OSPF-Open Shortest Path First

De citit: http://fengnet.com/book/OSPFandISIS/

1. Generalitati
OSPF is an open-standard classless link-state protocol which was designed as a need for a high-functionality non-proprietary routing protocol for TCP/IP. A ajuns la versiunea 3 pentru IPv6 si probabil in viitoar OSPFv3 va schimba si informatii de rutare pentru IPv4. OSPF foloseste algoritmul Dijkstra (autor Edsger Dijkstra), numit si algoritmul SPF (Shortest Path First) pentru alegerea cailor optime, acelasi ca si pentru protocolul ISO IS-IS. Characteristic of link-state protocols: - respond quickly to network changes = fast convergence; - triggered updates are sent whenever ther is a topology change; - periodic update are sent at long intervals (like 30 minutes) known as link-state refresh. OSPF foloseste conceptul de design ierarhic multi-area optimizand: RAM prin reducerea dimensiunii LSDB si a RIB-ului, CPU - timp si resurse procesor necesare gasirii cailor optime prin analiza unui LSDB mai redus, BW/RAM/CPU - reducerea numarului de mesaje OSPF trimise dintr-o arie in alta prin posibile sumarizari sau/si filtrari pe routerele ce separa ariile OSPF, BW/RAM/CPU prin sumarizarea informatiilor prezente in LSA-uri 1 si 2 in LSA de tip 3 (asemanatoare informatiilor de tip distance vector) Alte protocoale link-state sunt IS-IS (pentru CLNS si IPv4/v6), DNA Phave IV (pentru DECNET), NLSP (pentru IPX). For reducing de CPU and memory overhead, OSPF is designed to partition network into multiple areas. Every router maintains a topological database. By default, a regular area (non-zero area) does not allow traffic from another area to use its link. All traffic must cross the tranzit area (area 0). Different types of OSPF routers: internal routers: have all their interfaces in the same area and have identical LSDB. backbone routers: have at least one interface in area 0. area border routers: have interfaces atached to multiple areas, have separate lsdb for each area. They are the exit point from a regular area. ABR can be configured to summarize information. autonomous system boundary routers: have at least one interface attached to an external internetwork and can redistribute networks into OSPF domain.

2. OSPF Operation (routerID, packets, adj state, DR/BDR)

Router ID Scopul router ID este de a identifica routerul unic in domaniul de rutare. Este ales la pornirea procesului OSPF

If no interface is up, ospf cannot start: R6(config)#router ospf 1 *Apr 7 17:35:41.490: %OSPF-4-NORTRID: OSPF process 1 failed to allocate unique router-id and cannot start Else, if the router is configured with: R6(config-router)#router-id 172.16.0.6 it uses this router id. Else, if loopback interfaces are present and up, it will chose the highest ip as router ID. Else, it will chose the highest ip of a physical interface. Changing a router ID of a router whose router ID was set with the router-id command requires only that the OSPF process be cleared. However, changing the OSPF router ID of a router whose router ID was set by configuring a loopback interface address may require you to either reboot the router or to disable and then enable OSPF. R1#clear ip ospf 1 process Reset OSPF process? [no]: yes Restartarea procesului genereaza trimiterea de noi LSA-uri, si implicit rularea SPF pe toate routerele din domeniu. NOTA: In conditiile in care procesul OSPF nu a stabilit vreo relatie de vecinatate, configurarea manuala a RID-ul va produce schimbarea sa imediata, fara a fi necesara repornirea procesului OSPF Se poare cere ca in unele output-uri sa se afiseze numele din dns in locul router-id-ului:
R4(config)#ip host Router1 1.1.1.1 R4(config)#ip host Router4 4.4.4.4 R4(config)#ip ospf name-lookup R4#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface Router1 1 FULL/BDR 00:00:36 10.0.145.1 FastEthernet0/0 R4#sh ip ospf database OSPF Router with ID (4.4.4.4) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 Router1 68 0x80000001 0x000DE1 1 4.4.4.4 Router4 67 0x80000002 0x005082 1

OSPF Packet LSA = Link State Advertisment. When a link-state changes, the device that detected the change creates a LSA. LSA are sent reliable and flooded through the area to multicast address 224.0.0.5. Each LSA have a seq. nr., a checksum and a lifetime. Seq Nr is 4 bytes in range: 0x80000001 - 0x7FFFFFFF LSU = Link State Update. Contains one or more LSA. LSDB = Link-State Database. SPF algorithm is run against the LSDB to find the best path. LSDB is a topology table in which LSA are stored. OSPF is encapsulated directly in IP packets, and have a protocol type in ip header of 89. - Version. Is 2 or 3. - Type. Defines one of the 5 packet types. - Packet Legth. Length in bytes of ospf packet - Router ID. - Area ID. Can be a number of in the form of ip address - Checksum. OSPF packet integrity without authentication data. - Authentication type. No authentication, clear-text or encrypted MD5 for authentication. - Authentication. Empty, clear-text password or md5 hash. - Data: info depending of type.

Packet types: - Hello. Type 1. Discovers neighbors and builds adjacency between them. TTL = 1. Contains netmask of interface, hello timer, FLAGS, priority, dead interval, DR/BDR negociation (if applicable), a list of known neighbor; - DBD or DD DataBase Description. Type 2. Contains a summary of LSDB - all known router ID and their last seq nr. Sent reliable, multicast or unicast. Confirmarea se face prin trimiterea inapoi a unei copii a DBD primit anterior. Este folosit si pentru negocierea master/slave. Master controlls the synchronization process which will end when for all DD packet sent by master to describe his LSDB, receives a DD packet with M=0. DD has 3 flags: I - Initial. If is the first DD packet M - More. If set, means is not the last DD MS - Master. Is set by the master. DBD contine si MTU al interfetei care trebuie sa se potriveasca, altfel adiacentele ajung doar pana in Exstart/Exchange - LSR Link State Request. Type 3. Request specific link state information from a router and contains the type of LSU needed and the router ID that has the needed LSU. Sent Unicast or Multicast. - LSU Link State Update. Type 4. Sends specifically requested info and contains full LSA entry. One LSU can contain many LSA. - LSAck Link State Ack. Type 5. Used for ack purpose. Data is empty OSPF Adjacencies Exista o distinctie intre o relatie de vecinatate (care poate sa fie si 2-way si starea de adiacenta (FULL). Condition for neighbour adjacency: - same timers: hello and dead intervals. - same area - same stub flag - Router ID must be unique - MTU. R1(config-if)#ip ospf mtu-ignore //sh system mtu - to see the mtu of the system. - compatible network types. Compatibility is based on DR/BDR election. - IP connectivity (multi- and unicast) must exists and also the subnets from wich the primary ip addresses are part of must be the same. Not like EIGRP. In cazul configurarii ip unnumbered pe link-urile point-to-point, NM-ul trimis in Hello-uri va fi 0.0.0.0 (de testat). De testat: Conditia aceasta nu este obligatoriu a fi indeplinita daca cele doua routere se gasesc conectate la o retea OSPF de tip point-to-point si ambele routere folosesc pentru adresarea IP metoda ip unnumbered. Atentie! Desi nu este o conditie pentru a deveni vecini, este important pentru a obtine full reacheability ca toate routerele sa cada de comun acord asupra necesitatii alegerii sau nu a unui router DR pentru segment de retea comun, cat si (daca este cazul) sa cada de comun acord asupra identitatii acestuia. - authentication, if used, authentication type, key id and string must match Adjacencies states: Bidirectional communication occurs when a router recognizes itself listed in a hello packet received. After that, the routers must exchange and

synchronize LSDB. Down state. No neighbor relationship. When a router is configured to run ospf, it starts sending hellos. On point-to-point and multiaccess broadcast it multicast them to 224.0.0.5. On NBMA, point-to-multipoint and virtual links it sends unicast hellos. Se ajunge in starea Down si daca nu se primesc hello timp de dead-interval, daca se deconfigureaza neighborul static, sau daca pica interfata. Attempt. Valid state when static configuring neighbors on NBMA - after sending a hello but before receiving any hello from that neighbor. Init state. When a router receives a hello from a new router, it adds him in the neighbor list in hello pachets. 2-Way state. When a router receives a hello from a new neighbor and sees his id in neighbour list. At this point all router have each other in their list and bidirectional communication is established. If the link is a broadcast type, DR and BDR must be elected in the next step. Receiving a DBD packet from a neighbor in the init state will also cause a transition to 2-way state. Exstart state. The routers are ready to discover link-state information. In this state a master-slave relationship is created and is choosed which router to start the exchange. Is the one with the highest ID chosen as master - not necesary the DR or BDR, because those can be chosen based on priority, not RID. Master will controll what sequence numbers to use in the exchange state. Initially both neighbor will claim to be master by sending an empty DD with MS (master bit) set. Each router sets his seq. nr. The neighbor with lower RID will become slave and will answer with a DD packet with MS unset and seq. nr set to master seq. nr. and will have LSA summaries. Now exchange starts Exchange state. Neighbors synchronize LSDB. A Database Summary List is populated with the headers of all LSA and sent to other neighbor. Newer or missing LSA are put in a Link State Request List. Using LSR and LSU the LSA are exchanged. Loading state. Routers request missing LSA with LSR and LSU. Full state. When the database are synchronized, and all LSA updates. NOTE: If a router has entries in Link State Request lists it does not need to wait the loading state to send LSR. In this way, synchronization is more efficient. R1(config-router)#log-adjacency-changes [detail] //by default is on - adding detail, is somewhat like debug ip ospf adj.
R1#debug ip ospf adj *Apr 3 13:58:38.982: OSPF: Interface Serial0/0/0 going Up *Apr 3 13:58:39.486: OSPF: Build router LSA for area 0, router ID 192.168.1.1, seq 0x80000001, process 1 *Apr 3 13:59:22.086: OSPF: Rcv DBD from 192.168.2.4 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x7 len 32 mtu 1500 state INIT //1900 = Master seq nr *Apr 3 13:59:22.086: OSPF: 2 Way Communication to 192.168.2.4 on Serial0/0/0, state 2WAY *Apr 3 13:59:22.086: OSPF: Serial0/0/0 Nbr 192.168.2.4: Prepare dbase exchange *Apr 3 13:59:22.086: OSPF: Send DBD to 192.168.2.4 on Serial0/0/0 seq 0x1A94 opt 0x52 flag 0x7 len 32 //1A94 = Slave seq nr *Apr 3 13:59:22.086: OSPF: NBR Negotiation Done. We are the SLAVE *Apr 3 13:59:22.086: OSPF: Serial0/0/0 Nbr 192.168.2.4: Summary list built, size 1 *Apr 3 13:59:22.086: OSPF: Send DBD to 192.168.2.4 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x2 len 52 *Apr 3 13:59:22.186: OSPF: Rcv DBD from 192.168.2.4 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x1 len 52 mtu 1500 state EXCHANGE *Apr 3 13:59:22.186: OSPF: Exchange Done with 192.168.2.4 on Serial0/0/0 *Apr 3 13:59:22.186: OSPF: Send LS REQ to 192.168.2.4 length 12 LSA count 1 *Apr 3 13:59:22.186: OSPF: Send DBD to 192.168.2.4 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x0 len 32 *Apr 3 13:59:22.286: OSPF: Rcv LS UPD from 192.168.2.4 on Serial0/0/0 length 64 LSA count 1 *Apr 3 13:59:22.286: OSPF: Synchronized with 192.168.2.4 on Serial0/0/0, state FULL *Apr 3 13:59:22.286: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.4 on Serial0/0/0 from LOADING to FULL, Loading Done *Apr 3 13:59:22.290: OSPF: Rcv LS REQ from 192.168.2.4 on Serial0/0/0 length 36 LSA count 1 *Apr 3 13:59:22.790: OSPF: Build router LSA for area 0, router ID 192.168.1.1, seq 0x80000002, process 1 R3#debug ip ospf adj *Apr 3 17:40:46.555: OSPF: Interface Serial0/0/0 going Up *Apr 3 17:40:46.623: OSPF: 2 Way Communication to 192.168.1.1 on Serial0/0/0, state 2WAY *Apr 3 17:40:46.623: OSPF: Serial0/0/0 Nbr 192.168.1.1: Prepare dbase exchange *Apr 3 17:40:46.623: OSPF: Send DBD to 192.168.1.1 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x7 len 32 *Apr 3 17:40:46.723: OSPF: Rcv DBD from 192.168.1.1 on Serial0/0/0 seq 0x1A94 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Apr 3 17:40:46.723: OSPF: First DBD and we are not SLAVE *Apr 3 17:40:46.727: OSPF: Rcv DBD from 192.168.1.1 on Serial0/0/0 seq 0x1900 opt 0x52 flag 0x2 len 52 mtu 1500 state EXSTART *Apr 3 17:40:46.727: OSPF: NBR Negotiation Done. We are the MASTER *Apr 3 17:40:46.727: OSPF: Serial0/0/0 Nbr 192.168.1.1: Summary list built, size 1 *Apr 3 17:40:46.727: OSPF: Send DBD to 192.168.1.1 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x1 len 52 *Apr 3 17:40:46.819: OSPF: Rcv LS REQ from 192.168.1.1 on Serial0/0/0 length 36 LSA count 1 *Apr 3 17:40:46.823: OSPF: Send UPD to 10.0.13.1 on Serial0/0/0 length 40 LSA count 1 *Apr 3 17:40:46.827: OSPF: Rcv DBD from 192.168.1.1 on Serial0/0/0 seq 0x1901 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE *Apr 3 17:40:46.827: OSPF: Exchange Done with 192.168.1.1 on Serial0/0/0 *Apr 3 17:40:46.827: OSPF: Send LS REQ to 192.168.1.1 length 12 LSA count 1 *Apr 3 17:40:47.023: OSPF: Rcv LS UPD from 192.168.1.1 on Serial0/0/0 length 64 LSA count 1 *Apr 3 17:40:47.023: OSPF: Synchronized with 192.168.1.1 on Serial0/0/0, state FULL *Apr 3 17:40:47.023: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on Serial0/0/0 from LOADING to FULL, Loading Done *Apr 3 17:40:47.023: OSPF: Serial0/0/0 Nbr 192.168.1.1: Clean-up dbase exchange *Apr 3 17:40:47.055: OSPF: Build router LSA for area 0, router ID 192.168.2.4, seq 0x80000002, process 1

DR and BDR election. Only on multiaccess network types (Broadcast and NonBroadcast). Elected in hello exchanges. After DR and BDR have been elected any router added will establish a full relationship with only DR and BDR. Messages to DR and BDR are sent to 224.0.0.6.

DR Role is to generate LSA type 2 which represent that multiaccess segment to other routers. Election: When the interface becomes active, it sets DR and BDR to 0.0.0.0 and sets the wait timer = dead interval. In this time, it checks for DR/BDR existence and if they are already set, will accept them. If no BDR exists, one is chosen based on highest priority (and router ID in case of tie). If there is no active DR, BDR is promoted to DR and a new election if held for BDR. In reality, the priority does not realy mater (except when is 0) that much as the order in which the router are started. But if a router sets his priority to 0 and is DR or BDR will immediately relinquish its status. The BDR does not perform any DR functions when the DR is operating like LSA forwarding. To determine whether the DR is out of service, the BDR uses the wait timer (a reliability feature). If the BDR does not confirm that the DR is forwarding LSAs before the wait timer expires, it will take his place. R2#sh ip ospf int fa0/0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Daca exista un singur router, acela va fi formal DR, dar nu va genera LSA de tip2 - TRUE (tested)

3. OSPF Configuration
On newer IOS ospf can be enabled directly on the interface with: R1(config-if)#ip ospf 1 area 0 R6(config-if)#ip ospf priority 0 //Changes the priority. Default is 1. Range 0 -255. On JunOS prioritatea default este 128. R1#sh ip ospf //shows a lot of informations. R1#sh ip ospf database //to see detailed info about LSA and the seq nr for each LSA. R1#sh ip ospf interface //among other info, the timers can be seen R1#sh ip ospf interface brief R1#sh ip ospf neighbors //shows all neighbors R6#clear ip ospf counters //clears neighbor state transitions R1#sh ip ospf request-lists //show requested LSA not answered. R1#sh ip ospf retransmission-list //a list of LSA waiting to be resent. R5(config-router)#neighbor 172.16.0.6 //for defining neighbor in nonbroadcast environment. R1(config-if)#ip ospf hello-interval 5 R1(config-if)#ip ospf dead-interval 15 R1(config-if)#ip ospf dead-interval minimal hello-multiplier 5 //sets dead = 1 sec and hells=5 per second. R2(config-if)#ip ospf retransmit-interval 4 //how long to wait before retransmitting an unackwledge LSA R1#debug ip ospf adj //allows to see the all states from down to full. R1#debug ip ospf events //allows to see the all states from down to full. R1(config-router)#distance ospf ... //change de default admin distance. OSPF Metric OSPF cost is a value on 16 bits for LSA type 1 and on 24 bits for LSA type 3,4,5,7 R1(config-if)#bandwidth 128 R1(config-if)#ip ospf cost //modify ospf cost R1(config-router)#auto-cost reference-bandwidth 1000 //set ref-bw to 1 GB R1(config-router)#neighbor 10.0.123.2 //static define a neighbor for nonbroadcast and p2m non-broadcast R1(config-router)#neighbor 10.0.123.2 cost 100 //router learned from this neighbor will consider the interface as having this cost, not the

interface specified cost. Valid only for p2m and p2m nonbroadcast network types. R1(config-router)#neighbor 10.0.123.2 poll-interval 5 //how often to send hello to a unresponsive static defined neighbor. R1(config-router)#neighbor 10.0.123.2 database-filter all out //does not flood lsa to that specified neighbor. Only for p2m networks. R1(config-router)#neighbor 10.0.123.2 pool-interval 200 //how often (sec) to send hello after the neighbor is declared down. Only on NBMA netw. R1(config-router)#neighbor 10.0.123.2 priority 5 //What priority to use with neighbors on Broadcast of Non-broadcast DR/BDR election.

4. OSPF network types.

- Broadcast. Default on Ethernet/TokenRing. Timers: hello=10 sec dead = 40 sec. DR and BDR election. Hellos send as multicast to DR/BDR to 224.0.0.6 and from DR to 224.0.0.5. Does not change next-hop. No neighbor statement. - Non-Broadcast (default for multipoint sub/interfaces). Hellos are sent as unicast always. Because of that neighbors must be manually configured at least at one side of the link. BestPractice is to configure manual neighbors on DR. DR/BDR must be elected. Typically used in full mesh. One ip subnet. Timers: hello=30 sec dead = 120 sec. So convergence is pretty slow. In a hub-and-spoke topology, for communication between spokes, manual mapping must be configured on interfaces of each spoke to the other spokes or create the interface on the spokes as a point-to-point subinterface and ip ospf network type non-broadcast (automatic mapping for all destination to the dlci of subinterface). Hub does not change next-hop for remote networks (nehind spokes) - Point-to-Point. Timers: hello=10 sec dead = 40 sec. No DR and BDR election. Hellos to 224.0.0.5. No neighbor statement required. - Point-to-Multipoint. Timers: hello=30 sec dead = 120 sec The router automatically identify neighbors so no manual neighbor statement is required, but DR/BDR is not elected. Typically in partially meshed networks. Hellos sent to 224.0.0.5. The remote networks will have as next-hop the hub, instead of other spokes. To avoid situation when IP of hub is learned as /32 from other sources, the hub anounces himself as /32 into ospf. Because of this behavior of point-tomultipoint, on spokes it is not required to map other spokes to have connectivity with them. - Point-to-Multipoint Non-Broadcast. Is not a default option, Hellos sent as unicast, requires static neighbor statement,no DR/BDR election, modifies nexhop processing. Path selection can be chosen by setting: neighbor w.x.y.z cost 100 - Loopback. Is considered a stub network and advertised as a host route with /32 prefix. Compatibility is based on DR/BDR election. Network types that require DR/BDR election are compatible with eachother. Same as for those that have no DR. R1(config-if)#ip ospf network ? broadcast Specify OSPF broadcast multi-access network non-broadcast Specify OSPF NBMA network point-to-multipoint [non-broadcast] Specify OSPF [non-broadcast] point-to-multipoint network point-to-point Specify OSPF point-to-point network. Also makes a loopback ip to be advertised with its configured mask, not the /32 mask which is by default. Note: Hello packets have allways TTL=1 and relationship between spoke neighbor is not posible like in EIGRP which has TTL=2 Type of Networks Hellos DR/BDR Election Neighbor Next-hop processing Hello/De How many configuration ad [sec] neighbors/interface
Broadcast NonBroadcast Point-to-Point Point-to-Multipoint Point-to-Multipoint NonBroadcast Multicast Unicast Multicast Multicast Unicast DR/BDR DR/BDR No DR/BDR No DR/BDR No DR/BDR Automatic Manual/Static Automatic Automatic Manual/Static No modification No modification No modification Modifies next-hop processing Modifies next-hop processing 10/40 30/120 10/40 30/120 30/120 Many Many Only one Many Many

5. LSA Types
Router LSA - type 1. Flooded within its own area, does not cross ABR. LSA1 is used to describe the routers in the area. A router LSA 1 describes all the connected links in the area, role of the router ABR, ASBR or virtual-link endpoint etc, cost, link type, link id, IP, mask, neighbors Type 1 LSA link description can be one of the following types:
Link type 1 (Point-to-point connection to another router). Link ID = neighbor router ID. Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 2.2.2.2 (Link Data) Router Interface address: 10.0.123.1 Number of MTID metrics: 0 TOS 0 Metrics: 64 Link type 3 (Connection to a stub network). Link ID = network prefix Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.123.1 (Link Data) Network Mask: 255.255.255.255 Number of MTID metrics: 0 TOS 0 Metrics: 0 Link type 2 (Connection to a transit network). Link ID = DR interface ip address. Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.145.1 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 1 Link type 4 (Virtual link). Link ID contains neighbor router ID. Link connected to: a Virtual Link (Link ID) Neighboring Router ID: 4.4.4.4 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 1 See virtual-links for details

STUB networks are networks with only one router attached TRANSIT networks have at least 2 routers attached Network LSA - type 2. Flooded within its own area, does not cross ABR. NetSummary LSA - type 3. Sent by ABR. By default, no summarization. Advertised only by DR on multiaccess networks. Contains: mask, RID al Contine prefixele anuntate intre arii diferite. Informatiile sunt de tip distancerouterelor atasate (inclusiv DR). vector (ce ABR l-a generat si cu ce metrica)
R1#sh ip ospf database network 10.0.145.1 OSPF Router with ID (1.1.1.1) (Process ID 1) Net Link States (Area 145) Routing Bit Set on this LSA LS age: 431 Options: (No TOS-capability, DC) LS Type: Network Links Link State ID: 10.0.145.1 (address of Designated Router) Advertising Router: 1.1.1.1 LS Seq Number: 80000002 Checksum: 0xEF7C Length: 36 Network Mask: /24 Attached Router: 1.1.1.1 Attached Router: 4.4.4.4 Attached Router: 5.5.5.5 R2#sh ip ospf database summary 10.0.145.0 OSPF Router with ID (2.2.2.2) (Process ID 1) Summary Net Link States (Area 0) Routing Bit Set on this LSA LS age: 1139 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.145.0 (summary Network Number) Advertising Router: 1.1.1.1 //ABR ospf RID LS Seq Number: 80000001 Checksum: 0xB1EA Length: 28 Network Mask: /24 TOS: 0 Metric: 1 Metric for 10.0.145.0 on R2 will be 1 plus the cost to reach 1.1.1.1 into area 0. O IA 10.0.145.0 [110/65] via 10.0.123.1, 00:13:26, Serial0/0

ASBRSummary LSA - type 4. Is generated by an ABR only when an ASBR exists in the area. The LSA identifies the ASBR and provide a route to it. It describes who is doing the redistribution. Autonomous System External LSA - type 5. Describes routes outside the OSPF domain. Those routes are advertise through the entire domain and owned by the ASBR. An LSA type 4 is needed to find the ASBR. In the ospf database they do not show up as bound to any particular area and they apear at the end of the ospf database. If multiple E2 type 5 LSA exists for the same subnet, and if they have the same metric, then ospf chooses the best route based on the lowest

cost to reach each ASBR.

R5#sh ip ospf database R5#sh ip ospf database external 2.2.2.0 //LSA type 5 Summary ASB Link States (Area 145) OSPF Router with ID (5.5.5.5) (Process ID 1) Link ID ADV Router Age Seq# Checksum Type-5 AS External Link States 2.2.2.2 1.1.1.1 59 0x80000001 0x00836C Routing Bit Set on this LSA Type-5 AS External Link States LS age: 119 Link ID ADV Router Age Seq# Checksum Tag Options: (No TOS-capability, DC) 2.2.2.0 2.2.2.2 55 0x80000001 0x004F78 0 LS Type: AS External Link The first one is LSA type 4 injected by 1.1.1.1 into area Link State ID: 2.2.2.0 (External Network Number ) 145 to explain to other routers how to reach the advertinsing Advertising Router: 2.2.2.2 router and owner (2.2.2.2) for the external network 2.2.2.0/24 LS Seq Number: 80000001 represented by type 5 LSA. Checksum: 0x4F78 The metric of type 5 LSA (222) is the metric assigned Length: 36 when redistributed. Network Mask: /24 The metric of type 4 LSA (64) is the metric from ABR Metric Type: 2 (Larger than any link state path) of area 145 to reach the ASBR who redistributed the network. TOS: 0 If redistribution is using metric type 1, the total cost for Metric: 222 R5 to reach 2.2.2.0/24 is the cost to reach ABR (1.1.1.1) in area Forward Address: 0.0.0.0 145 + cost of LSA 4 + cost of LSA 5 = 1+222+64 External Route Tag: 0 O E1 2.2.2.0 [110/287] via 10.0.145.1 R5#sh ip ospf database asbr-summary 2.2.2.2 //LSAtype 4 OSPF Router with ID (5.5.5.5) (Process ID 1) Summary ASB Link States (Area 145) Routing Bit Set on this LSA LS age: 91 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 2.2.2.2 (AS Boundary Router address) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x836C Length: 28 Network Mask: /0 TOS: 0 Metric: 64 R6#clear ip ospf redistribution //will clear redistributed routes. Redistribution of routes must be restarted in order to redistribute routes again.

NSSA LSA - type 7. Originated by ASBR in NSSA and R6#sh ip ospf database nssa-external 6.6.6.0 OSPF Router with ID (6.6.6.6) (Process ID 1) flooded only in that NSSA. When it reaches an ABR, it Type-7 AS External Link States (Area 456) will be forwarded into another areas as type 5 LSA.

LS age: 27 Options: (No TOS-capability, Type 7/5 translation, DC) LS Type: AS External Link Link State ID: 6.6.6.0 (External Network Number ) Advertising Router: 6.6.6.6 LS Seq Number: 80000001 Checksum: 0xD3A8 Length: 36 Network Mask: /24 Metric Type: 1 (Comparable directly to link state metric) MTID: 0 Metric: 20 Forward Address: 192.168.1.6 External Route Tag: 0

Multicast OSPF LSA - type 6. Is not used in Cisco IOS. External attributes LSA for BGP - type 8. Opaque LSA - type 9,10,11. For Future extensions, used sometimes in MPLS TE All LSA have a 20 bytes header. Types of routes O - OSPF intra-area. Type 1 and 2. O IA - OSPF interarea. Summary LSA.

O E1 - External type 1. The cost is summed up: the external cost + the internal cost. E1 routers for the same subnet are always prefered over E2 routes. O E2 - External type 2. The cost does not change, it is just the external cost. O N1 - External type 1 NSSA type 7 LSA. O N2 - External type 2 NSSA type 7 LSA. !!!Note. When chosing the best route, an intra-area route is always better than a competing inter-area route, regardless of metric. Also if an ABR learns a type 3 LSA inside a nonbackbone area, the ABR ignores that LSA when calculating its own routes.

5. MultiArea OSPF Stub, totally stubby, not-so-stubby areas and filtering LSA and ospf routes.
Tipuri de routere: ABR. Pentru a schimba informatii de routare dintr-o arie in alta, ABR-ul trebuie sa detina cel putin o interfata conectata in area 0 in starea Up si Up si configurata cu adresa IP. Poate fi chiar si o interfata de loopback. Daca insa nu se stabileste nici-o relatie de vecinatate OSPF in interiorul ariei 0 aceasta arie va apare drept inactiva (Inactive) in output-ul lui #show ip ospf, fara ca asta sa impiedice obtinerea de full reacheability in domeniul OSPF. Pe de alta parte, daca aceasta unica interfata este down sau shutdown, ABR-ul nu va publica informatia de routare dintr-o arie in alta (nu va genera LSA-uri de tip 3), impiedicand de aceasta data obtinerea de full reacheability. Interfata virtuala OSPF_VLx creata automat in urma configurarii unui virtual link (ce apartine mereu ariei 0) nu este suficienta pentru a fi functionala aria backbone atat timp cat nici-un router din domeniul OSPF nu are macar o interfata functionala fizica sau logica in aria 0. Rolul de ABR se transmite tuturor routerelor din aceeasi arie prin intermediul LSA-ului 1 generat de ABR pentru respectiva arie (bitul B setat in flags). R2#sh ip ospf border-routers //will show ABR in that area(except himself) Codes: i - Intra-area route, I - Inter-area route i 1.1.1.1 [64] via 10.0.123.1, Serial0/0, ABR, Area 0, SPF 16 //16 = number of SPF calculation to reach this ABR ASBR este routerul in al carui proces OSPF s-a configurat redistribuire. Un router ABR aflat la granita intre o arie (totally) NSSA si aria 0 are automat si rolul de ASBR, el fiind pregatit sa translateze LSA-urile de tip 7 in LSAuri de tip 5 (detine permanent rolul de ASBR, chiar daca inca nu exista LSA-uri 7 de tradus - nu exista prefixe redistribuite in aria NSSA). Rolul de ASBR se transmite tuturor routerelor din aceeasi arie prin intermediul LSA-ului 1 generat de ASBR pentru respectiva arie (bitul E setat din campul flags), cat si tuturor routerelor din process domain-ul OSPF aflate in arii normale prin intermediul LSA-urilor de tip 4 generat (sau regenerat) de ABR-uri. R2#sh ip ospf It is an autonomous system boundary router Redistributing External Routes from, connected, includes subnets in redistribution R4#sh ip ospf border-routers //will show all ASBR know in all areas (except himself) Codes: i - Intra-area route, I - Inter-area route i 1.1.1.1 [1] via 10.0.145.1, FastEthernet0/0, ABR, Area 145, SPF 2 I 2.2.2.2 [65] via 10.0.145.1, FastEthernet0/0, ASBR, Area 145, SPF 2 A regular area can have different types: standard, stub, totally stubby, and not-so-stubby area. Stub area. Does not accept external LSA. Type 4 and 5 are blocked from entering the area. Cannot contain ASBR (except when ABR is the ASBR). R6(config-router)#area 2 stub //configured on every router in area 2. This type of area removes external routes, and originates a LSA type 3 default route instead (with default metric of 1), from ABR. Default route is generated

even if type 5 LSA (which should be filtered) are not present on ABR. R1(config-router)#area 1 default-cost 10 //default metric of the default route is 1 if not specified. Area 1 is the stub area. Totally stubby area. Does not accept external or summary LSA. Type 3,4,5 LSA are blocked (except for one type 3 default 0.0.0.0). Cannot contain ASBR (except when ABR is the ASBR). Cisco proprietary. R1(config-router)#area 1 stub no-summary //configured on ABR. The rest of the routers are configured with area 1 stub. R1(config-router)#area 1 default-cost 15 //the cost for injected default route is 1. But can be changed. Useful in selecting the best exit from area. Stub and totally stubby areas have some restrictions: cannot be area 0, no ASBR in the area and no virtual links go through area. R1#sh ip ospf Area 1 Number of interfaces in this area is 1 It is a stub area generates stub default route with cost 15

NSSA stubby area. ABR removes type 5 LSA, but does not generate a default route instead. Not-so-stubby area is like stub and totally stubby, but ASBR is allowed to inject external routes as LSA type 7. Type 7 LSA originated by the ASBR is blocked by ABR and transformed into a type 5 LSA and propagated through the domain. The ABR that translate the LSA is the owner of that type 5 LSA. NOTE: If there are multiple ABR, only the one with bigest RID will make the LSA translation and redistribution of type 5 LSA. R1(config-router)#area 1 nssa //this must be configured on all routers in nssa area. ABR in a NSSA area by default does not generate a default route for summary or external routes. Into a NSSA area, only the summary net LSA (type 3 intra-area) are injected by ABRs and ABRs do not inject a default route and external routes. The routes injected by any ASBR, apear as type 7 LSA (N1 or N2) in the NSSA area. If any ABR exists in an NSSA area, it will inject the external type 7 LSA into the backbone area as a type 5 External LSA (E1 or E2). The problem with this design is that some connectivity can be lost because the default and external routes are not injected into nssa area. This can be fixed in 2 ways: injecting a default route into nssa, or making the nssa area a nssa totally. R1(config-router)#area 1 nssa default-information-originate //it makes the ABR to generate a default route type 7 into nssa for external networks. R6(config-router)#area 2 nssa no-redistribution //this command put on an ASBR, will block any external route to be redistributed inside the NSSA area. That ASBR can stii redistribute external routes to other areas where is connected. NSSA totally stubby area. R1(config-router)#area 1 nssa no-summary //it makes the ABR to generate a default route for external network and for summary net. Does not require #area 1 nssa default-information-originate, because it removes LSA type 3,4,5 and replaces them with a default route. A potential problems with all kinds of special areas is suboptimal routing when multiple ABRs are present. Partitioned areas = Area in which a link failure causes one part of the area to be isolated from another. If partitioned area is nonbackbone and both isolated parts can reach an ABR, no service loss will occur. If partitioned are is backbone, then service loss can occur. Virtual links can help.

6. Route summarization

OSPF does not perform route summarization by default. Interarea route summarization. Only on ABR, does not apply to external routes. R1#sh ip route 2.0.0.0 //Scenariu: advertise from area 0 only 2.0.0.0/16 to other areas
Routing entry for 2.0.0.0/8, 4 known subnets Variably subnetted with 2 masks O 2.0.0.0/24 [110/74] via 10.0.123.2, 00:00:02, Serial0/0 O 2.0.1.0/24 [110/84] via 10.0.123.2, 00:00:02, Serial0/0 O 2.0.2.0/24 [110/94] via 10.0.123.2, 00:00:02, Serial0/0

R1(config-router)#area 0 range 2.0.0.0 255.0.0.0 //area 0 is where the summarized networks comes from. The summary route is injected in all areas except area 0. Only the summary route is sent as type 3 LSA, more specific routes are suppresed. On the ABR that generates the summary, a route to null0 is locally installed for that summary net. If no metric is specified, it will be the best metric from all component subnets. To not generate the locally route to null0: R3(config-router)#no discard-route internal [AD] //on newer IOS AD of 0.0.0.0/0 can be specified. Router(config-router)#no compatible rfc1583 //If we want the metric of summarized route by be the worst of the component subnets
Without compatible rfc1583 routers in other areas receive the summary with best metric O IA 2.0.0.0/16 [110/75] via 10.0.145.1, 00:01:45, FastEthernet0/0 The cost for summary route can also manually be specified R1(config-router)#area 0 range 2.0.0.0 255.255.0.0 cost 200 O IA 2.0.0.0/16 [110/201] via 10.0.145.1, 00:00:08, FastEthernet0/0 With compatible rfc1583 routers in other areas receive the summary with worst metric O IA 2.0.0.0/16 [110/95] via 10.0.145.1, 00:00:01, FastEthernet0/0 Summarization of default cannot be done in this way: R1(config-router)#area 0 range 0.0.0.0 0.0.0.0 OSPF: Cannot add this range as 0.0.0.0/0 represents default

R1(config-router)#area 0 range 2.0.0.0 255.255.0.0 not-advertise //with not-advertise the component subnets and summary are not send and is not put to Null0 R1#sh ip ospf Routing Process "ospf 1" with ID 1.1.1.1 Area BACKBONE(0) //din area 0 urmatoarele range-uri sunt configurate (anuntate sau nu) Area ranges are 2.0.0.0/16 Active(74) Advertise //prefix anuntat cu metrica calculata automat 2.0.0.0/16 Active(200 - configured) Advertise //prefix anuntat cu cost definit static 2.0.0.0/16 Passive Advertise //prefix neanuntat din cauza ca nu are subneturi componente 2.0.0.0/16 Passive DoNotAdvertise //prefix neanuntat din cauza folosirii "not-advertise" External summarization. For external routes, only on ASBR or an NSSA ABR when translating type 7 to type 5. On the ASBR that generates the summary, a route to null0 is locally installed for that summary net. ABR receiving type 5 LSA cannot do this summarization R2(config-router)#summary-address 2.0.0.0 255.255.0.0 //Only the summary route is sent as a type 5 LSA, more specific routes are suppresed. The attributes of the summary net (like metric-type) are inhereted from the more specific subnets that are aggregated. The summary metric is the best from component routes - is not influenced by #no compatible rfc1583 R2(config-router)#summary-address 2.0.0.0 255.255.0.0 not-advertise //no summary or component routes are adevrtised. R2(config-router)#summary-address 0.0.0.0 0.0.0.0 //will not work. It will add in running config this: router ospf 1 summary-address 0.0.0.0 0.0.0.0 not-advertise //as a result, no exernal network will be advertised. R2(config-router)#summary-address 2.0.0.0 255.255.0.0 tag 123 //prefixelor sumarizate li se poate atasa un tag. R4(config-router)#no discard-route external //will not generate the locally route to null0 Prefixele externe sumarizate se pot vedea cu: R2#sh ip ospf summary-address

OSPF Process 1, Summary-address 2.0.0.0/255.255.0.0 Metric 20, Type 2, Tag 0 2.0.0.0/255.255.0.0 Metric 20, Type 2, Tag 123 2.0.0.0/255.255.0.0 Metric 16777215, Type 0, Tag 0 maxima 2^24

//prefix anuntat, cost/type implicit, no tag set //prefix anuntat, cost/type implicit, tag is set //prefix neanuntat din cauza lipsei subneturilor componente sau not-advertise. Metrica este

Default route in OSPF

NOTE: OSPF does not accept redistribution of default route!!! R1#sh ip ospf database external 0.0.0.0 R4(config-router)#default-information originate always OSPF Router with ID (1.1.1.1) (Process ID 1) It always injects a default route as type 5 LSA, type 2, metric 1 Type-5 AS External Link States and tag = local ospf process id, even if it does not have a default Routing Bit Set on this LSA route. With that command, R4 is considered to be ASBR LS age: 37
R4#sh ip ospf database router 4.4.4.4 Routing Bit Set on this LSA in topology Base with MTID 0 LS age: 23 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 4.4.4.4 Advertising Router: 4.4.4.4 LS Seq Number: 8000000C Checksum: 0x7203 Length: 48 Area Border Router AS Boundary Router Number of Links: 2 Options: (No TOS-capability, DC) LS Type: AS External Link //type 5 Link State ID: 0.0.0.0 (External Network Number ) Advertising Router: 4.4.4.4 LS Seq Number: 80000001 Checksum: 0xC2DF Length: 36 Network Mask: /0 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 1 Forward Address: 0.0.0.0 External Route Tag: 1 //this is the process id started in ASBR

R4(config-router)#default-information originate //it injects a default route as type 5 LSA only if a default route exits. The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain. Route map-ul permite generarea unei rute default conditionata de prezenta prefixelor in RIB identificate prin ACL-uri (doar prefixe classfull) sau identificate prin ip prefix-lists (inlcuding subnetworks). Daca se configureaza atat cuvantul cheie always cat si un route-map ce conditioneaza generarea routei default, OSPF va tine cont de conditiile route-map-ului, efectiv anuland efectul cuvantului cheie always. R1(config)#ip prefix-list P1 permit 1.0.0.0/24 R1# OSPF: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0, R1(config)#route-map RM adv 1.1.1.1, age 0, seq 0x80000001, metric 1, metric-type 2, fw-addr 0.0.0.0 R1(config-route-map)#match ip address prefix P1 If 1.0.0.0/24 exists on R1 then on R2 default route apears R1(config-router)#default-information originate always route-map RM R2# O*E2 0.0.0.0/0 [110/1] via 10.0.123.1, 00:02:01, Serial1/0 If 1.0.0.0/24 dissapear (#debug ip routing + debug ip ospf external), default route is advertised as unreachable.
RT: delete subnet route to 1.0.0.0/24 OSPF: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0, adv 1.1.1.1, age 3600, seq 0x80000002, metric 16777215, metric-type 2, fw-addr 0.0.0.0

7. Virtual links
LSA learned via virtual links have the DoNotAge DNA option set to prevent excessive flooding over the virtual link. Virtual links are not allowed over stub and nssa areas. The virual link is considerd to be in area 0. Inside the virtual link, ospf messages are encapsulated inside unicast ip packets. In LSA-ul de tip 1 al ariei tranzit, routerele vor seta bitul V (Virtual Link Endpoint). Dupa ce se stabileste adiacenta, nu se mai trimit mesaje OSPF (nici hello-uri) decat atunci cand are loc un topology change. Functioneaza ca circuit-on-demand. R4(config-router)#area 456 virtual-link 6.6.6.6 R6(config-router)#area 456 virtual-link 4.4.4.4 Area 456 is the transit area between area 0 and another non-backbone area. Without this virtual link, Area 0 will not receive routes from non-backbone area and viceversa. The cost of the virtual link is the cost to reach the other router over the transit area. R4#sh ip ospf virtual-links R6#sh ip ospf database //to see wich LSA have DNA set. Virtual Link OSPF_VL0 to router 6.6.6.6 is up //meaning a route to neighbor id was found R6#sh ip ospf neighbor
Run as demand circuit DoNotAge LSA allowed. Transit area 456, via interface FastEthernet0/1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed) Neighbor ID Pri State 4.4.4.4 0 FULL/ Dead Time Address Interface 192.168.1.4 OSPF_VL2

Atentie la interpretarea output-ului comenzii #show ip ospf virtual-links: faptul ca link-ul virtual apare Up nu indica decat ca exista o ruta in RIB-ul routerului nostru catre celalalt capat al conexiunii virtuale, nu si ca aceasta conexiune virtuala este functionala. Pentru a ne asigura de acest din urma fapt se va cauta in output mentiunea: Adjacency State FULL. ( de testat cum apare cand autentificarea esueaza) Virtual link authentication: virtual link authentication is separate from normal neighbor authentication. R6(config-router)#area 456 virtual-link 4.4.4.4 hello-interval 10 //hello interval R6(config-router)#area 456 virtual-link 4.4.4.4 dead-interval 30 //how many sec to wait for hellos. Must have same value on both ends
Solution 1 - specify authentication particulary for a virtual link. Solution 2 - specify authentication type globally for an area in which VL0 is placed. Rack1R3(config-router)#area 134 virtual-link 150.1.5.5 authentication message-digest router ospf 1 Rack1R5(config-router)#area 134 virtual-link 150.1.3.3 authentication message-digest area 0 authentication message-digest //if virtual link is part of area 0. Rack1R5(config-router)#area 134 virtual-link 150.1.3.3 message-digest-key 1 md5 cisco123 R1#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 4.4.4.4 is up Run as demand circuit DoNotAge LSA allowed. Transit area 145, via interface FastEthernet0/0, Cost of using 1

O alta rezolvare asemanatoare cu VL sunt tunelarile GRE, IPIP etc

OSPF authentication
Types of authentication: Null/No authentication (type 0), Simple password auth - plaint text (type 1), MD5 authentication (type 2). There are 2 mode to configure authentication: Per area and per link.

Area authentication (the old aproach):

- Simple authentication: - MD5 authentication: R1(config-router)#area 1 authentication R1(config-router)#area 0 authentication message-digest R1(config-if)#ip ospf authentication-key parola R1(config-if)#ip ospf message-digest-key 1 md5 parola - No authentication: R1(config-router)#no area 0 authentication [message-digest] Per link disables authentication if area authentication is enabled: R1(config-if)#ip ospf authentication null

Link authentication (the new aproach): - Simple authentication: R5(config-if)#ip ospf authentication //enables simple authentication R5(config-if)#ip ospf authentication-key parola //simple auth with passw parola R4#debug ip ospf adj OSPF:Rcv pkt from 10.0.45.5, Serial1/0: Mismatch Authentication type.Input packet specified type 1,we use type 0 //different auth types OSPF:Rcv pkt from 10.0.45.5, Serial1/0: Mismatch Authentication Key - Clear Text //different authentication passwords - MD5 authentication: R1(config-if)#ip ospf authentication message-digest R1(config-if)#ip ospf message-digest-key 1 md5 parola //same key and pass must be used. R4#debug ip ospf adj OSPF: Rcv pkt from 10.0.14.1, Serial1/2 : Mismatch Authentication type. Input packet specified type 2, we use type 0 //both auth type must match. OSPF: Rcv pkt from 10.0.14.1, Serial1/2 : Mismatch Authentication Key - No message digest key 1 on interface //both key must match. OSPF: Rcv pkt from 10.0.14.1, Serial1/2 : Mismatch Authentication Key - Message Digest Key 1 //both password must match. If the authentication type 2 MD5 is used but no keys are defined, then messages are exchange with key id 0 and no hash in the header. Adjacencies can be formed in this way. R4#debug ip ospf adj //will show "OSPF: Send with youngest Key 0" NOTE:!!!If multiple MD5 keys are configured, the router will send multiple copies of ospf packet with each key until will detect that his neighbors have adopted the new keys. This is used for changing the authentication md5 keys, without loosing the neighbor relationship. Authentication types can be seen with:
R4#sh ip ospf int se0/0 Simple password authentication enabled R4#sh ip ospf Area 45 Area has simple password authentication Message digest authentication enabled No key configured, using default key id 0 R4#sh ip ospf Area 45 Area has message digest authentication Message digest authentication enabled Youngest key id is 1

Changing MD5 password can be done without loosing connection. R2(conf-if)#ip ospf message-digest-key 1 md5 cisco1 //both neigh with same key R2(conf-if)#ip ospf message-digest-key 2 md5 cisco2 //adding the second key

R2#sh ip ospf int fa0/0 R2 see that key 2 is newer, but until all neighbor use key 2, will send with boths keys Message digest authentication enabled Youngest key id is 2 Rollover in progress, 1 neighbor(s) using the old key(s): key id 1 OSPF: Send with key 1 //with #debug ip ospf events OSPF: Send with key 2

OSPF Filtering
OSPF poate filtra prefixe astfel incat sa nu fie instalate in RIB, insa vor fi instalate in LSDB si anuntate mai departe. OSPF poate filtra si anumite tipuri de LSA-uri. Filtrarea prefixelor la instalare in RIB. 1. Controll the instalation of routes in RIB with #distribute-list <filtru> in. It does not prevent LSA from being propagated and installed in LSDB. Before: R6(config-router)#distribute-list 1 in With standard ACL (named/numbered)
R6(config)#access-list 1 deny 50.0.0.0 0.0.0.255 R6(config)#access-list 1 permit any O O 50.0.0.0 [110/2] via 192.168.1.5, 00:00:10, FastEthernet0/1 50.0.1.0 [110/2] via 192.168.1.5, 00:00:00, FastEthernet0/1 O 50.0.1.0 [110/2] via 192.168.1.5, 00:00:03, FastEthernet0/1

With prefix-lists
R6(config)#ip prefix-list P1 deny 50.0.1.0/24 R6(config)#ip prefix-list P1 permit 0.0.0.0/0 le 32

Before O 50.0.0.0 [110/2] via 192.168.1.5, 00:00:10, FastEthernet0/1 O 50.0.1.0 [110/2] via 192.168.1.5, 00:00:00, FastEthernet0/1

R6(config-router)#distribute-list prefix P1 in O 50.0.0.0 [110/2] via 192.168.1.5, 00:00:03, FastEthernet0/1

With extended ACL, the source matches the source of the LSA/neigh IP (not the router ID) and destination matches the prefix R6(config-router)#distribute-list 100 in //will not add 100.0.0.0/24 via 192.168.1.4 access-list 100 deny ip host 192.168.1.4 100.0.0.0 0.0.0.255 access-list 100 permit ip any any R6(config-router)#distribute-list 1 in fa0/0 //will not add to RIB prefixes in ACL1 if learned through fa0/0 With route-maps...de completat exemple 2. Distribute-list out - used to prevent redistributed type 5 LSA routes from being installed in OSPF database. Does not work for inter or intra-area routes. Can be used with ACL, prefix-lists and route-maps (match on...de testat) R4#router ospf 1 //on R5 eigrp and connected are redistributed R5(config)#ip prefix-list P1 deny 11.0.0.0/24 redistribute connected subnets R5(config)#ip prefix-list P1 deny 50.0.0.0/24 redistribute eigrp 100 subnets R5(config)#ip prefix-list P1 permit 0.0.0.0/0 le 32 On other routers E2 routes apear: R5(config-router)#distribute-list prefix P1 out O E2 10.0.145.0 [110/20] via 192.168.1.5 //from connected On other routers, the denied prefixes dissapear O E2 11.0.0.0/24 [110/20] via 192.168.1.5 //from eigrp O E2 10.0.145.0 [110/20] via 192.168.1.5 O E2 11.0.1.0/24 [110/20] via 192.168.1.5 //from eigrp O E2 11.0.1.0 [110/20] via 192.168.1.5 O E2 50.0.0.0/24 [110/20] via 192.168.1.5 //from connected O E2 50.0.1.0 [110/20] via 192.168.1.5 O E2 50.0.1.0/24 [110/20] via 192.168.1.5 //from eigrp After applying the distribute list,R5 will announce the filtered routes with max age and metric
OSPF: Generate external LSA 11.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base OSPF: Generate external LSA 50.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base

The filtering can be applied only when redistributing from specific sources like connected, static, eigrp etc In this example, the filtering affects only redistributed routes from connected sources. R5(config-router)#distribute-list prefix P1 out connected

De completat exemple mai delicate cu match-uri in route-maps.

R1(config-router)#distribute-list prefix P1 out [source]

//will redistribute only type5 LSA permited by P1 redistributed [from source]

Filtering LSA at ABR Any type of LSA filtering must be done at the ABR (for type 3 LSA) or ASBR (for type 5 LSA) and not inside an area, because all router inside an area must have the same ospf database for the SPF algorithm to be consistent. router ospf 1 area 2 filter-list prefix NOT_R5_LOOPBACK in //filter what is sent into area 2 from any area area 1 filter-list prefix NOT_R5_LOOPBACK out //filter what is sent out from area 1 into any area ip prefix-list NOT_R5_LOOPBACK seq 5 deny 150.1.5.5/32 //deny reachability only to loopback 5. ip prefix-list NOT_R5_LOOPBACK seq 10 permit 0.0.0.0/0 le 32 !!!NOTE. Type 3 filtering can be done with sumarization also: R9(config-router)#area 2 range 10.1.0.0 255.255.252.0 not-advertise //because 10.1.0.0/22 it is a summary, more specific lsa type 3 for example 10.1.0.0/24 and 10.1.1.0/24 are filtered. And with "not-advertise" the summary is also not sent, thus resulting in filtering those LSA type 3. R1(conf-if)#ip ospf database-filter all out //prevent flooding of LSA on an interface. Can be used when redundant links exists between neighbors

Tunning OSPF performance

!!!A compromise between scalability and performance must be made by changing SPF timers. R1#sh ip ospf //default settings R1(config-router)#ispf Initial SPF schedule delay 5000 msecs R1(config-router)#timers throttle spf 2000 4000 12000 Minimum hold time between two consecutive SPFs 10000 msecs R1(config-router)#timers throttle lsa 1000 2000 7000 Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled R1(config-router)#timers lsa arrival 500 Minimum LSA interval 5 secs R1(config-router)#timers pacing lsa-group 200 Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs R1(config-router)#timers pacing flood 30 Interface flood pacing timer 33 msecs R1(config-router)#timers pacing retransmission 60 Retransmission pacing timer 66 msecs R1#sh ip ospf //after changes
Initial SPF schedule delay 2000 msecs Minimum hold time between two consecutive SPFs 4000 msecs Maximum wait time between two consecutive SPFs 12000 msecs Incremental-SPF enabled Initial LSA throttle delay 1000 msecs Minimum hold time for LSA throttle 2000 msecs Maximum wait time for LSA throttle 7000 msecs Minimum LSA arrival 500 msecs LSA group pacing timer 200 secs Interface flood pacing timer 30 msecs Retransmission pacing timer 60 msecs

Incremental SPF = iSPF - improves performance Modern routers take maximum a few hundred miliseconds to run full SPF, event in complex networks. It can be further optimized by using iSPF. The first Shortest Path Tree - SPT should be kept after first calculation (at the expense of extra memory) and further computation should be optimized. Has these properties: 1. If a new node added appears to be a leaf a very simple computation is done (distance-vector computation) 2. If there is a link failure not part of the tree, no computation is needed. Because different routers have diferent SPT, a link failure that does not affect one SPT, might affect the others. 3. If there is a transit link failure, we only need to recalculate the paths for the node downstream of the failure. Is best used in sparesly connected network. For "almost" full mesh network, any link failure would probably be a transit link and the SPF would run,

having the same performance as clasic SPF. R1(config-router)#ispf Advertise connected subnets with network statement or redistribution. Which is better? 1. With network statements. They are advertised in type 1 LSA and flooded only into one area. As a result will trigger SPF only into one area 2. With redistribution. Advertised as type 5 (which has the biggest size of all LSA) in all OSPF domain, but does not trigger full SPF, only Partial Route Calculation. Will add a slightly config complexity. LSA Pacing - improves performance Each LSA has an age. In original LSA behavior the refreshing was done in a single timer so all the LSA were refreshed every 30 minutes by default => wasted CPU resources, possible sudden increase of traffic. The refreshing of LSA is needed, because if the age reaches 60 minutes it will be discarded. The problem is solved by having a separate age timer for each LSA but this will cause another issue: having many pachets sent for each LSA at diferent times resulting in inefficient usage of bandwidth. The final solution is to delay the refreshing for a time instead of performing individual refresh of each LSA - this period is called pacing interval. Default is 4 minutes. Recomandation: the more LSA, the less pacing interval should be and viceversa. Best practices. For thousands of LSA, reducing the timer will help. If you have 40-100 LSA for example, setting timer to 10-20 minutes will help. R1(config-router)#timers pacing lsa-group 200 OSPF flood pacing timer = controls ospf interpacket spacing between consecutive LSU. InsteadoffloodingeveryLSAassoonasposible,theOSPF processwouldwaitthepacingintervalformorepotentialLSAsandpacktheminasingleupdatepacket. OSPFretransmissionpacingtimer=controlsinterpacketspacingbetweenconsecutiveLSUfromRetransmisionQueue.Everytimetherouterneeds toretransmitanunacknowledgedLSAoveranadjacency,willwaitthistimetogroupitwithotherunacknowledgedLSAs. R1(config-router)#timers pacing flood 30 R1(config-router)#timers pacing retransmission 60 OSPF SPF and LSA Throttling - improves scalability Throttling is the general process of slowing down responses to the frequently oscillating events such as link flaps. SPF throttling. Thegeneralideais to reduce resource wastage in unstable situations and wait till the situations calm down.Whenaneventoccurs,donotrespond toitimmediately(bygeneratinganLSAor runningSPF),butwaitsometime,hopingto accumulatemoresimilarevents.Thiscould potentially save a lot of resources, by reducingthenumberofSPFrunsoramount ofLSAsflooded.Thequestionishowlong shouldweholdorthrottletheresponses?Ideally,itwouldbenicetoadaptthisintervalaccordingtothenetworkconditionsmakeitlongerwhenthenetwork isunstableandshorterunderstableconditions.Ciscoimplementsanexponentialbackofftimertoimplementthisidea. Theexponentialbackoffisdefinedusingthreeparametersstartinterval,increment,andmax_waittimespecifiedusingthecommandtimersthrottlespf startincrementmax_wait.

Supposethenetworkwasstableforarelativelylongtime,andthenaneventsuchasLSAarrivalhasoccurred.TherouterdelaysSPFcomputationsfor thestartamountofmillisecondsandsetstheholdtimeto incrementmilliseconds.Next,ifaneventoccursafterthestartwindowexpired,theeventwouldbe heldforprocessinguntiltheholdtimewindowexpire(incrementmsec),butthenextholdtimewouldbedoubled,i.e.setto2*increment.Effectly,every timeaneventoccursduringthecurrentholdtimewindow,theprocessingisdelayeduntilthecurrentholdtimeexpiresandthe nextholdtimeintervalis doubled.Theholdtimegrowsexponentiallyuntilitreachesthe max_wait value.Afterthis,everyeventreceivedduringcurrentholdtimewindowwould resultinthenextintervalbeingequaltotheconstant max_wait.Thisensuresthatexponentialgrowthislimitedbyaceilingvalue.Iftherearenoeventsforthe durationof2*max_waitmilliseconds,theholdtimewindowisresetbacktothestartvalue,assumingthenetworkreturnedtostablecondition. R1(config-router)#timers throttle spf start increment max_wait //timers in miliseconds LSA Throttling. The same principle and timers for spf process throttling can apply to the generation of new LSA as response to local link events. The first LSA is always generated immediately upon an OSPF topology change, and the same next LSA generated is controlled by the start interval. The subsequent LSAs generated for the same LSA are rate-limited at increment interval and the rate-limit is doubled until the max_wait interval is reached. The "same LSA" is defined as an LSA instance that contains the same LSA ID number, LSA type, and advertising router ID. R1(config-router)#timers throttle lsa start increment max_wait //timers in miliseconds Default timers for LSA throttling are start/increment/max_wait: 0/5000/5000. R2#sh ip ospf Minimum LSA interval 5 secs //because of the default timers Initial LSA throttle delay 1000 msecs //after changing the default timers Minimum hold time for LSA throttle 2000 msecs Maximum wait time for LSA throttle 7000 msecs R1#sh ip ospf timers rate-limit List of LSAs that are in rate limit Queue LSAID: 1.1.1.1 Type: 1 Adv Rtr: 1.1.1.1 Due in: 00:00:02.784 //can be seen when setting timers high and quickly shut/no shut an interface R4#sh ip ospf flood-list //will show if LSA are wainting to be flooded. OSPF Router with ID (4.4.4.4) (Process ID 1) Interface Loopback10, Queue length 0 Interface FastEthernet0/1, Queue length 0 Interface FastEthernet0/0, Queue length 0 The timers lsa arrival command controls the minimum interval (default 1000ms) for accepting the same LSA. If an instance of the same LSA arrives sooner than the interval that is set, the LSA is dropped. It is recommended that the arrival interval be less than or equal to the hold-time/increment interval of the #timers throttle lsa command. R1(config-router)#timers lsa arrival 500 NOTE: On some cisco documentation timers start/increment/max_wait are called: start/hold/max intervals Prefix suppresion - for core routers OSPF represents a point-to-point connection between two routers via two link types in a router LSA: type 1 (connection to another router ID) and type 3 (describing the stub prefix). The network core prefixex does not need to be advertised so link type 3 can be suppressed for speeding SFP calculations. The result is the core prefixes will be unreachable, but end-to-end connectivity will work. Global command will exclude all prefixes except loopbacks, secondary and passive interfaces. Will not sent router LSA type 3 - subtype 1 and network

LSA type 2.
R6(config-router)#prefix-suppression R6(config-if)#ip ospf prefix-suppression [disable] R6#sh ip ospf Prefix-suppression is enabled OSPF: Suppressing 192.168.1.0/24 on FastEthernet0/1 from network LSA OSPF: Suppressing 60.0.0.0/24 on Loopback1 from router LSA //because Lo1 is configured as p2p OSPF: Suppressing 60.0.1.0/24 on Loopback2 from router LSA //because Lo2 is configured as p2p R6#sh ip ospf int Prefix-suppression is enabled

OSPF LSDB protection against LSA flooding If the LSA count still exceed the threshold after 1 minute, the ospf process takes down all adjacencies and enter into the ignore state for a period defined by ignore-time. In ignore state no ospf packet are sent or accepted. The ignore-count parameter defines the maximum number of times that the OSPF process can consecutively enter the ignore state before remaining permanently down and requiring manual intervention (like changing the threshold). If the OSPF process remains normal for the time that is defined by the reset-time parameter, the ignore state counter is reset to 0. R1(config-router)#max-lsa 200 //LSDB Overload protection. Can receive a maximum of 200 LSA R1(config-router)#max-lsa 200 80 //will generate warrning after 80% of 200 LSA are received. Default is 75% R1(config-router)#max-lsa 200 warning-only //will issue only a warning, and will accept over 200 LSA. Never enters ignore state R1(config-router)#max-lsa 200 ignore-time 3 //set ignore-time period to 3 minutes. Default is 5 min. R1(config-router)#max-lsa 200 ignore-count 3 //default is 5 times R1(config-router)#max-lsa 200 reset-time 7 //default is 10 minutes R6(config-router)#max-lsa 5 ignore-count 5 ignore-time 3 reset-time 7 50 R6#sh ip ospf Maximum number of non self-generated LSA allowed 5 Maximum number of non self-generated LSA allowed 5 Current number of non self-generated LSA 0 Current number of non self-generated LSA 0 Threshold for warning message 75% Threshold for warning message 50% Ignore-time 1 minutes, reset-time 2 minutes Ignore-time 3 minutes, reset-time 7 minutes Ignore-count allowed 2, current ignore-count 3 Ignore-count allowed 5, current ignore-count 0 Permanently ignoring all neighbors due to max-lsa limit %OSPF-4-OSPF_MAX_LSA: Maximum number of non self-generated LSA has been exceeded "ospf 1" - 6 LSAs //and after 1 min next message: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/1 from LOADING to DOWN, Neighbor Down: Interface down or detached R6#sh ip ospf Ignoring all neighbors due to max-lsa limit, time remaining: 00:02:41 //this will apear if the router is in ignore state OSPF: Do not send Hello over FastEthernet0/1, ignoring all neighbors due to max-lsa limit //#debug ip ospf adj will show this in ignore state OSPF Demand Circuit Feature: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a8f.shtml The amount of traffic generated by ospf (hello every 10 sec, LSA refresh every 30 min) is undesirable on demand circuits. This feature suppresses hello and LSA refresh. OSPF can establish a demand link to form an adjacency and perform initial database synchronization, the adjacency remains active even after Layer 2 of the demand circuit goes down. Periodic hellos are suppressed only on a point-to-point and point-to-multipoint network type. On any other network type, OSPF hellos are still sent over the interface. Periodic LSA refreshes that take place every 30 minutes do not occur with OSPF demand circuit. When a demand circuit link is established a unique

option bit (the DC bit) is exchanged between neighboring routers. If two routers negotiate the DC bit successfully they make a note of it and set a specific bit in the LSA Age called the DoNotAge bit (DNA). The DNA bit is the most significant bit in the LS Age field. By setting this bit the LSA stops aging, and no periodic updates are sent. If there is a change in topology or if there is a router that do not understand demand circuits then the LSA refresh occurs. You need to configure the demand circuit at one end of the link only. However, if you configure this command on both ends it does not cause any harm. R3(config-subif)#ip ospf demand-circuit //activates ospf demand circuit feature R3(config-subif)#ip ospf flood-reduction //activates flood reduction, only suppresses LSA refresh, but not hellos. LSA are first sent with DNA bit set. R3#sh ip ospf int se1/0.1 Configured as demand circuit. Run as demand circuit. Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Hello suppressed) Suppress hello for 1 neighbor(s) NonStopForwarding NSF - OSPF Gracefull Restart - http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/gr_ospf.html When a router that supports NSF (NSF capable) restarts the OSPF process, the CEF will continue to switch packets based on FIB until the OSPF is started again (posibly on standby RP). The neighbor routers (helper routers) need to be NSF aware and when receiving a grace-lsa from a neighbor will consider him up for a period of time. R1(config-router)#nsf ietf Activates NFS on NFS capable routers R6#sh ip ospf R6(config-router)#nsf ietf helper //activated NFS aware routers. IETF NSF helper support enabled Cisco NSF helper support enabled

DIVERSE
1. Forward Address FA http://blog.ine.com/2009/11/13/ospf-prefix-filtering-using-forwarding-address http://www.mplsvpn.info/2009/01/forwardind-address-in-lsa-5_26.html http://packetlife.net/blog/2009/feb/25/making-use-ospf-forwarding-addresses/ FA was introduced to avoid extra-hops when traffic is routed to an external AS. Apear in type 5 and 7 LSA. 0.0.0.0 = means the next hop is considered the originating router (ASBR) FA is set to non-zero when all this condition are meet: 1. OSPF is enabled on the ASBR's next hop interface 2. ASBR's next hop interface is non-passive under OSPF 3. ASBR's next hop interface must be broadcast or non-broadcast 4. ASBR's next hop interface address falls under the network range.

R4,R5,R6 are running OSPF in area 0. R4 is redistributing a static route.

R4(conf)#router ospf 1 redistribute static subnets ip route 1.1.1.0 255.255.255.0 10.0.145.1 R4#sh ip ospf database external 1.1.1.0 OSPF Router with ID (4.4.4.4) (Process ID 1) Type-5 AS External Link States Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24 Metric: 20 Forward Address: 10.0.145.1 External Route Tag: 0 R4#sh ip ospf int fa0/0 Network Type BROADCAST, Cost: 1 //next-hop int fa0/0 must be in OSPF and not passive

If one of the condition for setting FA is not meet, then FA=0.0.0.0

R4#sh ip ospf database external 1.1.1.0 OSPF Router with ID (4.4.4.4) (Process ID 1) Type-5 AS External Link States Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24 Metric Type: 2 (Larger than any link state path) Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0

If the forwarding address is non-zero, other routers look up the forwarding address in the routing table. The matching routing table entry must specify an intra-area or inter-area path; if no such path exists, do nothing with the LSA and consider the next in the list. So, R5 should have 10.0.145.0 as a conected network in his LSA type 1!!! On R5, if the FA is set and the interface towards FA is part of OSPF: If ther FA is not set R5#sh ip ospf database external 1.1.1.0 O E2 1.1.1.0 [110/20] via 192.168.1.4, 00:00:12, FastEthernet0/1 Routing Bit Set on this LSA in topology Base with MTID 0 If FA is set but the interface towards FA is not part of OSPF, then Routing O E2 1.1.1.0 [110/20] via 10.0.145.1, 00:00:00, FastEthernet0/0 Bit is not set and the external route does not apear in RIB for that router.
R4(config-router)#redistribute static subnets metric-type 1 R5(config-if)#ip ospf cost 100 R4(config-if)#ip ospf cost 200 R6 by default see 1.1.1.0 via both exit points: R6#sh ip route ospf R6#sh ip route ospf R6#sh ip route ospf O IA 10.0.145.0 [110/2] via 192.168.1.4, FastEthernet0/1 O IA 10.0.145.0 [110/101] via 192.168.1.5, FastEthernet0/1 O IA 10.0.145.0 [110/2] via 192.168.1.5, FastEthernet0/1 [110/2] via 192.168.1.4, FastEthernet0/1

2. Forwarding address suppresion in translated type 5 LSA. In the previos example, R4-R6 in area 0 and R1-R4 in area 145 NSSA. R1 redistributes a connected 1.1.1.0/24 as type 7 LSA and translated in type 5 by R4. If R4 does not send internal nssa routes like 10.0.145.0 (for RIB efficency reasons) then R6 cannot install in RIB the external type 5 LSA 1.1.1.0 which has a FA of 10.0.145.1. R4(config-router)#area 0 filter-list prefix P1 in //P1 deny 10.0.145.0

Before filtering internal nssa routes on R4: R6#sh ip route ospf O E1 1.1.1.0/24 [110/22] via 192.168.1.4, FastEthernet0/1 O IA 10.0.145.0/24 [110/2] via 192.168.1.4, FastEthernet0/1 R6#sh ip ospf database external 1.1.1.0 Type-5 AS External Link States LS Type: AS External Link Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24 Metric Type: 1 (Comparable directly to link state metric) Metric: 20 Forward Address: 10.0.145.1 External Route Tag: 0

After filtering 10.0.145.0: R6#sh ip route ospf //nothing shows up in RIB event though external LSA is present R6#sh ip ospf database external 1.1.1.0 Type-5 AS External Link States LS Type: AS External Link Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 4.4.4.4 Network Mask: /24 Metric Type: 1 (Comparable directly to link state metric) Metric: 20 Forward Address: 10.0.145.1 External Route Tag: 0

As a general rule, external prefixes in LSA type 5 with FA are installed only if FA is reachable and learned via ospf. Solution - change on ABR the FA to 0.0.0.0 when translating type 7 to type 5. Then routers in area 0 will use the ABR as next-hop instead of FA. R4(config-router)#area 145 nssa translate type7 suppress-fa R6#sh ip ospf database external R6#sh ip route ospf Link State ID: 1.1.1.0 (External Network Number ) O E1 1.1.1.0/24 [110/21] via 192.168.1.4, FastEthernet0/1 Advertising Router: 4.4.4.4 Network Mask: /24 Forward Address: 0.0.0.0

Troubleshooting OSPF
DEBUGS: R1#debug ip ospf hello
*Nov 16 17:09:41.395: OSPF: Mismatched hello parameters from 10.0.123.2 *Nov 16 17:09:41.395: OSPF: Dead R 36 C 40, Hello R 9 C 10 *Nov 16 18:26:37.227: OSPF: Rcv hello from 2.2.2.2 area 23 from FastEthernet0/0 10.0.23.2 *Nov 16 18:26:37.227: OSPF: Hello from 10.0.23.2 with mismatched Stub/Transit area option bit

R1#debug ip ospf events

//very usseful

*Nov 16 17:10:41.655: OSPF: Mismatched hello parameters from 10.0.123.2 *Nov 16 17:10:41.659: OSPF: Dead R 36 C 40, Hello R 9 C 10 *Nov 16 18:27:05.967: OSPF: Rcv hello from 2.2.2.2 area 23 from FastEthernet0/0 10.0.23.2 *Nov 16 18:27:05.967: OSPF: Hello from 10.0.23.2 with mismatched Stub/Transit area option bit

Will show the process of establishing adjacencies and all adj states R2#debug ip ospf adj
OSPF: Rcv pkt from 10.0.23.3, FastEthernet0/0, area 0.0.0.23 mismatch area 0.0.0.233 in the header OSPF: Schedule SPF in area 0, topology Base with MTID 0 Change in LS ID 1.1.1.1, LSA type R, spf-type Full OSPF: reset throttling to 5000ms next wait-interval 10000ms OSPF: schedule SPF in topology Base with MTID0: spf_time 01:16:18.080 wait_interval 5000ms OSPF: Begin SPF for topology Base with MTID 0 at 4583.084ms, process time 440ms spf_time 01:16:18.080, wait_interval 5000ms OSPF: Setting next wait-interval to 10000ms OSPF: End SPF for topology Base with MTID 0 at 4583.084ms, Total elapsed time 0ms Schedule time 01:16:23.084, Next wait_interval 10000ms

Va arata mesaje ospf doar primite. Daca exista nepotriviri nu arata nimic. R2#debug ip ospf packet
OSPF: rcv. v:2 t:1 l:44 rid:3.3.3.3 aid:0.0.0.23 chk:C57E aut:0 auk: from FastEthernet0/0

R1#debug ip ospf monitor //rulare SPF, tip SPF, timeri, ce LSA a cauzat rulare SPF

R1#debug ip ospf lsa-generation

OSPF: Generate external LSA 1.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base OSPF: Generate external LSA 1.0.0.0, mask 255.255.255.0, type 5, age 3600, seq 0x80000002 OSPF: MTID Metric Metric-type FA Tag Topology Name OSPF: 0 16777215 2 0.0.0.0 0 Base

R1#debug ip ospf spf external

//used to see injection of type 5 LSA

OSPF: Schedule partial SPF - type 5, LSID 0.0.0.0, adv_rtr 1.1.1.1 OSPF: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0, adv 1.1.1.1, age 0, seq 0x80000001, metric 1, metric-type 2, fw-addr 0.0.0.0

debug ip ospf flood [1] //how LSA are sent and received. With acl 1 permit 10.0.0.0 0.0.0.255, only info about lsa id 10.0.0.X are shown debug ip ospf lsa-generation //info about generation and flooding of own lsa. (Only external?) debug ip ospf retransmission //display retransmission lsa events debug ip ospf spf [externel|intre|inter...] //display SPF calculation

Details about SPF algorithm R1#sh ip ospf statistics

OSPF Router with ID (1.1.1.1) (Process ID 1) Area 0: SPF algorithm executed 7 times Area 145: SPF algorithm executed 2 times Summary OSPF SPF statistic SPF calculation time Delta T Intra D-Intra Summ D-Summ 00:41:49 4 0 4 0 00:40:32 0 0 0 4 00:39:35 4 0 0 4 00:23:19 16 0 0 0 00:21:40 0 4 0 0 00:20:27 4 4 0 0 00:20:02 4 4 0 4 00:13:58 0 0 0 0 00:07:20 4 4 0 0 00:04:56 4 4 0 0

R1#sh ip ospf statistics detail

OSPF Router with ID (1.1.1.1) (Process ID 1) Area 0: SPF algorithm executed 7 times SPF 1 executed 00:47:21 ago, SPF type Full SPF calculation time (in msec): SPT Intra D-Intr Summ D-Summ Ext7 D-Ext7 Total 0 4 0 0 4 0 0 8 LSIDs processed R:2 N:0 Stub:5 SN:2 SA:0 X7:0 Change record 0x0 LSIDs changed 1 Changed LSAs. Recorded is LS ID and LS type: 1.1.1.1(R) SPF 2 executed 00:42:52 ago, SPF type Full SPF calculation time (in msec): SPT Intra D-Intr Summ D-Summ Ext7 D-Ext7 Total 0 4 0 4 0 0 0 8 LSIDs processed R:2 N:0 Stub:5 SN:2 SA:0 X7:0 Change record 0x0 LSIDs changed 1 Changed LSAs. Recorded is LS ID and LS type: 1.1.1.1(R)

Ext 0 0 0 4 0 0 0 0 0 0

D-Ext 0 0 0 0 4 0 0 0 0 0

Total 8 4 8 20 8 8 12 0 8 20

Reason R R, SN R, SN, X R R R R X R R R= Router link change N= Network link change SN = SummaryNet link change SA = Summary on ASBR change X = External change

Delta T = time since SPF had run Intra = time to calculate intra-area LSA and install them in RIB D-Intra = time to delete invalid intra-area routes Summ = time to calculate inter-area LSA and install them in RIB D-Summ = time to delete invalid inter-area routes Ext = time to calculate external and NSSA LSA and install them in RIB D-Ext = time to delete invalid external and NSSA routes Total = total time to run OSPF

Conditional debug on interface

R2#debug ip ospf hello

//unconditionally show hello on all interfaces

OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 10.0.123.2 OSPF: Send hello to 224.0.0.5 area 23 on FastEthernet0/0 from 10.0.23.2 OSPF: Rcv hello from 1.1.1.1 area 0 from Serial1/0 10.0.123.1 OSPF: Rcv hello from 3.3.3.3 area 23 from FastEthernet0/0 10.0.23.3

R2#debug interface Fa0/0 //show only hello on fa0/0 R2#sh debugging

IP routing: OSPF hello events debugging is on Condition 1: interface Fa0/0 (1 flags triggered) Flags: Fa0/0 OSPF: Send hello to 224.0.0.5 area 23 on FastEthernet0/0 from 10.0.23.2 OSPF: Rcv hello from 3.3.3.3 area 23 from FastEthernet0/0 10.0.23.3

9. Redistribution from other protocols into OSPF

router ospf 1 redistribute static metric 200 subnets redistribute rip metric 200 subnets redistribute eigrp 1 metric 100 subnets redistribute isis metric 10 subnets !!!If a metric is not specifed when redistributing into ospf, a default metric of 20 is used, except for BGP which gets a metric of 1. Without subnets, ospf will redistribute only the major net.

OSPF stub router advertisment This feature should not be confused with ospf stub areas. Allows a router to advertise infinite metric (0xFFFF = 65535) for connected links in router LSA type 1 and normal cost if the link is a stub network.
R1#sh ip ospf Router is not originating router-LSAs with maximum metric R1#sh ip ospf database router 11.0.1.1 Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.145.1 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 1 R1(config-router)#max-metric router-lsa R1#sh ip ospf Originating router-LSAs with maximum metric Condition: always, State: active R1#sh ip ospf database router 11.0.1.1 Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.145.1 (Link Data) Router Interface address: 10.0.145.1 Number of MTID metrics: 0 TOS 0 Metrics: 65535 max-metric router-lsa All router LSA type 1, all subtypes exept subtype 1 (stub network) have metric set 65535 max-metric router-lsa external-lsa [1000000] //+ all type 5 external advertised have metric set to [1000000]. R1#sh ip ospf Originating router-LSAs with maximum metric Condition: always, State: active Advertise summary-LSAs with metric 2000000 Advertise external-LSAs with metric 1000000

TSHOOT OSPF: Troubleshooting adjacencies: (de vazut unde le mut) INIT State. Local router has sees hello from the neighbor but the neighbor has not seen hello from local router. Why? ACL, NBMA frame-relay mappings. 2-WAY State. This may be the right state between neighbors with priority 0 and between 2 DR-Other. EXSTART/EXCHANGE State. MTU problems, mtu must be the same. If mtu cannot be the same, then on interface: R1(conf-if)#ip ospf mtu-ignore //configurat pe interfata cu MTU mai mic. Not all ethernet interfaces allow changing of MTU. Serial interfaces usualy allow MTU changes. Router# debug ip ospf adj - de testat OSPF: Nbr 10.0.0.2 has smaller | bigger interface MTU