OSPF Configuration

 

Step 1 Enter OSPF configuration mode for a particular OSPF process using the global command:

 

router ospf process-id

 

Step 2 (Optional) Configure the OSPF router ID by:

 

a.      Configuring the  router subcommand:

 

router-id id-value 

 

b.      Configuring an IP address on a loopback interface

 

Step 3  Configure one or more router subcommands:

network ip-address wildcard-mask area area id

 

with any matched interfaces being added to the listed area.

 

Step 4  (Optional) Change the interface Hello and Dead intervals using interface subcommands:

 

• ip ospf hello-interval time
• ip ospf dead-interval time

 

Step 5  (Optional) Impact routing choices by tuning interface cost as follows:

 

a.      Configure costs directly using the interface subcommand:

 

ip ospf cost value

 

b.      Change the interface bandwidths using the interface subcommand:

 

bandwidth value

 

c.       Change the numerator in the formula to calculate the cost based on the interface bandwidth using the router subcommand:

 

Auto-cost reference-bandwidth value

 

Step 6  (Optional) Configure OSPF authentication:

           

a.      On a per-interface basis using the interface subcommand:

 

ip ospf authentication

 

b.      For all interfaces in an area using the router subcommand:

 

area authentication

 

 

Step 7  (Optional) Configure support for multiple equal-cost routes using the router subcommand:

         maximum-paths number

 

 

OSPF Single-Area Configuration

 

OSPF configuration is somewhat similar to RIP configuration in a single OSPF area configuration.

 

Example:

interface ethernet 0/0

ip address 10.1.1.1 255.255.255.0

interface serial 0/0

ip address 10.1.4.1 255.255.255.0

interface serial 0/1

ip address 10.1.6.1 255.255.255.0

 

!

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

 

• The router ospf 1 global command puts the user in OSPF configuration mode.
• You may sometimes run multiple process in a single router, therefore you use a process-id to distinguish between the processes.
  • The process-id does not have to match on each router, and it can be any integer between 1 and 65,535.
• The network command tells a router to:
  • Enable OSPF on each matched interface
  • Discover neighbors on that interface
  • Assign the interface to that area
  • Advertise the subnet connected to each interface
  • The wild-card style mask uses the style like the ones used for IP ACLs
    • The OSPF wildcard mask must have only one string of consecutive binary 1s and one string of binary 0s.
      • Example:

0.0.255.255 – good

0.255.255.0 – no good

Another Example:

 

interface ethernet 0/0

ip address 10.1.1.1 255.255.255.0

interface serial 0/0

ip address 10.1.4.1 255.255.255.0

interface serial 0/1

ip address 10.1.6.1 255.255.255.0

!

router ospf 1

network 10.1.1.1 0.0.0.0 area 0

network 10.1.4.1 0.0.0.0 area 0

network 10.1.6.1 0.0.0.0 area 0

 

 

• The configuration also enables OSPF on every interface.
• In this case, the IP address for each interface is matched with a different network command.
• The wildcard mask of 0.0.0.0 means that all 32 bits must be compared, and they must match
  • so the network commands include the specific IP address of each interface, respectively
• Many people prefer this style of configuration in production environment because it removes any ambiguity about the interfaces on which OSPF is running.

OSPF Configuration with Multiple Areas

 

• The configuration syntax is the same as the single area configuration
• What you need to keep in mind when configuring is what area a certain interface in a router should be placed (ex. Area 0 or Area 1)
  • Example:

network 10.1.4.1 0.0.0.0 area 1

network 10.1.6.1 0.0.0.0 area 0

 

Show ip route ospf

Lists OSPF-learned routes, as opposed to the entire IP routing table

 

          

 

Note     examine the results of show ip route and show ip route ospf commands. Pay special attention to the O designation and IA designation on each route and how they are interpreted.

 

Configuring the OSPF Router ID

 

• OSPF-speaking routers must have a Router ID (RID) for proper operation.
• Process for router to find RID

•  
  1. If the router-id rid OSPF subcommand is configured, use the value.
  2. If any loopback interfaces have an IP address configured and the interface has a line and protocol status of up/up, the router picks the highest numeric IP address among the up/up loopback interfaces.
  3. the router picks the highest numeric IP address from all other working (up/up) interfaces.

• To configure loopback interfaces:

interface loopback interface-number

 

• a loopback interface is a virtual interface that is always “up and up” unless administratively placed in shutdown state.
• Each router chooses its OSPF RID when OSPF is initialized.
  • Initialization happens during the initial load of IOS.
  • If OSPF comes up and later other interfaces come up that happen to have higher IP address, the OSPF RID does not change until the OSPF process is restarted.
  • OSPF can be restarted with the command:

 

clear ip ospf process

 

show ip ospf neighbor	The command to list the Router ID of the neighbor
show ip ospf	Lists the router’s own RID

                                   

                                   

OSPF Hello and Dead Timers

 

A mismatch on either Hello and Dead timers will cause two potential neighbors to never become neighbors

 

show ip ospf interface – Can be used to see the current settings of the timers, as well as other relevant configuration on the specific OSPF interfaces. For instance, this command lists the area number, OSPF cost, and any neighbors known on each interface.

 

 

To configure the Hello and Dead interval, us the following interface subcommands:

 

            ip ospf hello-interval value

      ip ospf dead-interval value

 

Interestingly, if the Hello interval is configured, IOS automatically reconfigures the interface’s dead interval to be 4 times the Hello interval.

 

OSPF Metrics (Cost)

 

• To calculate, OSPF adds up the costs for each outgoing interface OSPF costs.
• The OSPF cost for an interface can be configured, or a router can calculate cost based on the interface’s bandwidth settings.
  • The bandwidth setting on an interface can be configured with the interface subcommand:

bandwidth

 

• On Ethernet interfaces, the bandwidth reflects the current negotiated speed:
  • 10,000 for 10Mbps
  • 100,000 for 100mbps
• For serial interfaces, the bandwidth defaults to:
  • 1544 for 1.544Mbps, or T1 speed.

IOS chooses an interface’s cost based on the following rules:

 

1.       Explicitly set the cost, to a value between 1 and 65,535, using the interface subcommand:

 

ip ospf cost x

 

2.       IOS can calculate a value based on the generic formula Ref-BW / Int-BW, where Ref-BW is a reference bandwidth that defaults to 100Mbps, and Int-BW is the interface’s bandwidth setting.

 

3.       The reference bandwidth can be configured from its default setting of 100 (100 Mbps) using the router OSPF subcommand auto-cost reference-bandwidth ref-bw, which in turn affects the calculation of the default interface cost.

 

Note of some potentially confusing part when considering the formulas above:

 

·         The Ethernet interface bandwidth defaults to use kbps

·         The reference bandwidth defaults a Mbps value

 

For instance:

·         Ethernet interfaces uses bandwidth = 10,000 (meaning 10,000 kbps)

·         The reference bandwidth defaults to a value = 100 (meaning 100 Mbps)

 

Therefore, when we convert both to use Mbps:

 

            Ref-BW    100Mbps

                        ———-  =  ———— 

            Int-Bw        10Mbps

 

OSPF Authentication

 

• The lack of authentication opens the network to attacks in which an attacker connects a router to the network, with the legitimate routers believing the OSPF data from the rogue router
  • As a result the attacker can easily cause a denial-of-service attack by making all routers remove the legitimate routes to all subnets, instead installing routes the forward packets to the attacking router.
• The attacker can also perform a reconnaissance attack, learning information about the network by listening for and interpreting the OSPF messages.

 

OSPF Authentication Types

Type	Meaning	Command to Enable Authentication	When the Password is Configured With
0	None	ip ospf authentication null	—–
1	Clear Text	ip ospf authentication	ip ospf authentication-key key-value
2	MD5	ip ospf authentication message-digest	ip ospf message-digest-key key number Md5 key-vlaue

 

This is a bullet-ized summary of Wendell Odom’s chapter on OSPF.

OSPF Protocols and Operation

3 major categories:

• Neighbors – OSPF routers first form a neighbor relationship that provides a foundation for all continuing OSPF communications.
  • OSPF neighbor table – show ip ospf neighbor 
• Database Exchange – after routers become neighbors, they exchange the contents of their respective LSBDs.
  • OSPF LSBD – show ip ospf database 
• Route Calculation – it uses the Dijkstra Shortest Path First (SPF) algorithm to calculate the now-best routes and add those to the IP routing table.
  • IP routing table – show ip route

OSPF Neighbors

• Definition: another router that connects to the same data link with which the first router can add and should exchange routing information using OSPF. 
• Purpose of OSPF neighbor relationship:
  • Neighbors check and verify basic OSPF settings before exchanging routing information – settings that must match for OSPF to work correctly.
  • Second, the ongoing process of one router knowing when the neighbor is healthy, and when the connection to a neighbor has been lost, tells the router when it must recalculate the entries in the routing table to reconverge to a new set of routes. 

OSPF Hello Process

•  
  • Defines how neighbors can be dynamically discovered, which means that new routers can be added to a network without requiring every router to be configured.
    • The process starts with messages called OSPF Hello messages.
    • The Hellos in turn list each other router’s Router ID (RID), which serves as each router’s unique name or identifier for OSPF.
    • Finally, OSPF does several checks of the information in the Hello messages to ensure that the two routers should become neighbors.

Identifying OSPF Routers with a Router ID

• Neighbors need a way to know which router sent a particular OSPF message
• OSPF LSDB lists a set of Link State Advertisements (LSA), some of which describe each router in the internetwork, so the LSDB needs a unique identifier for each router.
• OSPF router ID (RID) – 32-bit numbers written in dotted decimal, so using an IP address is a convenient way to find a default RID. It can also be manually configured.

Meeting Neighbors by Saying Hello

OSPF routers can become neighbors if they are connected to the same subnet.

To discover other OSPF- speaking routers, a router sends multicast OSPF Hello packet to each interface and hopes to receive OSPF Hello packets from other routers connected to those interfaces.

Hello messages have the following features:

• The Hello message follows the IP packet header, with IP packet protocol type 89.
• Hello packets are sent to multicast IP address 224.0.0.5, a multicast IP address intended for all OSPF-speaking routers.
• OSPF routers listen for packets sent to IP multicast address 224.0.0.5, in part hoping to receive Hello packets and learn about new neighbors.
• Hello messages include:
  • Sending router’s RID
  • Area ID
  • Hello Interval
  • Dead Interval
  • Router priority
  • The RID of the designated router
  • The RID of the backup designated router
  • And a list of neighbors that the sending router already knows about on the subnet
• A two-way state happens when a router A receives a Hello back from another router B and it includes router A’s own RID is on it. At this point they can start exchanging LSAs

Potential Problems in Becoming a Neighbor

With OSPF, routers on the same subnet must agree about several of the parameters exchanged in the Hello; otherwise, the routers simply do not become neighbors.

The following must match before a pair of routers becomes neighbors:

• Subnet mask used on the subnet
• Subnet number (as derived using the subnet mask and each router’s interface IP address)
• Hello interval (10sec)
• Dead interval (4 x Hello Interval = 40sec)
• OSPF area ID
• Must pass authentication checks (if used)

• Value of the stub area flag (beyond CCNA)

Neighbor States

show ip ospf neighbor

Most common command to list the neighbors and neighbor states.

 

• Down State – in cases when a router previously knew about a neighbor, but the interface failed, the neighbor is listed as Down state.
• Init State – a state where the neighbor transitions to when as soon as the interface comes up and the two routers can send Hellos. Init means that the neighbor relationship is being initialized.
• Two-way State – a router changes from Init to a two-way state when two major facts are true:
  • a received Hello lists that router’s RID as having been seen,
  • and that router has checked all parameters for the neighbor and they look good.

 These two facts mean that the router is willing to communicate with this neighbor.

 

• Full State – both routers know the exact same LSDB details and are fully adjacent.  

 

 

 

OSPF Topology Database Exchange

OSPF routers exchange the contents of their LSDBs so that both neighbors have an exact copy of the same LSDB at the end of the database exchange process—a fundamental principle of how link-state routing protocols work.

 Overview of the OSPF Database Exchange Process

Step 1     Based on the OSPF interface type, the routers may or may not collectively elect a Designated Router (DR) and Backup Designated Router (BDR).

Step 2     For each pair of routers that need to become fully adjacent, mutually exchange the contents of their respective LSDBs.

Step 3     When completed, the neighbors monitor for changes and periodically reflood LSAs while in the Full (fully adjacent) neighbor state.

Choosing a Designated Router

Several OSPF interface types (two relevant for CCNA exam):

o        Point-to-point

o        Broadcast

These OSPF interface types make a general reference to the type of data-link protocol used. As you might guess from the names, the point-to-point type is intended for use on point-to-point links, and the broadcast type is for use on data links that support broadcast frames, such as LANs.

• A DR is not required on point-to-point links and therefore should continue working to exchange topology information and become fully adjacent.
• On broadcast data links where a DR is elected, the topology exchange process happens between the DR and every other router, but not between every pair of routers.
• All routers learn the routing information from all the other routers through the DR
• The DR concept prevents overloading a subnet with too much OSPF traffic when many routers are on a subnet.

Backup DR

• The Backup DR (BDR) can take over as the DR if the primary DR fails or loses connectivity.

NOTE All non-DR and non-BDR routers attempt to become fully adjacent with both the DR and BDR.

DR Election

• The router sending the Hello with the highest OSPF priority setting becomes the DR.
• If two or more routers tie with the highest priority setting, the router sending the Hello with the highest RID wins.
• It’s not always the case, but typically the router with the second-highest priority becomes the BDR.
• A priority setting of 0 means that the router does not participate in the election and can never become the DR or BDR.
• The range of priority values that allow a router to be a candidate are 1 through 255.
• If a new, better candidate comes along after the DR and BDR have been elected, the new candidate does not preempt the existing DR and BDR.

Database Exchange

Routers don’t just send the entire database when exchanging information.

• The routers first exchange a list of each other’s LSA (not the contents of the LSA, just a list).
• Each compare their lists against their own LSBD and if they don’t have a copy of a certain LSA on their list, they then ask the other router to send just the missing copy. This time the other router will send the full LSA
• When the process is complete, the OSPF uses the Full neighbor state to mean that the database exchange process has been completed.

Maintaining the LSDB While Being Fully Adjacent

• Hellos continues to be sent every Hello interval
• If the topology changes, the affected router will immediately send LSAs to neighbors so they can update their LSBDs
• The router that creates each LSA refloods the LSA every 30 minutes, regardless of whether there’s a change or not
• The router doesn’t send all routes every 30 minutes. Instead, each LSA has a timer based on when it was created and it is reflooded every 30 minutes from that point when it was created.
• Not all routers become fully adjacent; the nonDR or nonBDR routers become neighbors but do not exchange LSAs directly.

Building the IP Routing Table

After all routers have their complete LSBD tables, they start to calculate the correct routes and fill in the routing table.

• Each router runs the Dijkstra SPF algorithm against the OSPF topology database, choosing the best routes based on that process.
• The OSPF topology database consists of lists of subnet numbers (called links, hence the name link-state database).
• It also contains lists of routers, along with links (subnets) to which each router is connected.
• Each router uses the Dijkstra SPF algorithm, as applied to the OSPF LSBD, to find the best route from that router to each subnet.
• The algorithm finds the shortest path from that router to each subnet in the LSDB.
• Then the router places the best route to each subnet in the IP routing table.
• OSPF chooses the least-cost route between the router and a subnet by adding up the outgoing interfaces’ OSPF costs.

Scaling OSPF Through Hierarchical Design

• A larger topology database requires more memory on each router.
• Processing the larger-topology database with the SPF algorithm requires processing power that grows exponentially with the size of the topology database.
• A single interface status change (up to down or down to up) forces every router to run SPF again!

OSPF Areas

• OSPF areas break up large networks so that routers in one area know less topology information about the subnets in the other area – and they do not know about the routers in the other area at all.

OSPF Design Terminology

Term	Desription
Area Border Router (ABR)	An OSPF router with interfaces connected to the backbone area and to at least one other area
Autonomous System Border Router (ASBR)	An OSPF router that connects to routers that do not use OSPF for the purpose of exchanging external routes into and out of the OSPF domain.
Backbone Router	A router in one area, the backbone area
Internal Router	A router in a single non-backbone area.
Area	A set of routers and links that share the same detailed LSDB information, but not with routers in other areas, for better efficiency.
Backbone Area	A special OSPF area to which all other areas must connect. Area 0.
External Route	A route learned from outside the OSPF domain and then advertised into the OSPF domain.
Intra-area Route	A route to a subnet inside the same area as the router
Inter-area Route	A route to a subnet in an area of which the router is not a part.
Autonomous System	In OSPC, a reference to a set of routers that use OSPF

 

OSPF Area Design Advantages

• Pages 360-361