Tags

OSPF

OSPF is a link-state interior gateway protocol designed for a large complex network. An IETF standard, OSPF is widely deployed in many large networks. Development began in 1987, and OSPF Version 2 was established in 1991 with RFC 1247. The goal was to have a link-state protocol that is more efficient and scalable than RIP. RFC 2328 (April 1998) is the latest revision to OSPF Version 2.

OSPF runs on top of IP and uses protocol number 89, just as TCP runs on top of IP and uses protocol number 6. OSPF doesn’t use any transport protocol, such as TCP, for reliability. The protocol itself has a reliable mechanism of transportation.

OSPF is a classless routing protocol that supports variable-length subnet masking (VLSM) and discontiguous networks. OSPF employs multicast addresses 224.0.0.5 (all SPF routers) and 224.0.0.6 (designated routers [DR] and backup designated routers [BDR]) to send Hellos and updates. OSPF also provides two types of authentication—plain text and message digest algorithm 5 (MD5).

OSPF uses the Dijkstra algorithm as a part of the routing table calculation process. The Dijkstra algorithm produces the shortest-path tree (SPT). Each router represents itself and its links to the neighbors in an understandable form—link-state advertisements (LSAs). Based on information from the shortest path tree, OSPF can draw the network topology.

Each router in OSPF exchanges information about its cost, type of link, and network information with the other routers. This multistep process is called link-state advertisement (LSA) exchange.

Operation of OSPF

At a very high level, the operation of OSPF is easily explained:

  1. OSPF-speaking routers send Hello packets out all OSPF-enabled interfaces. If two routers sharing a common data link agree on certain parameters specified in their respective Hello packets, they will become neighbors.
  2. OSPF defines several network types and several router types. The establishment of an adjacency is determined by the types of routers exchanging Hellos and the type of network over which the Hellos are exchanged.
  3. Each router sends link-state advertisements (LSAs) over all adjacencies. The LSAs describe all of the router’s links, or interfaces, the router’s neighbors, and the state of the links. Because of the varying types of link-state information, OSPF defines multiple LSA types.
  4. Each router receiving an LSA from a neighbor records the LSA in its link-state database and sends a copy of the LSA to all of its other neighbors.
  5. By flooding LSAs throughout an area, all routers will build identical link-state databases.
  6. When the databases are complete, each router uses the SPF algorithm to calculate a loop-free graph describing the shortest (lowest cost) path to every known destination, with itself as the root. This graph is the SPF tree
  7. Each router builds its route table from its SPF tree.

When all link-state information has been flooded to all routers in an area and neighbors have verified that their databases are identical that is, the link-state databases have been synchronized and the route tables have been built, OSPF is a quiet protocol. Hello packets are exchanged between neighbors as keepalives, and LSAs are retransmitted every 30 minutes. If the network topology is stable, no other activity should occur.

Neighbors and Adjacencies

Before any LSAs can be sent, OSPF routers must discover their neighbors and establish adjacencies. The neighbors will be recorded in a neighbor table, along with the link (interface) on which each neighbor is located and which contains other information necessary for the maintenance of the neighbor.

The tracking of other OSPF routers requires that each router have a Router ID, an IP address by which the router is uniquely identified within the OSPF domain. Cisco routers derive their Router IDs by the following means:

1. If the Router ID has been manually configured using the router-id command, that Router ID is used.

2. If no Router ID has been manually configured, the router chooses the numerically highest IP address on any of its loopback interfaces.

3. If no loopback interfaces are configured with IP addresses, the router chooses the numerically highest IP address on any of its physical interfaces. The interface from which the Router ID is taken does not have to be running OSPF.

Using addresses associated with loopback interfaces has two advantages:

  • • The loopback interface is more stable than any physical interface. It is active when the router boots up, and it only fails if the entire router fails.
  • • The network administrator has more leeway in assigning predictable or recognizable addresses as the Router IDs.

The Cisco OSPF will continue to use a Router ID learned from a physical interface even if the interface subsequently fails or is deleted. Therefore, the stability of a loopback interface is only a minor advantage. The primary benefit is the ability to control the Router ID.

The OSPF router begins a neighbor relationship by advertising its Router ID in Hello packets.

Hello Protocol

The Hello protocol serves several purposes:

  • • It is the means by which neighbors are discovered.
  • • It advertises several parameters on which two routers must agree before they can become neighbors.
  • • Hello packets act as keepalives between neighbors.
  • • It ensures bidirectional communication between neighbors.
  • • It elects Designated Routers (DRs) and Backup Designated Routers (BDRs) on Broadcast and Nonbroadcast Multiaccess (NBMA) networks.

OSPF-speaking routers periodically send a Hello packet out each OSPF-enabled interface. This period is known as the HelloInterval and is configured on a per interface basis. Cisco uses a default HelloInterval of 10 seconds for broadcast networks and 30 seconds for non-broadcast; the value can be changed with the command ip ospf hello-interval. If a router has not heard a Hello from a neighbor within a period of time known as the RouterDeadInterval, it will declare the neighbor down. The Cisco default RouterDeadInterval is four times the HelloInterval and can be changed with the command ip ospf dead-interval.

Each Hello packet contains the following information:

  • • Router ID of the originating router.
  • • Area ID of the originating router interface.
  • • Address mask of the originating interface.
  • • Authentication type and authentication information for the originating interface.
  • • HelloInterval of the originating interface.
  • • RouterDeadInterval of the originating interface.
  • • Router Priority.
  • • DR and BDR.
  • • Five flag bits signifying optional capabilities.
  • • Router IDs of the originating router’s neighbors. This list contains only routers from which Hellos were heard on the originating interface within the last RouterDeadInterval.
  • • When a router receives a Hello from a neighbor, it will verify that the Area ID, Authentication, Network Mask, HelloInterval, RouterDeadInterval, and Options values match the values configured on the receiving interface. If they do not, the packet is dropped and no adjacency is established.
  • • Whenever a router sends a Hello, it includes in the packet the Router IDs of all neighbors listed for the link on which the packet is to be transmitted. If a router receives a valid Hello in which it finds its own Router ID listed, the router knows that two-way communication has been established.
  • • After two-way communication has been established, adjacencies may be established. However, as mentioned earlier, not all neighbors will become adjacent. Whether an adjacency is formed or not depends on the type of network to which the two neighbors are attached. Network types also influence the way in which OSPF packets are transmitted; therefore, before discussing adjacencies, it is necessary to discuss network types.

Route Table

  • • The Dijkstra algorithm is used to calculate the Shortest Path Tree from the LSAs in the link state database.
  • • OSPF determines the shortest path based on an arbitrary metric called cost, which is assigned to each interface. The cost of a route is the sum of the costs of all the outgoing interfaces to a destination. RFC 2328 does not specify any values for cost. Cisco routers calculate a default OSPF cost as 108/BW, where BW is the configured bandwidth of the interface and 108 is the reference bandwidth. As discussed previously, the default reference bandwidth can be changed with the command auto-cost reference-bandwidth. Fractional costs are rounded down to the nearest whole number.
  • • The command ip ospf cost can be used to override the default automatic cost calculations and assign a fixed cost to an interface. LSAs record cost in a 16-bit field, so the total cost of an interface can range from 1 to 65535.

Network Types

OSPF defines five network types:

Point-to-point networks

Point-to-point networks, such as a T1, DS-3, or SONET link, connect a single pair of routers. Valid neighbors on point-to-point networks will always become adjacent. The destination address of OSPF packets on these networks will always be the reserved class D address 224.0.0.5, known as AllSPFRouters.

Broadcast networks

Broadcast networks are multi-access in that they are capable of connecting more than two devices, and they are broadcast in that all attached devices can receive a single transmitted packet. OSPF routers on broadcast networks will elect a DR and a BDR.

Nonbroadcast Multiaccess (NBMA) networks

NBMA networks, such as X.25, Frame Relay, and ATM, are capable of connecting more than two routers but have no broadcast capability. A packet sent by one of the attached routers would not be received by all other attached routers. As a result, extra configuration might be necessary for routers on these networks to acquire their neighbors. OSPF routers on NBMA networks elect a DR and BDR, and all OSPF packets are unicast.

Point-to-multipoint networks are a special configuration of NBMA networks in which the networks are treated as a collection of point-to-point links. Routers on these networks do not elect a DR and BDR, and the OSPF packets are unicast to each known neighbor.

Virtual links, described later, are special configurations that are interpreted by the router as unnumbered point-to-point networks. OSPF packets are unicast over virtual links.

OSPF Packet Details

OSPF Protocol Header Format


Database Description Packet Format


  • Interface MTU— This field contains the largest data size, in bytes, that can be send through the associated interface. This option has been added starting from RFC 2178. This field must be set to 0 when sending the packet over a virtual link.
  • Options— Options for this field were discussed in the previous section on the Hello packet format.
  • I Bit— When set to 1, this means that this is the first packet in DBD exchange.
  • M Bit— When set to 1, this means that more packets will follow.
  • MS Bit— Use this for master and slave. When this bit is set, it means that the router is a master in the DBD exchange process. If this bit is set to 0, it means that the router is the slave.
  • DBD Sequence Number— This field contains a unique value set by the master. This sequence number is used during database exchange. Only a master can increment the sequence number.
  • LSA Header— This field consists of a list of the link-state database headers.

Link-State Request Packet Format


  • LS Type— Identifies what type of LSA is being requested.
  • Link-State ID— Represents the link-state ID of that specific LSA.
  • Advertising Router— Contains the router ID of the router that is originating this LSA.

Link-State Update Packet Format

Link-State Acknowledgment Packet

The last type of OSPF packet, the link-state acknowledgment packet, is used to acknowledge each LSA. This packet is sent in response to link-state update packets. Multiple LSAs can be acknowledged in a single link-state acknowledgment packet. This packet is responsible for the reliable delivery of link-state update packets.

OSPF Areas

OSPF provides two levels of hierarchy throughout an area. An area is a 32-bit number that can be defined such as “Area 0.” Area 0 is a backbone area, which is required if more than one area is configured. All areas must be connected to Area 0.

OSPF has several types of areas, which can be defined according to the needs of a network:

Normal Areas

  • • When the area is defined by default, it is considered a normal or regular area. Normal areas have the following characteristics:
  • • Summary LSAs from other areas are injected.
  • • External LSAs are injected.
  • • External default LSAs can be injected.

Stub Areas

In stub areas, no external LSAs are allowed.

Stub areas have the following characteristics:

  • • Summary LSAs from other areas are injected.
  • • The default route is injected as a summary route.
  • • External LSAs are not injected.

Configuring Area 1 as a Stub Area

RouterF# router ospf 1

area 1 stub

Totally Stubby Areas

Totally stubby areas are the most restricted form of area. Routers in this type of area rely on only the injection of a default summary route from the ABR. No other external or summary information is included in the routing table. This is an extension to the stub area, so all the characteristics are still true for this area. This area has the following characteristics:

  • • No summary LSAs are allowed.
  • • No external LSAs are allowed.
  • • The default route is injected as a summary route.

Configuring the ABR to Make Area 1 Totally Stubby

  • • RouterF# router ospf 1

area 1 stub no-summary

Not-So-Stubby Areas

This is also an extension of the stub area. NSSAs were created to inject external routes from stub areas into the OSPF domain. In the NSSA, when the ASBR injects a route into the AS, it generates a Type 7 LSA. The ABR translates this LSA to a Type 5 LSA, which is propagated to the rest of the autonomous system. The Type 7 LSA flooding scope is within the NSSA area.

NSSAs have the following characteristics:

  • • Type 7 LSAs carry external information within an NSSA.
  • • Type 7 LSAs are converted into Type 5 LSAs at the NSSA ABR.
  • • No external LSA are allowed.
  • • Summary LSAs are injected.

Configuring an NSSA on All the Routers in the NSSA Area

RouterF# router ospf 1

area 1 nssa

Totally Not-So-Stubby Areas

This type of area is an extension to the NSSA. If only one exit point exists, this is the most recommended form of NSSA area type.

  • • No summary LSAs are allowed.
  • • No external LSAs are allowed.
  • • The default route is injected as a summary route.
  • • Type 7 LSAs are converted into Type 5 LSAs at the NSSA ABR.
  • Configuration on the NSSA ABR, for Totally NSSA Area
  • • RouterF# router ospf 1

area 1 nssa no-summary

OSPF LSA Details


LSA Type 1, Router LSAs are produced by every router. This most fundamental LSA lists all of a router’s links, or interfaces, the state and outgoing cost of each link, and any known OSPF neighbors on the link. These LSAs are flooded only within the area in which they are originated.

LSA Type 2, Network LSAs are produced by the DR on every multi-access network. The DR represents the multi-access network and all attached routers as a pseudonode, or a single virtual router. In this sense, a Network LSA represents a pseudonode just as a Router LSA represents a single physical router. The Network LSA lists all attached routers, including the DR itself. Like Router LSAs, Network LSAs are flooded only within the originating area.

LSA Type 3, Network Summary LSAs are originated by ABRs. They are sent into a single area to advertise destinations outside that area. In effect, these LSAs are the means by which an ABR tells the internal routers of an attached area what destinations the ABR can reach. An ABR also advertises the destinations within its attached areas into the backbone with Network Summary LSAs. Default routes external to the area, but internal to the OSPF autonomous system, are also advertised by this LSA type.

LSA Type 4, ASBR Summary LSAs are also originated by ABRs. ASBR Summary LSAs are identical to Network Summary LSAs except that the destination they advertise is an ASBR not a network. The command show ip ospf database asbr-summary is used to display ASBR Summary LSAs .

LSA Type 5, Autonomous System External LSAs, or External LSAs, are originated by ASBRs. They advertise either a destination external to the OSPF autonomous system, or a default route external to the OSPF autonomous system. External LSAs are flooded throughout the autonomous system.

LSA Type 6, Group Membership LSAs are used in an enhancement of OSPF known as Multicast OSPF (MOSPF). MOSPF routes packets from a single source to multiple destinations, or group members, which share a class D multicast address. Although Cisco supports other multicast routing protocols, MOSPF is not supported as of this writing.

LSA Type 7, NSSA External LSAs are originated by ASBRs within not-so-stubby areas (NSSAs). An NSSA External LSA is almost identical to an AS External LSA, as the section on OSPF packet formats shows. Unlike AS External LSAs, which are flooded throughout an OSPF autonomous system, NSSA External LSAs are flooded only within the not-so-stubby area in which it was originated.

LSA Type 8, External Attributes LSAs were proposed as an alternative to running Internal BGP (iBGP), to transport BGP information across an OSPF domain. This LSA has never been deployed on a wide scale, and is not supported in IOS.

LSA Type 9 – 11, Opaque LSAs are a class of LSAs that consist of a standard LSA header followed by application-specific information. The Information field can be used directly by OSPF or indirectly by other applications to distribute information throughout the OSPF domain. Opaque LSAs have been used to add various extensions to OSPF, such as traffic engineering parameters for Multiprotocol Label Switching (MPLS) networks.

OSPF Media Types

For OSPF, media can be divided into four categories:

Multiaccess Media

Multiaccess media includes Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, Token Ring, and similar multiaccess media. OSPF runs as a broadcast network type over these media. The OSPF network type of broadcast is on by default over these media.

In this network type, the DR and the BDR are elected to reduce the flooding on the segment. The multicast capabilities of OSPF are used to form adjacencies and to efficiently distribute the information to other routers on the segment.

In broadcast network types, the interface subnet mask is checked in the Hello packet. If the masks of the two routers are different, an adjacency will not be formed.

Because this network type is on by default, no specific configuration is required for this media.

Multiaccess Media Example,

Point-to-Point Media

Point-to-point media includes HDLC and PPP encapsulation links, Frame Relay/ATM point-to-point subinterfaces, and similar point-to-point interfaces.

The OSPF network type of point-to-point is on by default on these media. No DR or BDR election takes place on this medium type. All the OSPF packets are multicast-based. The reason for sending all OSPF packets as multicast is that, in some cases of unnumbered links, the destination address is not known.

Nonbroadcast Multiaccess Media

Many media fall under this category of nonbroadcast multiaccess (NBMA), including Frame Relay, X.25, SMDS, and ATM. Additional configuration is required for this type of medium. The OSPF network type on these media is nonbroadcast, by default. Several network type options can be defined in this scenario. This medium can be run in several modes under OSPF:

  • • Broadcast model
  • • Point-to-point model
  • • Point-to-multipoint model

Broadcast Model

In the broadcast model, the broadcast network is simulated. DRs and BDRs are elected. The broadcast model can be simulated in two ways:

  • • Configure the network-type broadcast.
  • • Configure the neighbor statement.

Configure the Network Type as Broadcast

RouterA# interface serial 0

encapsulation frame-relay

ip ospf network-type broadcast

The command ip ospf network-type broadcast must be configured on all the routers’ Frame Relay interfaces

OSPF State message’s,

OSPF Adjacencies

OSPF creates adjacencies between neighboring routers for the purpose of exchanging routing information. Not every neighbor becomes adjacent in a broadcast environment. The Hello protocol is responsible for establishing and maintaining an adjacency.

A router can be in several neighbor states:

OSPF Down State

The neighbor state shows DOWN. This state means that no information has been received from the neighbor yet.

OSPF Attempt State

The Attempt state is valid for neighbors on NBMA networks. If a neighbor is in this state, it means that no information is received from this neighbor, but serious effort is being made to contact the neighbor. Serious effort means that this router will constantly send a Hello packet upon every Hello interval to contact the neighbor.

OSPF Init State

Init state is a one-way Hello. Upon receiving this Hello, R2 declares a one-way state because R2 doesn’t see itself (its router ID) in that Hello packet.

OSPF 2-Way State

An OSPF neighbor reaches the 2-way state when bidirectional communication is established. This is the beginning of an OSPF adjacency. The DR and BDR are elected in this state.

OSPF Exstart State

This state is used for initialization of the database synchronization process. Master and slave are elected in this state. The first sequence number for DBD exchange is also decided in this state.

OSPF Exchange State

In the Exchange state, the router describes its entire link-state database through DBD packets. Each DBD sequence is explicitly acknowledged. Only one outstanding DBD packet is allowed at a time. Link-state request packets are also sent in this state to request a new instance of the LSA.

OSPF Loading State

In the Loading state, LS request packets are sent to request the more recent instance of an LSA that has not been received during the exchange process.

OSPF Full State

This state means that the complete information has been exchanged between OSPF neighbors.

Address Summarization

The Cisco OSPF can perform two types of address summarization: inter-area summarization and external route summarization. Inter-area summarization is, as the name implies, the summarization of addresses between areas; this type of summarization is always configured on ABRs. External route summarization allows a set of external addresses to be redistributed into an OSPF domain as a summary address and is configured on ASBRs.

OSPF summarization example.

router ospf 1

network 10.0.0.0 0.7.255.255 area 15

network 10.8.0.0 0.7.255.255 area 0

area 15 range 10.0.0.0 255.248.0.0

Filtering Between Areas

LSA filtering example

router ospf 1

area 25 filter-list prefix area25outbound out

ip prefix-list area25outbound seq 10 deny 192.168.1.0/24

ip prefix-list area25outbound seq 20 permit 0.0.0.0/0 le 32

The OSPF command area PID filter-list prefix specifies the name of a filter list to apply to outbound or inbound LSAs. Outbound lists filter LSAs sent into areas other then the one specified by the command. In our example, the list filters LSAs with addresses originating in area 25 and being sent into non-area 25 areas, such as area 0. Inbound lists filter LSAs as they are sent into area 25.

The first line of the prefix list is clear. The statement denies address 192.168.1.0/24 from being advertised in a type 3 LSA. The second line permits everything else: every address with a mask from length 0 to length 32 bits. This second line is required because there is a implicit “deny all” statement at the end of the prefix list. 192.168.1.0/24 is prevented from being sent in type 3 LSAs outside of area 25. Every other address is permitted.

Authentication

OSPF has the capability of authenticating all packets exchanged between neighbors. Authentication may be by simple passwords or by MD5 cryptographic checksums.

Authentication using simple clear-text passwords (type 1) or MD5 cryptographic checksums (type 2) can be configured. When authentication is configured, it must be configured for an entire area.

To configure type 1 authentication for an area, the command ip ospf authentication-key is used to assign a password of up to eight octets to each interface attached to the area. The passwords do not have to be the same throughout the area, but must be the same between neighbors. Type 1 authentication is then enabled by entering the area authentication command to the OSPF configuration.

interface Serial 0/0

ip ospf authentication-key password

router ospf 1

area 0 authentication

To configure type 2 authentication for an area, the command ip ospf message-digest-key md5 assigns a password of up to 16 bytes and key ID between 1 and 255 to each interface attached to the area. Like type 1, the passwords do not have to be the same throughout the area, but both the key ID and the password must be the same between neighbors. Type 2 authentication is then enabled by entering the area authentication message-digest command to the OSPF configuration.

interface Serial 0/0

ip address 172.20.1.5 255.255.255.252

ip ospf message-digest-key 15 md5 password

router ospf 1

network 10.8.0.0 0.0.255.255 area 0

area 0 authentication message-digest

area 25 authentication message-digest

Regards

SWD

Source : http://www.cisco.com, BSCI Cisco Student Guide

Advertisements