0% found this document useful (0 votes)
24 views118 pages

How To Configure Ospf

Uploaded by

Trending Duniya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
24 views118 pages

How To Configure Ospf

Uploaded by

Trending Duniya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 118

Configuring OSPF

Introducing the OSPF Protocol


 Neighbor table:
 Also known as the adjacency database
 Contains list of recognized neighbors

 Database / Topology table:


 Typically referred to as LSDB
 Contains all routers and their attached links in the area or network
 Identical LSDB for all routers within an area

 Routing table:
 Commonly named a forwarding database
 Contains list of best paths to destinations
 Link-state routers recognize more information about the network than
their distance vector counterparts.

 Each router has a full picture of the topology.


 Consequently, link-state routers tend to make more accurate
decisions.
 Link-state routing requires a hierachical
network structure that is enforced by OSPF.
 This two-level hierarchy consists of the following:
 Transit area (backbone or area 0)
 Regular areas (nonbackbone areas)
OSPF area
characteristics:
• Minimizes routing
table entries
• Localizes impact of
a topology change
within an area
• Detailed LSA
flooding stops at
the area boundary
• Requires a
hierarchical
network design
• Routers A and B are
backbone routers.
• Backbone routers
make up area 0.
• Routers C, D, and E are
known as area border
routers (ABRs).
• ABRs attach all other
areas to area 0.
 Routers discover neighbors by exchanging hello packets.
 Routers declare neighbors to be up after checking
certain parameters or options in the hello packet.
 Point-to-point WAN links:
 Both neighbors become fully adjacent.
 LAN links:
 Neighbors form a full adjacency with the DR and BDR.
 Routers maintain two-way state with the other routers (DROTHERs).
 Routing updates and topology information are passed only between
adjacent routers.
 Once an adjacency is formed, LSDBs are synchronized by
exchanging LSAs.
 LSAs are flooded reliably throughout the area (or network).
Routers find the best paths to destinations by applying Dijkstra’s SPF
algorithm to the link-state database as follows:
 Every router in an area has the identical
link-state database.
 Each router in the area places itself into
the root of the tree that is built.
 The best path is calculated with respect to the
lowest total cost of links to a specific destination.
 Best routes are put into the forwarding database (routing table).
Assume all links are Ethernet, with an OSPF cost of 10.
 Link-state routing protocols respond quickly to changes, send
triggered updates when changes occur, and send periodic updates
every 30 minutes.
 A two-tier hierarchical network structure is used by OSPF in which the
network is divided into areas. This area structure is used to separate
the LSDB into more manageable sizes.
 Adjacencies are built by OSPF routers using the Hello protocol. Over
these logical adjacencies, LSUs are sent to exchange database
information between adjacent OSPF routers.
 Dijkstra’s SPF algorithm is used to calculate best paths for all
destinations. SPF is run against the LSDB, and the outcome is a table
of best paths, known as the routing table.
 After an LSA entry ages, the router that originated the entry sends an
LSU about the network to verify that the link is still active. The LSU
can contain one or more LSAs.
Configuring OSPF
OSPF Packet Types
• Router A notifies all OSPF DRs on 224.0.0.6.
• DR notifies others on 224.0.0.5.
 Each LSA in the LSDB maintains a sequence number.
 The sequence numbering scheme is a 4-byte number that begins with
0x80000001 and ends with 0x7FFFFFFF.
 OSPF floods each LSA every 30 minutes to maintain proper database
synchronization. Each time the LSA is flooded, the sequence number is
incremented by one.
 Ultimately, an LSA sequence number will wrap around to 0x80000001.
When this occurs, the existing LSA is prematurely aged to the maximum
age (one hour) and flushed.
 When a router encounters two instances of an LSA, it must determine
which is more recent. The LSA having the newer (higher) LS a
sequence number is more recent.
RTC# show ip ospf database

OSPF Router with ID (192.168.1.67) (Process ID 10)


Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
192.168.1.67 192.168.1.67 48 0x80000008 0xB112 2
192.168.2.130 192.168.2.130 212 0x80000006 0x3F44 2
<output omitted>

 Every OSPF router announces a router LSA for those interfaces that it
owns in that area.
 Router with link ID 192.168.1.67 has been updated eight times; the last
update was 48 seconds ago.
Debug of a single packet
R1#debug ip ospf packet
OSPF packet debugging is on
R1#
*Feb 16 11:03:51.206: OSPF: rcv. v:2 t:1 l:48 rid:10.0.0.12
aid:0.0.0.1 chk:D882 aut:0 auk: from Serial0/0/0.2

• Shows fields in OSPF header


 There are five OSPF packet types: hello, DBD, LSU, LSR, and LSAck.
 The Hello protocol forms logical neighbor adjacency relationships. A
DR may be required to coordinate adjacency formations.
 The exchange protocol passes through several states
(down, init, two-way, exstart, and exchange) before finally reaching the
goal of full state. Full state means that databases are synchronized
with adjacent routers.
 LSAs are sent on change but are also sent every 30 minutes to
ensure database integrity. The maximum time that an LSA will stay in
the database, without an update, is 1 hour. The LSA sequence
number is incremented every time it is advertised.
 Each LSA in the LSDB has a sequence number, which is incremented
by one each time the LSA is flooded. When a router encounters two
instances of an LSA, it must determine which is more recent. The LSA
having the newer (higher) LSA sequence number is more recent.
 Use the debug ip ospf packet command to verify that OSPF packets
are flowing properly between two routers.
Configuring OSPF
Configuring OSPF Routing
Router(config)#
router ospf process-id [vrf vpn-name]

• Enables one or more OSPF routing processes

Router(config-router)#
network ip-address wildcard-mask area area-id

• Defines the interfaces that OSPF will run on

Router(config-if)#
ip ospf process-id area area-id [secondaries none]

• Optional method to enable OSPF explicitly on an interface


 The router is known to OSPF by the OSPF router ID number.
 LSDBs use the OSPF router ID to differentiate one router from the next.
 By default, the router ID is the highest IP address on an active interface
at the moment of OSPF process startup.
 A loopback interface can override the OSPF router ID. If a loopback
interface exists, the router ID is the highest IP address on any active
loopback interface.
 The OSPF router-id command can be used to override the OSPF router
ID.
 Using a loopback interface or a router-id command is recommended for
stability.
Router(config)#interface loopback 0
Router(config-if)#ip address 172.16.17.5 255.255.255.255

• If the OSPF process is already running, the router must be


reloaded or the OSPF process must be removed and
reconfigured before the new loopback address will take effect.
Router(config-router)#
router-id ip-address

• This command is configured under the router ospf [process-id]


command.
• Any unique arbitrary 32-bit value in an IP address format
(dotted decimal) can be used.
• If this command is used on an OSPF process that is already
active, then the new router ID is used after the next reload or
manual OSPF process restart using:
Router#
clear ip ospf process

Router(config)#router ospf 1
Router(config-router)#router-id 172.16.1.1

Router#clear ip ospf process


RouterB#sh ip ospf
Routing Process "ospf 50" with ID 10.64.0.2
<output omitted>

Number of areas in this router is 2. 2 normal 0 stub 0 nssa


Number of areas transit capable is 0
External flood list length 0
Area BACKBONE(0)
Area BACKBONE(0)
Area has no authentication
SPF algorithm last executed 00:01:25.028 ago
SPF algorithm executed 7 times
<output omitted>

Area 1
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:54.636 ago
SPF algorithm executed 3 times
<output omitted>
Router#
show ip protocols

• Verifies the configured IP routing protocol processes,


parameters, and statistics

Router#
show ip route ospf [process-id ]

• Displays all OSPF routes learned by the router

Router#
show ip ospf interface [type number]

• Displays the OSPF router ID, area ID, and adjacency information
Router#
show ip ospf

• Displays the OSPF router ID, timers, and statistics

Router#

show ip ospf neighbor [type number] [neighbor-id] [detail]

• Displays information about the OSPF neighbors, including DR


and BDR information on broadcast networks
RouterA#show ip route ospf
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA 10.2.1.0/24 [110/782] via 10.64.0.2, 00:03:05, FastEthernet0/0
RouterA#
RouterA#show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 10.64.0.1/24, Area 0
Process ID 1, Router ID 10.64.0.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DROTHER, Priority 0
Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:04
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.64.0.2 (Designated Router)
Suppress hello for 0 neighbor(s)
RouterB# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface


10.64.0.1 0 FULL/DROTHER 00:00:30 10.64.0.1 FastEthernet0/0
10.2.1.1 0 FULL/ - 00:00:34 10.2.1.1 Serial0/0/1

RouterB# show ip ospf neighbor detail


Neighbor 10.64.0.1, interface address 10.64.0.1
In the area 0 via interface FastEthernet0/0
Neighbor priority is 0, State is FULL, 16 state changes
DR is 10.64.0.2 BDR is 0.0.0.0
<output omitted>

Neighbor 10.2.1.1, interface address 10.2.1.1


In the area 1 via interface Serial0/0/1
Neighbor priority is 0, State is FULL, 6 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
<output omitted>
 Configuration of OSPF is a two-step process:
 Enter OSPF configuration with the router ospf command.
 Use the network command to describe which interfaces will run
OSPF in which area.
 OSPF selects a router ID at startup time:
 The router ID’s specified in the router-id command under the OSPF
process.
 Otherwise, the highest IP address of a loopback interface, if there
are any, is used.
 By default, the highest IP address of all active interfaces
 Use the show ip ospf command to verify the router ID.
 Use the show ip protocols, show ip route ospf, show ip ospf interface,
show ip ospf, and show ip ospf neighbor commands to verify OSPF
operation.
Configuring OSPF
OSPF Network Types
The three types of networks defined by OSPF are:
 Point-to-point: A network that joins a single pair of routers.
 Broadcast: A multiaccess broadcast network, such as Ethernet.
 Nonbroadcast multiaccess (also called NBMA): A network that
interconnects more than two routers but that has no broadcast
capability. Frame Relay, ATM, and X.25 are examples of NBMA
networks.
 Five modes of OSPF operation are available for NBMA networks.
 Usually a serial interface running either PPP or HDLC.
 May also be a point-to-point subinterface running Frame Relay or ATM.
 No DR or BDR election required.
 OSPF autodetects this interface type.
 OSPF packets are sent using multicast 224.0.0.5.
 Generally these are, LAN technologies like Ethernet and Token Ring.
 DR and BDR selection are required.
 All neighbor routers form full adjacencies with the DR and BDR only.
 Packets to the DR and the BDR use 224.0.0.6.
 Packets from DR to all other routers use 224.0.0.5.
 Hello packets are exchanged via IP multicast.
 The router with the highest OSPF priority is selected as
the DR. The router with the second-highest priority value is the BDR.
 Use the OSPF router ID as the tiebreaker.
 The DR election is nonpreemptive.
Router(config-if)#
ip ospf priority number

 This interface configuration command assigns the OSPF priority to an


interface.
 Different interfaces on a router may be assigned different values.
 The default priority is 1. The range is from 0 to 255.
 0 means the router cannot be the DR or BDR.
 A router that is not the DR or BDR is DROTHER.
Configuring OSPF
Link-State Advertisements
 Consists of areas and autonomous systems
 Minimizes routing update traffic
• Virtual links are used to connect a discontiguous area to
area 0.
• A logical connection is built between router A and router B.
• Virtual links are recommended for backup or temporary
connections.
Router(config-router)#
area area-id virtual-link router-id [authentication
[message-digest | null]] [hello-interval seconds]
[retransmit-interval seconds] [transmit-delay
seconds] [dead-interval seconds] [[authentication-
key key] | [message-digest-key key-id md5 key]]
Creates a virtual link

remoterouter#sh ip ospf
Routing Process "ospf 1000" with ID 10.2.2.2
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border router
<output omitted>
RouterA#sh ip ospf virtual-links
Virtual Link OSPF_VL0 to router 10.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial0/0/1, Cost of using 781
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
RouterA#
LSA Type Description

1 Router LSAs

2 Network LSAs

3 or 4 Summary LSAs

Autonomous system
5
external LSAs

6 Multicast OSPF LSA

7 Defined for not-so-stubby areas

External attributes LSA for


8
Border Gateway Protocol (BGP)

9, 10, 11 Opaque LSAs


 One router LSA (type 1) for every router in an area
 Includes list of directly attached links
 Each link identified by IP prefix assigned to link and link type
 Identified by the router ID of the originating router
 Floods within its area only; does not cross ABR
 One network (type 2) LSA for each transit broadcast or NBMA network in
an area
 Includes list of attached routers on the transit link
 Includes subnet mask of link
 Advertised by the DR of the broadcast network
 Floods within its area only; does not cross ABR
 Type 3 LSAs are used to flood network information to areas outside the
originating area (interarea)
 Describes network number and mask of link.
 Advertised by the ABR of originating area.
 Regenerated by subsequent ABRs to flood throughout the autonomous system.
 By default, routes are not summarized, and type 3 LSA is advertised for every
subnet.
 Summary (type 4) LSAs are used to advertise an ASBR to all other areas in the
autonomous system.
 They are generated by the ABR of the originating area.
 They are regenerated by all subsequent ABRs to flood throughout the autonomous
system.
 Type 4 LSAs contain the router ID of the ASBR.
 External (type 5) LSAs are used to advertise networks from other autonomous systems.
 Type 5 LSAs are advertised and owned by the originating ASBR.
 Type 5 LSAs flood throughout the entire autonomous system.
 The advertising router ID (ASBR) is unchanged throughout the autonomous system.
 Type 4 LSA is needed to find the ASBR.
 By default, routes are not summarized.
RouterA#show ip ospf database
OSPF Router with ID (10.0.0.11) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
10.0.0.11 10.0.0.11 548 0x80000002 0x00401A 1
10.0.0.12 10.0.0.12 549 0x80000004 0x003A1B 1
100.100.100.100 100.100.100.100 548 0x800002D7 0x00EEA9 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
172.31.1.3 100.100.100.100 549 0x80000001 0x004EC9
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.1.0.0 10.0.0.11 654 0x80000001 0x00FB11
10.1.0.0 10.0.0.12 601 0x80000001 0x00F516
<output omitted>
Router Designator Description
• Networks from within the area of
OSPF intra-area the router
O (router LSA) and
network LSA • Advertised by way of router LSAs
and network LSA

• Networks from outside the area of


the router, but within the OSPF
OSPF interarea autonomous system
O IA
(summary LSA)
• Advertised by way of
summary LSAs

• Networks outside of the


O E1 Type 1 external routes
autonomous system of the router
• Advertised by way of external
O E2 Type 2 external routes
LSAs
RouterB>show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.31.0.0/24 is subnetted, 2 subnets


O IA 172.31.2.0 [110/1563] via 10.1.1.1, 00:12:35, FastEthernet0/0
O IA 172.31.1.0 [110/782] via 10.1.1.1, 00:12:35, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.200.200.13/32 is directly connected, Loopback0
C 10.1.3.0/24 is directly connected, Serial0/0/0
O 10.1.2.0/24 [110/782] via 10.1.3.4, 00:12:35, Serial0/0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
O 10.1.0.0/24 [110/782] via 10.1.1.1, 00:12:37, FastEthernet0/0
O E2 10.254.0.0/24 [110/50] via 10.1.1.1, 00:12:37, FastEthernet0/0
Router(config-router)#
max-lsa maximum-number [threshold-percentage] [warning-
only] [ignore-time minutes] [ignore-count count-number]
[reset-time minutes]

 Excessive LSAs generated by other routers can drain local router


resources.
 This feature can limit the processing of non-self-generated LSAs for a
defined OSPF process.
• Dijkstra’s algorithm determines the best path by adding all link
costs along a path.
• The cost, or metric, is an indication of the overhead to send
packets over an interface. Default = (100 Mbps) / (bandwidth in
Mbps).
RouterA(config-if)#
ip ospf cost interface-cost

• Overrides the default cost calculation. Values from 1 to 65535


can be defined.
RouterA(config-router)#

auto-cost reference-bandwidth ref-bw

• Sets the reference bandwidth to values other than 100 Mbps


(legal values range from 1 to 4,294,967 in megabits per second).
 There are four OSPF router types: internal routers, backbone routers,
ABRs, and ASBRs.
 A virtual link allows discontiguous area 0’ to be connected, or a
disconnected area to be connected to area 0, via a transit area. Virtual
links should be used only for temporary connections or backup after a
failure, not as a primary backbone design feature.
 There are 11 OSPF LSA types. The first five are the most commonly
used:
 Type 1 router
 Type 2 network
 Type 3 and 4 summary
 Type 5 external
 In the IP routing table, OSPF routes are classified as either intra-area,
interarea, or external; external routes are subdivided into E1 and E2.
 OSPF LSDB overload protection limits the processing of non-self-
generated LSAs.
 The OSPF cost defaults to (100 Mbps) / (bandwidth in megabits per
second). The cost can be changed on a per-interface basis, and the
reference bandwidth (100 Mbps) can also be changed.
Configuring OSPF
OSPF Route Summarization
 Minimizes number of routing table entries
 Localizes impact of a topology change
 Reduces LSA type 3 and 5 flooding and saves CPU resources
 Interarea summary link carries mask.
 One or more entries can represent several subnets.
Router(config-router)#
area area-id range address mask [advertise | not-advertise]
[cost cost]

• Consolidates interarea routes on an ABR


Router(config-router)#
summary-address ip-address mask [not-advertise] [tag tag]

• Consolidates external routes, usually on an ASBR


 A default route is injected into OSPF as an external LSA
type 5.
 Default route distribution is not on by default; use the
default-information originate command under the OSPF routing process.
Router(config-router)#
default-information originate [always] [metric metric-
value] [metric-type type-value] [route-map map-name]

• Normally, this command advertises a 0.0.0.0 default into the


OSPF network only if the default route already exists in the
routing table.
• The always keyword allows the 0.0.0.0 default to be advertised
even when the default route does not exist in the routing table.
 Route summarization improves CPU utilization, reduces LSA flooding,
and reduces routing table sizes.
 The area range command is used to summarize at
the ABR. The summary-address command is used to summarize at
the ASBR.
 Default routes can be used in OSPF to prevent the need for a specific
route to all destination networks. The benefits include a much smaller
routing table and LSDB, with complete reachability.
 OSPF uses the default-information originate command to inject a
default route.
Configuring OSPF
Configuring OSPF Special Area Types
An area can be stub or totally stub if:
 There is a single ABR, or if there is more than one ABR, suboptimal
routing paths to other areas or external autonomous systems are
acceptable.
 All routers in the area are configured as stub routers.
 There is no ASBR in the area.
 The area is not area 0.
 No virtual links go through the area.
• External LSAs
are stopped.
• Default route
is advertised
into stub area
by the ABR.
• All routers in
area 50 must
be configured
as stub.
RouterA(config-router)#

area area-id stub [no-summary]


• This command turns on stub area networking.
• All routers in a stub area must use the stub command.

RouterA(config-router)#
area area-id default-cost cost

• This command defines the cost of a default route sent into the
stub area.
• The default cost is 1.
• External LSAs
are stopped.
• Summary LSAs
are stopped.
• Routing table
is reduced to
a minimum.
• All routers must
be configured
as stub.
• ABR must be
configured as
totally stubby.
• This is a Cisco
proprietary
feature.
RouterA(config-router)#
area area-id stub no-summary

• The addition of no-summary on the ABR creates a totally stubby


area and prevents all summary LSAs from entering the stub area.
P1R3#sh ip route
<output omitted>

Gateway of last resort is not set


172.31.0.0/32 is subnetted, 4 subnets
O IA 172.31.22.4 [110/782] via 10.1.1.1, 00:02:44, FastEthernet0/0
O IA 172.31.11.1 [110/1] via 10.1.1.1, 00:02:44, FastEthernet0/0
O IA 172.31.11.2 [110/782] via 10.1.3.4, 00:02:52, Serial0/0/0
[110/782] via 10.1.1.1, 00:02:52, FastEthernet0/0
O IA 172.31.11.4 [110/782] via 10.1.1.1, 00:02:44, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
O 10.11.0.0/24 [110/782] via 10.1.1.1, 00:03:22, FastEthernet0/0
C 10.200.200.13/32 is directly connected, Loopback0
C 10.1.3.0/24 is directly connected, Serial0/0/0
O 10.1.2.0/24 [110/782] via 10.1.3.4, 00:03:23, Serial0/0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
O 10.1.0.0/24 [110/782] via 10.1.1.1, 00:03:23, FastEthernet0/0
O E2 10.254.0.0/24 [110/50] via 10.1.1.1, 00:02:39, FastEthernet0/0
P1R3#
P1R3#sh ip route
<output omitted>

Gateway of last resort is 10.1.1.1 to network 0.0.0.0


172.31.0.0/32 is subnetted, 4 subnets
O IA 172.31.22.4 [110/782] via 10.1.1.1, 00:01:49, FastEthernet0/0
O IA 172.31.11.1 [110/1] via 10.1.1.1, 00:01:49, FastEthernet0/0
O IA 172.31.11.2 [110/782] via 10.1.3.4, 00:01:49, Serial0/0/0
[110/782] via 10.1.1.1, 00:01:49, FastEthernet0/0
O IA 172.31.11.4 [110/782] via 10.1.1.1, 00:01:49, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.11.0.0/24 [110/782] via 10.1.1.1, 00:01:50, FastEthernet0/0
C 10.200.200.13/32 is directly connected, Loopback0
C 10.1.3.0/24 is directly connected, Serial0/0/0
O 10.1.2.0/24 [110/782] via 10.1.3.4, 00:01:50, Serial0/0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
O 10.1.0.0/24 [110/782] via 10.1.1.1, 00:01:50, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.1.1.1, 00:01:51, FastEthernet0/0
P1R3#
P1R3#sh ip route
<output omitted>

Gateway of last resort is 10.1.1.1 to network 0.0.0.0


172.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
O IA 172.31.22.4/32 [110/782] via 10.1.1.1, 00:13:08, FastEthernet0/0
O IA 172.31.11.0/24 [110/1] via 10.1.1.1, 00:02:39, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.11.0.0/24 [110/782] via 10.1.1.1, 00:13:08, FastEthernet0/0
C 10.200.200.13/32 is directly connected, Loopback0
C 10.1.3.0/24 is directly connected, Serial0/0/0
O 10.1.2.0/24 [110/782] via 10.1.3.4, 00:13:09, Serial0/0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
O 10.1.0.0/24 [110/782] via 10.1.1.1, 00:13:09, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.1.1.1, 00:13:09, FastEthernet0/0
P1R3#
P1R3#sh ip route
<output omitted>

Gateway of last resort is 10.1.1.1 to network 0.0.0.0


10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.11.0.0/24 [110/782] via 10.1.1.1, 00:16:53, FastEthernet0/0
C 10.200.200.13/32 is directly connected, Loopback0
C 10.1.3.0/24 is directly connected, Serial0/0/0
O 10.1.2.0/24 [110/782] via 10.1.3.4, 00:16:53, Serial0/0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
O 10.1.0.0/24 [110/782] via 10.1.1.1, 00:16:53, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.1.1.1, 00:00:48, FastEthernet0/0
P1R3#
• NSSA breaks stub area • ABR (R2) converts LSA type 7
rules. to LSA type 5.
• ASBR (R1) is allowed in • ABR sends default route into
NSSA. NSSA instead of external
• Special LSA type 7 defined, routes from other ASBRs.
sent by ASBR. • NSSA is an RFC addendum.
RouterA(config-router)#
area area-id nssa [no-redistribution] [default-
information-originate [metric metric-value] [metric-
type type-value]] [no-summary]

• Use this command instead of the area stub command to define


the area as NSSA.
• The no-summary keyword creates an NSSA totally stubby area;
this is a Cisco proprietary feature.
• NSSA totally stubby area is a Cisco proprietary feature.
RouterA#
show ip ospf
• Displays which areas are normal, stub, or NSSA
RouterA#
show ip ospf database
• Displays details of LSAs
RouterA#
show ip ospf database nssa-external
• Displays specific details of each LSA type 7 update in database
RouterA#
show ip route
• Displays all routes
 There are several OSPF area types: standard, backbone, stub, totally
stubby, and NSSA.
 Use the area area-id stub command to define an area as stubby.
 Use the area area-id stub command with the no-summary keyword on the
ABR only to define an area as totally stubby.
 For stub areas, external routes are not visible in the routing table, but are
accessible via the intra-area default route. For totally stubby areas,
interarea and external routes are not visible in the routing table, but are
accessible via the intra-area default route.
 Use the area area-id nssa command to define an area as NSSA.
 Use show ip ospf, show ip ospf database, show ip route commands to
verify all types of stub areas. Use the show ip ospf database nssa-external
command to display details of type 7 LSAs.
Configuring OSPF
Configuring OSPF Authentication
 OSPF supports 2 types of authentication:
 Simple password (or plain text) authentication
 MD5 authentication
 Router generates and checks every OSPF packet. Router
authenticates the source of each routing update packet that it receives.
 Configure a “key” (password); each participating neighbor must have
same key configured.
Router(config-if)#
ip ospf authentication-key password

• Assigns a password to be used with neighboring routers


Router(config-if)#
ip ospf authentication [message-digest | null]

• Specifies the authentication type for an interface


(since Cisco IOS software 12.0)

Router(config-router)#
area area-id authentication [message-digest]

• Specifies the authentication type for an area (was in Cisco


IOS software before 12.0)
Loopback 0
10.2.2.2
<output omitted>
interface Loopback0
ip address 10.2.2.2 255.255.255.0

<output omitted>
interface Serial0/0/1
ip address 192.168.1.102 255.255.255.224
ip ospf authentication
ip ospf authentication-key plainpas

<output omitted>
router ospf 10
log-adjacency-changes
network 10.2.2.2 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 0
R1#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1

R1#show ip route
<output omitted>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1
C 10.1.1.0/24 is directly connected, Loopback0
192.168.1.0/27 is subnetted, 1 subnets
C 192.168.1.96 is directly connected, Serial0/0/1

R1#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
Router(config-if)#
ip ospf message-digest-key key-id md5 key

• Assigns a key ID and key to be used with neighboring routers

Router(config-if)#
ip ospf authentication [message-digest | null]

• Specifies the authentication type for an interface


(since Cisco IOS software 12.0)

Router(config-router)#
area area-id authentication [message-digest]

• Specifies the authentication type for an area (was in Cisco


IOS software before 12.0)
<output omitted>
interface Loopback0
ip address 10.2.2.2 255.255.255.0

<output omitted>
interface Serial0/0/1
ip address 192.168.1.102 255.255.255.224
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 secretpass

<output omitted>
router ospf 10
log-adjacency-changes
network 10.2.2.2 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 0
R1#sho ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1

R1#show ip route
<output omitted>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:00:37, Serial0/0/1
C 10.1.1.0/24 is directly connected, Loopback0
192.168.1.0/27 is subnetted, 1 subnets
C 192.168.1.96 is directly connected, Serial0/0/1

R1#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Router#
debug ip ospf adj

• Displays the OSPF adjacency-related events


R1#debug ip ospf adj
OSPF adjacency events debugging is on
R1#
<output omitted>
*Feb 17 18:42:01.250: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1,
state 2WAY
*Feb 17 18:42:01.250: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x9B6 opt
0x52 flag 0x7 len 32
*Feb 17 18:42:01.262: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23ED
opt0x52 flag 0x7 len 32 mtu 1500 state EXSTART
*Feb 17 18:42:01.262: OSPF: NBR Negotiation Done. We are the SLAVE
*Feb 17 18:42:01.262: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23ED opt
0x52 flag 0x2 len 72
<output omitted>

R1#show ip ospf neighbor


Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:34 192.168.1.102 Serial0/0/1
Simple authentication on R1, no authentication on R2
R1#
*Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 :
Mismatch Authentication type. Input packet specified type 0, we use type 1

R2#
*Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 :
Mismatch Authentication type. Input packet specified type 1, we use type 0

Simple authentication on R1 and R2, but different


passwords
R1#
*Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 :
Mismatch Authentication Key - Clear Text

R2#
*Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 :
Mismatch Authentication Key - Clear Text
R1#debug ip ospf adj
OSPF adjacency events debugging is on
<output omitted>
*Feb 17 17:14:06.530: OSPF: Send with youngest Key 1
*Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1,
state 2WAY
*Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt
0x52 flag 0x7 len 32
*Feb 17 17:14:06.546: OSPF: Send with youngest Key 1
*Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F opt
0x52 flag 0x7 len 32 mtu 1500 state EXSTART
*Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE
*Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt
0x52 flag 0x2 len 72
*Feb 17 17:14:06.562: OSPF: Send with youngest Key 1
<output omitted>

R1#show ip ospf neighbor


Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:35 192.168.1.102 Serial0/0/1
MD5 authentication on both R1 and R2, but R1 has key
1 and R2 has key 2, both with the same passwords:
R1#
*Feb 17 17:56:16.530: OSPF: Send with youngest Key 1
*Feb 17 17:56:26.502: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 :
Mismatch Authentication Key - No message digest key 2 on interface
*Feb 17 17:56:26.530: OSPF: Send with youngest Key 1

R2#
*Feb 17 17:55:28.226: OSPF: Send with youngest Key 2
*Feb 17 17:55:28.286: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 :
Mismatch Authentication Key - No message digest key 1 on interface
*Feb 17 17:55:38.226: OSPF: Send with youngest Key 2
 When authentication is configured, the router generates and checks
every OSPF packet and authenticates the source of each routing
update packet that it receives. OSPF supports two types of
authentication:
 Simple password (or plain text) authentication: The router sends an OSPF
packet and key.
 MD5 authentication: The router generates a message digest, or hash, of the
key, key ID, and message. The message digest is sent with the packet; the
key is not sent.
 To configure simple password authentication, use the ip ospf
authentication-key password command and the ip ospf authentication
command.
 To configure MD5 authentication, use the ip ospf message-digest-key
key-id md5 key command and the ip ospf authentication message-
digest command.
 Use show ip ospf neighbor, show ip route, and debug ip ospf adj to
verify and troubleshoot both types of authentication.
 With MD5 authentication, the debug ip ospf adj command output
indicates the key ID sent.
 OSPF is an open-standard link-state routing protocol, offering quick
convergence and the ability to scale large networks.
 There are five OSPF packet types: hello, DBD, LSU, LSR, and LSAck.
 Configuration of OSPF is a two-step process:
 Enter OSPF configuration with the router ospf command.
 Use the network command to describe which interfaces will run OSPF in
which area.
 OSPF defines three types of networks: point-to-point, broadcast, and
NBMA. On NBMA networks, OSPF mode options include
nonbroadcast, broadcast, point-to-multipoint, point-to-multipoint
nonbroadcast, and point-to-point.
 LSAs are the building blocks of the LSDB. There are 11 types of
OSPF LSAs.
 Route summarization reduces OSPF LSA flooding and routing table
size, which reduces memory and CPU utilization on routers.
 Stub area techniques improve OSPF performance by reducing the
LSA flooding.
 OSPF supports two types of authentication:
 Simple password (or plain text) authentication
 MD5 authentication

You might also like