How To Configure Ospf
How To Configure Ospf
Routing table:
Commonly named a forwarding database
Contains list of best paths to destinations
Link-state routers recognize more information about the network than
their distance vector counterparts.
Every OSPF router announces a router LSA for those interfaces that it
owns in that area.
Router with link ID 192.168.1.67 has been updated eight times; the last
update was 48 seconds ago.
Debug of a single packet
R1#debug ip ospf packet
OSPF packet debugging is on
R1#
*Feb 16 11:03:51.206: OSPF: rcv. v:2 t:1 l:48 rid:10.0.0.12
aid:0.0.0.1 chk:D882 aut:0 auk: from Serial0/0/0.2
Router(config-router)#
network ip-address wildcard-mask area area-id
Router(config-if)#
ip ospf process-id area area-id [secondaries none]
Router(config)#router ospf 1
Router(config-router)#router-id 172.16.1.1
Area 1
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:54.636 ago
SPF algorithm executed 3 times
<output omitted>
Router#
show ip protocols
Router#
show ip route ospf [process-id ]
Router#
show ip ospf interface [type number]
• Displays the OSPF router ID, area ID, and adjacency information
Router#
show ip ospf
Router#
remoterouter#sh ip ospf
Routing Process "ospf 1000" with ID 10.2.2.2
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border router
<output omitted>
RouterA#sh ip ospf virtual-links
Virtual Link OSPF_VL0 to router 10.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial0/0/1, Cost of using 781
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
RouterA#
LSA Type Description
1 Router LSAs
2 Network LSAs
3 or 4 Summary LSAs
Autonomous system
5
external LSAs
RouterA(config-router)#
area area-id default-cost cost
• This command defines the cost of a default route sent into the
stub area.
• The default cost is 1.
• External LSAs
are stopped.
• Summary LSAs
are stopped.
• Routing table
is reduced to
a minimum.
• All routers must
be configured
as stub.
• ABR must be
configured as
totally stubby.
• This is a Cisco
proprietary
feature.
RouterA(config-router)#
area area-id stub no-summary
Router(config-router)#
area area-id authentication [message-digest]
<output omitted>
interface Serial0/0/1
ip address 192.168.1.102 255.255.255.224
ip ospf authentication
ip ospf authentication-key plainpas
<output omitted>
router ospf 10
log-adjacency-changes
network 10.2.2.2 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 0
R1#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1
R1#show ip route
<output omitted>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1
C 10.1.1.0/24 is directly connected, Loopback0
192.168.1.0/27 is subnetted, 1 subnets
C 192.168.1.96 is directly connected, Serial0/0/1
R1#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
Router(config-if)#
ip ospf message-digest-key key-id md5 key
Router(config-if)#
ip ospf authentication [message-digest | null]
Router(config-router)#
area area-id authentication [message-digest]
<output omitted>
interface Serial0/0/1
ip address 192.168.1.102 255.255.255.224
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 secretpass
<output omitted>
router ospf 10
log-adjacency-changes
network 10.2.2.2 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 0
R1#sho ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1
R1#show ip route
<output omitted>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:00:37, Serial0/0/1
C 10.1.1.0/24 is directly connected, Loopback0
192.168.1.0/27 is subnetted, 1 subnets
C 192.168.1.96 is directly connected, Serial0/0/1
R1#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Router#
debug ip ospf adj
R2#
*Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 :
Mismatch Authentication type. Input packet specified type 1, we use type 0
R2#
*Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 :
Mismatch Authentication Key - Clear Text
R1#debug ip ospf adj
OSPF adjacency events debugging is on
<output omitted>
*Feb 17 17:14:06.530: OSPF: Send with youngest Key 1
*Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1,
state 2WAY
*Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt
0x52 flag 0x7 len 32
*Feb 17 17:14:06.546: OSPF: Send with youngest Key 1
*Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F opt
0x52 flag 0x7 len 32 mtu 1500 state EXSTART
*Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE
*Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt
0x52 flag 0x2 len 72
*Feb 17 17:14:06.562: OSPF: Send with youngest Key 1
<output omitted>
R2#
*Feb 17 17:55:28.226: OSPF: Send with youngest Key 2
*Feb 17 17:55:28.286: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 :
Mismatch Authentication Key - No message digest key 1 on interface
*Feb 17 17:55:38.226: OSPF: Send with youngest Key 2
When authentication is configured, the router generates and checks
every OSPF packet and authenticates the source of each routing
update packet that it receives. OSPF supports two types of
authentication:
Simple password (or plain text) authentication: The router sends an OSPF
packet and key.
MD5 authentication: The router generates a message digest, or hash, of the
key, key ID, and message. The message digest is sent with the packet; the
key is not sent.
To configure simple password authentication, use the ip ospf
authentication-key password command and the ip ospf authentication
command.
To configure MD5 authentication, use the ip ospf message-digest-key
key-id md5 key command and the ip ospf authentication message-
digest command.
Use show ip ospf neighbor, show ip route, and debug ip ospf adj to
verify and troubleshoot both types of authentication.
With MD5 authentication, the debug ip ospf adj command output
indicates the key ID sent.
OSPF is an open-standard link-state routing protocol, offering quick
convergence and the ability to scale large networks.
There are five OSPF packet types: hello, DBD, LSU, LSR, and LSAck.
Configuration of OSPF is a two-step process:
Enter OSPF configuration with the router ospf command.
Use the network command to describe which interfaces will run OSPF in
which area.
OSPF defines three types of networks: point-to-point, broadcast, and
NBMA. On NBMA networks, OSPF mode options include
nonbroadcast, broadcast, point-to-multipoint, point-to-multipoint
nonbroadcast, and point-to-point.
LSAs are the building blocks of the LSDB. There are 11 types of
OSPF LSAs.
Route summarization reduces OSPF LSA flooding and routing table
size, which reduces memory and CPU utilization on routers.
Stub area techniques improve OSPF performance by reducing the
LSA flooding.
OSPF supports two types of authentication:
Simple password (or plain text) authentication
MD5 authentication