OSPF: Difference between revisions

<pre>

Protocol Number = 89, TTL=1, DES IP = 224.0.0.5 & 6

Network Types:

PTP:

No DR, BDR and ospf packets are sent to MC address.

Broadcast: (ethernet, token ring, FDDI)

DR, BDR election occurs and communicates using .5 and .6 address.

DR and BDR listen to .5 and .6 addresses.

NBMA network: (Frame relay, ATM)

Manual configuration of neighbors and DR/BDR.

All communication via unicast

Point to multipoint:

No DR and BDR. Neighbor statement not necessary.

Unicast

Virtual link:

Packets are unicast.

OSPF packet types:

Hello – type 1

Database description – type 2

LS request – type 3

LS update – type 4

LS ACK – type 5

To bring neighborship up, following fields should be matched:

Hello interval, Dead interval, area ID, network mask, option fields and authentication, if any

Neighborship will not form via secondary address. Other words, router will not generate hello packet with SRC IP = secondary IP.

DR/BDR election:

Highest Priority

Tie, highest router ID

Tie, highest interface address.

No preempt. So, first come will elect as DR, BDR, DRother. So, always start the router which has to be DR and then BDR and then other routers.

Priority=0 means ineligible to become DR/BDR.

When interface comes up, it sets DR,BDR to 0.0.0.0 and wait for ‘wait timer’= router dead interval. Within that period, if it receives hello with DR/BDR filled, accept those. Else if the time period elapse, move to BDR and then to DR.

Timers:

Default H=10 sec and D= 40 sec

InfTransDelay = 1 sec. change by “ip ospf transmit-delay’

RxmtInterval = 5 sec. Change by “ip ospf retramit-delay’

Neighbor state machine:

Down: at initial

Attempt: Only in NBMA

Init: Hello packet received. But couldn’t see our ID in its active neighbor list.

2-way:Could see our ID in neighbor list

Exstart: Start electing master/slave to exchange DBD packets. Highest router ID becomes master.

Exchange: exchange the LSA headers using DBD packets.

Loading: Syn the LSD using LS request and LS update. In real scenario, both Exchange and loading occurs parallel.

Full: Database was sync-ed.

DBD packet:

Have Interface MTU settings.

Initial(I) bit, More (M) bit and Master/Slave (MS) bit

First DBD packet sent with I/M/MS = 1/1/1 with seq =x

Neighbor sends DBD with I/M/MS = 1/1/1 with seq = y

After master selection, slave send DBD with I/M/MS = 0/1/0 with seq = master seq + 1.

Retransmission packets are always unicast.

Use stub concept and summarization to reduce memory and CPU utilization.

Sequence number, checksum and age uniquely defines as LSA:

Seq #:

From 0×80000001 to 0x7fffffff

If the seq# reaches 0x7ffffff, router flushes those LSA with age = MAXage.

Checksum:

Calculated entire LSA except age field.

Checksum is verified every 5 mins as it resides in LSD.

Age:

0 to 3600 (1 Hr-MaxAge)

Age increments when it resides in LSA and also incremented by ‘Infdelay’ value as it transits an interface.

Virtual Links:

Must be configured between 2 ABRs alone.

Transit area must have full routing information.

Transit area cannot be stub.

Usually it is the worst design and needs to be changed.

Can temporarily deploy to avoid partitioned area.

LSA types:

Router LSA:

Type-1. Generated by all routers with all active networks which has ospf configured.

Show ip ospf database router

LSAs are flooded within an area only.

Above command should have same output in all routers in an area. Seq #,checksum etc should be same.

Network LSA:

Type-2: Generated by the DR with network ID of the BC network.

Show ip ospf database network

No metric field as in router LSA.

LSAs are flooded within an area only.

N/w summary LSA:

Type-3: Generated by ABR to advertise the networks in another area.

If there are multiple routes to a destination, ABR advertise only the lowest cost route to its area along with cost metric.

Means, intra area routers use distance-vector protocol to know about inter-area routes.

Show ip ospf database summary

ASBR summary LSA:

Type-4; Same as summary LSA except the destination advertised by ABR is ASBR.

Show ip ospf database asbr-summary

AS external LSA:

Type-5; Advertise routes external to OSPF domain.

Typically redistribution of RIP, ISIS etc

Show ip ospf database external

Not associated with any area.

Group-Membership LSA:

Type-6; Used in MOSPF- multicast ospf

NSSA external LSA:

Type-7; originated by ASBR within NSSA

Show ip ospf database nssa-external

Flooded within NSSA region only.

ASBR can set/reset “P-bit” under “options field” of every LSA.

Only if NSSA-ABR receives type-7 LSA with P-bit set, it will translate into type-5 LSA and flood to other areas.

External Attribute LSA:

Type-8. Can be used as alternative to iBGP

Not deployed yet.

Opaque LSA:

Type- 9,10,11

Extension to OSPF. Used for TE in MPLS.

Areas:

Backbone area:

Area-0. Need for inter-area communication.

If there is only one area, no need for area-0

All types of LSAs except type-7 can be seen.

Stub area:

Single exist point for inter-area communication. But still can have more than one ABR.

Have info about OSPF domain areas. Both intra and inter-area routes.

No info about external (other domain) routes. Hence, ABR sends a default route.

Type-1,2 and 3 LSAs can be seen.

All the routers should have “E-bit” set to 0 in their hello packets to form adjacency.

Command: “area x stub”

Totally stubby area:

Router has info about its area alone. No info about inter-area routes.

Can see type-1, type-2 LSAs and single default route type-3 LSA by ABR.

Command: ‘area x stub no-summary’

NSSA:

Same property as stub area (not totally-stub area) with exception of allowing other domain routes as Lype-7 LSA.

No default route from ABR. (unless ‘default-info originate’ CLI configured where N2 default route (or) ‘area x nssa no-summary’ configured. In later, IA routes will not be available and default route has IA tag)

Can see Type-1,2,3,4 and type-7 LSAs.

Command: ‘area x nssa’.

Path types:

Intra-area paths

Inter-area paths. Denoted by “IA” in show ip route.

E1:

Cost = advertised by ASBR + cost to ASBR

E2:

Cost = advertised by ASBR. Enabled by default.

If there is only one ASBR in OSPF, there is no necessity of adding cost to ASBR. Hence E2 is default.

If there are more than on ASBR, enable E1.

No authentication: Type-0

Simple password: Type-1

MD5 password: Type-2

Few points:

Router LSA of ABR will have “B-bit” set in router-lsa packet

Router LSA of ASBR will have “E-bit” set in router-lsa packet

When NSSA ABR, translates type-7 LSA to type-5 LSA, it advertise with “Advertising Router” field set to its own router ID and it changes to ASBR. It could be confirmed by seeing “E” bit set in router LSA packet.

“Options field” in OSPF hello, DBD and every LSA: From MSB

DN – used in MPLS VPN. To detect loop.

O- Set to indicate routers’ opaque LSA support.

DC- OSPF over Demand circuit.

EA – external attribute support

N/P bit

N bit in hello: Set to indicate support for NSSA external LSAs. Mismatch will not bring adjacency

P-bit in NSSA external LSA header: to inform ABR to translate T-7 to T-5 LSAs.

MC – set to indicate multicast ospf capability

E – E bit=0 to indicate stub area.

MT – set to indicate Multi-topology OSPF support. Under development.

Troubleshooting point of view: few

Neighborship not coming UP:

Check for Hello packet parameter match

Network ID in correct area??

Access-list blocking OSPF packets??

Packet dropped on the way to CP incase if interface multicast count is incrementing??

Check Stub-area configuration?? Virtual link via stub area??

Neighborship UP but no advertised routes in database:

Enable debug and check for LSupdate packets.

Routes in OSPF database but not in routing table:

Routes via another protocol which has AD less than OSPFs??

One end of router has “ip ospf network PTP’ whereas other end router has default BC network type.

In case of external routes not installed in routing table, check whether the forwarding address is reachable. If not, configure ‘suppress-fa’ option at the NSSA ABR.

If an LSA has less age or high sequence number among others, we need to look for why this network was keep flapping and flooding updates. Might be reason for high CPU utilization.

Observations:

ABR with area-1 and area-2 only.

Routes from area-1 are not leaked into area-2 using type-3 network summary LSA.

Authentication:

Configure ‘ip ospf authentication’ to change to type-1. No user-defined password possible.

For loopback IP to become router-id either remove and reapply the ospf configuration or configure ‘router-id’ command.

DBD packet can have multiple LSA headers each can be of different type.(T1/T2)

When we change the network type to ‘point-point’, the interface will send a hello with DR,BDR =0 and no neighbor IDs in active neighbor field. This makes other end router to move to init.

In BC network: DBD, LS request and LS updates are exchanged via unicast. LS update (repeat) and LS ACK are sent to 224.0.0.5

In PTP, all communications via 224.0.0.5

Changing hello packet parameters (hello interval, dead interval etc) on one end makes the other end router to ignore those hello packets which has modified parameters.

Both side of router configured with priority =0 with default n/w type, they will stuck in 2way/DRother.

In an already existing stub network, if we change to totally stub, border router send an update with IA routes’ age= 3600 for flushing from database. Same as in ‘clear ip ospf process’

Redistributing RIP to ospf in a router which is inside a stub network:

“%OSPF-4-ASBR_WITHOUT_VALID_AREA: Router is currently an ASBR while having only one area which is a stub area”

Summarization has no effect of external routes (E1/E2).

</pre>