Tag Archives: OSPF

More Routing Part 4 – OSPF Lab Cont…

Continuing on from where we left off in the last post; we have our network set up over frame relay with ospf running and have verified its operation. Great!

Now we add the Ethernet segment and cover the differences between running OSPF on a broadcast network (Ethernet) and a non broadcast network (Frame Relay and point to point)

Just as a reminder, here is our topology:

route4

 

I have router two and three wired up via a 2950, with:

  • Router 2 fa0/0: ip  address 172.23.23.2
  • Router 3 fa0: ip address 172.23.23.3

… and verified operation using ping.

Now we add our networks to the ospf route processes on each router as follows:

r2620(config)#router ospf 1
r2620(config-router)#network 172.23.23.0 0.0.0.255 area 23
r2620(config-router)#^Z

and immediately I get:

r2620#
16:51:52: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on FastEthernet0/0 from LOADING to FULL, Loading Done

Running sh ip route gets me the following table:

r2620#sh ip route
     1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/65] via 172.12.123.1, 00:00:06, Serial0/0.123
     2.0.0.0/32 is subnetted, 1 subnets
C        2.2.2.2 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/65] via 172.12.123.3, 00:00:06, Serial0/0.123
     172.12.0.0/24 is subnetted, 1 subnets
C        172.12.123.0 is directly connected, Serial0/0.123
     172.23.0.0/24 is subnetted, 1 subnets
C        172.23.23.0 is directly connected, FastEthernet0/0

and you can see from the ospf neighbor command that we now have:

Neighbor ID Pri State   Dead Time Address      Interface
1.1.1.1     1   FULL/DR 00:01:47  172.12.123.1 Serial0/0.123
3.3.3.3     1   FULL/DR 00:00:33  172.23.23.3  FastEthernet0/0

Also check this out:

r2620#sh ip ospf int fa0/0
FastEthernet0/0 is up, line protocol is up 
 Internet Address 172.23.23.2/24, Area 23 
 Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
 Transmit Delay is 1 sec, State BDR, Priority 1 
 Designated Router (ID) 3.3.3.3, Interface address 172.23.23.3
 Backup Designated router (ID) 2.2.2.2, Interface address 172.23.23.2
 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
 Hello due in 00:00:01
 Index 1/3, flood queue length 0
 Next 0x0(0)/0x0(0)
 Last flood scan length is 5, maximum is 5
 Last flood scan time is 0 msec, maximum is 0 msec
 Neighbor Count is 1, Adjacent neighbor count is 1 
 Adjacent with neighbor 3.3.3.3 (Designated Router)
 Suppress hello for 0 neighbor(s)
r2620#

You can see the new values for hello and dead times, for a broadcast network – the hello is sent every 10 seconds rather than every 30 as in the NBMA network segments.

Also …

r2610xm#sh ip route ospf
    2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/65] via 172.12.123.2, 15:41:05, Serial0/1
    3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 15:41:05, Serial0/1
    172.23.0.0/24 is subnetted, 1 subnets
O IA    172.23.23.0 [110/65] via 172.12.123.3, 00:46:07, Serial0/1
                    [110/65] via 172.12.123.2, 00:45:58, Serial0/1

You can see from router 1 there are now two routes to the 172.23.23. network, and both have equal weight.

Administrative Distance and Cost

From the routing table we can see the administrative distance and cost indicated by the [110/65]. The administrative distance we know about but how does that cost figure work?

OSPF, being a link state protocol takes the link bandwidth into account, and it calculates the cost figure based on the link bandwidth. The calculation is a simple one being :

100,000,000 / bandwidth in bps

… which for common bandwidth values gives the following costs:

  •  56kbps = 1785
  • T1 line = 64
  • Ethernet = 10
  • 16Mbps Token Ring = 6
  • FDDI / 100Mbps Ethernet = 1

Neighbor ID and RID

The definition for the RID is the highest loopback interface value and we can see that in the examples so far (we only have one loopback on each router so its easy to see). What happens if we have no loopback or if we add more loopbacks, and why are we even using loopbacks, whats wrong with just using the interface IP address?  Well, lets take a look:

In a larger network, chances are there are multiple router interfaces being used, and if one interface goes down, we want to keep the others up and routing. The only time a loopback ever goes down is when we take it down manually, or if the entire router goes down. This makes the loopback an excellent, robust solution for router ID.

IF we don’t have a loopback, we can manually set the router id:

r2610xm(config-router)#router-id 11.11.11.11
Reload or use "clear ip ospf process" command, for this to take effect

Then we pop back to user exec and execute:

r2610xm#clear ip ospf process 
Reset ALL OSPF processes? [no]: yes
r2610xm#
*Feb 15 09:49:40.348: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Feb 15 09:49:40.348: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
r2610xm#

… and our adjacencies are gone, and the process starts to rebuild its route table again. If we go back and execute sh ip ospf ne from router 2 and/or 3, we can see the new RID for router 1.

… and one last point:

When dealing with point to point or point to multipoint connections, there is no designated router.

r2610xm#sh ip ospf ne
Neighbor ID Pri State        Dead Time Address      Interface
2.2.2.2     0   FULL/DROTHER 00:01:34  172.12.123.2 Serial0/1
3.3.3.3     0   FULL/DROTHER 00:01:59  172.12.123.3 Serial0/1
3.3.3.3     0   FULL/ -      00:00:34  172.12.13.3  Serial0/0

I added a serial link between router 1 & 3 and added it to the OSPF router. You can see the state is full/ – . This means there is no DR. Why is this?

The answer lies in the nature of the point to point interface – if one of the routers goes down there is no network left.  In this case, why even have a DR, it is just not required.

Stub Networks.

Often, and especially at the edge of our networks we may find stub areas. In these cases, we really don’t need all the processor loading that the route calculations and communications required. All stub routers really need in most cases is a simple default route. This can be achieved using the default-information originate command.

r2610xm(config-router)#default-information originate ?
 always      Always advertise default route
 metric      OSPF default metric
 metric-type OSPF metric type for default routes
 route-map   Route-map reference
r2610xm(config-router)#default-information originate always ?
 metric      OSPF default metric
 metric-type OSPF metric type for default routes
 route-map   Route-map reference
r2610xm(config-router)#default-information originate always

… and this will propagate a default route even if the ospf router does not have a default route set!

Neighbor Authentication

One of the features of OSPF is that we can secure adjacencies using authentication. We have two types of authentication at our disposal:

  • Clear text (simple)
  • MD5 (Message Digest)

In the real world we would of course use MD5 for authenticating adjacencies, but for the purposes of the lab, we will run both. We will run clear text on the frame relay portion of the lab, and MD5 on the ethernet network.

Here is how we do it:

ip ospf authentication
ip ospf authentication-key ccna

or

ip ospf authentication message-digest
ip ospf authentication-key ccna

… and it is that simple.

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

More Routing Part 3 – OSPF Lab

In this post we are going to bring all of our OSPF knowledge to bear on a lab session. What we have is built on the frame relay again, giving us a backbone area and some loopbacks that we can put where ever we want.

route4

As you can see we have our backbone area; Area 0, and we have three routers that are in area 0 as well as area 1, 2 and 3. This makes them both backbone routers and Area Border Routers.

Just to complicate matters (and you wouldn’t do this in a production LAN, but for a lab, its a great idea) we are going to change the serial interfaces:

  • Router 2 will use Serial 0.123, a multipoint sub interface

Have a think about this topology for a moment. One of the features of OSPF is that we need a DR. In this case that DR has to be Router 1. Why is this? As the hub of this hub and spoke, there is no network without it. It is the only logical choice.  We must therefore rig the election process to make sure that Router 1 always wins. We do this using the ospf priority command on the interfaces of the routers that we do not want to win.

ip ospf priority 0

The next thing to do is fire up the router: router ospf [processID].
The process ID is important because we can run multiple instances of ospf on a router, and we identify which router instance is which using the process ID number. In this case I am going to set it to 1 – lets not over-complicate things, right?

One thing to remember is that the process ID is locally significant only.

So here is our config (For router 2):

router ospf 1
 network 2.2.2.2 0.0.0.0 area 2
 network 172.12.123.0 0.0.0.255 area 0

… and of course the other routers use the same with the appropriate IP addresses, Note that the OSPF command requires wildcards, not subnet masks.

There is an addition we need to make for the hub, and that is the neighbor command: (only used in a hub and spoke topology)

router ospf 1
 network 1.1.1.1 0.0.0.0 area 1
 network 172.12.123.0 0.0.0.255 area 0
 neighbor 172.12.123.2
 neighbor 172.12.123.3

Verify and debug

We have OSPF running and we have our neighbors set up, so what what now? Well now we need to verify that what we think we have set up, has actually been set up. There are a number of commands that can help us here.

On router 1 we can run the following:

r2610xm#sh ip ospf neighbor
Neighbor ID Pri State        Dead Time Address      Interface
2.2.2.2     0   FULL/DROTHER 00:01:49  172.12.123.2 Serial0/1
3.3.3.3     0   FULL/DROTHER 00:01:47  172.12.123.3 Serial0/1

… and we can see the neighbor routers identified by their loopback addresses. We can also see that very quickly after OSPF was started up, the the adjacency was set up with each neighbor and information exchanged – we can see this from the FULL status.

A few notes about some of the variables and labels we see above:

  • Neighbor ID – is the highest IP address on a LOOPBACK interface
  • Priority – The OSPF interface priority at the neighbor end of the link
  • State – Refers to the state of the adjacency
  • Dead Time – The current value of the dead timer
  • Address – IP address of the neighbor (not the same as the ID)
  • Interface – adjacency via this interface
r2610xm#sh ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
      1.0.0.0/32 is subnetted, 1 subnets
 C       1.1.1.1 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
 O IA    2.2.2.2 [110/65] via 172.12.123.2, 00:54:22, Serial0/1
      3.0.0.0/32 is subnetted, 1 subnets
 O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:59:11, Serial0/1
      172.12.0.0/24 is subnetted, 1 subnets
 C       172.12.123.0 is directly connected, Serial0/1

Here we can see our connected routes and our routes to the loopbacks, designated inter area routes. Another good command to run is sh ip int serx/x, which gives us this on R1.

r2610xm#sh ip ospf interface ser0/1
Serial0/1 is up, line protocol is up 
 Internet Address 172.12.123.1/24, Area 0 
 Process ID 1, Router ID 1.1.1.1, Network Type NON_BROADCAST, Cost: 64
 Transmit Delay is 1 sec, State DR, Priority 1
 Designated Router (ID) 1.1.1.1, Interface address 172.12.123.1
 No backup designated router on this network
 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
 oob-resync timeout 120
 Hello due in 00:00:22
 Supports Link-local Signaling (LLS)
 Cisco NSF helper support enabled
 IETF NSF helper support enabled
 Index 1/1, flood queue length 0
 Next 0x0(0)/0x0(0)
 Last flood scan length is 1, maximum is 3
 Last flood scan time is 0 msec, maximum is 4 msec
 Neighbor Count is 2, Adjacent neighbor count is 2 
 Adjacent with neighbor 2.2.2.2
 Adjacent with neighbor 3.3.3.3
 Suppress hello for 0 neighbor(s)

Another useful command is clear ip ospf process. This is an atom bomb of a command because what it will do is restart the ospf processes, which in turn erases all ospf routes in the routing table. Useful if you have a reconfig rather than a change in topology that needs to ripple through the network. 

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

More Routing Part 2 – OSPF

In the last post we defined the terms and parameters for OSPF to work, but there are still a few things we need to dig into before we run the lab.

We had looked at how two routers form an adjacency and we are going to dive a little deeper into that because there are some intermediate stages that we should at least we aware of:

  • Down – no Hello packets received from neighbor
  • Attempt – sending unicast packets to neighbor. This is done via neighbor commands and this is only applicable for NBMA networks, and even then, generally this is only done at the hub.
  • Init – packets received from neighbor
  • 2-way – routers are exchanging information via hello packets. Info includes RID (Router ID – usually the IP Address) which acts as an acknowledgement
  • Exstart – After DR/BDR election, exchange of LSUs can begin. The router with the highest RID begins the exchange and increments the sequence number.
  • Exchange – Database Descriptor Packets (DBD) are exchanged. These contain descriptions of the link state database.
  • Loading – Routers send Link State Requests to their neighbors
  • Full – Router databases are synced and adjacencies have formed.

We will see some (or all) of these states when debugging so it is important that we understand them, or at the very least, are aware of them.

Preventing Routing Loops.

When we looked at RIP and RIPv2 (Distance Vector Routing Protocols) we had two mechanisms for preventing routing loops: poison reverse, (or route poisoning), and split horizon. In Link State Routing Protocols, we don’t have these so how do we prevent routing loops?

As we described in the previous post, the routers don’t advertise routes, they pass link information instead, and that link information is parsed by the router algorithm (Dijkstra, aka Shortest Path First). This means that loops never have a chance to form because if we configure a loop, the algorithm is going to detect it and prevent it before it even has a chance to form.

Router Elections

On any given network segment, there is going to be a designated router that handles the LSUs. So how is the designated router ‘designated’? That happens by election. For each router interface on that particular network segment there is an interface priority value. That value is used to elect the DR (and BDR).

There is one exception to this rule and that is on point to point connections. Although  there is routing going on, because you only have two routers involved, there is no need for a DR/BDR.

Interface Priority

This value is important. This is the value that is used in DR and BDR elections. We can change this value if we want to influence the election, and there are several scenarios where this is desirable.

Default value is 1. Setting to zero will prevent it from becoming DR and BDR. Setting it to 255 will ensure it is always the DR. We’ll see this in more detail in the lab.

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

More Routing Part 1 – OSPF

This next section is a long one. We are going to take a look at the Open Shortest Path First, or OSPF routing protocol. In this first post we look at some theory and then in the later posts we will run some labs for illustration.

OSPF is a completely different animal compared to RIP. Where RIP is a distance vector routing algorithm, OSPF is a link state algorithm. OK, so what is the difference?

Link State vs Distance Vector

Distance Vector protocols send full routing updates on a regular basis. In the case of RIP, it is every 30 seconds. Thats a lot of processing and overhead. With RIP, each routing packet holds the state of 25 routes. On a small network this is no big deal but when you start working with larger networks, with hundreds of routes, this can become a lot of overhead. The packets have to be unpacked, each route examined, compared to the current routing table and then discarded or acted upon.

What this means is that on a smaller network, RIP and RIPv2 might work just fine, but once the network scales up, RIP’s overhead in terms of processor time and packet processing gets to be prohibitive. There are better ways to describe routes that have a much lower overhead, and this is where Link State Protocols come in.

Link State Protocols do not send routes and metrics, they send Link State Advertisements, or LSAs. The LSA describes the state of a routers LINKS, and the COST (the metric link state uses – like hops in RIP). The router runs an algorithm on the LSA info and determines the correct routing path(s). The algorithm used for this is the Shortest Path First algorithm, also known as the Dijkstra algorithm.

Another big difference is that the LSAs are only sent when there is a change in network topology. This is an important difference because it reduces the overhead that is involved with regular update packets.

The last major difference is that in larger networks, Link State Protocols limit the scope of flooding information to defined areas. Link information is not flooded by each router in the network to every other router, just to routers in its area. This again, limits traffic on the network and promotes aggregate routes.

A side effect of limiting the scope of flooding, is that the routers form a hierarchy, and to pick the ‘lead’ router, and election is held – more on that later. Also, because the lead router (known as the Designated Router or DR) is is doing the work on an area by area basis, convergence is faster than distance vector algorithms.

So how does OSPF work?

To understand how OSPF works, there are a number of concepts that we need to understand first. These are the foundations that OSPF is built on. We need to get to grips with:

  • Neighbors
  • Adjacency
  • Areas
  • Router Types and Roles

Once we have that down, and we understand the mechanism for building a routers routing table, we can start diving deeper into things like LSA types, Timers, designated routers and backup routers, elections etc.

The basic process for OSPF is this:

  • Before LSAs can be exchanged, the routers have to discover each other and become neighbors.
  • Once they are neighbors, they form something called an adjacency,
  • LSAs are packaged into link state updates (LSUs) for sending to adjacent routers
  • LSAs are received, calculations made, route table built.

So how does that work?

Neighbors

So what are neighbors? A neighbor router is one on the same segment or one physically connected to another. They can exchange Hello packets but do not exchange LSUs.

There are some values that neighbors need to agree on before becoming neighbors:

  • Subnet number and mask
  • hello and dead timers

Adjacency

An adjacency is simply two neighbors who also exchange LSUs.

Areas

Areas are essentially defined groups of routers. There are several types of area:

  • Backbone (Area 0)
  • Standard Area
  • Stub Area
  • Totally Stubby area
  • Not so stubby area

By defining groups we can limit the scope of the calculations and scope of the network and we will see how this works in some of the examples. The easiest to visualize is the stub. A stub network needs only a gateway route and does not need to understand any other part of the network.

Also note that area 0 is always the backbone.

Router Types

OSPF designates a number of different router types. The type of the router is dependent on where the router is in the overall topology. Routers can be multiple types at the same time depending on their position in the network.

  • backbone routers
  • Internal Routers
  • Area Border Routers (ABR)
  • Autonomous System Boundary Routers (ASBR)

Router Roles

In order to limit the scope of work that needs to be done by each router to create its own routing table, we can assign each router roles in the network. The designated router and backup designated router handle adjacency changes.

The DR and BDR are chosen by election. All other routers are classed as DR Other.

  • DR – Designated Router –
  • BR – Backup Designated Router – If the DR fails, the BDR takes over
  • DROTHER – just another router

The process is that if a router detects a network change, it will let the DR know, and DR will flood the change to all the non DR routers. This limits network traffic overhead.

In order to elect the DR and BDR, we use the variable; OSPF interface priority. By default, this value is 1. We can change this level in order to influence the election.

Hello Packets

This is the heartbeat of OSPF. The hello packet has a two fold purpose –

  • Discovery – who is out there? Who are my neighbors?
  • Keep Alive – remember me, I am still here.

The packets are sent every 10 seconds on a broadcast link (like an Ethernet network) and 30 seconds on a direct connection, like a serial link.

Hello and Dead Timers

The hello timer defines how often hello packets are sent to 224.0.0.5

The Dead timer defines how long an ospf router will wait to hear from its neighbors – if it doesn’t hear for a while it assumes the neighbor is no longer there.

The dead time is always 4 x the hello time and it does dynamically change.

 

… and a final note on …

Wildcard Masks

While we didn’t have to use these with RIP, we do need to use these with OSPF or EIGRP. A wildcard mask is very similar to a subnet mask:

In this example, the network address is A.B.C as described by the subnet mask, with the octet D being the host address.

 
 A . B . C . D
255.255.255. 0
0 . 0 . 0 .255

A wildcard is just another way of expressing this; with zero being the bits I care about and 1 (as indicated by the 255) being the bit I don’t care about.

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Routing Protocols Overview

We need to understand how routing works. Once we have mastered the static route, we realise that while static routes are ok for very small networks, we need dynamic routing for medium and large networks, and there are a number of protocols we need to study.

 

routing-protocol1

RIP

The first protocol is RIP (Routing information protocol). Rip is an old protocol, based on distance vectors. It is easy to configure, and comes in two flavors, version 1 and version 2. We need to be aware of both, but will only ever deploy version 2.  RIP Version 1 does not understand VLSM (Variable Length Subnet Masks) and will treat each IP address as its class (A, B or C)

RIP version 2 moves away from that and enables the use of classless IP addresses and in modern networks is by far the preferred version. There is one drawback with RIP however and that is the speed at which it can update routes. In smaller network, if a route changes, that change needs to be communicated quickly and RIP can take 30 seconds or more to communicate change.

IGRP, OSPF, ISIS, EIGRP

These protocols are covered in the second part of the course, for now we just have to know that they exist.

BGP

A quick note about BGP (Border Gateway Protocol). RIP, IGRP, OSPF and ISIS are interior routing protocols. This means they are targeted at working within small to large networks, but BGP is targeted at working within the internet itself, and is an exterior (or Border) routing protocol. It is very much like RIP in that it is distance vector based, and slow to react to changes in routing, however this slowness is in this case a good thing. BGP can get quite involved, and happily, we don’t need to know anything about BGP for the CCENT.

 

Routing and the Ethernet frame.

A quick note about the Ethernet frame itself – while this is not an exact representation of the Ethernet frame, what I am trying to convey here is that the MAC addresses change on each hop, but the connection information, ie; port and IP address do not.

Ethernet

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone