with one difference, which is the cost is always the external cost, irrespective of the interior cost to reach that route. Also, these routes are flagged as O E2.
2.5. Router ID NEIGHBOR ADJACENCY / ROUTER ID Each OSPF router selects a router ID (RID) that has to be unique on your network. OSPF stores the topology of the network in its LSDB and each router is identified with its unique router ID , if you have duplicate router IDs then you will run into reachability issues. Because of this, two OSPF routers with the same router ID will not become neighbors but you could still have duplicated router IDs in the network with routers that are not directly connected to each other. OSPF uses the following criteria to select the router ID;  Manual configuration of the router ID  Highest IP address on a loopback interface  Highest IP address on a non-loopback interface
2.6. Discovery Process NEIGHBOR ADJACENCY / DISCOVERY PROCESS OSPF considers two routers that have an interface located an a common network as “Neighbor”. When OSPF discovers its neighbors, this is the first step of discovering the network and building a routing table. This process begins with the router learning the Router-ID of its neighbors via multicast “Hello Message”. A neighbor relationship begins when the routers exchanging Hello packets see their own Router-ID in the other router’s Hello packet and they agree upon the follow;  Different Router-ID value  Same Hello and Dead transmission intervals  Same Area ID  Same subnet mask – Just for multiaccess network  Stub Area Flag  Authentication type and password For adjacencies to form, OSPF must first have discovered its neighbors. Adjacencies are formed for the purpose of exchanging routing information. NOT every neighboring router forms an adjacency. A router’s neighbors or peers, are those routers, which is describe below, will directly exchange routing information.
2.7. DR/BDR Election NEIGHBOR ADJACENCY / DR/BDR ELECTION The solution of managing the number of adjacencies in the multi-access network and transferring LSAs is DR. OSPF selects a DR as aggregation and distribution point for sent and received LSAs. In case of DR failure, a BDR is also selected. The BDR listens passively on this exchange and maintains links with all directors. If DR stops generating hello packets, BDR identifies itself and assumes the DR role. Other routers without DR or BDR become DROTHER DR is notified when a new device is added and DR forwards it to all routers. This prevents LSA packets from consuming bandwidth. There are two options to checking when selecting DR/BDR;  Highest priority (0-255)  Highest router ID  The default priority is 1.  A priority of 0 means you will never be elected as DR or BDR. Routers Neighbors 4 6 10 45 20 190
3. Network Types NETWORK TYPES Two OSPF routers will never form a neighbor relationship and hence will never forward packets directly between each other unless they share a common prefix. 1. Neighbor Discovery and Maintenance: Hello protocols run differently an different subnet types. 2. Database Synchronization: How does one synchronize the LSDB over the subnet? Which routers become adjacent, and how does reliable flooding take advantage of any special properties that the subnet might provide? 3. Abstraction: In the OSPF LSDB, how does one represent the subnet and router connectivity over the subnet? In the OSI reference model, differences subnet technologies would be called “Subnet work-Dependent convergence” functions. The differences in the way that OSPF runs over the various subnet technologies can be grouped as follows;
4. Area Types AREA TYPES OSPF supports a two level hierarchical routing scheme through the use of areas. Each OSPF area is identified by a 32-bit Area ID and consist of a collection of network segments interconnected by routers. Areas are contiguous logical segments of the network that have been grouped together. Each area has its own LSDB, consisting of LSA Type 1-2 describing how the area’s routers and network segments are interconnected. Routing within the area is flat, which each router knowing exactly which network segments are contained within the area. In addition to allowing one to build much larger OSPF networks, OSPF areas provide the following functionally;  Increased Robustness: The effects of router and/or link failures within a single area dampened external to the area.  Routing Protection: OSPF always prefers path within an area over paths that cross area boundaries. This means that routing within an area is protected from routing instabilities or misconfiguration in other area.  Hidden Prefixes: It can configure prefixes so that they will not be advertised to other area The following list provides general characteristics of an OPSF area;  Area contain a group of contiguous hosts and networks  Routers have a per area topological database and run the same SPF  Each are must be connected to the backbone area known as Area 0  Virtual links can be used to connect to Area 0 in emergencies  Intra area routes are used for routes within to destination within the area
AREA TYPES It is a carry a default, static, intra area, and external routes. The use of standard area is more resource intensive within an OSPF network. The following list provides general characteristics;  It contains a router that uses both OSPF and any other routing protocols  A virtual link is configured across the area  It has an ABR  Summarize whenever and as often as possible Standard/Normal Area If more than one area is configured in an OSPF network, one of these areas must be Area 0. To summarize the OSPF backbone is the part of the OSPF network that acts as the primary path for traffic that is destined to other areas or networks. Use the following guidelines when designing an OSPF backbone:  It is a transit area, not a destination for traffic  Ensure that the stability of the backbone area is maintained  Ensure that redundancy is built into the design whenever possible  Keep this are simple, and fewer routers are better  Keep the BW symmetrical, so that OSPF can maintain load balancing  Ensure that all other areas connect directly to Area 0 Backbone Area The backbone area must be at the center of all other areas, so all areas must be connected to the backbone. This is because OSPF expects all areas inject routing information into the backbone, and it turns, the backbone disseminates that routing information into other areas.
AREA TYPES This area carries a default route and inter area routes but does not carry external routes. Stub areas are essentially dead end areas. This reduces the routes being advertising across the network. Therefore, stub areas allow for reduction in LSA traffic and can make OSPF make stable. Stub area summarize all external LSAs into a default route, which provides a path to external routes for all traffic inside the stub area. The stub ABR forwards LSAs for inter area routes but not external routes and floods them to other Area 0 routers. The stub ABR keeps the LSDB for the stub area with this additional information and the default external route. Stub areas following functional and design characteristic:  The stub ABR stops the LSA Type 4-5. Therefore, no router inside a stub area has any external routes, so ASBR cannot be internal to a stub area.  Reduces the LSDB size and memory requirements of the routers inside a stub area  Routing from these areas to the outside based on a default route. Stub area only have two type of route, such as O and O IA.  Stub areas typically have one ABR, this is the best design. If there is more than one ABR, accept the none optimal routing paths because you have more than one existing point.  All OSPF routers inside a stub area must be configured as a stub routers, because all OSPF interfaces that belong to the area start exchanging Hello packets with a flag that indicates that the interface is part of a stub area (E bit).  Backbone area cannot be a stub area  Stub area cannot be used as a transit area for virtual links Stub Area
AREA TYPES The purpose of Totally Stubby areas is to limit the number of LSAs flooded into the area, to conserve bandwidth and router CPUs. The stub area ABR will instead automatically inject a default route into the Totally Stubby area, so that those routers can reach both inter area networks and external networks. The ABR will be the next-hop for the default route. Totally Stubby areas following functional and design characteristic:  The ABR advertise only a default router into the rest of the stub area. This results in an even further reduction in the size of the LSDB and routing table.  TSA forwards default external route and blocks the LSA Type 3-4-5-7.  Also share the same design criteria with Stub area. Totally Stubby Area
AREA TYPES Although most of the stub area restrictions, such as preventing the flooding of LSA Type-5 into the area and not allowing configuration of virtual links through the area. The ability to import a small amount of external routing information into the NSSA for later distribution into the rest of the OSPF routing domain. The advent of this new type of hybrid stub area also introduced a new LSA Type-7, which is responsible for carrying external route information. NSSA does not flood LSA Type-5 external LSAs from the core into the NSSA, on NSSA has the capability to import AS external routes in a limited fashion within the area, which is what makes it on NSAA. With NSSA you can extend OSPF to cover the remote connection by defining the are between the corporate router and the remote router as on NSSA. The operation of an NSSA is rather straightforward. NSSA following functional characteristic:  NSSA area routers will share LSA Type 1-2 to build their topology tables  NSSA areas will also accept LSA Type-3, which contain the routes to reach networks in all other areas  NSSA areas will not accept LSA Type 4-5, detailing routes to external networks  If an ASBR exists within the NSSA area, that ASBR will generate LSA Type-7 Not-So-Stubby Area
5. Configurable Features 5.1. Reference Bandwidth CONFIGURABLE FEATURES / REFERENCE BANDWIDTH OSPF uses a simple formula to calculate the OSPF cost for an interface with this formula; cost = reference bandwidth / interface bandwidth It uses "Cost" as the value of metric and uses a Reference Bandwidth of 100 Mbps for cost calculation. For example, in the case of 10 Mbps Ethernet , OSPF Metric Cost value is 100 Mbps / 10 Mbps = 10.  The default Reference Bandwidth of OSPF is 100 Mbps and the default OSPF cost formula doesn’t differentiate between interfaces with bandwidth faster than 100 Mbps. Interface Type Reference BW(bps) % Default BW (bps) Cost 10 Gbps 1.000.000.000 % 10.000.000.000 1 1 Gbps 1.000.000.000 % 1.000.000.000 1 100 Mbps 1.000.000.000 % 100.000.000 10 10 Mbps 1.000.000.000 % 10.000.000 100
5.2. Default Route CONFIGURABLE FEATURES / DEFAULT ROUTE There are a number of things. We can change the metric or metric type but the most important thing most people forget is the always keyword. If you use the default-information originate you can advertise a default route in OSPF. OSPF won’t advertise a default route if you don’t already have it in your routing table. If you add the always keyword it will advertise the default route even if you don’t have it in the routing table. Once you have advertised the default route it will look like this on other routers:
5.3. Passive Interface CONFIGURABLE FEATURES / PASSIVE INTERFACE The passive interface should be configured on interfaces that do not have an OSPF router connected to them so that they won’t receive any OSPF information. By silencing routing announcements on network interfaces, we tell the router to “listen but don’t talk”. A protocol’s routing load on the CPU can be reduced by minimizing the number of interfaces with which it must interact. Another reason to apply passive interface is to increase security. An attacker could start an application that replies with OSPF hello packets then our router will try to establish neighbor relationship. The attacker could then advertise fake routes to misdirect traffic.  OSPF continues to announce or advertise the interface’s connected network.  OSPF routers stop sending OSPF Hellos on the interface.  On the interface, OSPF no longer processes any received Hellos. OSPF is a link-state routing protocol that creates and keeps neighbor relationships by sharing routing updates with other OSPF routers. No routing information is exchanged and the only packets they exchange are Hello packets. Hello packets enables dynamic neighbor discovery and preserve neighbor connections. Passive interface command is used to suppress OSPF hello packets on a specified interface. Enabling passive interfaces in our network devices mean that:
5.4. Authentication CONFIGURABLE FEATURES / AUTHENTICATION All routing protocols can be protected by using authentication and OSPF is no exception. Each OSPF packet will be authenticated if you enable any form of authentication. In this lesson we’ll take a look at how to configure plain text authentication for OSPF. There are two options for authentication;  Plain text  MD5 When neighbor authentication is configured on a router, this route checks the identity of the source of each routing update package it receives. This mean, with the exchange of an authentication key(sometimes known as a password) happens in routers.
5.5. Summarization CONFIGURABLE FEATURES / SUMMARIZATION ABRs send summary link advertisements to describe the routes to other areas. Depending on the number of destinations, an area can get flooded with a large number of link state records, which can utilize routing device resources. To minimize the number of advertisements that are flooded into an area, you can configure the ABR to summarize, a range of IP addresses and send reachability information about these addresses in a single LSA. You can summarize one or more ranges of IP addresses, where all routes that match the specified area range are filtered at the area boundary, and the summary is advertised in their place. Summarization of Type-3 LSAs means we are creating a summary of all the inter area routes. This is why we call it inter area route summarization. If you don’t use summarization (which is the default) there will be a LSA for every specific prefix. If you have a link failure in any area then related ABR will flood a new Type-3 LSA and this change has to be propagated throughout all our OSPF areas. Since the LSDB will change our OSPF routers they will have to re-run the SPF algorithm which takes time and CPU power. There are a couple of things to be aware of:  A summary route will only be advertised if you have at least one subnet that falls within the summary range  A summary route will have the cost of the subnet with the lowest cost that falls within the summary range  ABR that creates the summary route will create a null0 interface to prevent loops  OSPF is a classless routing protocol so you pick any subnet mask you like for prefixes OSPF can do summarization but it’s impossible to summarize within an area. This means we have to configure summarization on an ABR or ASBR. OSPF can only summarize our LSA type 3 and 5. Summarization of type 3 summary LSAs means we are creating a summary of all the inter-area routes. This is why we call it inter-area route summarization.
CONFIGURABLE FEATURES / SUMMARIZATION The obtained 10.1.0.0/22 route was summarized together with 4 different networks. In the example, the summary address matches 4 networks, although there are only 2 networks.
CONFIGURABLE FEATURES / SUMMARIZATION OSPF is a classless routing protocol, which carries subnet mask information along with route information. Therefore, OSPF supports discontinuous subnets because the subnet masks are part of the LSDB. Network numbers in areas should be assigned contiguously to ensure that these addresses can be summarized into a minimal number of summary addresses. Let’s consider the below topology; This summarization was successful because you have the following distinct and contiguous ranges of subnets;  128.213.96.X -- 1128.218.99.X – Area 1  128.213.100.X --128.218.103.X – Area 2 NULL 0 is a fictitious interface that causes the router to drop into the bit bucket any information that is destined to it. These entries are placed into the routing table to prevent routing loops. Also, if one or more of the summarized networks are inaccessible, the other routers within the OSPF domain are not interested this issue, because in their routing tables there is a summarized route outlined as shown in the area marked in red. Only Type-3 LSAs propagate into the backbone. This is important because it prevents every router from having to rerun the SPF algorithm. This is helps increase the networks stability and reduces unnecessary traffic.
6. Multi Area Design MULTI AREA DESIGN When a large OSPF area is divided into smaller areas, this is called multiarea OSPF. Multiarea OSPF is useful in larger network deployments to reduce processing and memory overhead. Multiarea OSPF requires a hierarchical network design. The main area is called the backbone area (Area 0) and all other areas must connect to the backbone area. Multiarea OSPF have these advantages;  Smaller routing tables – There are fewer routing table entries as network addresses can be summarized between areas.  Reduced frequency of SPF calculations – Localizes impact of a topology change within an area. For instance, it minimizes routing update impact, because LSA flooding stops at the area boundary.  Reduced link-state update overhead – Minimizes processing and memory requirements, because there are fewer routers exchanging LSAs.  Confines network instability to single areas of the network OSPF design rules;  No router should be in more than three areas.  No area should contain more than 50 routers.  No router should have more than 60 neighbors.  A router can be a DR or BDR for more than one network segment, but be careful that the router is not overworked by doing so.  Do not run more than one OSPF process on an ABR.
6.1. Virtual Link MULTI AREA DESIGN / VIRTUAL LINK The backbone should never be intentionally partitioned, but if partitioning occurs consider using a virtual link to temporarily repair the backbone area. Virtual links are logical connections that are vaguely analogous to a tunnel. The two backbone routers establish a virtual adjacency so that LSAs and other OSPF packets are exchanged as if no other internal OSPF router were involved. A virtual link can connect on ABR to the backbone, even though the virtual link is not directly connected. Some of the characteristics and suggested uses for virtual links;  In order to avoiding routing loops, transit area should have full knowledge of routing information giving by LSAs  Other thing Stub areas have only one point of entry, think about the only one way out or in. So, if you create a virtual link by using Stub area you create another way out Stub area. In this situation, we can receiving Type-3-5 LSAs through the virtual link, ending whole concept of Stub area and the usefulness of Stub default route.  Stability is determined by the stability of the area that the virtual transit  Can only be configured on ABRs  Assist in solving network connectivity problems  Can assist in providing logical redundancy  OSPF treats two routers joined by a virtual link as if they were connected by an P2P network  Cannot run across stub areas
6.2. Transit Capability MULTI AREA DESIGN / TRANSIT CAPABILITY (Chapter 16.3 in the OSPFv2 RFC 2328) This is a special property of a non-backbone area that allow this area to transport traffic for other areas. Per the OPSF definition, a transit area is the area that has a virtual link connecting two or more ABRs attached to this area. Thus, having a virtual link provisioned across the area is the necessary thing to make the area transit. In fact, it a just an alternate definition of a transit area. The idea of a virtual link is to extend area 0 across non-backbone area. There are two main situations when you may want to do this; Virtual links are only used to flood specific LSAs, which are Type 1-2-3 found in area 0. Type-5 LSAs are not flood across the virtual links, because Type 1-2-3-4 LSAs have the flooding scope of a single area. Thus, if you have a virtual link connecting two ABRs you cannot floods LSAs across the transit area, since this area is different from area 0. However, Type-5 LSA have the flooding scope of OSPF AS domain, and thus they are flooded across the area anyways (unless it’s Stub area). So, there is no need to duplicate information across the virtual link, obviously, a Stub area cannot be a transit area due to this reasons. The main ideas are; 1. Due to design considerations, where you have an area not directly connected to the backbone area. This could be a result of two networks merging together. 2. Using a non-backbone area to reach destinations in other areas. The main idea of OSPF inter area routing is that all areas should be communicating across the backbone. The backbone area is used to exchange information the routing in a distance vector manner, requiring the star topology to avoid routing loops. For the RFC, the router is only considered on ABR, if it has an interface in area 0 and ignores Type- 3 LSAs delivered across the non-backbone areas. This is ensure the simple “Loop Free” star topology, 1. TransitCapability is the flag that tells you an area carries traffic that neither originates nor terminates in the area itself.  This only happens when you are using Virtual-Links to connect isolated areas to the backbone or to reconnect a partitioned backbone. 2. The additional checks are done after Inter- and Intra-Area routes have been calculated and they look only at backbone prefixes that  Native to Area 0  Inter-area summaries (come from other areas via Area 0) 3. If there is a better path to reach such prefixes than the one through the Virtual-Link ABR, then use it. 4. If there's any summarization configured on the ABR, ignore it when originating summary-LSAs into the transit area to prevent loops.
7. Troubleshooting Path TROUBLESHOOTING PATH As shown in the illustration, in general, OSPF problems are related to one of the following aspects;  Adjacencies of neighbors  Missing routes  Route selection When troubleshooting neighbors, verify if the router established adjacencies with neighboring routers using the show ip ospf neighbors command .  If there are no adjacencies, routers cannot exchange routes. Check if the interfaces work and are enabled for OSPF using the show ip interface brief and show ip ospf interface commands .  Now, if the interfaces work and are enabled for OSPF, make sure that the interfaces on both routers are configured for the same OSPF area and are not configured as passive interfaces.  If the adjacency between the two routers is established, verify that there are OSPF routes in the routing table using the show ip route ospf command.  If there are no OSPF routes, verify that there are no other routing protocols with lower administrative distances running on the network. Verify if all required networks are advertised in OSPF. Also check if there is an access list configured on a router that could filter incoming or outgoing routing updates. If all the required routes are in the routing table but the route the traffic takes is incorrect, verify the OSPF cost of the interfaces on the route.
8. LAB LAB / SUMMARIZATIONS / EXAMPLE-1 OSPF is a classless routing protocol, which carries subnet mask information along with route information. Therefore, OSPF supports multiple subnet masks for the same major network, which is known as VLSM. OSPF supports discontinuous subnets because the subnet masks are part of the LSDB. Network numbers in areas should be assigned contiguously to ensure that these addresses can be summarized into a minimal number of summary addresses. This summarization was successful because you have the following distinct and contiguous ranges of subnets; As can be seen in the output above, the information of Type-3 LSA transmitted via R2 is reflected in the routing table. NULL 0 is a fictitious interface that causes the router to drop into the bit bucket any information that is destined to it. These entries are placed into the routing table to prevent routing loops. Also, if one or more of the summarized networks are inaccessible, the other routers within the OSPF domain are not interested this issue, because in their routing tables there is a summarized route outlined as shown in the area marked in red above. Only Type-3 LSAs propagate into the backbone. This is important because it prevents every router from having to rerun the SPF algorithm. This is helps increase the networks stability and reduces unnecessary traffic. ▪ 128.213.96.X to 128.218.99.X – Area 1 ▪ 128.213.100.X to 128.218.103.X – Area 2 8.1. Summarizations
LAB / PREFIX SUPPRESSION / EXAMPLE-1 In large OSPF networks, a lot of space is wasted in the LSDB and routing tables because of prefixes on transit links. OSPF prefix suppression is a feature to get rid of these unnecessary prefixes. The routing table of R1 still shows the entry for the loopback IP however it has removed the prefix of the transit link 10.10.23.0/30 from the routing table. To test it, let’s re-configured the link between R2 and R3 as P2P network. The colored entries describe the Transit links, which need to be processes for the SPF algorithm but really do not need in the routing tables of endpoint routers. Thus, this is the moment where it is very important to realize that an SPF tree could consist entirely of unnumbered links and still function as before. 8.2. Prefix Suppression NOTE: The source IP must be of the loopback as the routers have no information for the transit IPs to send the echo replies.
LAB / VIRTUAL LINK / EXAMPLE-1 Let's reference the topology right side to practice the theoretical information mentioned before about the Virtual Link and Transit Capability. After performing all configurations and disabling “Transit Capability” feature, let's view the database information of 100.100.100.0/24 prefix on R4. 8.3. Virtual Link  100.100.100.1/32 – R6 – Cost 40  100.100.0.0/16 – R2 – Cost 20  100.100.0.0/16 – R3 – Cost 20 As it can be seen in the outputs, we can observe that it has learned the prefixes as follows from 3 different routers;
LAB / VIRTUAL LINK / EXAMPLE-1 R4's routing table is going to have both option installed, but it will use the longest-match, which is 100.100.100.1/32 via R6. From the R6’s perspective, 100.100.100.1 prefix is a backbone prefix, and it finds two equal routes of this prefix. One of them is R4 and the other is R5. Therefore, R6 sends packets to R4 or R5 and they send the packets back to R6 on the most specific route they have. This is why we facing the routing loop if we have no transit capability feature. Also some situation occurs on R7, you can see clearly in below;
LAB / FORWARDING ADDRESS / EXAMPLE-1 First thing first, R3 and R4 do not include a part of R5 interface on the OSPF process. Therefore, the LSA Type-5 generated by both routers have the forwarding address set to 0.0.0.0. In this example, R1 or R2 can be used to view the external LSAs. To view external LSAs, issue the below output; The forwarding addresses for the Type-5 generated by both R3 and R4 are set to 0.0.0.0. In this case, the LSA to be installed in the R1 routing table is determined by comparing the metrics to the ASBRs generating the LSAs. You can see the metrics that R1 has for the ASBRs on above. Therefore, R1 chooses the LSA generated by ASBR 3.3.3.3, which is R3, to place in its routing table that is shown below; 8.4. Forwarding Address
LAB / FORWARDING ADDRESS / EXAMPLE-1 After that, R3 has changed to include network 192.168.1.0/29 in area 0 of the OSPF process. The result of the configuration change is that the Type-5 LSA generated by R3 now has the forwarding address set to the IP address of R5 which is point of next hop for static route, as shown in the database output taken from R1 right side; LSA to be installed in the R1 routing table is determined by comparing the R1 metric to the ASBR R4 that generated the LSA with a forwarding address of 0.0.0.0 to the R1 metric to reach the forwarding address of 192.168.1.5, which was set for the LSA generated by the ASBR R3. In the above output, the metric to R4 is 120. This is compared to the R1 metric to reach the forwarding address of 192.168.1.5, which can be seen using the show ip route 192.168.1.5 command. The output of this command is below; So, the metric to reach the ASBR R4, which is 74, is compared to the metric to reach the forwarding address of 192.168.1.5 generated by R3, which is . Therefore, the LSA installed in the routing table is the LSA generated by R4, as shown in the R1 output below; When the metric of the redistributed route from multiple ASBRs are equal as illustrated in the document, the forwarding address changes the behavior of the Type-5 LSA path selection. When a router receives two Type-5 LSAs to the same destination with the forwarding addresses set on both LSAs, the router makes a comparison based on the metric to the forwarding addresses. The LSA with a forwarding address that offers the smaller metric is placed into the routing table. If the metric of the redistributed routes are different, the routers prefer the route with the lowest metric and not the lowest metric to the forwarding address.
LAB / FORWARDING ADDRESS / EXAMPLE-2 In this scenarios where we have multiple ABRs converting/translating same network from Type-7 to Type-5 LSA, then OSPF LSDB need to act on only one of them. The other must withdraw its LSA. This is one of many loop avoidance techniques adapted in OSPF. So, who sets the forwarding address ABRs or ASBR, of course answer is NSSA ASBR which is R4. We can see R3 converts Type-7 to Type-5, because it has higher Router-ID to compared R2 value, and retains the forwarding address value 4.4.4.4. Lets show the related output below; As all the path costs are default, in R1 we can see two equal cost paths available for the destination of 55.55.55.55, because R1 gets the external LSA for 55.55.55.55 as forwarding address set to 4.4.4.4. Now R1 checks its LSDB to reach 4.4.4.4 and finds two equal cost paths. Hence it installs both to reach 55.55.55.55. Lets show the related output below;
LAB / FORWARDING ADDRESS / EXAMPLE-2 When a router is forced to pick a forwarding address for a Type-7 LSA, preference is should be given first to the router’s internal addresses. If internal addresses are not available, preference should be given to the router's active OSPF Stub network addresses. These choices avoid the possible extra hop that may happen when a transit network’s address is used. When the interface whose IP address is the LSA’s forwarding address transitions to a Down State, which case this is the R4. The router must select a new forwarding address for the LSA and then re-originate it. IF one is not available the LSA should be flushed. Now in this example the internal address is the loopback address 4.4.4.4. If this interface goes down, that force the router to choose another interface as forwarding address how that affects the route selection process. According to the above output, we encounter a new question, which is why the R4 pick 10.34.34.4 against 10.24.24.4? This selection process will examine the ordered in below;  Loopback IP address  Non-loopback IP address that is connected to a transit Stub network  Non-loopback IP address that is connected to a non-transit Stub network Also now you see R1 does not multi pathing and only sends the traffic towards the R3, but what changed the routing decision of R1? We neither changed any path cost nor anything in the redistribution to influence the path cost, because the forwarding address is set to 10.34.34.4, R1 has the shortest path via R3 (20) against via R2 (30). I want to mentioned one more thing, which is Type-5 LSA is generated by R3 Loopback IP address but the traffic with related to external destination will follow via R4 interface. You can clearly see this situation on right side output;

More Related Content

PPTX
OSPF Open Shortest Path First protocol full details
Vignesh kumar
 
PDF
Osp fv3 cs
Fred Bovy
 
PPTX
OSPF IN COMPUTER NETWORKING..............
shawwalrashed
 
PDF
Open Shortest Path First
Atakan ATAK
 
PDF
Ospf routing protocol
Edgardo Scrimaglia
 
PPTX
OPEN SHORTEST PATH FIRST (OSPF)
Ann Joseph
 
PPTX
Open shortest path first (ospf)
Respa Peter
 
PDF
Cisco ospf
sarasanandam
 
OSPF Open Shortest Path First protocol full details
Vignesh kumar
 
Osp fv3 cs
Fred Bovy
 
OSPF IN COMPUTER NETWORKING..............
shawwalrashed
 
Open Shortest Path First
Atakan ATAK
 
Ospf routing protocol
Edgardo Scrimaglia
 
OPEN SHORTEST PATH FIRST (OSPF)
Ann Joseph
 
Open shortest path first (ospf)
Respa Peter
 
Cisco ospf
sarasanandam
 

Similar to OSPF.pptx (20)

PPTX
ch2_p3_ospf.pptx
NilsJuanSoncoMedina
 
PDF
Ospfv3 primer
Fred Bovy
 
PDF
Cisco ospf
sarasanandam
 
PDF
OSPFv3_Technology_White_Paper.pdf
Denis Rasskazov
 
PPTX
Ospf
Vishnu Vardhan
 
PDF
OSPF.pdf
Jayaprasanna4
 
PPT
Routing and OSPF
arpit
 
PPTX
Dynamic Routing Protocol OSPF
Atakan ATAK
 
DOCX
Ospf infinite skills
ssarachman1
 
PPTX
Layer3protocols
assinha
 
PPT
OSPF Overview
NetProtocol Xpert
 
PPT
C C N A Day3
darulquthni
 
PDF
Single-Area OSPFv2 Concepts.pdf
Zulkarman Syafrin
 
PDF
CSC427_Week_11.pdf
muazumuhammad6
 
PPT
Ospf
Alp isik
 
PDF
ENSA_UNIT 1.pdfasasasaasafsedfsecfwefw wefwefw qeda
drainagememes
 
PPT
Ccna day3
Reetesh Gupta
 
PPTX
Ccna ppt1
AIRTEL
 
PPT
BSCI30S03 OSPF open shortest path first .ppt
hodeve9961
 
PPT
ODA000009 IS-IS Routing Protocol.ppt
marwan76
 
ch2_p3_ospf.pptx
NilsJuanSoncoMedina
 
Ospfv3 primer
Fred Bovy
 
Cisco ospf
sarasanandam
 
OSPFv3_Technology_White_Paper.pdf
Denis Rasskazov
 
Ospf
Vishnu Vardhan
 
OSPF.pdf
Jayaprasanna4
 
Routing and OSPF
arpit
 
Dynamic Routing Protocol OSPF
Atakan ATAK
 
Ospf infinite skills
ssarachman1
 
Layer3protocols
assinha
 
OSPF Overview
NetProtocol Xpert
 
C C N A Day3
darulquthni
 
Single-Area OSPFv2 Concepts.pdf
Zulkarman Syafrin
 
CSC427_Week_11.pdf
muazumuhammad6
 
Ospf
Alp isik
 
ENSA_UNIT 1.pdfasasasaasafsedfsecfwefw wefwefw qeda
drainagememes
 
Ccna day3
Reetesh Gupta
 
Ccna ppt1
AIRTEL
 
BSCI30S03 OSPF open shortest path first .ppt
hodeve9961
 
ODA000009 IS-IS Routing Protocol.ppt
marwan76
 
Ad

More from Atakan ATAK (6)

PDF
Mastering FortiWeb: An Extensive Admin Guide for Secure Deployments
Atakan ATAK
 
PDF
Spaning Tree Protocol
Atakan ATAK
 
PDF
Resource reservation protocol
Atakan ATAK
 
PDF
Label distribution protocol
Atakan ATAK
 
PPTX
IP Addressing and Subnetting
Atakan ATAK
 
PPTX
Virtual Local Area Network
Atakan ATAK
 
Mastering FortiWeb: An Extensive Admin Guide for Secure Deployments
Atakan ATAK
 
Spaning Tree Protocol
Atakan ATAK
 
Resource reservation protocol
Atakan ATAK
 
Label distribution protocol
Atakan ATAK
 
IP Addressing and Subnetting
Atakan ATAK
 
Virtual Local Area Network
Atakan ATAK
 
Ad

Recently uploaded (20)

PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Five Habits of High-Impact Board Members
OnBoard
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 

OSPF.pptx

  • 1. Open Shortest Path First (OSPF) Atakan ATAK Network Security Specialist atakannatak16@gmail.com
  • 2. Course Topics 1. Introduction 1.1. Features 1.2. Components 1.3. Header Format 2. Neighbor Adjacency 2.1. Packet Types 2.2. LSA Types 2.3. LSDB Flooding 2.4. Path Selection 2.5. Router ID 2.6. Discovery Process 2.7. DR/BDR Election 3. Network Types 4. Area Types 5.1. Reference Bandwidth 5.2. Default Route 5.3. Passive Interface 5.4. Authentication 5.5. Summarization 6. Multi Area Design 6.1. Virtual Link 6.2. Transit Capability 7. Troubleshooting Path 8. LAB 5. Configurable Features
  • 3. 1. Introduction 1.1. Features INTRODUCTION / FEATURES It is an IGP standardized by the IETF and commonly used in large Enterprise networks. OSPF is a link-state routing protocol providing fast convergence and excellent scalability. Like all link-state protocols, OSPF is very efficient in its use of network bandwidth. OSPF also has the following operational characteristics; Dynamically adjust to changes in network topology Support VLSM, CIDR and route summarization Provides for the authentication of routing updates Uses the cost as the route metric Determines routing by computing a graph, abstracting the topology of the network by using the SPF (Dijkstra) algorithm so this way a loop-free topology construction The protocol itself minimizes the operation overhead such as the hello messages that not contain routing information Trigger updates for fast convergence Load balancing with equal-cost routes for the same destination
  • 4. 1.2. Components INTRODUCTION / COMPONENTS All routing protocols share similar components. They all use routing protocol messages to exchange route information. The messages help build data structures, which are then processed using a routing algorithm. These tables contain a list of neighboring routers to exchange routing information with and are kept and maintained in RAM. DATABASE TABLE INFORMATION Neighbor Neighbor  List of all routers that a router communicates bidirectional  Vary according to each routers  show ip ospf neighbors Link State Database (LSDB) Topology  Keeps information about all other routers in the  Represents network topology  Same LSBD for all routers in the same area  show ip ospf database Forwarding Routing  An algorithm, a route list created when the link state is run in the database  The routing table for each router is unique  show ip route
  • 5. 1.3. Header Format INTRODUCTION / HEADER FORMAT Link Header IP Header OSPF Packet Types Link Trailer Version Type Packet Length Router ID Area ID Check sum Auth. Type Auth. Data Hello Value=1 DBD Value=2 LSR Value=3 LSU Value=4 LSACK Value=5 Unlike other routing protocols, the OSPF will not carry the data through the transport protocol such as TCP and UDP . Rather than, the OSPF forms the IP datagram directly, packaging it using the protocol number of 89 for an IP protocol field. In the OSPF, there are 5 different types of packets. The format of the common OSPF header is shown right side.
  • 6. FIELD LENGTH (Bits) DESCRIPTION Version 8 OSPF version number. For OSPFv2, the value is 2. Type 8 OSPF packet type. Packet Length 16 Length of the OSPF packet with the packet header, in bytes. Router ID 32 ID of the Router that sends the OSPF packet. Area ID 32 ID of the area to which the Router that sends the OSPF packet belongs. Checksum 16 Checksum of the OSPF packet that does not carry the Authentication field. AuType 16 The values are as follows:  0: none  1: simple  2: MD5 Authentication 64 This field has different meanings for different AuType values:  0: This field is not defined.  1: This field defines password information.  2: This field contains the key ID, MD5 authentication data length, and sequence number. INTRODUCTION / HEADER FORMAT
  • 7. 2. Neighbor Adjacency 2.1. Packet Types NEIGHBOR ADJACENCY / PACKET TYPES Hello Packet The hello message will perform 4 major functions such as; 1. It discovers the other OSPF speaking routers on the common subnets 2. Verify the bidirectional visibility between the routers 3. Check for the agreement on a particular configuration parameter 4. Monitor the neighbor's health to react suppose the neighbor fails If any below items do not match, then the 2 routers do not form the neighbor relationship. 1. The dead timers and OSPF hello must be equal 2. No duplicate for the RID 3. Important to pass an authentication process 4. Important to be in a same OSPF area 5. Important to be in a same primary subnet as well as same subnet mask 6. Important to be a same area types such as stub, regular, not-so-stubby area
  • 8. NEIGHBOR ADJACENCY / PACKET TYPES Database Descriptor Packet (DBD) For the link state routing protocols, it is essential that the link state database for all the routers remain synchronized. This synchronization will begin as soon as an adjacency formed between the neighbors. The OSPF uses the DBD - database descriptor packets for that purpose. The OSPF router summarizes the DBD packets and local database carry the set of LSA belongs to the database. When the neighbor sees the LSA, which is more recent than the own database copy, then it request the newer LSA from a neighbor. When 2 routers hear Hello and parameter check passes, it will not send packets immediately which holds the LSA. Rather, each router will create and send the database description packets, that contain the header of the each LSA. This header includes the needed information to uniquely identify the LSA and the revision without transmitting the body.
  • 9. Link State Request Packet (LSR) After all the LSA header exchanged using the DD packets, each neighboring router has the list of the LSA known by a neighbor. Using this knowledge, the router need to request the full copy of the each LSA, which is missing from the own LSDB. To determine whether the neighbor has the most recent copy of the certain LSA, the router looks at a sequence number of an LSA in the LSDB and also compares with the sequence number of that of the same LSA learned from a DD packet. Each LSA sequence number is increased each time the LSA re-originated or changes. If the router gets the LSA header with the later sequence number for the specific LSA, that router knows that a neighbor has the most recent LSA. The Routers will use the link state packets to request 1 or more LSA from the neighbor. The LSR packet is one of the OSPF packets. After the DBD packet exchange process, a router can find that it has not any up-to-date database. An LSR packet is mainly used to request the pieces of a neighbors database which is more up-to-date. NEIGHBOR ADJACENCY / PACKET TYPES
  • 10. Link State Update Packet (LSU) This packet implements the LSA flooding. Every LSA comprises the metric, topology information and routing to describe the OSPF network portion. A local router will advertise the LSA within the LSU packet to the neighboring router. Additionally, a local router advertises an LSU packet with the information in response to the LSR packet. The primary router sends the database description, one at a time and a secondary router acknowledges the everyone and includes in the own database descriptions. The record is compared with the type, link state ID and advertising router. The sequence number in a record will determines whether the record is older or newer. The flooding of the link state advertisement is mainly implemented by these packets. The collection of the lick state advertisements is mostly carried by the each link state update packet, one hop further from the origin. The packet can be included by the several link state advertisements. Both the routers will sit in the loading state when the LSR and LSA process continues. After the process gets over, it will settle into the full state that means the 2 routers must have fully exchanged their database, results in the identical copies of a LSDB entry. NEIGHBOR ADJACENCY / PACKET TYPES
  • 11. Link State Acknowledgment Packet (LSack) The OSPF needs acknowledgement for a receipt of the each LSA. The multiple LSA may be acknowledged in the single LSAck packet. The LSR/LSA process will use the reliable protocol, which has 2 options, in that link state acknowledgement is among them. The LSU can be acknowledged by a receiver of an LSU simply repeating a same LSU back to the sender. Alternatively, the router will send back the LSAck packet to acknowledge the packets that contain the acknowledged LSA header list. As s result, the LSDB must be identical. At this point, it can independently run a Dijkstra shortest path first algorithm to calculate the best path from own perspective. The reliability of the flooding link state advertisements is made by explicitly acknowledging the flooded advertisements. NEIGHBOR ADJACENCY / PACKET TYPES
  • 12. 2.2. LSA Types NEIGHBOR ADJACENCY / LSA TYPES Type 1 – Router LSA OSPF uses a LSDB (link state database) and fills this with LSAs (link state advertisement). Each router within the area will flood a type 1 router LSA within the area. In this LSA you will find a list with all the directly connected links of this router. Keep in mind that the router LSA always stays within the area. Link Type Description Link ID 1 P2P connection to another router Neighbor router ID 2 Connection to transit network IP address of DR 3 Connection to stub network IP network 4 Virtual Link Neighbor router ID  Routers advertise their directly connected OSPF-enabled links in a type 1  They are flooded only within the area in which they originated  ALL OSPF speaking routers generate type 1 BUT, how do we identify a link with perspective of entire OSPF process? So, there are two parameters which are looking;  The IP prefix on an interface  The link type
  • 13. NEIGHBOR ADJACENCY / LSA TYPES Type 2 – Network LSA It is created for each multi-access network. The broadcast and non-broadcast network types require a DR/BDR. If this is the case you will see these network LSAs being generated by the DR. In this LSA we will find all the routers that are connected to the multi- access network, the DR and of course the prefix and subnet mask.  Only found on NBMA networks  Contain the router ID and IP address of the DR  Give other routers information about multi-access networks within the same area  They are flooded only within the area in which they originated  This is a form of internal OSPF summarization  Link State ID = IP Address of DR
  • 14. NEIGHBOR ADJACENCY / LSA TYPES Type 3 – Summary LSA The name “summary” LSA is very misleading. By default OSPF is not going to summarize anything for you.  Describes networks that are within the OSPF AS but outside of the particular OSPF area that is receiving the LSDB  Summary LSA has a flooding scope of being transmitted only into the area where the network or subnet is not found  Generated only by ABR and describe inter area routes to various networks  Link State ID = Destination Network Type 1 router LSAs always stay within the area. OSPF however works with multiple areas and you probably want full connectivity within all of the areas. Routers which are connected different areas are going to create a Type 3 summary LSA and flood it into area 0. This LSA will flood into all the other areas of our OSPF network. This way all the routers in other areas will know about the prefixes from other areas.
  • 15. NEIGHBOR ADJACENCY / LSA TYPES Type 4 – Summary ASBR LSA  They identify an ASBR and provide a route to it  They are generated by an ABR only when an ASBR exists within an area  They are flooded to other areas by ABRs  It enables other routers to find and reach the ASBR  Link State ID = Router ID of the ASBR This is needed because Type 5 External LSAs are flooded to all areas and the detailed next-hop information may not be available in those other areas. This is solved by an Area Border Router (ABR) flooding the information for the router where the type 5 originated.
  • 16. NEIGHBOR ADJACENCY / LSA TYPES Type 5 – External LSA  Generated by the ASBR  These LSA describe routes to destinations that are external to the AS  Flooded everywhere, with the exception of Stub Area  Link State ID = External Network These routes are redistributed into OSPF from other routing protocols or by the redistribution of connected or static routes. Type 7 – Not-so-stubby area LSA  Generated by the ASBR  Can be summarized and converted into Type-5 LSA by the ABR for the transmission into other OSPF area  These LSA describe routes within a NSSA These packets are used for some special area types that do not allow external distributed routes to go through and thus block LSA Type 5 packets from flooding through them, LSA Type 7 packets act as a mask for LSA Type 5 packets to allow them to move through these special areas and reach the ABR that is able to translate LSA Type 7 packets back to LSA Type 5 packets.
  • 17. 2.3. LSDB Flooding NEIGHBOR ADJACENCY / LSDB FLOODING When a router receives an LSA, it checks its LSDB. If the LSA is new, the router floods the LSA out the its neighbors. After the new LSA is added to the LSDB, the router reruns SPF algorithm. This recalculation by the SPF is essential to prevising accurate routing tables. The SPF is responsible for calculating the routing table, and any LSA change might also cause a change in the routing table. OSPF routers in the same area all have the same LSDB and run same SPF algorithm with themselves as the root. The characteristics of the LSDB are as follows;  All router belonging to the same area have the identical LSDB  Calculating routes by using the SPF is performed separately by each router in area  LSA flooding is contained within the area that experienced the change  The LSDB is comprised of LSA entries  A router has a separate LSDB for each area to which it belongs
  • 18. NEIGHBOR ADJACENCY / LSDB FLOODING Flooding in OSPF is responsible for validating and distributing LSU to the LSDB, whenever a change or update occurs to a link. Flooding is part of the LSDB synchronization mechanism. The goal of this mechanism is to keep the LSDBs of the routers in an OSPF domain synchronized within time in the presence of topological changes. Also, the primary goal of flooding is to ensure that every router receives the changed or updated LSA within the flooding scope. Flooding occurs differently between neighbors in OSPF depending on a the following factor;  LSA Type 1-2-3-4-7 are flooded within an area  LSA Type 5 is flooded throughout the OSPF domain, with exception of Stub area  When a DR is present, only non-DRs flood to the DR. The DR then floods to everyone as required  When two OSPF routers have not established an adjacency, they do not flood each other
  • 19. 2.4. Path Selection NEIGHBOR ADJACENCY / PATH SELECTION OSPF will use cost as the metric to choose the shortest path for each destination, this is true but it’s not entirely correct. OSPF will first look at the “type of path” to make a decision and secondly look at the metric. This is the preferred path list that OSPF uses;  Intra-Area [O]: Routes originated within an area, are known by the routers in the same area as Intra-Area routes. These routes are flagged as O. Also called OSPF Internal routes, as they are generated by OSPF itself, when an interface is covered with the OSPF network command.  Inter-Area [O IA]: When a route crosses an ABR, the route is known as an OSPF Inter-Area route. These routes are flagged as O IA. Also called OSPF Internal routes, as they are generated by OSPF itself, when an interface is covered with the OSPF network command.  NSSA Type 1 [N1]: When an area is configured as a NSSA, and routes are redistributed into OSPF, the routes are known as NSSA External Type-1. These routes are flagged as O N1.  External Type 1 [E1]: Routes which were redistributed into OSPF, such as connected, static, or other routing protocol, are known External Type-1. These routes are flagged as O E1. A cost is the addition of the external cost and the internal cost used to reach that route.  NSSA Type 2 [N2]: The definition for type O N1 is valid for this route type. Also, these routes are flagged as O N2.  External Type 2 [E2]: The definition for type E1 is valid for this route type, with one difference, which is the cost is always the external cost, irrespective of the interior cost to reach that route. Also, these routes are flagged as O E2.
  • 20. 2.5. Router ID NEIGHBOR ADJACENCY / ROUTER ID Each OSPF router selects a router ID (RID) that has to be unique on your network. OSPF stores the topology of the network in its LSDB and each router is identified with its unique router ID , if you have duplicate router IDs then you will run into reachability issues. Because of this, two OSPF routers with the same router ID will not become neighbors but you could still have duplicated router IDs in the network with routers that are not directly connected to each other. OSPF uses the following criteria to select the router ID;  Manual configuration of the router ID  Highest IP address on a loopback interface  Highest IP address on a non-loopback interface
  • 21. 2.6. Discovery Process NEIGHBOR ADJACENCY / DISCOVERY PROCESS OSPF considers two routers that have an interface located an a common network as “Neighbor”. When OSPF discovers its neighbors, this is the first step of discovering the network and building a routing table. This process begins with the router learning the Router-ID of its neighbors via multicast “Hello Message”. A neighbor relationship begins when the routers exchanging Hello packets see their own Router-ID in the other router’s Hello packet and they agree upon the follow;  Different Router-ID value  Same Hello and Dead transmission intervals  Same Area ID  Same subnet mask – Just for multiaccess network  Stub Area Flag  Authentication type and password For adjacencies to form, OSPF must first have discovered its neighbors. Adjacencies are formed for the purpose of exchanging routing information. NOT every neighboring router forms an adjacency. A router’s neighbors or peers, are those routers, which is describe below, will directly exchange routing information.
  • 22. 2.7. DR/BDR Election NEIGHBOR ADJACENCY / DR/BDR ELECTION The solution of managing the number of adjacencies in the multi-access network and transferring LSAs is DR. OSPF selects a DR as aggregation and distribution point for sent and received LSAs. In case of DR failure, a BDR is also selected. The BDR listens passively on this exchange and maintains links with all directors. If DR stops generating hello packets, BDR identifies itself and assumes the DR role. Other routers without DR or BDR become DROTHER DR is notified when a new device is added and DR forwards it to all routers. This prevents LSA packets from consuming bandwidth. There are two options to checking when selecting DR/BDR;  Highest priority (0-255)  Highest router ID  The default priority is 1.  A priority of 0 means you will never be elected as DR or BDR. Routers Neighbors 4 6 10 45 20 190
  • 23. 3. Network Types NETWORK TYPES Two OSPF routers will never form a neighbor relationship and hence will never forward packets directly between each other unless they share a common prefix. 1. Neighbor Discovery and Maintenance: Hello protocols run differently an different subnet types. 2. Database Synchronization: How does one synchronize the LSDB over the subnet? Which routers become adjacent, and how does reliable flooding take advantage of any special properties that the subnet might provide? 3. Abstraction: In the OSPF LSDB, how does one represent the subnet and router connectivity over the subnet? In the OSI reference model, differences subnet technologies would be called “Subnet work-Dependent convergence” functions. The differences in the way that OSPF runs over the various subnet technologies can be grouped as follows;
  • 24. 4. Area Types AREA TYPES OSPF supports a two level hierarchical routing scheme through the use of areas. Each OSPF area is identified by a 32-bit Area ID and consist of a collection of network segments interconnected by routers. Areas are contiguous logical segments of the network that have been grouped together. Each area has its own LSDB, consisting of LSA Type 1-2 describing how the area’s routers and network segments are interconnected. Routing within the area is flat, which each router knowing exactly which network segments are contained within the area. In addition to allowing one to build much larger OSPF networks, OSPF areas provide the following functionally;  Increased Robustness: The effects of router and/or link failures within a single area dampened external to the area.  Routing Protection: OSPF always prefers path within an area over paths that cross area boundaries. This means that routing within an area is protected from routing instabilities or misconfiguration in other area.  Hidden Prefixes: It can configure prefixes so that they will not be advertised to other area The following list provides general characteristics of an OPSF area;  Area contain a group of contiguous hosts and networks  Routers have a per area topological database and run the same SPF  Each are must be connected to the backbone area known as Area 0  Virtual links can be used to connect to Area 0 in emergencies  Intra area routes are used for routes within to destination within the area
  • 25. AREA TYPES It is a carry a default, static, intra area, and external routes. The use of standard area is more resource intensive within an OSPF network. The following list provides general characteristics;  It contains a router that uses both OSPF and any other routing protocols  A virtual link is configured across the area  It has an ABR  Summarize whenever and as often as possible Standard/Normal Area If more than one area is configured in an OSPF network, one of these areas must be Area 0. To summarize the OSPF backbone is the part of the OSPF network that acts as the primary path for traffic that is destined to other areas or networks. Use the following guidelines when designing an OSPF backbone:  It is a transit area, not a destination for traffic  Ensure that the stability of the backbone area is maintained  Ensure that redundancy is built into the design whenever possible  Keep this are simple, and fewer routers are better  Keep the BW symmetrical, so that OSPF can maintain load balancing  Ensure that all other areas connect directly to Area 0 Backbone Area The backbone area must be at the center of all other areas, so all areas must be connected to the backbone. This is because OSPF expects all areas inject routing information into the backbone, and it turns, the backbone disseminates that routing information into other areas.
  • 26. AREA TYPES This area carries a default route and inter area routes but does not carry external routes. Stub areas are essentially dead end areas. This reduces the routes being advertising across the network. Therefore, stub areas allow for reduction in LSA traffic and can make OSPF make stable. Stub area summarize all external LSAs into a default route, which provides a path to external routes for all traffic inside the stub area. The stub ABR forwards LSAs for inter area routes but not external routes and floods them to other Area 0 routers. The stub ABR keeps the LSDB for the stub area with this additional information and the default external route. Stub areas following functional and design characteristic:  The stub ABR stops the LSA Type 4-5. Therefore, no router inside a stub area has any external routes, so ASBR cannot be internal to a stub area.  Reduces the LSDB size and memory requirements of the routers inside a stub area  Routing from these areas to the outside based on a default route. Stub area only have two type of route, such as O and O IA.  Stub areas typically have one ABR, this is the best design. If there is more than one ABR, accept the none optimal routing paths because you have more than one existing point.  All OSPF routers inside a stub area must be configured as a stub routers, because all OSPF interfaces that belong to the area start exchanging Hello packets with a flag that indicates that the interface is part of a stub area (E bit).  Backbone area cannot be a stub area  Stub area cannot be used as a transit area for virtual links Stub Area
  • 27. AREA TYPES The purpose of Totally Stubby areas is to limit the number of LSAs flooded into the area, to conserve bandwidth and router CPUs. The stub area ABR will instead automatically inject a default route into the Totally Stubby area, so that those routers can reach both inter area networks and external networks. The ABR will be the next-hop for the default route. Totally Stubby areas following functional and design characteristic:  The ABR advertise only a default router into the rest of the stub area. This results in an even further reduction in the size of the LSDB and routing table.  TSA forwards default external route and blocks the LSA Type 3-4-5-7.  Also share the same design criteria with Stub area. Totally Stubby Area
  • 28. AREA TYPES Although most of the stub area restrictions, such as preventing the flooding of LSA Type-5 into the area and not allowing configuration of virtual links through the area. The ability to import a small amount of external routing information into the NSSA for later distribution into the rest of the OSPF routing domain. The advent of this new type of hybrid stub area also introduced a new LSA Type-7, which is responsible for carrying external route information. NSSA does not flood LSA Type-5 external LSAs from the core into the NSSA, on NSSA has the capability to import AS external routes in a limited fashion within the area, which is what makes it on NSAA. With NSSA you can extend OSPF to cover the remote connection by defining the are between the corporate router and the remote router as on NSSA. The operation of an NSSA is rather straightforward. NSSA following functional characteristic:  NSSA area routers will share LSA Type 1-2 to build their topology tables  NSSA areas will also accept LSA Type-3, which contain the routes to reach networks in all other areas  NSSA areas will not accept LSA Type 4-5, detailing routes to external networks  If an ASBR exists within the NSSA area, that ASBR will generate LSA Type-7 Not-So-Stubby Area
  • 29. 5. Configurable Features 5.1. Reference Bandwidth CONFIGURABLE FEATURES / REFERENCE BANDWIDTH OSPF uses a simple formula to calculate the OSPF cost for an interface with this formula; cost = reference bandwidth / interface bandwidth It uses "Cost" as the value of metric and uses a Reference Bandwidth of 100 Mbps for cost calculation. For example, in the case of 10 Mbps Ethernet , OSPF Metric Cost value is 100 Mbps / 10 Mbps = 10.  The default Reference Bandwidth of OSPF is 100 Mbps and the default OSPF cost formula doesn’t differentiate between interfaces with bandwidth faster than 100 Mbps. Interface Type Reference BW(bps) % Default BW (bps) Cost 10 Gbps 1.000.000.000 % 10.000.000.000 1 1 Gbps 1.000.000.000 % 1.000.000.000 1 100 Mbps 1.000.000.000 % 100.000.000 10 10 Mbps 1.000.000.000 % 10.000.000 100
  • 30. 5.2. Default Route CONFIGURABLE FEATURES / DEFAULT ROUTE There are a number of things. We can change the metric or metric type but the most important thing most people forget is the always keyword. If you use the default-information originate you can advertise a default route in OSPF. OSPF won’t advertise a default route if you don’t already have it in your routing table. If you add the always keyword it will advertise the default route even if you don’t have it in the routing table. Once you have advertised the default route it will look like this on other routers:
  • 31. 5.3. Passive Interface CONFIGURABLE FEATURES / PASSIVE INTERFACE The passive interface should be configured on interfaces that do not have an OSPF router connected to them so that they won’t receive any OSPF information. By silencing routing announcements on network interfaces, we tell the router to “listen but don’t talk”. A protocol’s routing load on the CPU can be reduced by minimizing the number of interfaces with which it must interact. Another reason to apply passive interface is to increase security. An attacker could start an application that replies with OSPF hello packets then our router will try to establish neighbor relationship. The attacker could then advertise fake routes to misdirect traffic.  OSPF continues to announce or advertise the interface’s connected network.  OSPF routers stop sending OSPF Hellos on the interface.  On the interface, OSPF no longer processes any received Hellos. OSPF is a link-state routing protocol that creates and keeps neighbor relationships by sharing routing updates with other OSPF routers. No routing information is exchanged and the only packets they exchange are Hello packets. Hello packets enables dynamic neighbor discovery and preserve neighbor connections. Passive interface command is used to suppress OSPF hello packets on a specified interface. Enabling passive interfaces in our network devices mean that:
  • 32. 5.4. Authentication CONFIGURABLE FEATURES / AUTHENTICATION All routing protocols can be protected by using authentication and OSPF is no exception. Each OSPF packet will be authenticated if you enable any form of authentication. In this lesson we’ll take a look at how to configure plain text authentication for OSPF. There are two options for authentication;  Plain text  MD5 When neighbor authentication is configured on a router, this route checks the identity of the source of each routing update package it receives. This mean, with the exchange of an authentication key(sometimes known as a password) happens in routers.
  • 33. 5.5. Summarization CONFIGURABLE FEATURES / SUMMARIZATION ABRs send summary link advertisements to describe the routes to other areas. Depending on the number of destinations, an area can get flooded with a large number of link state records, which can utilize routing device resources. To minimize the number of advertisements that are flooded into an area, you can configure the ABR to summarize, a range of IP addresses and send reachability information about these addresses in a single LSA. You can summarize one or more ranges of IP addresses, where all routes that match the specified area range are filtered at the area boundary, and the summary is advertised in their place. Summarization of Type-3 LSAs means we are creating a summary of all the inter area routes. This is why we call it inter area route summarization. If you don’t use summarization (which is the default) there will be a LSA for every specific prefix. If you have a link failure in any area then related ABR will flood a new Type-3 LSA and this change has to be propagated throughout all our OSPF areas. Since the LSDB will change our OSPF routers they will have to re-run the SPF algorithm which takes time and CPU power. There are a couple of things to be aware of:  A summary route will only be advertised if you have at least one subnet that falls within the summary range  A summary route will have the cost of the subnet with the lowest cost that falls within the summary range  ABR that creates the summary route will create a null0 interface to prevent loops  OSPF is a classless routing protocol so you pick any subnet mask you like for prefixes OSPF can do summarization but it’s impossible to summarize within an area. This means we have to configure summarization on an ABR or ASBR. OSPF can only summarize our LSA type 3 and 5. Summarization of type 3 summary LSAs means we are creating a summary of all the inter-area routes. This is why we call it inter-area route summarization.
  • 34. CONFIGURABLE FEATURES / SUMMARIZATION The obtained 10.1.0.0/22 route was summarized together with 4 different networks. In the example, the summary address matches 4 networks, although there are only 2 networks.
  • 35. CONFIGURABLE FEATURES / SUMMARIZATION OSPF is a classless routing protocol, which carries subnet mask information along with route information. Therefore, OSPF supports discontinuous subnets because the subnet masks are part of the LSDB. Network numbers in areas should be assigned contiguously to ensure that these addresses can be summarized into a minimal number of summary addresses. Let’s consider the below topology; This summarization was successful because you have the following distinct and contiguous ranges of subnets;  128.213.96.X -- 1128.218.99.X – Area 1  128.213.100.X --128.218.103.X – Area 2 NULL 0 is a fictitious interface that causes the router to drop into the bit bucket any information that is destined to it. These entries are placed into the routing table to prevent routing loops. Also, if one or more of the summarized networks are inaccessible, the other routers within the OSPF domain are not interested this issue, because in their routing tables there is a summarized route outlined as shown in the area marked in red. Only Type-3 LSAs propagate into the backbone. This is important because it prevents every router from having to rerun the SPF algorithm. This is helps increase the networks stability and reduces unnecessary traffic.
  • 36. 6. Multi Area Design MULTI AREA DESIGN When a large OSPF area is divided into smaller areas, this is called multiarea OSPF. Multiarea OSPF is useful in larger network deployments to reduce processing and memory overhead. Multiarea OSPF requires a hierarchical network design. The main area is called the backbone area (Area 0) and all other areas must connect to the backbone area. Multiarea OSPF have these advantages;  Smaller routing tables – There are fewer routing table entries as network addresses can be summarized between areas.  Reduced frequency of SPF calculations – Localizes impact of a topology change within an area. For instance, it minimizes routing update impact, because LSA flooding stops at the area boundary.  Reduced link-state update overhead – Minimizes processing and memory requirements, because there are fewer routers exchanging LSAs.  Confines network instability to single areas of the network OSPF design rules;  No router should be in more than three areas.  No area should contain more than 50 routers.  No router should have more than 60 neighbors.  A router can be a DR or BDR for more than one network segment, but be careful that the router is not overworked by doing so.  Do not run more than one OSPF process on an ABR.
  • 37. 6.1. Virtual Link MULTI AREA DESIGN / VIRTUAL LINK The backbone should never be intentionally partitioned, but if partitioning occurs consider using a virtual link to temporarily repair the backbone area. Virtual links are logical connections that are vaguely analogous to a tunnel. The two backbone routers establish a virtual adjacency so that LSAs and other OSPF packets are exchanged as if no other internal OSPF router were involved. A virtual link can connect on ABR to the backbone, even though the virtual link is not directly connected. Some of the characteristics and suggested uses for virtual links;  In order to avoiding routing loops, transit area should have full knowledge of routing information giving by LSAs  Other thing Stub areas have only one point of entry, think about the only one way out or in. So, if you create a virtual link by using Stub area you create another way out Stub area. In this situation, we can receiving Type-3-5 LSAs through the virtual link, ending whole concept of Stub area and the usefulness of Stub default route.  Stability is determined by the stability of the area that the virtual transit  Can only be configured on ABRs  Assist in solving network connectivity problems  Can assist in providing logical redundancy  OSPF treats two routers joined by a virtual link as if they were connected by an P2P network  Cannot run across stub areas
  • 38. 6.2. Transit Capability MULTI AREA DESIGN / TRANSIT CAPABILITY (Chapter 16.3 in the OSPFv2 RFC 2328) This is a special property of a non-backbone area that allow this area to transport traffic for other areas. Per the OPSF definition, a transit area is the area that has a virtual link connecting two or more ABRs attached to this area. Thus, having a virtual link provisioned across the area is the necessary thing to make the area transit. In fact, it a just an alternate definition of a transit area. The idea of a virtual link is to extend area 0 across non-backbone area. There are two main situations when you may want to do this; Virtual links are only used to flood specific LSAs, which are Type 1-2-3 found in area 0. Type-5 LSAs are not flood across the virtual links, because Type 1-2-3-4 LSAs have the flooding scope of a single area. Thus, if you have a virtual link connecting two ABRs you cannot floods LSAs across the transit area, since this area is different from area 0. However, Type-5 LSA have the flooding scope of OSPF AS domain, and thus they are flooded across the area anyways (unless it’s Stub area). So, there is no need to duplicate information across the virtual link, obviously, a Stub area cannot be a transit area due to this reasons. The main ideas are; 1. Due to design considerations, where you have an area not directly connected to the backbone area. This could be a result of two networks merging together. 2. Using a non-backbone area to reach destinations in other areas. The main idea of OSPF inter area routing is that all areas should be communicating across the backbone. The backbone area is used to exchange information the routing in a distance vector manner, requiring the star topology to avoid routing loops. For the RFC, the router is only considered on ABR, if it has an interface in area 0 and ignores Type- 3 LSAs delivered across the non-backbone areas. This is ensure the simple “Loop Free” star topology, 1. TransitCapability is the flag that tells you an area carries traffic that neither originates nor terminates in the area itself.  This only happens when you are using Virtual-Links to connect isolated areas to the backbone or to reconnect a partitioned backbone. 2. The additional checks are done after Inter- and Intra-Area routes have been calculated and they look only at backbone prefixes that  Native to Area 0  Inter-area summaries (come from other areas via Area 0) 3. If there is a better path to reach such prefixes than the one through the Virtual-Link ABR, then use it. 4. If there's any summarization configured on the ABR, ignore it when originating summary-LSAs into the transit area to prevent loops.
  • 39. 7. Troubleshooting Path TROUBLESHOOTING PATH As shown in the illustration, in general, OSPF problems are related to one of the following aspects;  Adjacencies of neighbors  Missing routes  Route selection When troubleshooting neighbors, verify if the router established adjacencies with neighboring routers using the show ip ospf neighbors command .  If there are no adjacencies, routers cannot exchange routes. Check if the interfaces work and are enabled for OSPF using the show ip interface brief and show ip ospf interface commands .  Now, if the interfaces work and are enabled for OSPF, make sure that the interfaces on both routers are configured for the same OSPF area and are not configured as passive interfaces.  If the adjacency between the two routers is established, verify that there are OSPF routes in the routing table using the show ip route ospf command.  If there are no OSPF routes, verify that there are no other routing protocols with lower administrative distances running on the network. Verify if all required networks are advertised in OSPF. Also check if there is an access list configured on a router that could filter incoming or outgoing routing updates. If all the required routes are in the routing table but the route the traffic takes is incorrect, verify the OSPF cost of the interfaces on the route.
  • 40. 8. LAB LAB / SUMMARIZATIONS / EXAMPLE-1 OSPF is a classless routing protocol, which carries subnet mask information along with route information. Therefore, OSPF supports multiple subnet masks for the same major network, which is known as VLSM. OSPF supports discontinuous subnets because the subnet masks are part of the LSDB. Network numbers in areas should be assigned contiguously to ensure that these addresses can be summarized into a minimal number of summary addresses. This summarization was successful because you have the following distinct and contiguous ranges of subnets; As can be seen in the output above, the information of Type-3 LSA transmitted via R2 is reflected in the routing table. NULL 0 is a fictitious interface that causes the router to drop into the bit bucket any information that is destined to it. These entries are placed into the routing table to prevent routing loops. Also, if one or more of the summarized networks are inaccessible, the other routers within the OSPF domain are not interested this issue, because in their routing tables there is a summarized route outlined as shown in the area marked in red above. Only Type-3 LSAs propagate into the backbone. This is important because it prevents every router from having to rerun the SPF algorithm. This is helps increase the networks stability and reduces unnecessary traffic. ▪ 128.213.96.X to 128.218.99.X – Area 1 ▪ 128.213.100.X to 128.218.103.X – Area 2 8.1. Summarizations
  • 41. LAB / PREFIX SUPPRESSION / EXAMPLE-1 In large OSPF networks, a lot of space is wasted in the LSDB and routing tables because of prefixes on transit links. OSPF prefix suppression is a feature to get rid of these unnecessary prefixes. The routing table of R1 still shows the entry for the loopback IP however it has removed the prefix of the transit link 10.10.23.0/30 from the routing table. To test it, let’s re-configured the link between R2 and R3 as P2P network. The colored entries describe the Transit links, which need to be processes for the SPF algorithm but really do not need in the routing tables of endpoint routers. Thus, this is the moment where it is very important to realize that an SPF tree could consist entirely of unnumbered links and still function as before. 8.2. Prefix Suppression NOTE: The source IP must be of the loopback as the routers have no information for the transit IPs to send the echo replies.
  • 42. LAB / VIRTUAL LINK / EXAMPLE-1 Let's reference the topology right side to practice the theoretical information mentioned before about the Virtual Link and Transit Capability. After performing all configurations and disabling “Transit Capability” feature, let's view the database information of 100.100.100.0/24 prefix on R4. 8.3. Virtual Link  100.100.100.1/32 – R6 – Cost 40  100.100.0.0/16 – R2 – Cost 20  100.100.0.0/16 – R3 – Cost 20 As it can be seen in the outputs, we can observe that it has learned the prefixes as follows from 3 different routers;
  • 43. LAB / VIRTUAL LINK / EXAMPLE-1 R4's routing table is going to have both option installed, but it will use the longest-match, which is 100.100.100.1/32 via R6. From the R6’s perspective, 100.100.100.1 prefix is a backbone prefix, and it finds two equal routes of this prefix. One of them is R4 and the other is R5. Therefore, R6 sends packets to R4 or R5 and they send the packets back to R6 on the most specific route they have. This is why we facing the routing loop if we have no transit capability feature. Also some situation occurs on R7, you can see clearly in below;
  • 44. LAB / FORWARDING ADDRESS / EXAMPLE-1 First thing first, R3 and R4 do not include a part of R5 interface on the OSPF process. Therefore, the LSA Type-5 generated by both routers have the forwarding address set to 0.0.0.0. In this example, R1 or R2 can be used to view the external LSAs. To view external LSAs, issue the below output; The forwarding addresses for the Type-5 generated by both R3 and R4 are set to 0.0.0.0. In this case, the LSA to be installed in the R1 routing table is determined by comparing the metrics to the ASBRs generating the LSAs. You can see the metrics that R1 has for the ASBRs on above. Therefore, R1 chooses the LSA generated by ASBR 3.3.3.3, which is R3, to place in its routing table that is shown below; 8.4. Forwarding Address
  • 45. LAB / FORWARDING ADDRESS / EXAMPLE-1 After that, R3 has changed to include network 192.168.1.0/29 in area 0 of the OSPF process. The result of the configuration change is that the Type-5 LSA generated by R3 now has the forwarding address set to the IP address of R5 which is point of next hop for static route, as shown in the database output taken from R1 right side; LSA to be installed in the R1 routing table is determined by comparing the R1 metric to the ASBR R4 that generated the LSA with a forwarding address of 0.0.0.0 to the R1 metric to reach the forwarding address of 192.168.1.5, which was set for the LSA generated by the ASBR R3. In the above output, the metric to R4 is 120. This is compared to the R1 metric to reach the forwarding address of 192.168.1.5, which can be seen using the show ip route 192.168.1.5 command. The output of this command is below; So, the metric to reach the ASBR R4, which is 74, is compared to the metric to reach the forwarding address of 192.168.1.5 generated by R3, which is . Therefore, the LSA installed in the routing table is the LSA generated by R4, as shown in the R1 output below; When the metric of the redistributed route from multiple ASBRs are equal as illustrated in the document, the forwarding address changes the behavior of the Type-5 LSA path selection. When a router receives two Type-5 LSAs to the same destination with the forwarding addresses set on both LSAs, the router makes a comparison based on the metric to the forwarding addresses. The LSA with a forwarding address that offers the smaller metric is placed into the routing table. If the metric of the redistributed routes are different, the routers prefer the route with the lowest metric and not the lowest metric to the forwarding address.
  • 46. LAB / FORWARDING ADDRESS / EXAMPLE-2 In this scenarios where we have multiple ABRs converting/translating same network from Type-7 to Type-5 LSA, then OSPF LSDB need to act on only one of them. The other must withdraw its LSA. This is one of many loop avoidance techniques adapted in OSPF. So, who sets the forwarding address ABRs or ASBR, of course answer is NSSA ASBR which is R4. We can see R3 converts Type-7 to Type-5, because it has higher Router-ID to compared R2 value, and retains the forwarding address value 4.4.4.4. Lets show the related output below; As all the path costs are default, in R1 we can see two equal cost paths available for the destination of 55.55.55.55, because R1 gets the external LSA for 55.55.55.55 as forwarding address set to 4.4.4.4. Now R1 checks its LSDB to reach 4.4.4.4 and finds two equal cost paths. Hence it installs both to reach 55.55.55.55. Lets show the related output below;
  • 47. LAB / FORWARDING ADDRESS / EXAMPLE-2 When a router is forced to pick a forwarding address for a Type-7 LSA, preference is should be given first to the router’s internal addresses. If internal addresses are not available, preference should be given to the router's active OSPF Stub network addresses. These choices avoid the possible extra hop that may happen when a transit network’s address is used. When the interface whose IP address is the LSA’s forwarding address transitions to a Down State, which case this is the R4. The router must select a new forwarding address for the LSA and then re-originate it. IF one is not available the LSA should be flushed. Now in this example the internal address is the loopback address 4.4.4.4. If this interface goes down, that force the router to choose another interface as forwarding address how that affects the route selection process. According to the above output, we encounter a new question, which is why the R4 pick 10.34.34.4 against 10.24.24.4? This selection process will examine the ordered in below;  Loopback IP address  Non-loopback IP address that is connected to a transit Stub network  Non-loopback IP address that is connected to a non-transit Stub network Also now you see R1 does not multi pathing and only sends the traffic towards the R3, but what changed the routing decision of R1? We neither changed any path cost nor anything in the redistribution to influence the path cost, because the forwarding address is set to 10.34.34.4, R1 has the shortest path via R3 (20) against via R2 (30). I want to mentioned one more thing, which is Type-5 LSA is generated by R3 Loopback IP address but the traffic with related to external destination will follow via R4 interface. You can clearly see this situation on right side output;