Open System Path First

This chapter covers the following content:

1. OSPF Fundamentals - This section provides an overview of the OSPF routing protocol.

2. OSPF Configuration - This section explains how to configure a router with basic OSPF

functionality.

3. The Designated Router and Backup Designated Router - This section describes the

function of the designated router and how it provides scalability for broadcast network

segments.

4. OSPF Network Types - This section provides an overview of the OSPF network types

and their impact on OSPF's behavior.

5. Failure Detection - This section explains how OSPF detects and verifies the health of

OSPF neighbor routers.

6. Authentication - This section explains how OSPF authentication functions and is

configured.

1. OSPF Fundamentals

- OSPF is a nonproprietary Interior Gateway Protocol (IGP) that overcomes the

deficiencies of distance vector routing protocols and distributes routing information

within a single OSPF routing domain.

- There are two main versions of OSPF in production networks today:

● OSPFv2 - Originally defined in RFC 2328 with IPv4 support.

● OSPFv3 - Modifies the original structure to support IPv6

- OSPF advertises link-state advertisements (LSAs) that contain the link state and link

metric to neighboring routers.

● Foundation Topics

- OSPF advertises link-state advertisements (LSAs) that contain the link state and link

metric to neighboring routers. Received LSAs are stored in a local database called the

link-state database (LSDB) and advertise the link-state information to neighboring routers

exactly as the original advertising router advertised it. All OSPF routers maintain a

synchronized identical copy of the LSDB within an area.

- The LSDB provides the topology of the network, in essence providing the router a

complete map of the network. All OSPF routers run Dijkstra"s shortest path first (SPF)

algorithm to construct a loop-free topology of shortest paths.

- Each router sees itself as the root or top of the SPF tree (SPT), and the SPT contains all

network destinations within the OSPF domain.

- A router can run multiple OSPF processes. Each process maintains its own unique

database, and routes learned in one OSPF process are not available to a different OSPF

process without redistribution of routes between processes. The OSPF process numbers

are locally significant and do not have to match among routers.

● Areas

- OSPF provides scalability for the routing table by splitting segments of the topology into

multiple OSPF areas within the routing domain. Area membership is set at the interface

level, and the area ID is included in the OSPF hello packet. An interface can belong to

only one area. All routers within the same OSPF area maintain an identical copy of

LSDB.

- An OSPF area grows in size as the number of the network links and number of routers

increase in the area. While using a single area simplifies the topology, there are

trade-offs:

● A full SPT calculation runs when a link flaps within the area.

● With a single area, the LSDB increases in size and becomes unmanageable.

● The LSDB for the single area grows, consumes more memory, and takes longer

during the SPF computation process.

● With a single area, no summarization of route information occurs.

- Proper design addresses each of these issues by segmenting the routers into multiple

OSPF areas, thereby keeping the LSDB to a manageable size.

 ● If a router has interfaces in multiple areas, the router has multiple LSDBs (one for

each area). The internal topology of one area is invisible from outside that area.

● Segmenting the OSPF domain into multiple areas reduces the size of LSDB for

each area, making SPT calculations faster and decreasing LSDB flooding between

routers when a link flaps.

● Just because a router connects to multiple OSPF areas does not mean the routes

from one area will be injected into another area. Figure 6-2 shows router R1

connected to Area 1 and Area 2. Routes from Area 2 do not advertise into Area 2

and vice versa.

2. OSPF Configuration

- The process ID allows multiple OSPF processes to run on the same router. The router-id

command assigns a unique OSPF ID of 1.1.1.1 for this router.

- Note the use of a wildcard mask instead of a subnet mask in the network statement. With

OSPF, we’re not telling the router what networks to advertise; we’re telling the router to

place certain interfaces into specific areas, so those routers can form neighbor

relationships. The wildcard mask 0.0.255.255 tells us that the last two octets can match

any number.

- The first network statement places interface E0 on Router A into Area 1. Likewise, the

second network statement places interface S0 on Router A into Area 0. The network

statement could have been written more specifically:

- In order for Router B to form a neighbor relationship with Router A, its connecting

interface must be put in the same Area as Router A:

- If Router B’s S0 interface was placed in a different area than Router A’s S0 interface, the

two routers would never form a neighbor relationship, and never share routing updates.

3. The Designated Router and Backup Designated Router

- In multi-access networks such as Ethernet, there is the possibility of many neighbor

relationships on the same physical segment. In the above example, four routers are

connected into the same multi-access segment. Using the following formula (where “n” is

the number of routers): n(n-1)/2

- It is apparent that 6 separate adjacencies are needed for a fully meshed network. Increase

the number of routers to five, and 10 separate adjacencies would be required. This leads

to a considerable amount of unnecessary Link State Advertisement (LSA) traffic.

- If a link off of Router A were to fail, it would flood this information to all neighbors.

Each neighbor, in turn, would then flood that same information to all other neighbors.

This is a waste of bandwidth and processor load.

- To prevent this, OSPF will elect a Designated Router (DR) for each multiaccess

networks, accessed via multicast address 224.0.0.6. For redundancy purposes, a Backup

Designated Router (BDR) is also elected.

- OSPF routers will form adjacencies with the DR and BDR. If a change occurs to a link,

the update is forwarded only to the DR, which then forwards it to all other routers. This

greatly reduces the flooding of LSAs.

- DR and BDR elections are determined by a router’s OSPF priority, which is configured

on a per-interface basis (a router can have interfaces in multiple multi-access networks).

The router with the highest priority becomes the DR; second highest becomes the BDR.

If there is a tie in priority, whichever router has the highest Router ID will become the

DR. To change the priority on an interface: Router(config-if)# ip ospf priority 125

- Default priority on Cisco routers is 1. A priority of 0 will prevent the router from being

elected DR or BDR. Note: The DR election process is not preemptive. Thus, if a router

with a higher priority is added to the network, it will not automatically supplant an

existing DR. Thus, a router that should never become the DR should always have its

priority set to 0.

4. OSPF Network Types

- OSPF’s functionality is different across several different network topology types. OSPF’s

interaction with Frame Relay will be explained in another section

- Broadcast Multi-Access – indicates a topology where broadcast occurs.

● Examples include Ethernet, Token Ring, and ATM.

● OSPF will elect DRs and BDRs.

● Traffic to DRs and BDRs is multicast to 224.0.0.6. Traffic from

● DRs and BDRs to other routers are multicast to 224.0.0.5.

● Neighbors do not need to be manually specified.

- Point-to-Point – indicates a topology where two routers are directly connected.

● An example would be a point-to-point T1.

● OSPF will not elect DRs and BDRs.

● All OSPF traffic is multicast to 224.0.0.5.

● Neighbors do not need to be manually specified.

- Point-to-Multipoint – indicates a topology where one interface can connect to multiple

destinations. Each connection between a source and destination is treated as a

point-to-point link.
 ● An example would be Point-to-Multipoint Frame Relay.

● OSPF will not elect DRs and BDRs.

● All OSPF traffic is multicast to 224.0.0.5.

● Neighbors do not need to be manually specified.

- Non-broadcast Multi-access Network (NBMA) – indicates a topology where one

interface can connect to multiple destinations; however, broadcasts cannot be sent across

a NBMA network.

● An example would be Frame Relay.

● OSPF will elect DRs and BDRs.

● OSPF neighbors must be manually defined, thus All OSPF traffic is unicast

instead of multicast.

5. Failure Detection

- A secondary function of OSPF hello packets is to ensure that adjacent OSPF neighbors

are still healthy and available.

- The hello timer and the dead interval timer determine how long the OSPF process waits

before declaring a neighbor state to be down.

● Timers

- OSPF sends hello packets at set intervals, according to the hello timer. OSPF uses a

second timer called the OSPF dead interval timer, which defaults to four times the hello

timer. If a router does not receive a hello before the OSPF dead interval timer, the

neighboring state is changed to down.

● Hello Timer
 - The default OSPF hello timer interval varies based on the OSPF network

type. OSPF allows modification to the hello timer interval with values

between 1 and 65,535 seconds. Changing the hello timer interval modifies

the default dead interval, too. The OSPF hello timer is modified with the

interface configuration submode command ip ospf hello-interval

1-65,535.

● Dead Interval Timer

- You can change the dead interval timer to a value between 1 and 65,535

seconds. You change the OSPF dead interval timer by using the command

ip ospf dead-interval 1-65,535 under the interface configuration

submode.

6. Authentication

- OSPF supports authentication to secure routing updates. However, OSPF authentication

is configured differently than RIP or EIGRP authentication.

- Two forms of OSPF authentication exist, using either clear-text or an MD5 hash. To

configure clear-text authentication, the first step is to enable authentication for the area,

under the OSPF routing process:

- Then, the authentication key must be configured on the interface:

- To configure MD5-hashed authentication, the first step is also to enable authentication for

the area under the OSPF process:

- Notice the additional parameter message-digest included with the area 0 authentication

command. Next, the hashed authentication key must be configured on the interface:

- Area authentication must be enabled on all routers in the area, and the form of

authentication must be identical (clear-text or MD5). The authentication keys do not need

to be the same on every router in the OSPF area, but must be the same on interfaces

connecting two neighbors.