CCIE: OSPF

CCIE: OSPF

The Basics:

Link state routing protocol. Uses IP protocol 89. Hellos sent on 224.0.0.5.

Uses Dijkstra SPF algorithm independently on each router against the local LSDB to calculate the best routes.

Hellos sent every 10 seconds on LAN and 30 seconds on WAN interfaces. Dead time is 4x hello, so 40sec and 120 sec respectively.

Router ID:

1) Configured “router id”
2) Highest loopback
3) Highest non loopback interface in up/up state.

Hello Process Sanity check:

Pass authentication (verify with “debug ip ospf adj”)
Same primary subnet (no secondaries used for neighbor)
Same OSPF area
Same OSPF area type (NSSA, STUB, etc…)
No duplicate RID’s
Hello/Dead times match

One a multiaccess network (LAN), DR are used to reduce LSDB flooding. Similar in concept to BGP route reflector. DR also create a type 2 LSA for the subnet. Non-DR routers send DD to the DR using 224.0.0.6 (ALL DR), DR ack with unicast DD. DR floods a new DD packet to 224.0.0.5. Highest priority ID wins DR election. Lookback/RID is the tie-breaker.

SPF Calculation: Lowest cost to destination. Uses OUTGOING interface cost.

Design:
Using areas will allow your routers to have smallers per-area LSDB’s ,requiring less memory.
Faster SFP computation due to the small LSDB.
Link failure in one area only requires partial SPF computation in another area.
ROUTES CAN ONLY BE SUMMARIZED ON ABR AND ASBR, this helps shrink the LSDB and improve SPF computation. “summary-address” only used on ASBR, “area X range” used on ABR, make sure that the area is where the actual routes reside/originate”.

E1= Include end-to-end metric
E2= Use metric calculated by ASBR only. (DEFAULT)

The big thing to remember, is that the ABR will not pass the dense type 1 & 2 LSAs, instead using a summary LSA type 3.

Let’s review LSA types real quick.
T1: Router – RID, and interface IP, neighbors, and Stub (one router with no other neighbors) – one per router
T2: Network – Created by DR on subnet, subnet and router interface on subnet WITH DR. – one per transit network (subnet with two or more routers).
T3: Summary – Created by ABR to summarize T1 & T2. Defines subnets and cost but not the topology.
T4: ASBR Summary – Host route to reach ASBR
T5: AS External – Created by ASBR’s for external routes redistributed into OSPF.
T7: NSSA External

Stub Area:

Prevent T5 LSA’s into area and ABR advertises default. Totally stubby areas also prevent T3 LSA’s into area. NSSA, allows routers to be redistributed into the stub area as a T7.

Interface Network Types:

non-broadcast: DR/BDR election, neighbor statement required, unicast hellos, no next-hop modification, so all spokes require recursive lookup
point-to-multipoint: no DR/BDR election, no neighbor, multicast hellos to 224.0.0.5, stub endpoint advertisement (/32) instead of a transit network.

Auto-cost Reference Bandwidth: Change bandwidth on local router to see updated cost. Should be consistent across all routers to prevent SPF based loops. Interface cost= Reference Bandwidth / Interface Bandwidth (this can also be used for P-to-MP neighbor costs).

Capability-Transit: Use non-backbone areas if a shorter path exists for summary LSA (inter-area), on by default. If you want to force the traffic to take the (0) path, issue “no capability-transit” on both ends.

Demand Circuit:

On point-to-point interfaces, only one end of the demand circuit must be configured with the ip ospf demand-circuit command. Periodic hello messages are suppressed and periodic refreshes of link-state advertisements (LSAs) do not flood the demand circuit. This command allows the underlying data link layer to be closed when the topology is stable. In point-to-multipoint topology, only the multipoint end must be configured with this command.

Paranoid flooding: Every 30 minutes re-flood by default. Disable with interface level: “ip ospf flood-reduction”, verify with DoNotAge (DNA) in OSPF LSA Database.

“Flood-War” in debug is an indication of identical router-id’s competing. Loop prevention mechanism.

Conditional Default Route:

router ospf 1
 default-information originate always route-map TRACK
ip prefix-list TRACK seq 5 permit 10.17.1.0/24
!
!
route-map TRACK permit 10
 match ip address prefix-list TRACK
!
Interface fa0/1
ip add 10.17.1.1 255.255.255.0
Reliable Conditional Default:
ip sla 1
icmp-echo 10.17.1.254
timeout 2000
frequency 5
ip sla schedule1 life forever start-time now

Track 1 rtr 1
ip route 127.100.100.10 255.255.255.255 null0 track1

ip prefix-list TRACK seq 5 permit 127.100.100.10/32
Route-map TRACK permit 10
match ip address prefix TRACK
router ospf 1
default-information-originate always route-map TRACK

STUB AREAS:

Allows filtering of the database based on the role of the LSA. Stub flag is sent as part of the hellos, so they must agree.

Stub will remove external T5 LSAs and replace them with a default. T5 LSA is setting the advertising router as it’s router ID and the forward address to 0.0.0.0 In that area, if the forward is set to 0.0.0.0 traffic is directed to the advertising router id. Essentially, it requires the router-id to be found in the database via an LSA T1. This process is causing redundant information in the database due to T1, T4, T5 entires. Specifically, the T5’s and T4’s are replaced with a default.

This also implies that since T5’s are filtered, redistribution cannot occur in a STUB area. The workaround? NSSA.

Totally Stubby Areas:

“area x stub NO-SUMMARY” Inter-Area (T3’s) are removed and replaced with a default. Configured on ABR only.

 

Not So Stubby Areas (NSSA):

“area x NSSA” This generates an LSA T7 instead of a T5. These have N1 and N2 subtypes. Much like E1 and E2. N1 considers the full path where N2 considers only the ASBR metric and not the cost to get to the ASBR. 

When traversing into Area 0, the T7 is converted into a T5. NSSA does NOT automatically generate a default route, but could be added. Important to note that if there are multiple ABR’s the one with the highest Router-ID will do the translations. 

Translate T7 to T5 will instruct the ABR to NOT perserve the value in the forward address field.
“area x nssa translate type7 supress-fa”

 

Not So Totally-Stubby Areas (ARE YOU FREAKING KIDDING ME???!!!):

As if NSSA, STUB, and Totally-Stubby was not confusing enough. We have “Not so totally-stubby areas”. WTF!!!

Basically a combination of Total Stub and NSSA. T3,T4,T5 are replaced with a T3 default, but also allows redistribution into the area as T7’s.

Nuff said!

Summary Routes:

Create the summary (AREA x RANGE x.x.x.x) in the AREA WITH THE ROUTES BEING SUMMARIZED!
When a summary is created on an ABR a null 0 route is created. This could cause a black hole. Override with “no discard-route internal”.

OSPF Resource Limits:

Limit LSA’s in the database: “max-lsa 10000” NON-SELF-GENERATED
Limit Redistribution: “redistribute maximum-prefix 1000”
Limit processor: “process-min-time percent 25”

Verify with “sh ip ospf”
DNS Lookup on Neighbors: “ip ospf name-lookup”
Add local host with “ip host R1  1.1.1.1”

Leave a Reply

Your email address will not be published. Required fields are marked *