This chapter covers the following topics:
OSPF Fundamentals: This section provides an overview of the OSPF routing protocol.
OSPF Configuration: This section explains how to configure a router with basic OSPF functionality.
The Designated Router and Backup Designated Router: This section describes the function of the designated router and how it provides scalability for broadcast network segments.
OSPF Network Types: This section provides an overview of the OSPF network types and their impact to OSPF’s behavior.
Failure Detection: This section explains how OSPF detects and verifies the health of OSPF neighbor routers.
Authentication: This section explains how OSPF authentication functions and is configured.
The Open Shortest Path First (OSPF) protocol is the first link-state routing protocol covered in this book. OSPF is a nonproprietary Interior Gateway Protocol (IGP) that overcomes the deficiencies of other distance vector routing protocols and distributes routing information within a single OSPF routing domain. OSPF introduced the concept of variable-length subnet masking (VLSM), which supports classless routing, summarization, authentication, and external route tagging. There are two main versions of OSPF in production networks today:
OSPFv2: Originally defined in RFC 2328 with IPv4 support
OSPFv3: Modifies the original structure to support IPv6
This chapter explains the core concepts of OSPF and the basics of establishing neighborships and exchanging routes with other OSPF routers. This chapter covers the fundamentals of OSPF and common optimizations in networks of any size. Chapter 7, “Advanced OSPF,” explains the function of OSPF link-state advertisements (LSAs), OSPF stub areas, path selection, route summarization, and discontiguous networks and their repair with virtual links. Chapter 8, “Troubleshooting OSPFv2,” explains how OSPF is used for routing IPv6 packets.
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 6-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quiz Questions.”
Table 6-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section |
Questions |
OSPF Fundamentals |
1–6 |
OSPF Configuration |
7–9 |
The Designated Router and Backup Designated Router |
10–11 |
OSPF Network Types |
12 |
Failure Detection |
13 |
Authentication |
14 |
1. What protocol number does OSPF use for inter-router communication?
87
88
89
90
2. How many packet types does OSPF use for inter-router communication?
Three
Four
Five
Six
Seven
3. What destination addresses does OSPF use, when feasible? (Choose two.)
IP address 224.0.0.5
IP address 224.0.0.10
IP address 224.0.0.8
MAC address 01:00:5E:00:00:05
MAC address 01:00:5E:00:00:0A
4. True or false: A router with an interface associated to Area 1 and Area 2 can inject routes learned from one area into another area.
True
False
5. True or false: A member router contains a complete copy of the LSDBs for every area in the routing domain.
True
False
6. How many states does OSPF maintain when dealing with a neighbor adjacency?
Three
Four
Five
Eight
7. True or false: The OSPF process ID must match for routers to establish a neighbor adjacency.
True
False
8. True or false: OSPF is only enabled on a router interface by using the command network ip-address wildcard-mask area area-id under the OSPF router process.
True
False
9. True or false: An advertised default route into OSPF always appears as an OSPF interarea route.
True
False
10. True or false: The router with the highest IP address is the designated router when using a serial point-to-point link.
True
False
11. What command is configured to prevent a router from becoming the designated router for a network segment?
The interface command ip ospf priority 0
The interface command ip ospf priority 255
The command dr-disable interface-id under the OSPF process
The command passive interface interface-id under the OSPF process
The command dr-priority interface-id 255 under the OSPF process
12. What is the advertised network for the loopback interface with IP address 10.123.4.1/30?
10.123.4.1/24
10.123.4.0/30
10.123.4.1/32
10.123.4.0/24
13. The OSPF dead interval defaults to how many times the hello interval?
Two
Three
Four
Five
14. True or false: Enabling OSPF authentication for an area consists of setting the OSFP authentication type under the OSPF process and placing the password on all area interfaces.
True
False
Foundation Topics
OSPF advertises link-state advertisements (LSAs) that contain the link state and link metric to neighboring routers. Received LSAs are stored in a local database called the link-state database (LSDB) and advertise the link-state information to neighboring routers exactly as the original advertising router advertised it. This process floods the LSA throughout the OSPF routing domain just as the advertising router advertised it. All OSPF routers maintain a synchronized identical copy of the LSDB within an area.
The LSDB provides the topology of the network, in essence providing the router a complete map of the network. All OSPF routers run Dijkstra’s shortest path first (SPF) algorithm to construct a loop-free topology of shortest paths. OSPF dynamically detects topology changes within the network and calculates loop-free paths in a short amount of time with minimal routing protocol traffic.
Each router sees itself as the root or top of the SPF tree (SPT), and the SPT contains all network destinations within the OSPF domain. The SPT differs for each OSPF router, but the LSDB used to calculate the SPT is identical for all OSPF routers.
Figure 6-1 demonstrates a simple OSPF topology and the SPT from R1’s and R4’s perspective. Notice that the local router’s perspective is always that of the root (or top of the tree). There is a difference in connectivity to the 10.3.3.0/24 network from R1’s and R4’s SPTs. From R1’s perspective, the serial link between R3 and R4 is missing; from R4’s perspective, the Ethernet link between R1 and R3 is missing.
The SPTs give the illusion of no redundancy in a network, but remember that the SPT shows the shortest path to reach a network and is built from the LSDB, which contains all the links for an area. During a topology change, the SPT is rebuilt and may change.
A router can run multiple OSPF processes. Each process maintains its own unique database, and routes learned in one OSPF process are not available to a different OSPF process without redistribution of routes between processes. The OSPF process numbers are locally significant and do not have to match among routers. If OSPF process number 1 is running on one router and OSPF process number 1234 is running on another, the two routers can become neighbors.
OSPF provides scalability for the routing table by splitting segments of the topology into multiple OSPF areas within the routing domain. An OSPF area is a logical grouping of routers or, more specifically, a logical grouping of router interfaces. Area membership is set at the interface level, and the area ID is included in the OSPF hello packet. An interface can belong to only one area. All routers within the same OSPF area maintain an identical copy of the LSDB.
An OSPF area grows in size as the number of network links and number of routers increase in the area. While usi1ng a single area simplifies the topology, there are trade-offs:
A full SPT calculation runs when a link flaps within the area.
With a single area, the LSDB increases in size and becomes unmanageable.
The LSDB for the single area grows, consumes more memory, and takes longer during the SPF computation process.
With a single area, no summarization of route information occurs.
Proper design addresses each of these issues by segmenting the routers into multiple OSPF areas, thereby keeping the LSDB to a manageable size. Sizing and design of OSPF networks should account for the hardware constraints of the smallest router in that area.
If a router has interfaces in multiple areas, the router has multiple LSDBs (one for each area). The internal topology of one area is invisible from outside that area. If a topology change occurs (such as a link flap or an additional network added) within an area, all routers in the same OSPF area calculate the SPT again. Routers outside that area do not calculate the full SPT again but do perform a partial SPF calculation if the metrics have changed or a prefix is removed.
In essence, an OSPF area hides the topology from another area but allows the networks to be visible in other areas within the OSPF domain. Segmenting the OSPF domain into multiple areas reduces the size of the LSDB for each area, making SPT calculations faster and decreasing LSDB flooding between routers when a link flaps.
Just because a router connects to multiple OSPF areas does not mean the routes from one area will be injected into another area. Figure 6-2 shows router R1 connected to Area 1 and Area 2. Routes from Area 1 do not advertise into Area 2 and vice versa.
Area 0 is a special area called the backbone. By design, OSPF uses a two-tier hierarchy in which all areas must connect to the upper tier, Area 0, because OSPF expects all areas to inject routing information into Area 0. Area 0 advertises the routes into other nonbackbone areas. The backbone design is crucial to preventing routing loops.
The area identifier (also known as the area ID) is a 32-bit field and can be formatted in simple decimal (0 through 4294967295) or dotted decimal (0.0.0.0 through 255.255.255.255). When configuring routers in an area, if you use decimal format on one router and dotted-decimal format on a different router, the routers will be able to form an adjacency. OSPF advertises the area ID in the OSPF packets.
Area border routers (ABRs) are OSPF routers connected to Area 0 and another OSPF area, per Cisco definition and according to RFC 3509. ABRs are responsible for advertising routes from one area and injecting them into a different OSPF area. Every ABR needs to participate in Area 0 to allow for the advertisement of routes into another area. ABRs compute an SPT for every area that they participate in.
Figure 6-3 shows that R1 is connected to Area 0, Area 1, and Area 2. R1 is a proper ABR router because it participates in Area 0. The following occurs on R1:
Routes from Area 1 advertise into Area 0.
Routes from Area 2 advertise into Area 0.
Routes from Area 0 advertise into Areas 1 and 2. This includes the local Area 0 routes, in addition to the routes that were advertised into Area 0 from Area 1 and Area 2.
The topology in Figure 6-3 is a larger-scale OSPF multi-area topology that is used throughout this chapter to describe various OSPF concepts.
OSPF runs directly over IPv4, using its own protocol 89, which is reserved for OSPF by the Internet Assigned Numbers Authority (IANA). OSPF uses multicast where possible to reduce unnecessary traffic. There are two OSPF multicast addresses:
AllSPFRouters: IPv4 address 224.0.0.5 or MAC address 01:00:5E:00:00:05. All routers running OSPF should be able to receive these packets.
AllDRouters: IPv4 address 224.0.0.6 or MAC address 01:00:5E:00:00:06. Communication with designated routers (DRs) uses this address.
Within the OSPF protocol, five types of packets are communicated. Table 6-2 briefly describes the OSPF packet types.
Table 6-2 OSPF Packet Types
Type |
Packet Name |
Functional Overview |
1 |
Hello |
Packets are sent out periodically on all OSPF interfaces to discover new neighbors while ensuring that other neighbors are still online. |
2 |
Database description (DBD or DDP) |
Packets are exchanged when an OSPF adjacency is first being formed. These packets are used to describe the contents of the LSDB. |
3 |
Link-state request (LSR) |
When a router thinks that part of its LSDB is stale, it may request a portion of a neighbor’s database using this packet type. |
4 |
Link-state update (LSU) |
This is an explicit LSA for a specific network link, and normally it is sent in direct response to an LSR. |
5 |
Link-state acknowledgment |
These packets are sent in response to the flooding of LSAs, thus making the flooding a reliable transport feature. |
The OSPF router ID (RID) is a 32-bit number that uniquely identifies an OSPF router. In some OSPF output commands, neighbor ID refers to the RID; the terms are synonymous. The RID must be unique for each OSPF process in an OSPF domain and must be unique between OSPF processes on a router.
The RID is dynamically allocated by default using the highest IP address of any up loopback interfaces. If there are no up loopback interfaces, the highest IP address of any active up physical interfaces becomes the RID when the OSPF process initializes. The OSPF process selects the RID when the OSPF process initializes, and it does not change until the process restarts. This means that the RID can change if a higher loopback address has been added and the process (or router) is restarted.
Setting a static RID helps with troubleshooting and reduces LSAs when an RID changes in an OSPF environment. The RID is four octets in length and is configured with the command router-id router-id under the OSPF process.
OSPF hello packets are responsible for discovering and maintaining neighbors. In most instances, a router sends hello packets to the AllSPFRouters address (224.0.0.5). Table 6-3 lists some of the data contained within an OSPF hello packet.
Table 6-3 OSPF Hello Packet Fields
Data Field |
Description |
Router ID (RID) |
A unique 32-bit ID within an OSPF domain. |
Authentication Options |
A field that allows secure communication between OSPF routers to prevent malicious activity. Options are none, plaintext, or Message Digest 5 (MD5) authentication. |
Area ID |
The OSPF area that the OSPF interface belongs to. It is a 32-bit number that can be written in dot-decimal format (0.0.1.0) or decimal (256). |
Interface Address Mask |
The network mask for the primary IP address for the interface out which the hello is sent. |
Interface Priority |
The router interface priority for DR elections. |
Hello Interval |
The time interval, in seconds, at which a router sends out hello packets on the interface. |
Dead Interval |
The time interval, in seconds, that a router waits to hear a hello from a neighbor router before it declares that router down. |
Designated Router and Backup Designated Router |
The IP address of the DR and backup DR (BDR) for that network link. |
Active Neighbor |
A list of OSPF neighbors seen on that network segment. A router must have received a hello from the neighbor within the dead interval. |
An OSPF neighbor is a router that shares a common OSPF-enabled network link. OSPF routers discover other neighbors through the OSPF hello packets. An adjacent OSPF neighbor is an OSPF neighbor that shares a synchronized OSPF database between the two neighbors.
Each OSPF process maintains a table for adjacent OSPF neighbors and the state of each router. Table 6-4 briefly describes the OSPF neighbor states.
Table 6-4 OSPF Neighbor States
State |
Description |
Down |
The initial state of a neighbor relationship. It indicates that the router has not received any OSPF hello packets. |
Attempt |
A state that is relevant to nonbroadcast multi-access (NBMA) networks that do not support broadcast and that require explicit neighbor configuration. This state indicates that no recent information has been received, but the router is still attempting communication. |
Init |
A state in which a hello packet has been received from another a router, but bidirectional communication has not been established. |
2-Way |
A state in which bidirectional communication has been established. If a DR or BDR is needed, the election occurs during this state. |
ExStart |
The first state in forming an adjacency. Routers identify which router will be the master or slave for the LSDB synchronization. |
Exchange |
A state during which routers are exchanging link states by using DBD packets. |
Loading |
A state in which LSR packets are sent to the neighbor, asking for the more recent LSAs that have been discovered (but not received) in the Exchange state. |
Full |
A state in which neighboring routers are fully adjacent. |
The following list of requirements must be met for an OSPF neighborship to be formed:
The RIDs must be unique between the two devices. To prevent errors, they should be unique for the entire OSPF routing domain.
The interfaces must share a common subnet. OSPF uses the interface’s primary IP address when sending out OSPF hellos. The network mask (netmask) in the hello packet is used to extract the network ID of the hello packet.
The interface maximum transmission unit (MTU) must match because the OSPF protocol does not support fragmentation.
The area ID must match for that segment.
The need for a DR must match for that segment.
OSPF hello and dead timers must match for that segment.
The authentication type and credentials (if any) must match for that segment.
Area type flags must be identical for that segment (stub, NSSA, and so on).
Figure 6-4 illustrates the states and packets exchanged when two routers, R1 and R2, form an OSPF adjacency.
Example 6-1 shows each of the steps performed when an adjacency forms. When you enable OSPF adjacency debugging functionality, you get detailed information for all of the states.
R1# debug ip ospf adj OSPF adjacency events debugging is on *21:10:01.735: OSPF: Build router LSA for area 0, router ID 192.168.1.1, seq 0x80000001, process 1 *21:10:09.203: OSPF: 2 Way Communication to 192.168.2.2 on GigabitEthernet0/0, state 2WAY *21:10:39.855: OSPF: Rcv DBD from 192.168.2.2 on GigabitEthernet0/0 seq 0x1823 opt 0x52 flag 0x7 len 32 mtu 1500 state 2WAY *21:10:39.855: OSPF: Nbr state is 2WAY *21:10:41.235: OSPF: end of Wait on interface GigabitEthernet0/0 *21:10:41.235: OSPF: DR/BDR election on GigabitEthernet0/0 *21:10:41.235: OSPF: Elect BDR 192.168.2.2 *21:10:41.235: OSPF: Elect DR 192.168.2.2 *21:10:41.235: DR: 192.168.2.2 (Id) BDR: 192.168.2.2 (Id) *21:10:41.235: OSPF: GigabitEthernet0/0 Nbr 192.168.2.2: Prepare dbase exchange *21:10:41.235: OSPF: Send DBD to 192.168.2.2 on GigabitEthernet0/0 seq 0xFA9 opt 0x52 flag 0x7 len 32 *21:10:44.735: OSPF: Rcv DBD from 192.168.2.2 on GigabitEthernet0/0 seq 0x1823 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *21:10:44.735: OSPF: NBR Negotiation Done. We are the SLAVE *21:10:44.735: OSPF: GigabitEthernet0/0 Nbr 2.2.2.2: Summary list built, size 1 *21:10:44.735: OSPF: Send DBD to 192.168.2.2 on GigabitEthernet0/0 seq 0x1823 opt 0x52 flag 0x2 len 52 *21:10:44.743: OSPF: Rcv DBD from 192.168.2.2 on GigabitEthernet0/0 seq 0x1824 opt 0x52 flag 0x1 len 52 mtu 1500 state EXCHANGE *21:10:44.743: OSPF: Exchange Done with 192.168.2.2 on GigabitEthernet0/0 *21:10:44.743: OSPF: Send LS REQ to 192.168.2.2 length 12 LSA count 1 *21:10:44.743: OSPF: Send DBD to 192.168.2.2 on GigabitEthernet0/0 seq 0x1824 opt 0x52 flag 0x0 len 32 *21:10:44.747: OSPF: Rcv LS UPD from 192.168.2.2 on GigabitEthernet0/0 length 76 LSA count 1 *21:10:44.747: OSPF: Synchronized with 192.168.2.2 GigabitEthernet0/0, state FULL *21:10:44.747: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
The configuration process for OSPF occurs mostly under the OSPF process, but some OSPF options go directly on the interface configuration submode. The OSPF process ID is locally significant but is generally kept the same for operational consistency. OSPF is enabled on an interface using two methods:
OSPF network statement
Interface-specific configuration
The command router ospf process-id defines and initializes the OSPF process. The OSPF network statement identifies the interfaces that the OSPF process will use and the area that those interfaces participate in. The network statements match against the primary IPv4 address and netmask associated with an interface.
A common misconception is that the network statement advertises the networks into OSPF; in reality, though, the network statement selects and enables OSPF on the interface. The interface is then advertised in OSPF through the LSA. The network statement uses a wildcard mask, which allows the configuration to be as specific or vague as necessary. The selection of interfaces within the OSPF process is accomplished by using the command network ip-address wildcard-mask area area-id.
The second method for enabling OSPF on an interface for IOS is to configure it specifically on an interface with the command ip ospf process-id area area-id [secondaries none]. This method also adds secondary connected networks to the LSDB unless the secondaries none option is used.
This method provides explicit control for enabling OSPF; however, the configuration is not centralized, and the complexity increases as the number of interfaces on the routers increases. Interface-specific settings take precedence over the network statement with the assignment of the areas if a hybrid configuration exists on a router.
Enabling an interface with OSPF is the quickest way to advertise the network segment to other OSPF routers. Making the network interface passive still adds the network segment to the LSDB but prohibits the interface from forming OSPF adjacencies. A passive interface does not send out OSPF hellos and does not process any received OSPF packets.
The command passive interface-id under the OSPF process makes the interface passive, and the command passive interface default makes all interfaces passive. To allow for an interface to process OSPF packets, the command no passive interface-id is used.
Figure 6-5 displays a reference topology for a basic multi-area OSPF configuration. In the topology:
R1, R2, R3, and R4 belong to Area 1234.
R4 and R5 belong to Area 0.
R5 and R6 belong to Area 56.
R1, R2, and R3 are member (internal) routers.
R4 and R5 are ABRs.
Area 1234 connects to Area 0, and Area 56 connects to Area 0.
Routers in Area 1234 can see routes from routers in Area 0 (R4 and R5) and Area 56 (R5 and R6) and vice versa.
To demonstrate the different methods of OSPF configuration, the routers are configured as follows:
R1 is configured to enable OSPF on all interfaces with one network statement.
R2 is configured to enable OSPF on both interfaces with two explicit network statements.
R3 is configured to enable OSPF on all interfaces with one network statement but sets the 10.3.3.0/24 LAN interface as passive to prevent forming an OSPF adjacency on it.
R4 is configured to enable OSPF using an interface-specific OSPF configuration.
R5 is configured to place all interfaces in the 10.45.1.0/24 network segment into Area 0 and all other network interfaces into Area 56.
R6 is configured to place all interfaces into Area 56 with one network statement.
On R1 and R2, OSPF is enabled on all interfaces with one command, R3 uses specific network-based statements, and R4 uses interface-specific commands.
Example 6-2 provides the OSPF configurations for all six routers.
R1 router ospf 1 router-id 192.168.1.1 network 0.0.0.0 255.255.255.255 area 1234
R2 router ospf 1 router-id 192.168.2.2 network 10.123.1.2 0.0.0.0 area 1234 network 10.24.1.2 0.0.0.0 area 1234
R3 router ospf 1 router-id 192.168.1.1 network 0.0.0.0 255.255.255.255 area 1234 passive interface GigabitEthernet0/1
R4 router ospf 1 router-id 192.168.4.4 ! interface GigabitEthernet0/0 ip ospf 1 area 0 interface Serial1/0 ip ospf 1 area 1234
R5 router ospf 1 router-id 192.168.5.5 network 10.45.1.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 56
R6 router ospf 1 router-id 192.168.6.6 network 0.0.0.0 255.255.255.255 area 56
You view OSPF-enabled interfaces by using the command show ip ospf interface [brief | interface-id]. Example 6-3 shows output from using the show ip ospf interface command on R4. The output lists all the OSPF-enabled interfaces, the IP address associated with each interface, the RID for the DR and BDR (and their associated interface IP addresses for that segment), and the OSPF timers for that interface.
R4# show ip ospf interface GigabitEthernet0/0 is up, line protocol is up Internet Address 10.45.1.4/24, Area 0, Attached via Interface Enable Process ID 1, Router ID 192.168.4.4, Network Type BROADCAST, Cost: 1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Enabled by interface config, including secondary ip addresses Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 192.168.5.5, Interface address 10.45.1.5 Backup Designated router (ID) 192.168.4.4, Interface address 10.45.1.4 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 .. Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.168.5.5 (Designated Router) Suppress hello for 0 neighbor(s) Serial1/0 is up, line protocol is up Internet Address 10.24.1.4/29, Area 1234, Attached via Interface Enable Process ID 1, Router ID 192.168.4.4, Network Type POINT_TO_POINT, Cost: 64 Topology-MTID Cost Disabled Shutdown Topology Name 0 64 no no Base Enabled by interface config, including secondary ip addresses Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 .. Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.168.2.2 Suppress hello for 0 neighbor(s)
Example 6-4 shows the command with the brief keyword for R1, R2, R3, and R4. The State field provides useful information that helps you understand whether the interface is classified as broadcast or point-to-point, the area associated with the interface, and the process associated with the interface.
R1# show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/0 1 1234 10.123.1.1/24 1 DROTH 2/2
R2# show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Se1/0 1 1234 10.24.1.1/29 64 P2P 1/1
Gi0/0 1 1234 10.123.1.2/24 1 BDR 2/2
R3# show ip ospf interface brief Interface PID Area IP Address/Mask Cost State Nbrs F/C Gi0/1 1 1234 10.3.3.3/24 1 DR 0/0 Gi0/0 1 1234 10.123.1.3/24 1 DR 2/2
R4# show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/0 1 0 10.45.1.4/24 1 BDR 1/1
Se1/0 1 1234 10.24.1.4/29 64 P2P 1/1
Table 6-5 provides an overview of the fields in the output shown in Example 6-4.
Table 6-5 OSPF Interface Columns
Field |
Description |
Interface |
Interfaces with OSPF enabled |
PID |
The OSPF process ID associated with this interface |
Area |
The area that this interface is associated with |
IP Address/Mask |
The IP address and subnet mask for the interface |
Cost |
A factor the SPF algorithm uses to calculate a metric for a path |
State |
The current interface state for segments with a designated router (DR, BDR, or DROTHER), P2P, LOOP, or Down |
Nbrs F |
The number of neighbor OSPF routers for a segment that are fully adjacent |
Nbrs C |
The number of neighbor OSPF routers for a segment that have been detected and are in a 2-WAY state |
The command show ip ospf neighbor [detail] provides the OSPF neighbor table. Example 6-5 displays the OSPF neighbors for R1 and R2. Notice that the state for R2’s S1/0 interface does not reflect a DR status with its peering with R4 (192.168.4.4) because a DR does not exist on a point-to-point link.
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.2.2 1 FULL/BDR 00:00:34 10.123.1.2 GigabitEthernet0/0 192.168.3.3 1 FULL/DR 00:00:37 10.123.1.3 GigabitEthernet0/0
R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.4.4 0 FULL/ - 00:00:38 10.24.1.4 Serial1/0 192.168.1.1 1 FULL/DROTHER 00:00:37 10.123.1.1 GigabitEthernet0/0 192.168.3.3 1 FULL/DR 00:00:34 10.123.1.3 GigabitEthernet0/0
Table 6-6 provides a brief overview of the fields used in Example 6-5. The neighbor state on R1 identifies R3 as the DR and R2 as the BDR for the 10.123.1.0 network segment. R2 identifies R1 as DROTHER for that network segment.
Table 6-6 Fields from the OSPF Neighbor State Output
Field |
Description |
Neighbor ID |
The router ID (RID) of the neighboring router. |
Pri |
The priority for the neighbor’s interface, which is used for DR/BDR elections. |
State |
The first State field is the neighbor state, as described in Table 6-4. The second State field is the DR, BDR, or DROTHER role if the interface requires a DR. For non-DR network links, the second field shows just a hyphen (-). |
Dead Time |
The dead time left until the router is declared unreachable. |
Address |
The primary IP address for the OSPF neighbor. |
Interface |
The local interface to which the OSPF neighbor is attached. |
You display OSPF routes installed in the Routing Information Base (RIB) by using the command show ip route ospf. In the output, two sets of numbers are in the brackets and look like [110/2]. The first number is the administrative distance (AD), which is 110 by default for OSPF, and the second number is the metric of the path used for that network along with the next-hop IP address.
Example 6-6 provides the routing table for R1 from Figure 6-5. Notice that R1’s OSPF routing table shows routes from within Area 1234 (10.24.1.0/29 and 10.3.3.0/24) as intra-area (O routes) and routes from Area 0 and Area 56 (10.45.1.0/24 and 10.56.1.0/24) as interarea (O IA routes).
Example 6-6 shows intra-area and interarea routes from R1’s perspective in this topology.
R1# show ip route ospf ! Output omitted for brevity Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks O 10.3.3.0/24 [110/2] via 10.123.1.3, 00:18:54, GigabitEthernet0/0 O 10.24.1.0/29 [110/65] via 10.123.1.2, 00:18:44, GigabitEthernet0/0 O IA 10.45.1.0/24 [110/66] via 10.123.1.2, 00:11:54, GigabitEthernet0/0 O IA 10.56.1.0/24 [110/67] via 10.123.1.2, 00:11:54, GigabitEthernet0/0
Example 6-7 provides the routing table for R4 from Figure 6-5. Notice that R4’s OSPF routing table shows the routes from within Area 1234 and Area 0 as intra-area and routes from Area 56 as interarea because R4 does not connect to Area 56.
Notice that the metric for the 10.123.1.0/24 and 10.3.3.0/24 networks has drastically increased from the 10.56.1.0/24 network. This is because the 10.56.1.0/24 network is reachable across the slow serial link which has an interface cost of 64.
R4# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks O 10.3.3.0/24 [110/66] via 10.24.1.2, 00:03:45, Serial1/0 O IA 10.56.1.0/24 [110/2] via 10.45.1.5, 00:04:56, GigabitEthernet0/0 O 10.123.1.0/24 [110/65] via 10.24.1.2, 00:13:19, Serial1/0
Example 6-8 provides the routing table for R5 and R6 from Figure 6-5. R5 and R6 contain only interarea routes in the OSPF routing table because intra-area routes are directly connected.
R5# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks O IA 10.3.3.0/24 [110/67] via 10.45.1.4, 00:04:13, GigabitEthernet0/0 O IA 10.24.1.0/29 [110/65] via 10.45.1.4, 00:04:13, GigabitEthernet0/0 O IA 10.123.1.0/24 [110/66] via 10.45.1.4, 00:04:13, GigabitEthernet0/0
R6# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks O IA 10.3.3.0/24 [110/68] via 10.56.1.5, 00:07:04, GigabitEthernet0/0 O IA 10.24.1.0/29 [110/66] via 10.56.1.5, 00:08:19, GigabitEthernet0/0 O IA 10.45.1.0/24 [110/2] via 10.56.1.5, 00:08:18, GigabitEthernet0/0 O IA 10.123.1.0/24 [110/67] via 10.56.1.5, 00:08:19, GigabitEthernet0/0
External routes are routes learned from outside the OSPF domain, but they are injected into an OSPF domain through redistribution.
When a router redistributes routes into an OSPF domain, the router is called an autonomous system boundary router (ASBR). An ASBR can be any OSPF router, and the ASBR function is independent of the ABR function. An OSPF domain can have an ASBR without having an ABR. An OSPF router can be an ASBR and an ABR at the same time.
External routes are classified as Type 1 or Type 2. The main differences between Type 1 and Type 2 external OSPF routes are as follows:
Type 1 routes are preferred over Type 2 routes.
The Type 1 metric equals the redistribution metric plus the total path metric to the ASBR. In other words, as the LSA propagates away from the originating ASBR, the metric increases.
The Type 2 metric equals only the redistribution metric. The metric is the same for the router next to the ASBR as the router 30 hops away from the originating ASBR. This is the default external metric type used by OSPF.
Figure 6-6 revisits the previous topology where R6 is redistributing two networks in to the OSPF domain. In this topology:
R1, R2, and R3 are member (internal) routers.
R4 and R5 are ABRs.
R6 is the ASBR.
172.16.6.0/24 is being redistributed as an OSPF external Type 1 route.
Example 6-9 shows only the OSPF routes in the routing table from R1 and R2. The 172.16.6.0/24 network is redistributed as a Type 1 route, and the 172.31.6.0/24 network is redistributed as a Type 2 route.
External OSPF network routes are marked as O E1 and O E2 in the routing table and correlate with OSPF Type 1 and Type 2 external routes. Notice that the metric for the 172.31.6.0/24 network is the same on R1 as it is on R2, but the metric for the 172.16.6.0.0/24 network differs on the two routers because Type 1 external metrics include the path metric to the ASBR.
R1# show ip route ospf ! Output omitted for brevity Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2 Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks O 10.3.3.0/24 [110/2] via 10.123.1.3, 23:20:25, GigabitEthernet0/0 O 10.24.1.0/29 [110/65] via 10.123.1.2, 23:20:15, GigabitEthernet0/0 O IA 10.45.1.0/24 [110/66] via 10.123.1.2, 23:13:25, GigabitEthernet0/0 O IA 10.56.1.0/24 [110/67] via 10.123.1.2, 23:13:25, GigabitEthernet0/0 172.16.0.0/24 is subnetted, 1 subnets O E1 172.16.6.0 [110/87] via 10.123.1.2, 00:01:00, GigabitEthernet0/0 172.31.0.0/24 is subnetted, 1 subnets O E2 172.31.6.0 [110/20] via 10.123.1.2, 00:01:00, GigabitEthernet0/0
R2# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks O 10.3.3.0/24 [110/2] via 10.123.1.3, 23:24:05, GigabitEthernet0/0 O IA 10.45.1.0/24 [110/65] via 10.24.1.4, 23:17:11, Serial1/0 O IA 10.56.1.0/24 [110/66] via 10.24.1.4, 23:17:11, Serial1/0 172.16.0.0/24 is subnetted, 1 subnets O E1 172.16.6.0 [110/86] via 10.24.1.4, 00:04:45, Serial1/0 172.31.0.0/24 is subnetted, 1 subnets O E2 172.31.6.0 [110/20] via 10.24.1.4, 00:04:45, Serial1/0
OSPF supports advertising the default route into the OSPF domain. The advertising router must have a default route in its routing table for the default route to be advertised. To advertise the default route, you use the command default-information originate [always] [metric metric-value] [metric-type type-value] underneath the OSPF process. The always optional keyword causes the default route to be advertised even if a default route does not exist in the RIB. In addition, the route metric can be changed with the metric metric-value option, and the metric type can be changed with the metric-type type-value option.
Figure 6-7 illustrates a common situation, where R1 has a static default route to the firewall, which is connected to the Internet. To provide connectivity to other parts of the network (that is, R2 and R3), R1 advertises a default route into OSPF.
Example 6-10 provides the relevant configuration on R1. Notice that R1 has a static default route to the firewall (100.64.1.2) to satisfy the requirement of having the default route in the RIB.
R1 ip route 0.0.0.0 0.0.0.0 100.64.1.2 ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 default-information originate
Example 6-11 shows the routing tables of R2 and R3. Notice that OSPF advertises the default route as an external OSPF route.
R2# show ip route | begin Gateway
Gateway of last resort is 10.12.1.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.12.1.1, 00:02:56, GigabitEthernet0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.12.1.0/24 is directly connected, GigabitEthernet0/1
C 10.23.1.0/24 is directly connected, GigabitEthernet0/2
R3# show ip route | begin Gateway
Gateway of last resort is 10.23.1.2 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.23.1.2, 00:01:47, GigabitEthernet0/1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.12.1.0/24 [110/2] via 10.23.1.2, 00:05:20, GigabitEthernet0/1
C 10.23.1.0/24 is directly connected, GigabitEthernet0/1
Multi-access networks such as Ethernet (LANs) and Frame Relay networks allow more than two routers to exist on a network segment. This could cause scalability problems with OSPF as the number of routers on a segment increases. Additional routers flood more LSAs on the segment, and OSPF traffic becomes excessive as OSPF neighbor adjacencies increase. If four routers share the same multi-access network, six OSPF adjacencies form, along with six occurrences of database flooding on a network.
Using the number of edges formula, n (n – 1) / 2, where n represents the number of routers, if 5 routers were present on a segment—that is, 5 (5 – 1) / 2 = 10—then 10 OSPF adjacencies would exist for that segment. Continuing the logic, adding 1 additional router would make 15 OSPF adjacencies on a network segment. Having so many adjacencies per segment consumes more bandwidth, more CPU processing, and more memory to maintain each of the neighbor states.
OSPF overcomes this inefficiency by creating a pseudonode (that is, a virtual router) to manage the adjacency state with all the other routers on that broadcast network segment. A router on the broadcast segment, known as the designated router (DR), assumes the role of the pseudonode. The DR reduces the number of OSPF adjacencies on a multi-access network segment because routers form full OSPF adjacencies only with the DR and not each other. The DR is then responsible for flooding the update to all OSPF routers on that segment as updates occur. Figure 6-8 demonstrates how this simplifies a four-router topology using only three neighbor adjacencies.
If the DR were to fail, OSPF would need to form new adjacencies, invoking all new LSAs, and could potentially cause a temporary loss of routes. In the event of DR failure, a backup designated router (BDR) becomes the new DR; then an election occurs to replace the BDR. To minimize transition time, the BDR also forms a full OSPF adjacency with all OSPF routers on that segment.
The DR/BDR process distributes LSAs in the following manner:
Step 1. All OSPF routers (DR, BDR, and DROTHER) on a segment form a full OSPF adjacency with the DR and BDR. As an OSPF router learns of a new route, it sends the updated LSA to the AllDRouters (224.0.0.6) address, which only the DR and BDR receive and process, as illustrated in Step 1 in Figure 6-9.
Step 2. The DR sends a unicast acknowledgment to the router that sent the initial LSA update, as illustrated in Step 2 in Figure 6-9.
Step 3. The DR floods the LSA to all the routers on the segment via the AllSPFRouters (224.0.0.5) address, as shown in Step 3 in Figure 6-9.
The DR/BDR election occurs during OSPF neighborship—specifically, during the last phase of the 2-Way neighbor state and just before the ExStart state. When a router enters the 2-Way state, it has already received a hello from the neighbor. If the hello packet includes an RID other than 0.0.0.0 for the DR or BDR, the new router assumes that the current routers are the actual DR and BDR.
Any router with the OSPF priority of 1 to 255 on its OSPF interface attempts to become the DR. By default, all OSPF interfaces use a priority of 1. The routers place their RID and OSPF priority in their OSPF hellos for that segment.
Routers then receive and examine OSPF hellos from neighboring routers. If a router identifies itself as a more favorable router than the OSPF hellos it receives, it continues to send out hellos with its RID and priority listed. If the hello received is more favorable, the router updates its OSPF hello packet to use the more preferable RID in the DR field. OSPF deems a router more preferable if the priority for the interface is the highest for that segment. If the OSPF priority is the same, the higher RID is more favorable.
When all the routers have agreed on the same DR, all routers for that segment become adjacent with the DR. Then the election for the BDR takes place. The election follows the same logic as the DR election, except that the DR does not add its RID to the BDR field of the hello packet.
The OSPF DR and BDR roles cannot be preempted after the DR/BDR election. Only upon the failure (or process restart of the DR or BDR) does the election start to replace the role that is missing.
In Figure 6-6, the 10.123.1.0/24 network requires a DR between R1, R2, and R3. The interface role is determined by viewing the OSPF interface with the command show ip ospf interface brief. R3’s interface Gi0/0 is elected as the DR, R2’s Gi0/0 interface is elected as the BDR, and R1’s Gi0/0 interface is DROTHER for the 10.123.1.0/24 network. R3’s Gi0/1 interface is DR because no other router exists on that segment. R2’s Serial1/0 interface is a point-to-point link and has no DR.
R1# show ip ospf interface brief Interface PID Area IP Address/Mask Cost State Nbrs F/C Lo0 1 0 192.168.1.1/32 1 LOOP 0/0 Gi0/0 1 0 10.123.1.1/24 1 DROTH 2/3
R2# show ip ospf interface brief Interface PID Area IP Address/Mask Cost State Nbrs F/C Lo0 1 0 192.168.2.2/32 1 LOOP 0/0 Se1/0 1 1234 10.24.1.1/29 64 P2P 1/1 Gi0/0 1 1234 10.123.1.2/24 1 BDR 2/2
R3# show ip ospf interface brief Interface PID Area IP Address/Mask Cost State Nbrs F/C Lo0 1 0 192.168.3.3/32 1 LOOP 0/0 Gi0/0 1 0 10.123.1.3/24 1 DR 2/2 Gi0/1 1 0 10.3.3.3/24 1 DR 0/0
The neighbor’s full adjacency field reflects the number of routers that have become adjacent on that network segment; the neighbors count field is the number of other OSPF routers on that segment. The first assumption is that all routers will become adjacent with each other, but that defeats the purpose of using a DR. Only the DR and BDR become adjacent with routers on a network segment.
In Example 6-12, R3 wins the DR election, and R2 is elected the BDR because all the OSPF routers have the same OSPF priority, and the next decision is to use the higher RID. The RIDs match the Loopback 0 interface IP addresses, and R3’s loopback address is the highest on that segment; R2’s is the second highest.
Modifying a router’s RID for DR placement is a bad design strategy. A better technique involves modifying the interface priority to a higher value than that of the existing DR. Changing the priority to a value higher than that of the other routers (a default value of 1) increases the chance of that router becoming the DR for that segment on that node. Remember that OSPF does not preempt the DR or BDR roles, and it might be necessary to restart the OSPF process on the current DR/BDR for the changes to take effect.
The priority can be set manually under the interface configuration with the command ip ospf priority 0-255 for IOS nodes. Setting an interface priority to 0 removes that interface from the DR/BDR election immediately. Raising the priority above the default value (1) makes that interface more favorable over interfaces with the default value.
Different media can provide different characteristics or might limit the number of nodes allowed on a segment. Frame Relay and Ethernet are common multi-access media, and because they support more than two nodes on a network segment, the need for a DR exists. Other network circuits, such as serial links, do not require a DR and would just waste router CPU cycles.
The default OSPF network type is set based on the media used for the connection and can be changed independently of the actual media type used. Cisco’s implementation of OSPF considers the various media and provides five OSPF network types, as listed in Table 6-7.
Table 6-7 OSPF Network Types
Type |
Description |
DR/BDR Field in OSPF Hellos |
Timers |
Broadcast |
Default setting on OSPF-enabled Ethernet links. |
Yes |
Hello: 10 Wait: 40 Dead: 40 |
Nonbroadcast |
Default setting on enabled OSPF Frame Relay main interface or Frame Relay multipoint subinterfaces. |
Yes |
Hello: 30 Wait: 120 Dead: 120 |
Point-to-point |
Default setting on enabled OSPF Frame Relay point-to-point subinterfaces. |
No |
Hello: 10 Wait: 40 Dead: 40 |
Point-to-multipoint |
Not enabled by default on any interface type. Interface is advertised as a host route (/32), and sets the next-hop address to the outbound interface. Primarily used for hub-and-spoke topologies. |
No |
Hello: 30 Wait: 120 Dead: 120 |
Loopback |
Default setting on OSPF-enabled loopback interfaces. Interface is advertised as a host route (/32). |
N/A |
N/A |
The OSPF network types are explained in more detail in the following sections.
Broadcast media such as Ethernet are better defined as broadcast multi-access to distinguish them from nonbroadcast multi-access (NBMA) networks. Broadcast networks are multi-access in that they are capable of connecting more than two devices, and broadcasts sent out one interface are capable of reaching all interfaces attached to that segment.
The OSPF network type is set to broadcast by default for Ethernet interfaces. A DR is required for this OSPF network type because of the possibility that multiple nodes can exist on a segment and LSA flooding needs to be controlled. The hello timer defaults to 10 seconds, as defined in RFC 2328.
The interface parameter command ip ospf network broadcast overrides the automatically configured setting and statically sets an interface as an OSPF broadcast network type.
Frame Relay, ATM, and X.25 are considered nonbroadcast multi-access (NBMA) in that they can connect more than two devices, and broadcasts sent out one interface might not always be capable of reaching all the interfaces attached to the segment. Dynamic virtual circuits may provide connectivity, but the topology may not be a full mesh and might only provide a hub-and-spoke topology.
Frame Relay interfaces set the OSPF network type to nonbroadcast by default. The hello protocol interval takes 30 seconds for this OSPF network type. Multiple routers can exist on a segment, so the DR functionality is used. Neighbors are statically defined with the neighbor ip-address command because multicast and broadcast functionality do not exist on this type of circuit. Configuring a static neighbor causes OSPF hellos to be sent using unicast.
The interface parameter command ip ospf network non-broadcast manually sets an interface as an OSPF nonbroadcast network type.
Figure 6-10 demonstrates a Frame Relay topology.
Example 6-13 provides the OSPF configuration over a Frame Relay interface. Notice that the static neighbor configuration is required when OSPF packets cannot be received through broadcast (multicast) discovery.
R1
interface Serial 0/0
ip address 10.12.1.1 255.255.255.252
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay map ip address 10.12.1.2 102
!
router ospf 1
router-id 192.168.1.1
neighbor 10.12.1.2
network 0.0.0.0 255.255.255.255 area 0
The nonbroadcast network type is verified by filtering the output of the show ip ospf interface command with the Type keyword. The following snippet confirms that the interfaces operate as nonbroadcast:
R1# show ip ospf interface Serial 0/0 | include Type Process ID 1, Router ID 192.168.1.1, Network Type NON_BROADCAST, Cost: 64
A network circuit that allows only two devices to communicate is considered a point-to-point (P2P) network. Because of the nature of the medium, point-to-point networks do not use Address Resolution Protocol (ARP), and broadcast traffic does not become the limiting factor.
The OSPF network type is set to point-to-point by default for serial interfaces (HDLC or PPP encapsulation), Generic Routing Encapsulation (GRE) tunnels, and point-to-point Frame Relay subinterfaces. Only two nodes can exist on this type of network medium, so OSPF does not waste CPU cycles on DR functionality. The hello timer is set to 10 seconds on OSPF point-to-point network types.
Figure 6-11 shows a serial connection between R1 and R2.
Example 6-14 displays R1’s and R2’s relevant serial interface and OSPF configuration. Notice that there are not any special commands in the configuration.
R1 interface serial 0/1 ip address 10.12.1.1 255.255.255.252 ! router ospf 1 router-id 192.168.1.1 network 0.0.0.0 255.255.255.255 area 0
R2 interface serial 0/1 ip address 10.12.1.2 255.255.255.252 ! router ospf 1 router-id 192.168.2.2 network 0.0.0.0 255.255.255.255 area 0
Example 6-15 verifies that the OSPF network type is set to POINT_TO_POINT, indicating the OSPF point-to-point network type.
R1# show ip ospf interface s0/1 | include Type
Process ID 1, Router ID 192.168.1.1, Network Type POINT_TO_POINT, Cost: 64
R2# show ip ospf interface s0/1 | include Type
Process ID 1, Router ID 192.168.2.2, Network Type POINT_TO_POINT, Cost: 64
Example 6-16 shows that point-to-point OSPF network types do not use a DR. Notice the hyphen (-) in the State field.
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.2.2 0 FULL/ - 00:00:36 10.12.1.2 Serial0/1
Interfaces using an OSPF P2P network type form an OSPF adjacency quickly because the DR election is bypassed, and there is no wait timer. Ethernet interfaces that are directly connected with only two OSPF speakers in the subnet could be changed to the OSPF point-to-point network type to form adjacencies more quickly and to simplify the SPF computation. The interface parameter command ip ospf network point-to-point manually sets an interface as an OSPF point-to-point network type.
The OSPF network type point-to-multipoint is not enabled by default for any medium. It requires manual configuration. A DR is not enabled for this OSPF network type, and the hello timer is set 30 seconds. A point-to-multipoint OSPF network type supports hub-and-spoke connectivity while using the same IP subnet and is commonly found in Frame Relay and Layer 2 VPN (L2VPN) topologies.
Interfaces set for the OSPF point-to-multipoint network type add the interface’s IP address to the OSPF LSDB as a /32 network. When advertising routes to OSPF peers on that interface, the next-hop address is set to the IP address of the interface even if the next-hop IP address resides on the same IP subnet.
The IOS interface parameter command ip ospf network point-to-multipoint manually sets an interface as an OSPF point-to-multipoint network type.
Figure 6-12 provides a topology example with R1, R2, and R3 all using Frame Relay point-to-multipoint subinterfaces using the same subnet.
Example 6-17 demonstrates the relevant configuration for all three routers.
R1
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial 0/0.123 multipoint
ip address 10.123.1.1 255.255.255.248
frame-relay map ip 10.123.1.2 102 broadcast
frame-relay map ip 10.123.1.3 103 broadcast
ip ospf network point-to-multipoint
!
router ospf 1
router-id 192.168.1.1
network 0.0.0.0 255.255.255.255 area 0
R2
interface Serial 0/1/0
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial 0/1/0/0.123 multipoint
ip address 10.123.1.2 255.255.255.248
frame-relay map ip 10.123.1.1 201 broadcast
ip ospf network point-to-multipoint
!
router ospf 1
router-id 192.168.2.2
network 0.0.0.0 255.255.255.255 area 0
R3
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial 0/0.123 multipoint
ip address 10.123.1.3 255.255.255.248
frame-relay map ip 10.123.1.1 301 broadcast
ip ospf network point-to-multipoint
!
router ospf 1
router-id 192.168.3.3
network 0.0.0.0 255.255.255.255 area 0
Example 6-18 verifies that the interfaces are the OSPF point-to-multipoint network type.
R1# show ip ospf interface Serial 0/0.123 | include Type
Process ID 1, Router ID 192.168.1.1, Network Type POINT_TO_MULTIPOINT, Cost: 64
R2# show ip ospf interface Serial 0/0.123 | include Type
Process ID 1, Router ID 192.168.2.2, Network Type POINT_TO_MULTIPOINT, Cost: 64
R3# show ip ospf interface Serial 0/0.123 | include Type
Process ID 1, Router ID 192.168.3.3, Network Type POINT_TO_MULTIPOINT, Cost: 64
Example 6-19 shows that OSPF does not use a DR for the OSPF point-to-multipoint network type. Notice that all three routers are on the same subnet, but R2 and R3 do not establish an adjacency with each other.
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.3.3 0 FULL/ - 00:01:33 10.123.1.3 Serial0/0.123 192.168.2.2 0 FULL/ - 00:01:40 10.123.1.2 Serial0/0.123
R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 0 FULL/ - 00:01:49 10.123.1.1 Serial0/0.123
R3# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 0 FULL/ - 00:01:46 10.123.1.1 Serial0/0.123
Example 6-20 shows that all the Serial 0/0.123 interfaces are advertised into OSPF as a /32 network and that the next-hop address is set (by R1) when advertised to the spokes nodes.
R1# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks O 10.123.1.2/32 [110/64] via 10.123.1.2, 00:07:32, Serial0/0.123 O 10.123.1.3/32 [110/64] via 10.123.1.3, 00:03:58, Serial0/0.123 192.168.2.0/32 is subnetted, 1 subnets O 192.168.2.2 [110/65] via 10.123.1.2, 00:07:32, Serial0/0.123 192.168.3.0/32 is subnetted, 1 subnets O 192.168.3.3 [110/65] via 10.123.1.3, 00:03:58, Serial0/0.123
R2# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks O 10.123.1.1/32 [110/64] via 10.123.1.1, 00:07:17, Serial0/0.123 O 10.123.1.3/32 [110/128] via 10.123.1.1, 00:03:39, Serial0/0.123 192.168.1.0/32 is subnetted, 1 subnets O 192.168.1.1 [110/65] via 10.123.1.1, 00:07:17, Serial0/0.123 192.168.3.0/32 is subnetted, 1 subnets O 192.168.3.3 [110/129] via 10.123.1.1, 00:03:39, Serial0/0.123
R3# show ip route ospf | begin Gateway Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks O 10.123.1.1/32 [110/64] via 10.123.1.1, 00:04:27, Serial0/0.123 O 10.123.1.2/32 [110/128] via 10.123.1.1, 00:04:27, Serial0/0.123 192.168.1.0/32 is subnetted, 1 subnets O 192.168.1.1 [110/65] via 10.123.1.1, 00:04:27, Serial0/0.123 192.168.2.0/32 is subnetted, 1 subnets O 192.168.2.2 [110/129] via 10.123.1.1, 00:04:27, Serial0/0.123
The OSPF network type loopback is enabled by default for loopback interfaces and can be used only on loopback interfaces. The OSPF loopback network type indicates that the IP address is always advertised with a /32 prefix length, even if the IP address configured on the loopback interface does not have a /32 prefix length.
You can see this behavior by looking at Figure 6-11 with the Loopback 0 interface now being advertised in to OSPF. Example 6-21 provides the updated configuration. Notice that the network type for R2’s loopback interface is set to the OSPF point-to-point network type.
R1
interface Loopback0
ip address 192.168.1.1 255.255.255.0
interface Serial 0/1
ip address 10.12.1.1 255.255.255.252
!
router ospf 1
router-id 192.168.1.1
network 0.0.0.0 255.255.255.255 area 0
R2 interface Loopback0 ip address 192.168.2.2 255.255.255.0 ip ospf network point-to-point interface Serial 0/0 ip address 10.12.1.2 255.255.255.252 ! router ospf 1 router-id 192.168.2.2 network 0.0.0.0 255.255.255.255 area 0
You should check the network types for R1’s and R2’s loopback interface to verify that they changed and are different, as demonstrated in Example 6-22.
R1# show ip ospf interface Loopback 0 | include Type
Process ID 1, Router ID 192.168.1.1, Network Type LOOPBACK, Cost: 1
R2# show ip ospf interface Loopback 0 | include Type
Process ID 1, Router ID 192.168.2.2, Network Type POINT_TO_POINT, Cost:1
Example 6-23 shows R1’s and R2’s routing tables. Notice that R1’s loopback address is a /32 network, and R2’s loopback address is a /24 network. Both loopbacks were configured with a /24 network, but because R1’s Lo0 is an OSPF network type of loopback, it is advertised as a /32 network.
R1# show ip route ospf
! Output omitted for brevity
Gateway of last resort is not set
O 192.168.2.0/24 [110/65] via 10.12.1.2, 00:02:49, Serial0/0
R2# show ip route ospf ! Output omitted for brevity Gateway of last resort is not set 192.168.1.0/32 is subnetted, 1 subnets O 192.168.1.1 [110/65] via 10.12.1.1, 00:37:15, Serial0/0
A secondary function of OSPF hello packets is to ensure that adjacent OSPF neighbors are still healthy and available. OSPF sends hello packets at set intervals, according to the hello timer. OSPF uses a second timer called the OSPF dead interval timer, which defaults to four times the hello timer. Upon receipt of the hello packet from a neighboring router, the OSPF dead timer resets to the initial value, and then it starts to decrement again.
If a router does not receive a hello before the OSPF dead interval timer reaches 0, the neighbor state is changed to down. The OSPF router immediately sends out the appropriate LSA, reflecting the topology change, and the SPF algorithm processes on all routers within the area.
The default OSPF hello timer interval varies based on the OSPF network type. OSPF allows modification to the hello timer interval with values between 1 and 65,535 seconds. Changing the hello timer interval modifies the default dead interval, too. The OSPF hello timer is modified with the interface configuration submode command ip ospf hello-interval 1-65,535.
You can change the dead interval timer to a value between 1 and 65,535 seconds. You change the OSPF dead interval timer by using the command ip ospf dead-interval 1-65,535 under the interface configuration submode.
You view the timers for an OSPF interface by using the command show ip ospf interface, as demonstrated in Example 6-24. Notice the highlighted hello and dead timers.
R1# show ip ospf interface | i Timer|line Loopback0 is up, line protocol is up GigabitEthernet0/2 is up, line protocol is up Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 GigabitEthernet0/1 is up, line protocol is up Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
An attacker can forge OSPF packets or gain physical access to the network. After manipulating the routing table, the attacker can send traffic down links that allow for traffic interception, create a denial-of-service attack, or perform some other malicious behavior.
OSPF authentication is enabled on an interface-by-interface basis or for all interfaces in an area. You can set the password only as an interface parameter, and you must set it for every interface. If you miss an interface, the default password is set to a null value.
OSPF supports two types of authentication:
Plaintext: Provides little security, as anyone with access to the link can see the password by using a network sniffer. You enable plaintext authentication for an OSPF area with the command area area-id authentication, and you use the interface parameter command ip ospf authentication to set plaintext authentication only on that interface. You configure the plaintext password by using the interface parameter command ip ospf authentication-key password.
MD5 cryptographic hash: This type of authentication uses a hash, so the password is never sent out the wire. This technique is widely accepted as being the more secure mode. You enable MD5 authentication for an OSPF area by using the command area area-id authentication message-digest, and you use the interface parameter command ip ospf authentication message-digest to set MD5 authentication for that interface. You configure the MD5 password with the interface parameter command ip ospf message-digest-key key-number md5 password.
Figure 6-13 provides a simple topology to demonstrate the OSPF authentication configuration. Area 12 uses plaintext authentication, and Area 0 use MD5 authentication. R1 and R3 use interface-based authentication, and R2 uses area-specific authentication. The password for all areas is CISCO.
Example 6-25 provides the OSPF authentication configuration.
R1 interface GigabitEthernet0/0 ip address 10.12.1.1 255.255.255.0 ip ospf authentication ip ospf authentication-key CISCO ! router ospf 1 network 10.12.1.0 0.0.0.255 area 12
R2 interface GigabitEthernet0/0 ip address 10.12.1.2 255.255.255.0 ip ospf authentication-key CISCO ! interface GigabitEthernet0/1 ip address 10.23.1.2 255.255.255.0 ip ospf message-digest-key 1 md5 CISCO ! router ospf 1 area 0 authentication message-digest area 12 authentication network 10.12.1.0 0.0.0.255 area 12 network 10.23.1.0 0.0.0.255 area 0
R3 interface GigabitEthernet0/1 ip address 10.23.1.3 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CISCO ! router ospf 1 network 10.23.1.0 0.0.0.255 area 0
You verify the authentication settings by examining the OSPF interface without the brief option. Example 6-26 shows sample output from R1, R2, and R3, where the Gi0/0 interface uses MD5 authentication and the Gi0/1 interface uses plaintext authentication. MD5 authentication also identifies the key number that the interface uses.
R1# show ip ospf interface | include line|authentication|key GigabitEthernet0/0 is up, line protocol is up Simple password authentication enabled
R2# show ip ospf interface | include line|authentication|key GigabitEthernet0/1 is up, line protocol is up Cryptographic authentication enabled Youngest key id is 1 GigabitEthernet0/0 is up, line protocol is up Simple password authentication enabled
R3# show ip ospf interface | include line|authentication|key GigabitEthernet0/1 is up, line protocol is up Cryptographic authentication enabled Youngest key id is 1
Edgeworth, Brad, Foss, Aaron, and Garza Rios, Ramiro. IP Routing on Cisco IOS, IOS XE, and IOS XR. Cisco Press: 2014.
RFC 2328, OSPF Version 2, John Moy, IETF, http://www.ietf.org/rfc/rfc2328.txt, April 1998.
Cisco. Cisco IOS Software Configuration Guides. http://www.cisco.com.
Exam Preparation Tasks
As mentioned in the section “How to Use This Book” in the Introduction, you have a couple choices for exam preparation: the exercises here, Chapter 24, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep software. The questions that follow present a bigger challenge than the exam itself because they use an open-ended question format. By using this more difficult format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. You can find the answers to these questions in the appendix.
Review the most important topics in this chapter, noted with the Key Topic icon in the outer margin of the page. Table 6-8 lists these key topics and the page number on which each is found.
Table 6-8 Key Topics
Key Topic Element |
Description |
Page Number |
Paragraph |
OSPF areas |
|
Paragraph |
OSPF backbone |
|
Paragraph |
Area border routers |
|
OSPF packet types |
||
OSPF neighbor states |
||
Paragraph |
Requirements of neighbor adjacency |
|
Paragraph |
OSPF network statement |
|
Paragraph |
Interface-specific configuration |
|
Paragraph |
External OSPF routes |
|
Paragraph |
The designated router |
|
Paragraph |
Designated router elections |
|
Paragraph |
DR and BDR placement |
|
OSPF network types |
||
Paragraph |
Authentication |
Define the following key terms from this chapter and check your answers in the glossary:
backup designated router (BDR)
Table 6-9 includes the most important includes the most important commands covered in this chapter. It might not be necessary to memorize the complete syntax of every command, but you should be able to remember the basic keywords that are needed.
To test your memory of the commands, go to the companion web site and download the Command Reference Exercises document. Fill in the missing command in the tables based on the command description You can check your work by downloading the Command Reference Exercise Answer Key Appendix also on the companion web site.
The ENARSI 300-410 exam focuses on practical, hands-on skills that are used by a networking professional. Therefore, you should be able to identify the commands needed to configure, verify, and troubleshoot the topics covered in this chapter.
Table 6-9 Command Reference
Task |
Command Syntax |
Initialize the OSPF process |
router ospf process-id |
Enable OSPF on network interfaces that match a specified network range for a specific OSPF area |
network ip-address wildcard-mask area area-id |
Enable OSPF on an explicit specific network interface for a specific OSPF area |
ip ospf process-id area area-id |
Configure a specific interface as passive |
passive interface-id |
Configure all interfaces as passive |
passive interface default |
Advertise a default route into OSPF |
default-information originate [always] [metric metric-value] [metric-type type-value] |
Modify the OSPF reference bandwidth for dynamic interface metric costing |
auto-cost reference-bandwidth bandwidth-in-mbps |
Configure the OSPF priority for a DR/BDR election |
ip ospf priority 0-255 |
Statically configure an interface as a broadcast OSPF network type |
ip ospf network broadcast |
Statically configure an interface as a nonbroadcast OSPF network type |
ip ospf network non-broadcast |
Statically configure an interface as a point-to-point OSPF network type |
ip ospf network point-to-point |
Statically configure an interface as a point-to-multipoint OSPF network type |
ip ospf network point-to-multipoint |
Enable OSPF authentication for an area |
area area-id authentication [message-digest] |
Define the plaintext password for an interface |
ip ospf authentication-key password |
Define the MD5 password for an interface |
ip ospf message-digest-key key-number md5 password |
Restart the OSPF process |
clear ip ospf process |
Display the OSPF interfaces on a router |
show ip ospf interface [brief | interface-id] |
Display the OSPF neighbors and their current states |
show ip ospf neighbor [detail] |
Display the OSPF routes that are installed in the RIB |
show ip route ospf |
3.128.79.88