Open Shortest Path First (OSPF ) is a link-state routing protocol that was developed as a replacement for the distance vector routing protocol RIP. OSPF is a classless routing protocol that uses the concept of areas for scalability. The Cisco IOS uses bandwidth as the OSPF cost metric. OSPF's major advantages over RIP are its fast convergence and its scalability to much larger network implementations.
OSPF has a default administrative distance of 110. OSPF is a classless routing protocol
OSPF Packet Types
The figure shows the five different types of OSPF LSPs. Each packet serves a specific purpose in the OSPF routing process:
Hello Protocol
Hello packets are used to:
- Discover OSPF neighbors and establish neighbor adjacencies.
- Advertise parameters on which two routers must agree to become neighbors.
- Elect the Designated Router (DR) and Backup Designated Router (BDR) on multiaccess networks like Ethernet and Frame Relay.
Before an OSPF router can flood its link-states to other routers, it must first determine if there are any other OSPF neighbors on any of its links. In the figure, the OSPF routers are sending Hello packets on all OSPF-enabled interfaces to determine if there are any neighbors on those links
Receiving an OSPF Hello packet on an interface confirms for a router that there is another OSPF router on this link. OSPF then establishes adjacency with the neighbor. For example, in the figure, R1will establish adjacencies with R2 and R3.
Before two routers can form an OSPF neighbor adjacency, they must agree on three values: Hello interval, Dead interval, and network type. The OSPF Hello interval indicates how often an OSPF router transmits its Hello packets. By default, OSPF Hello packets are sent every 10 seconds on multiaccess and point-to-point segments and every 30 seconds on non-broadcast multiaccess (NBMA) segments (Frame Relay, X.25, ATM). In most cases, OSPF Hello packets are sent as multicast to an address reserved for ALLSPFRouters at 224.0.0.5. Using a multicast address allows a device to ignore the packet if its interface is not enabled to accept OSPF packets.
The Dead interval is the period, expressed in seconds, that the router will wait to receive a Hello packet before declaring the neighbor "down." Cisco uses a default of four times the Hello interval. For multiaccess and point-to-point segments, this period is 40 seconds. For NBMA networks, the Dead interval is 120 seconds. If the Dead interval expires before the routers receive a Hello packet, OSPF will remove that neighbor from its link-state database. The router floods the link-state information about the "down" neighbor out all OSPF enabled interfaces.
OSPF Link-State Updates
Link-state updates (LSUs) are the packets used for OSPF routing updates. An LSU packet can contain 11 different types of Link-State Advertisements (LSAs), as shown in the figure. The difference between the terms Link-State Update (LSU) and Link-State Advertisement (LSA) can sometimes be confusing. At times, these terms are used interchangeably. An LSU contains one or more LSAs and either term can be used to refer to link-state information propagated by OSPF routers.
The router ospf Command
OSPF is enabled with the router ospf process-id global configuration command. The process-id is a number between 1 and 65535 and is chosen by the network administrator. The process-id is locally significant, which means that it does not have to match other OSPF routers in order to establish adjacencies with those neighbors. This differs from EIGRP. The EIGRP process ID or autonomous system number does need to match for two EIGRP neighbors to become adjacent.
In our topology, we will enable OSPF on all three routers using the same process ID of 1. We are using the same process ID simply for consistency.
R1(config)#router ospf 1
R1(config-router)#
The network command used with OSPF has the same function as when used with other IGP routing protocols:
- Any interfaces on a router that match the network address in the network command will be enabled to send and receive OSPF packets.
- This network (or subnet) will be included in OSPF routing updates.
The network command is used in router configuration mode.
Router(config-router)#network network-address wildcard-mask area area-id
The OSPF network command uses a combination of network-address and wildcard-mask similar to that which can be used by EIGRP. Unlike EIGRP, however, OSPF requires the wildcard mask. The network address along with the wildcard mask is used to specify the interface or range of interfaces that will be enabled for OSPF using this network command. As with EIGRP, the wildcard mask can be configured as the inverse of a subnet mask.
The area area-id refers to the OSPF area. An OSPF area is a group of routers that share link-state information. All OSPF routers in the same area must have the same link-state information in their link-state databases. This is accomplished by routers flooding their individual link-states to all other routers in the area. In this chapter, we will configure all of the OSPF routers within a single area. This is known as single-area OSPF.
When all of the routers are within the same OSPF area, the network commands must be configured with the same area-id on all routers. Although any area-id can be used, it is good practice to use an area-id of 0 with single-area OSPF. This convention makes it easier if the network is later configured as multiple OSPF areas where area 0 becomes the backbone area.
OSPF Router ID
The OSPF router ID is used to uniquely identify each router in the OSPF routing domain. A router ID is simply an IP address. Cisco routers derive the router ID based on three criteria and with the following precedence:
- Use the IP address configured with the OSPF router-id command.
- If the router-id is not configured, the router chooses highest IP address of any of its loopback interfaces.
- If no loopback interfaces are configured, the router chooses highest active IP address of any of its physical interfaces.
If an OSPF router is not configured with an OSPF router-id command and there are no loopback interfaces configured, the OSPF router ID will be the highest active IP address on any of its interfaces. The interface does not need to be enabled for OSPF, meaning that it does not need to be included in one of the OSPF network commands. However, the interface must be active - it must be in the up state.
One command you can use to verify the current router ID is show ip protocols. In those cases, use the show ip ospf or show ip ospf interface commands to verify the router ID.
Loopback Address
If the OSPF router-id command is not used and loopback interfaces are configured, OSPF will choose highest IP address of any of its loopback interfaces. A loopback address is a virtual interface and is automatically in the up state when configured. You already know the commands to configure a loopback interface:
Router(config)#interface loopback number
Router(config-if)#ip address ip-address subnet-mask
The advantage of using a loopback interface is that - unlike physical interfaces - it cannot fail. There are no actual cables or adjacent devices on which the loopback interface depends for being in the up state. Therefore, using a loopback address for the router ID provides stability to the OSPF process
The OSPF router-id command was introduced in IOS 12.0(T) and takes precedence over loopback and physical interface IP addresses for determining the router ID. The command syntax is:
Router(config)#router ospf process-id
Router(config-router)#router-id ip-address
The router ID is selected when OSPF is configured with its first OSPF network command. If the OSPF router-id command or the loopback address is configured after the OSPF network command, the router ID will be derived from the interface with the highest active IP address.
The router ID can be modified with the IP address from a subsequent OSPF router-id command by reloading the router or by using the following command:
Router#clear ip ospf process
When two routers have the same router ID in an OSPF domain, routing may not function properly. If the router ID is the same on two neighboring routers, the neighbor establishment may not occur. When duplicate OSPF router IDs occur, IOS will display a message similar to:
%OSPF-4-DUP_RTRID1: Detected router with duplicate router ID
To correct this problem, configure all routers so that they have unique OSPF router IDs.
Verifying OSPF
The show ip ospf neighbor command can be used to verify and troubleshoot OSPF neighbor relationships. For each neighbor, this command displays the following output:
- Neighbor ID - The router ID of the neighboring router.
- Pri - The OSPF priority of the interface. This is discussed in a later section.
- State - The OSPF state of the interface. FULL state means that the router and its neighbor have identical OSPF link-state databases. OSPF states are discussed in CCNP.
- Dead Time - The amount of time remaining that the router will wait to receive an OSPF Hello packet from the neighbor before declaring the neighbor down. This value is reset when the interface receives a Hello packet.
- Address - The IP address of the neighbor's interface to which this router is directly connected.
- Interface - The interface on which this router has formed adjacency with the neighbor.
When troubleshooting OSPF networks, the show ip ospf neighbor command can be used to verify that the router has formed an adjacency with its neighboring routers. If the router ID of the neighboring router is not displayed, or if it does not show as a state of FULL, the two routers have not formed an OSPF adjacency.
If two routers do not establish adjacency, link-state information will not be exchanged. Incomplete link-state databases can cause inaccurate SPF trees and routing tables. Routes to destination networks may either not exist or may not be the most optimum path. Other powerful OSPF troubleshooting commands include: show ip protocols; show ip ospf; show ip ospf interface
The quickest way to verify Hello and Dead intervals is to use the show ip ospf interface command. OSPF may have different Hello and Dead intervals on various interfaces, but for OSPF routers to become neighbors, their OSPF Hello and Dead intervals must be identical
Two routers may not form an OSPF adjacency if:
- The subnet masks do not match, causing the routers to be on separate networks.
- OSPF Hello or Dead Timers do not match.
- OSPF Network Types do not match.
- There is a missing or incorrect OSPF network command.
A network that cycles between an up state and a down state is referred to as a flapping link. A flapping link can cause OSPF routers in an area to constantly recalculate the SPF algorithm, preventing proper convergence. To minimize this problem, the router waits 5 seconds (5000 msecs) after receiving an LSU before running the SPF algorithm. This is known as the SPF schedule delay. In order to prevent a router from constantly running the SPF algorithm, there is an additional Hold Time of 10 seconds (10000 msecs). The router waits 10 seconds after running the SPF algorithm before rerunning the algorithm again.
Examining the Routing Table
The quickest way to verify OSPF convergence is to look at the routing table for each router in the topology. The show ip route command can be used to verify that OSPF is sending and receiving routes via OSPF. The O at the beginning of each route indicates that the route source is OSPF. You should immediately notice that each router has four directly connected networks because the loopback interface counts as the fourth network. These loopback interfaces are not advertised in OSPF and then unlike RIPv2 and EIGRP, OSPF does not automatically summarize at major network boundaries. OSPF is inherently classless.
OSPF Metric
The OSPF metric is called cost: "A cost is associated with the output side of each router interface. This cost is configurable by the system administrator. The lower the cost, the more likely the interface is to be used to forward data traffic."
The Cisco IOS uses the cumulative bandwidths of the outgoing interfaces from the router to the destination network as the cost value. At each router, the cost for an interface is calculated as 10 to the 8th power divided by bandwidth in bps. This is known as the reference bandwidth. Dividing 10 to the 8th power by the interface bandwidth is done so that interfaces with the higher bandwidth values will have a lower calculated cost. Remember, in routing metrics, the lowest cost route is the preferred route. The figure shows the default OSPF costs for several types of interfaces.
The reference bandwidth can be modified using the OSPF command auto-cost reference-bandwidth. When this command is necessary, it is recommended that it is used on all routers so the OSPF routing metric remains consistent.
You can use the show interface command to view the bandwidth value used for an interface. On Cisco routers, the bandwidth value on many serial interfaces defaults to T1 (1.544 Mbps). However, some serial interfaces may default to 128 kbps. Therefore, never assume that OSPF is using any particular bandwidth value. Always check the default value with the show interface command.
Remember, this bandwidth value does not actually affect the speed of the link; it is used by some routing protocols to compute the routing metric. Most likely, on serial interfaces the actual speed of the link is different than the default bandwidth. It is important that the bandwidth value reflect the actual speed of the link so that the routing table has accurate best path information
When the serial interface is not actually operating at the default T1 speed, the interface requires manual modification. Both sides of the link should be configured to have the same value. Both the bandwidth interface command or the ip ospf cost interface command achieve this purpose - an accurate value for use by OSPF in determining the best route.
Router(config-if)#bandwidth bandwidth-kbps
Modifying the Cost of the Link
An alternative method to using the bandwidth command is to use the ip ospf cost command, which allows you to directly specify the cost of an interface. For example, on R1 we could configure Serial 0/0/0 with the following command:
R1(config)#interface serial 0/0/0
R1(config-if)#ip ospf cost 1562
Obviously, this would not change the output of the show ip ospf interface command, which still shows the cost as 1562. This is the same cost calculated by the IOS when we configured the bandwidth as 64.
Challenges in Multiaccess Networks
Multiaccess networks can create two challenges for OSPF regarding the flooding of LSAs:
- Creation of multiple adjacencies, one adjacency for every pair of routers.
- Extensive flooding of LSAs (Link-State Advertisements).
The creation of an adjacency between every pair of routers in a network would create an unnecessary number of adjacencies. This would lead to an excessive number of LSAs passing between routers on the same network.
To understand the problem with multiple adjacencies, we need to study a formula. For any number of routers (designated as n) on a multiaccess network, there will be n ( n - 1 ) / 2 adjacencies. The figure shows a simple topology of five routers, all of which are attached to the same multiaccess Ethernet network. Without some type of mechanism to reduce the number of adjacencies, collectively these routers would form 10 adjacencies: 5 ( 5 - 1 ) / 2 = 10. This may not seem like much, but as routers are added to the network, the number of adjacencies increases dramatically.
Solution: Designated Router
The solution to managing the number of adjacencies and the flooding of LSAs on a multiaccess network is the Designated Router (DR). On multiaccess networks, OSPF elects a Designated Router (DR) to be the collection and distribution point for LSAs sent and received. A Backup Designated Router (BDR) is also elected in case the Designated Router fails. All other routers become DROthers (this indicates a router that is neither the DR or the BDR). This means that instead of flooding LSAs to all routers in the network, DROthers only send their LSAs to the DR and BDR using the multicast address 224.0.0.6 (ALLDRouters - All DR routers).
DR/BDR elections do not occur in point-to-point networks. Therefore, in a standard three-router topology, R1, R2, and R3 do not need to elect a DR and BDR, because the links between these routers are not multiaccess networks.
For the rest of the discussion on DR and BDR, we will use the multiaccess topology shown in the figure. The names of the routers are different, solely to emphasize that this topology is not the same three-router topology we have been using up to this point.
In this new topology, we have three routers sharing a common Ethernet multiaccess network, 192.168.1.0/24. Each router is configured with an IP address on the Fast Ethernet interface and a loopback address for the router ID.
How do the DR and BDR get elected? The following criteria are applied:
- DR: Router with the highest OSPF interface priority.
- BDR: Router with the second highest OSPF interface priority.
- If OSPF interface priorities are equal, the highest router ID is used to break the tie.
In this example, the default OSPF interface priority is 1. As a result, based on the selection criteria listed above, the OSPF router ID is used to elect the DR and BDR.
As you can see, RouterC becomes the DR and RouterB, with the second highest router ID, becomes the BDR. Because RouterA is not elected as either the DR or BDR, it becomes the DROther.
DROthers only form FULL adjacencies with the DR and BDR, but will still form a neighbor adjacency with any DROthers that join the network. This means that all DROther routers in the multiaccess network still receive Hello packets from all other DROther routers. In this way, they are aware of all routers in the network. When two DROther routers form a neighbor adjacency, the neighbor state is displayed as 2WAY
Timing of DR/BDR Election
The DR and BDR election process takes place as soon as the first router with an OSPF enabled interface is active on the multiaccess network. This can happen when the routers are powered-on or when the OSPF network command for that interface is configured. The election process only takes a few seconds. If all of the routers on the multiaccess network have not finished booting, it is possible that a router with a lower router ID will become the DR. This could be a lower-end router that took less time to boot.
When the DR is elected, it remains the DR until one of the following conditions occurs:
If the DR fails, the BDR assumes the role of DR and an election is held to choose a new BDR.
If a new router enters the network after the DR and BDR have been elected, it will not become the DR or the BDR even if it has a higher OSPF interface priority or router ID than the current DR or BDR. The new router can be elected the BDR if the current DR or BDR fails. If the current DR fails, the BDR will become the DR, and the new router can be elected the new BDR. After the new router becomes the BDR, if the DR fails, then the new router will become the DR. The current DR and BDR must both fail before the new router can be elected DR or BDR.
So, how do you make sure that the routers you want to be DR and BDR win the election? The solution is:
Router(config-if)#ip ospf priority {0 - 255}
OSPF priority value defaults is 1 for all router interfaces. Router ID determined the DR and BDR. But if you change the default value from 1 to a higher value, the router with the highest priority will become the DR and the router with the next highest priority will become the BDR. A value of 0 makes the router ineligible to become a DR or BDR.
Because priorities are an interface-specific value, they provide better control of the OSPF multiaccess networks. They also allow a router to be the DR in one network and a DROther in another. The OSPF interface priority can be viewed using show ip ospf interface command
After doing a shutdown and a no shutdown on the FastEthernet 0/0 interfaces of all three routers, we see the result of the change of OSPF interface priorities.
Redistributing an OSPF Default Route
Now includes a new link to ISP. As with RIP and EIGRP, the router connected to the Internet is used to propagate a default route to other routers in the OSPF routing domain
In OSPF terminology, the router located between an OSPF routing domain and a non-OSPF network is called the Autonomous System Boundary Router (ASBR). The figure shows the ASBR (R1) configured with the Loopback1 IP address and static default route forwarding traffic toward the ISP router:
R1(config)#ip route 0.0.0.0 0.0.0.0 loopback 1
Like RIP, OSPF requires the use of the default-information originate command to advertise the 0.0.0.0/0 static default route to the other routers in the area. If the default-information originate command is not used, the default "quad-zero" route will not be propagated to other routers in the OSPF area.
The command syntax is:
R1(config-router)#default-information originate
R1, R2, and R3 now have a "gateway of last resort" set in the routing table. Notice the default route in R2 and R3 with the routing source OSPF, but with the additional code, E2. For R2, the route is:
O*E2 0.0.0.0/0 [110/1] via 192.168.10.10, 00:05:34, Serial0/0/1
E2 denotes that this route is an OSPF External Type 2 route.
It may be desirable to change the OSPF timers so that routers will detect network failures in less time. Doing this will increase traffic, but sometimes there is a need for quick convergence that outweighs the extra traffic.
OSPF Hello and Dead intervals can be modified manually using the following interface commands:
Router(config-if)#ip ospf hello-interval seconds
Router(config-if)#ip ospf dead-interval seconds
Remember, OSPF Hello and Dead intervals must be equivalent between neighbors. You can verify the loss of adjacency with the show ip ospf neighbor command. The mismatching Hello and Dead intervals can be verified using show ip ospf interface serial 0/0/0 command.
The DR and BDR election process takes place as soon as the first router with an OSPF enabled interface is active on the multiaccess network. This can happen when the routers are powered-on or when the OSPF network command for that interface is configured. The election process only takes a few seconds. If all of the routers on the multiaccess network have not finished booting, it is possible that a router with a lower router ID will become the DR. This could be a lower-end router that took less time to boot.
When the DR is elected, it remains the DR until one of the following conditions occurs:
- The DR fails.
- The OSPF process on the DR fails.
- The multiaccess interface on the DR fails.
If the DR fails, the BDR assumes the role of DR and an election is held to choose a new BDR.
If a new router enters the network after the DR and BDR have been elected, it will not become the DR or the BDR even if it has a higher OSPF interface priority or router ID than the current DR or BDR. The new router can be elected the BDR if the current DR or BDR fails. If the current DR fails, the BDR will become the DR, and the new router can be elected the new BDR. After the new router becomes the BDR, if the DR fails, then the new router will become the DR. The current DR and BDR must both fail before the new router can be elected DR or BDR.
So, how do you make sure that the routers you want to be DR and BDR win the election? The solution is:
Router(config-if)#ip ospf priority {0 - 255}
OSPF priority value defaults is 1 for all router interfaces. Router ID determined the DR and BDR. But if you change the default value from 1 to a higher value, the router with the highest priority will become the DR and the router with the next highest priority will become the BDR. A value of 0 makes the router ineligible to become a DR or BDR.
Because priorities are an interface-specific value, they provide better control of the OSPF multiaccess networks. They also allow a router to be the DR in one network and a DROther in another. The OSPF interface priority can be viewed using show ip ospf interface command
Redistributing an OSPF Default Route
Now includes a new link to ISP. As with RIP and EIGRP, the router connected to the Internet is used to propagate a default route to other routers in the OSPF routing domain
In OSPF terminology, the router located between an OSPF routing domain and a non-OSPF network is called the Autonomous System Boundary Router (ASBR). The figure shows the ASBR (R1) configured with the Loopback1 IP address and static default route forwarding traffic toward the ISP router:
R1(config)#ip route 0.0.0.0 0.0.0.0 loopback 1
Like RIP, OSPF requires the use of the default-information originate command to advertise the 0.0.0.0/0 static default route to the other routers in the area. If the default-information originate command is not used, the default "quad-zero" route will not be propagated to other routers in the OSPF area.
The command syntax is:
R1(config-router)#default-information originate
R1, R2, and R3 now have a "gateway of last resort" set in the routing table. Notice the default route in R2 and R3 with the routing source OSPF, but with the additional code, E2. For R2, the route is:
O*E2 0.0.0.0/0 [110/1] via 192.168.10.10, 00:05:34, Serial0/0/1
E2 denotes that this route is an OSPF External Type 2 route.
Fine-tuning OSPF
It may be desirable to change the OSPF timers so that routers will detect network failures in less time. Doing this will increase traffic, but sometimes there is a need for quick convergence that outweighs the extra traffic.
OSPF Hello and Dead intervals can be modified manually using the following interface commands:
Router(config-if)#ip ospf hello-interval seconds
Router(config-if)#ip ospf dead-interval seconds
Remember, OSPF Hello and Dead intervals must be equivalent between neighbors. You can verify the loss of adjacency with the show ip ospf neighbor command. The mismatching Hello and Dead intervals can be verified using show ip ospf interface serial 0/0/0 command.
Nessun commento:
Posta un commento