cis185-ROUTE-lecture3-OSPF-Part2
Download
Report
Transcript cis185-ROUTE-lecture3-OSPF-Part2
Configuring OSPF – Part 2 of 2
CIS 185 CCNP ROUTE
Rick Graziani
Cabrillo College
[email protected]
Last Updated: Fall 2010
OSPF Part 2
Review of Areas
NSSA (Not-So-Stubby-Areas)
Multiple ABRs
Virtual Links
Route Summarization
Default Routes
Authentication
OSPF over Frame Relay
LSDB Overload Protection
Passive Interface
2
Quick Review
3
LSA 1s – Router LSAs
LSA 1’s
LSA 1’s
LSA 1’s
show ip ospf database – Router Link States (LSA 1’s)
Should display all the RouterIDs of routers in that area,
including its own.
show ip route – “O” routes
Routes within that area
4
LSA 2s – Network LSAs
LSA 2’s
LSA 2’s
show ip ospf database – Net Link States (LSA 2’s)
Net Link States (LSA2’s) should display the RouterIDs of the
DRs on all multi-access networks in the area and their IP
addresses.
show ip route – “O” routes
Routes within that area
5
LSA 3 – Summary LSAs
LSA 3’s
LSA 3’s
LSA 1’s
show ip ospf database – Summary Net Link States (LSA 3’s)
Link ID = IP network addresses of networks in other areas
ADV Router = ABR Router ID sending the LSA-3
show ip route – “IA” (Inter-Area Routes)
Routes in other areas
6
LSA 4 – ASBR Summary Link States
LSA 4
LSA 1’s
ebit
LSA 4
show ip ospf database – Summary Net Link States (LSA 3’s)
Link ID = IP network addresses of networks in other areas
ADV Router = ABR Router ID sending the LSA-3
show ip route – “IA” (Inter-Area Routes)
Routes in other areas
7
LSA 5 – External Link States
R2 (ASBR)
router ospf 1
redistribute static
ip route 57.0.0.0 255.0.0.0 ser 0/3
LSA 5
LSA 5’s
LSA 5
“Redistribute” command creates an ASBR router.
Originated by the ASBR.
Describes destination networks external to the OSPF Routing Domain
Flooded throughout the OSPF AS except to stub and totally stubby areas
8
Stub Area
LSA 1s still
sent within
each area.
Stub Area
LSA 3
LSA 4
LSA 5
LSA 3
LSA 4 Blocked
LSA 5 Blocked
Default
route to
ABR
injected
•
•
•
•
We only see routes in
our area, other areas,
and a default route.
No external routes.
Sent by ABR: LSA 3s (Inter-Area routes)
Blocked:
• LSA 4s (reachability to ASBR)
• LSA 5s (External routes)
The ABR injects a default route into the stub area, pointing to the ABR.
• This does not mean the ABR has a default route of its own.
Changes in External routes no longer affect Stub Area routing tables.
9
Totally Stubby Area
Totally
Stubby Area
Blocked LSA 3
Blocked LSA 4
Blocked LSA 5
Default
route to
ABR
injected
•
•
•
We only see routes in our area
and a default route.
No inter-area or external routes.
LSA 1s still
sent within
each area.
Stub Area
LSA 3
LSA 4 Blocked
LSA 5 Blocked
Default
route to
ABR
injected
We only see routes in
our area, other areas,
and a default route.
No external routes.
Blocked:
• LSA 3s (Inter-Area routes)
• LSA 4s (reachability to ASBR)
• LSA 5s (External routes)
The ABR injects a default route into the stub area, pointing to the ABR.
• This does not mean the ABR has a default route of its own.
10
Changes in other areas and external routes no longer affect Stub Area routing tables.
NSSA (Not-So-Stubby-Areas)
NSSA (Not So Stubby Area)
NSSA
Area 2
Backbone Area
Area 0
RTH
RIP
RTE
RTG
RTD
ASBR
RTB
ABR
RTF
RTC
RTA
(Possible
ASBR)
12
NSSA (Not So Stubby Area)
Relatively new, standards based OSPF enhancement, RFC 1587.
NSSA allows an area to remain a stub area, but carry external routing
information (Type 7 LSAs) from its stubby end back towards the OSPF
backbone.
ASBR in NSSA injects external routing information into the backbone and the
NSSA area, but rejects external routing information coming from the ABR.
The ABR does not inject a default route into the NSSA.
This is true for a NSSA Stub, but a default route is injected for a NSSA
Totally Stubby area.
Note: RFC 1587, “A default route must not be injected into the NSSA as a
summary (type-3) LSA as in the stub area case.”
What???
Following scenario is only example of how NSSA works. For the purposes of
learning about NSSAs, don’t get hung up on the why’s and what if’s.
13
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
RTH
RIP
RTE
RTG
RTD
ASBR
RTB
ABR
RTF
RTC
RTA
(Possible
ASBR)
NSSA Stub Area
Area 2 would like to be a stub network.
RTH only supports RIP, so RTG will run RIP and redistribute those routes in OSPF.
What type of OSPF router does this make RTG?
Unfortunately, this makes the area 2 router, RTG, an ASBR.
Why is this a problem?
Stub areas cannot contain an ASBR.
In this example RTH does not need to learn routes from OSPF, a default route to RTG
is all it needs.
But all OSPF routers must know about the networks attached to the RIP router, RTH. to
route packets to it.
14
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
RTH
RIP
RTE
LSA 7
LSA 7
RTG
ASBR
LSA 5
RTD
LSA 7
LSA 7
RTB
ABR
RTF
LSA 7
RTC
LSA 7
LSA 7s
Blocked
RTA
(Possible
ASBR)
NSSA Stub Area (cont.)
NSSA allow external routes to be advertised into the OSPF AS while retaining the
characteristics of a stub area to the rest of the OSPF AS.
ASBR RTG will originate Type-7 LSAs to advertise the external destinations.
These LSA 7s are flooded through the NSSA but are blocked by the NSSA ABR.
The NSSA ABR translates LSA 7s into LSA 5s and flood other areas.
15
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
RTH
RIP
RTE
LSA 7
LSA 7
RTG
ASBR
LSA 5
RTD
LSA 7
LSA 7
RTB
ABR
RTF
LSA 7
RTC
LSA 7
LSA 7s
Blocked
RTA
(Possible
ASBR)
Type 7 LSA NSSA External Link Entry
Originated by an ASBR connected to an NSSA.
Flooded throughout NSSAs and translated into LSA Type 5 messages by
ABRs.
Routes learned via Type-7 LSAs are denoted by either a default “N1” or an
“N2” in the routing table. (Relative to E1 and E2).
16
NSSA Generic
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
RTH
RIP
RTE
LSA 7
LSA 7
RTG
ASBR
RTD
LSA 5
LSA 7
RTB
LSA 7
ABR
RTF
LSA 7
RTC
LSA 7
RTA
(Possible
ASBR)
LSA 7s
Blocked
Configuring NSSA Stub Area
Configured for all routers in Area 2:
router ospf 1
network 172.16.2.0 0.0.0.255 area 2
area 2 nssa
17
NSSA (Not So Stubby Area)
NSSA Stub and NSSA Totally Stubby
There are two flavors in NSSA:
Stub
Totally Stubby
Area 2 routers may or may not receive Inter-area routes from RTA, depending upon
NSSA configuration
NSSA areas have take on the same characteristics as stub and totally stubby areas,
along with the characteristics of NSSA areas.
18
NSSA –Stub
NSSA stub areas:
NSSAs that block type 4 and 5, but allow type 3.
To make a stub area into an NSSA, use the following command under the
OSPF configuration.
This command must be configured on all routers in area 2.
router ospf 1
area 2 nssa
19
NSSA Stub Areas
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
LSA 3s
RTH
RTH routes:N1/N2
RIP
LSA 4s & LSA 5s
RTE
LSA 7
LSA 7
RTG
ASBR
X
X
RTH
routes:E1/E2
0.0.0.0/0
LSA 5
RTD
LSA 7
LSA 7
RTB
ABR
RTF
LSA 7
RTC
LSA 7
LSA 7s
Blocked
RTA
(Possible
ASBR)
Internal NSSA routers have:
All area 2 routes
External routes from RTH (N1/N2)
Inter-area routes from RTB
Area 0 routers have from area 2:
All area 2 routes
External routes from RTH (E1/E2)
20
NSSA Stub Areas
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
LSA 3s
RTH
RTH routes:N1/N2
RIP
LSA 4s & LSA 5s
RTE
RTG
ASBR
LSA 7
X
0.0.0.0/0
LSA 7 X
RTH
routes:
E1/E2
LSA 5
RTD
LSA 7
LSA 7
RTB
ABR
RTF
LSA 7
RTC
LSA 7
LSA 7s
Blocked
RTA
(Possible
ASBR)
Area 2 routers:
router ospf 1
network 172.16.2.0 0.0.0.255 area 2
area 2 nssa
21
NSSA – Totally Stubby
NSSA Totally Stubby Area
NSSA totally stub areas: Allow only summary default routes and filters
everything else.
To configure an NSSA totally stub area, use the following command under the
OSPF configuration on the NSSA ABR:
router ospf 1
area 2 nssa no-summary
Configure this command on NSSA ABRs only.
All other routers in area 2 (internal area 2 routers):
router ospf 1
area 2 nssa
After defining the NSSA totally stub area, area 2 has the following characteristics
(in addition to the above NSSA characteristics):
No type 3 (except default), 4 or 5 LSAs are allowed in area 2.
A default route is injected into the NSSA totally stub area as a type 3
summary LSA by the ABR.
22
NSSA Totally Stubby Areas
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
LSA 3s
RTH
X
X
0.0.0.0/0 (LSA 3)
RTH routes: N1/N2
RIP
LSA 4s & LSA 5s
RTE
LSA 7
LSA 7
RTG
ASBR
RTH
routes:
E1/E2
LSA 5
RTD
LSA 7
LSA 7
RTB
ABR
RTF
LSA 7
RTC
LSA 7
LSA 7s
Blocked
RTA
(Possible
ASBR)
RTB (ABR):
router ospf 1
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 2 ...
area 2 nssa no-summary
Area 2 routers:
router ospf 1
network 172.16.2.0 0.0.0.255 area 2
area 2 nssa
23
NSSA Totally Stubby Areas
NSSA
Area 2
Default route via RTG
Backbone Area
Area 0
LSA 3s
RTH
X
X
0.0.0.0/0 (LSA 3)
RTH routes: N1/N2
RIP
LSA 4s & LSA 5s
RTE
LSA 7
LSA 7
RTG
ASBR
RTH
routes:
E1/E2
LSA 5
RTD
LSA 7
LSA 7
RTB
ABR
RTF
LSA 7
RTC
LSA 7
LSA 7s
Blocked
RTA
(Possible
ASBR)
Internal NSSA routers have:
All area 2 routes
External routes from RTH (N1/N2)
Default route from RTB
Area 0 routers have from area 2:
All area 2 routes
External routes from RTH (E1/E2)
24
Multiple ABRs
Multiple ABRs – If you want to experiment…
OSPF-MultiArea-Advanced.pkt
Used with “normal” areas.
Routers choose best path to other areas.
Can be used with Stub and Totally Stubby but inefficient routing may
occur due to multiple default routes injected by ABR.
26
Multiple ABRs
Routing
Table
ABR1
RTA
Distribute
List
Network X
LSA 1’s
RTB
SPF
RTC
LSDB
Area 51
ABR2
Area 0
Intra-area routes, OSPF uses pure Link State logic.
All routers inside the area have an identical copy of the LSDB for
that area.
27
Multiple ABRs
To ABR
Routing
Table
ABR1
RTA
Link State Logic
Distribute
List
LSA 3’s
RTB
Distance Vector Logic
SPF
RTC
LSDB
Network X
LSA 3’s
Area 51
ABR2
Area 0
Best route to reach each ABR is an intra-area SPF calculation.
Interarea routes (LSA 3s) use Distance Vector logic.
ABR advertises Type 3 Summary LSAs (metric but not topology
information).
Total cost to Network X = Cost to ABR + ABR’s cost to Network X.
RTB selects best route to Network X via ABR1 and/or ABR2.
28
Multiple ABRs
ABR1
The best path to
Network X is via
ABR1 with a total
cost of 20.
RTA
My cost to
network X
is 10
Cost = 20
LSA 3’s
Cost = 205
RTB
RTC
Normal
Area
Area 51
ABR2
Network X
My cost to
network X
is 200
Area 0
Total cost to Network X = Cost to ABR + ABR’s cost to Network X.
RTB selects best route to Network X via ABR1 and/or ABR2.
With stub and totally stubby areas this may not be the most optimum
route!
29
Multiple ABRs – Stub Networks
ABR2 is “closer” a
lesser metric, so I
will use ABR2 for
all routes outside
my area even if its
not the most
optimum path.
ABR1
RTA
Cost = 10
LSA 3’s
Cost = 5
RTB
Default Route
RTC
Totally
Stubby
Area
My cost to
network X
is 10
Area 51
ABR2
Network X
My cost to
network X
is 200
Area 0
Stub and totally stubby area ABRs inject a default route into the
area.
Stub ABRs block LSA 4’s and 5’s (external networks)
Totally Stubby ABRs block LSA 3’s (interarea networks), 4’s and
5’s (external networks)
In both cases internal routers can only determine the best route to
an ABR, which may not be the best route to the destination network.
30
Virtual Links
Virtual Links
32
Virtual Links
All areas in an OSPF autonomous system must be physically connected to
the backbone area (area 0).
This is not always possible, you can use a virtual link to connect to the
backbone through a non-backbone area.
Transit area - The area through which you configure the virtual link and
must have full routing information.
Must be configured between two ABRs.
The transit area cannot be a stub area.
33
Virtual Links
A virtual link has the following two requirements:
It must be established between two routers that share a common area
and are both ABRs.
One of these two routers must be connected to the backbone.
Doyle, “should be used only as a temporary fix to an unavoidable
topology problem.”
34
Virtual Links
Routers do not have to be directly connected.
35
The command to configure a virtual link is as follows:
area <area-id> virtual-link <remote-router-id>
RTA(config)#router ospf 1
RTA(config-router)#network 192.168.0.0 0.0.0.255 area 51
RTA(config-router)#network 192.168.1.0 0.0.0.255 area 3
RTA(config-router)#area 3 virtual-link 10.0.0.1
...
RTB(config)#router ospf 1
RTB(config-router)#network 192.168.1.0 0.0.0.255 area 3
RTB(config-router)#network 192.168.2.0 0.0.0.255 area 0
RTB(config-router)#area 3 virtual-link 10.0.0.2
36
Virtual
Links
OSPF allows for
linking
discontinuous parts
of the backbone
using a virtual link.
OSPF messages
between virtual link
routers sent as
unicast.
C1
C2
router ospf 1
area 1 virtual-link 4.4.4.4
interface loopback 1
ip address 1.1.1.1 255.255.255.0
router ospf 4
area 1 virtual-link 1.1.1.1
interface loopback 1
ip address 4.4.4.4 255.255.255.0
37
Routers use of the Do
Not Age (DNA) bit, so
periodic reflooding
(every 30 minutes) will
not occur over this virtual
link.
OSPF Note: Router IDs
do not have to be
advertised and therefore
may not be pingable.
C1# show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 4.4.4.4 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface FastEthernet0/1, Cost of using 3
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Adjacency State FULL (Hello suppressed)
38
"In the area 0 via
interface OSPF VL0"
– confirming that the
neighbor relationship
does indeed exist in
area 0.
C1# show ip ospf neighbor
Neighbor ID
4.4.4.4
2.2.2.2
Pri
0
1
State
FULL/ FULL/DR
Dead Time
00:00:35
Address
10.24.1.1
10.21.1.2
C1# show ip ospf neighbor detail 4.4.4.4
Neighbor 4.4.4.4, interface address 10.24.1.1
In the area 0 via interface OSPF_VL0
Interface
OSPF_VL0
FastEthernet0/1
39
Route Summarization
Route
Summarization
Inter-Area Route Summarization - Area Range
By default ABRs do not summarize routes between areas.
In OSPF, an ABR will advertise networks in one area into another area.
If at least one component subnet exists (subnets that sit inside the range),
then the ABR advertises the summary route as a Type 3 LSA.
If no component subnets exist, the ABR does not advertise the summary.
The ABR assigns a metric for the summary route's Type 3 LSA, by default, to
match the best (lowest) metric amongst all component subnets.
The area range command can also explicitly set the cost of the summary.
On the ABR (Summarizes routes before injecting them into different area)
Router(config-router)# area area-id range networkaddress subnet-mask
area-id - Identifier of the area about which routes are to
41
172.17.1.0/24
172.17.2.0/24
172.17.3.0/24
172.17.4.0/24
172.17.5.0/24
172.17.6.0/24
172.17.7.0/24
Summarize Area 1 172.17.0.0 routes on Area 1 ABRs .
42
172.17.1.0/24
172.17.2.0/24
172.17.3.0/24
172.17.4.0/24
172.17.5.0/24
172.17.6.0/24
172.17.7.0/24
172.17. 0000 0001 . 0000 0000
172.17. 0000 0010 . 0000 0000
172.17. 0000 0011 . 0000 0000
172.17. 0000 0100 . 0000 0000
172.17. 0000 0101 . 0000 0000
172.17. 0000 0110 . 0000 0000
172.17. 0000 0111 . 0000 0000
43
172.17.1.0/24
172.17.2.0/24
172.17.3.0/24
172.17.4.0/24
172.17.5.0/24
172.17.6.0/24
172.17.7.0/24
172.17.0.0 255.255.248.0 (/21)
172.17. 0000 0001 . 0000 0000
172.17. 0000 0010 . 0000 0000
172.17. 0000 0011 . 0000 0000
172.17. 0000 0100 . 0000 0000
172.17. 0000 0101 . 0000 0000
172.17. 0000 0110 . 0000 0000
172.17. 0000 0111 . 0000 0000
44
172.17.1.0/24
172.17.2.0/24
172.17.3.0/24
172.17.4.0/24
172.17.5.0/24
172.17.6.0/24
172.17.7.0/24
router ospf 1
area 1 range 172.17.0.0 255.255.248.0
45
Inter-Area Route Summarization - Area Range
Before
R2# show ip route
172.17.0.0/24 is
O IA
172.17.1.1
O IA
172.17.2.1
O IA
172.17.3.1
O IA
172.17.4.1
O IA
172.17.5.1
O IA
172.17.6.1
O IA
172.17.7.1
subnetted, 7
[110/66] via
[110/66] via
[110/66] via
[110/66] via
[110/66] via
[110/66] via
[110/66] via
subnets
10.0.0.1,
10.0.0.1,
10.0.0.1,
10.0.0.1,
10.0.0.1,
10.0.0.1,
10.0.0.1,
00:02:19,
00:02:19,
00:02:19,
00:02:19,
00:02:19,
00:02:19,
00:02:19,
Serial0/0
Serial0/0
Serial0/0
Serial0/0
Serial0/0
Serial0/0
Serial0/0
After
R2# show ip route
O IA 172.17.0.0/21 [110/66] via 10.0.0.1, 00:10:17, Serial0/0
46
128.213.64.0 /24
…
128.213.95.0 /24
External Route Summarization - summary-address
When redistributing routes from other protocols into OSPF (later), each route is advertised
individually in an external link state advertisement (LSA).
However, you can configure the Cisco IOS software to advertise a single route for all the
redistributed routes that are covered by a specified network address and mask.
Doing so helps decrease the size of the OSPF link state database.
On the ASBR only (Summarizes external routes before injecting them into the OSPF
domain.)
47
Router(config-router)# summary-address network-address subnet-mask
Route Summarization
128.213.64.0 /24
…
128.213.95.0 /24
ASBR
router ospf 1
summary-address 128.213.64.0 255.255.224.0
redistribute bgp 50 metric 1000 subnets (later)
48
Default Routes
Injecting Default Routes into OSPF
By default, 0.0.0.0/0 route is not propagated from the ASBR to other
routers.
An autonomous system boundary router (ASBR) can be forced to generate
a default route into the OSPF domain.
As discussed earlier, a router becomes an ASBR whenever routes are
redistributed into an OSPF domain.
However, an ASBR does not, by default, generate a default route into the
OSPF routing domain.
50
Injecting Default Routes into OSPF
The way that OSPF generates default routes (0.0.0.0) varies depending on the
type of area the default route is being injected into.
Stub and Totally Stubby Areas
For stub and totally stubby areas, the area border router (ABR) to the stub
area generates a summary link-state advertisement (LSA) with the link-state
ID 0.0.0.0.
This is true even if the ABR doesn't have a default route.
In this scenario, you don't need to use the default-information originate
command.
51
Stub Area
LSA 1s still
sent within
each area.
Stub Area
LSA 3
LSA 4
LSA 5
LSA 3
LSA 4 Blocked
LSA 5 Blocked
Default
route to
ABR
injected
•
•
•
•
We only see routes in
our area, other areas,
and a default route.
No external routes.
Sent by ABR: LSA 3s (Inter-Area routes)
Blocked:
• LSA 4s (reachability to ASBR)
• LSA 5s (External routes)
The ABR injects a default route into the stub area, pointing to the ABR.
• This does not mean the ABR has a default route of its own.
Changes in External routes no longer affect Stub Area routing tables.
52
Totally Stubby Area
Totally
Stubby Area
Blocked LSA 3
Blocked LSA 4
Blocked LSA 5
Default
route to
ABR
injected
•
•
•
We only see routes in our area
and a default route.
No inter-area or external routes.
LSA 1s still
sent within
each area.
Stub Area
LSA 3
LSA 4 Blocked
LSA 5 Blocked
Default
route to
ABR
injected
We only see routes in
our area, other areas,
and a default route.
No external routes.
Blocked:
• LSA 3s (Inter-Area routes)
• LSA 4s (reachability to ASBR)
• LSA 5s (External routes)
The ABR injects a default route into the stub area, pointing to the ABR.
• This does not mean the ABR has a default route of its own.
53
Changes in other areas and external routes no longer affect Stub Area routing tables.
Injecting Default Routes into OSPF
Normal Areas
By default, in normal areas routers don't generate default routes.
To have an OSPF router generate a default route, use the defaultinformation originate command.
This generates an external type-2 link with link-state ID 0.0.0.0 and network
mask 0.0.0.0.
This command should only be used on the ASBR.
Some documentation states this command works only on an ASBR while
other documentation states this command turns a router into an ASBR.
54
Injecting Default Routes into OSPF
To have OSPF generate a default route use the following:
router ospf 10
default-information originate [always] [metric metric-value]
[metric-type type-value] [route-map map-name]
55
Injecting Default Routes into OSPF
There are two ways to generate a default.
1) default-information originate
Conditional: If the ASBR already has the default route (ip route 0.0.0.0
0.0.0.0), you can advertise 0.0.0.0 into the area.
2) default-information originate always
Unconditional: If the ASBR doesn't have the route (ip route 0.0.0.0
0.0.0.0), you can add the keyword always to the default-information
originate command, and then advertise 0.0.0.0.
You should be careful when using the always keyword. If your router
advertises a default (0.0.0.0) inside the domain and does not have a
default itself or a path to reach the destinations, routing will be broken.
56
Injecting Default Routes into OSPF
ASBR
router ospf 1
network 172.16.1.0 0.0.0.255 area 0
default-information originate
ip route 0.0.0.0 0.0.0.0 10.0.0.2
57
Injecting Default Routes into OSPF
No 0.0.0.0/0 route, but
propagated anyway or
“always”
ASBR
router ospf 1
network 172.16.1.0 0.0.0.255 area 0
default-information originate always
58
Redistributing External Routes
E1 vs. E2 External Routes
External routes fall under two categories:
External type 1
External type 2.
The difference between the two is in the way the cost (metric) of the route is
being calculated.
A type 1 (E1) cost is the addition of the external cost and the internal cost
used to reach that route.
The cost of a type 2 (E2) route is always the external cost, irrespective of
the interior cost to reach that route.
Type 2 (E2) is the default!
59
Redistributing External Routes (FYI for now)
router ospf 1
redistribute routing-protocol metric-type [1|2] subnets
metric-type 1 - A type 1 cost is the addition of the external cost and the
internal cost used to reach that route.
redistribute rip [metric value] metric-type 1
metric-type 2 - The cost of a type 2 route is always the external cost,
irrespective of the interior cost to reach that route.
redistribute rip [metric value] metric-type 2
The subnets keyword redistributes subnet details.
Without it subnetted networks would not be redistributed.
Only classful network addresses (non-subnets) would be distributed.
(more later)
We will look at this command, along with internal/external costs, later in
the chapter discussion route redistribution.
60
Redistributing External Routes (FYI for now)
metric-type 2 - The cost of a type 2 route is always the external cost,
irrespective of the interior cost to reach that route.
redistribute rip [metric value] metric-type 2 subnets
More later, but here is a taste of the metric value option …
If a value is not specified for the metric value option, and no value is
specified using the default-metric command, the default metric value is 0,
except for OSPF where the default cost is 20.
0 is only understood by IS-IS and not by RIP, IGRP and EIGRP.
RIP, IGRP and EIGRP must have the appropriate metrics assigned to any
redistributed routes, or redistribution will not work.
Use a value consistent with the destination protocol.
More later!
61
metric-type 1
RIP routes redistributed with a
metric (cost) of 500 plus the
outgoing cost of the interface
and a metric-type 1
Redistributing External Routes
564
564
565
566
ASBR
router ospf 1
redistribute rip metric 500 metric-type 1
network 206.202.0.0 0.0.0.255 area 0
62
metric-type 2
Redistributing External Routes
RIP routes redistributed with a
metric (cost) of 500 and a
metric-type 2 (default)
500
500
500
500
ASBR
router ospf 1
redistribute rip metric 500 metric-type 2
network 206.202.0.0 0.0.0.255 area 0
63
Authentication
Configuring Simple or Plain Text Authentication
configure a password for the interface using the ip ospf authentication-key
command.
Rtr(config-if)# ip ospf authentication-key passwd
password = Clear text unless message-digest is used (next)
Maximum 8 characters
Passwords do not have to be the same throughout an area, but they must be same
between neighbors.
For simple password authentication, use the ip ospf authentication command without any
parameters.
Rtr(config-if)# ip ospf authentication
Configuring Plain Text Authentication
Verify
67
R1# debug ip ospf adjacency
The debug ip ospf adj command is used to display OSPF adjacencyrelated events and is useful when troubleshooting authentication.
Will show any unsuccessful authentication information (such as
authentication type).
68
Configuring MD5 Authentication
Assign a key ID and key to be used with neighboring routers that are using the
OSPF MD5 authentication:
Rtr(config-if)# ip ospf message-digest-key key-id md5 password
Key-id = 1 to 255, must match on each router to authenticate.
md5 = Encryption-type
password = encrypted
Passwords do not have to be the same throughout an area, but they must be same
between neighbors.
Maximum 16 characters
Specify the authentication type using the interface configuration command:
Rtr(config-if)# ip ospf authentication [message-digest | null]
Configuring MD 5Authentication
Verify
71
Verify
72
Verify
73
Verfy
74
Troubleshooting (Different Key IDs)
75
MD5 Authentication (FYI)
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml
1
2
3
4
5
6
76
Simple Authentication over Virtual Link
77
On router R1, simple password
authentication is configured for the
whole area 0, with the:
area 0 authentication
The virtual link, connecting area 2
to area 0, is created via transit
area 1 with plain text
authentication and the
authentication key cisco, with:
area 1 virtual-link 3.3.3.3
authentication-key cisco
The configuration of router R3 is
similar to router R1.
78
MPLS and Frame Relay
79
Adjacency over Layer 2 MPLS VPN
EoMPLS is also known as a type of MetroEthernet
R1 and R2 exchange Ethernet frames transparently across the MPLS
backbone
They are connected to Provider Edge (PE) routers.
The PE1 router:
Takes encapsulates the Ethernet frame into an MPLS packet and
forwards it across the backbone to the PE2 router
The PE2 router:
Decapsulates the MPLS packet
Reproduces the Ethernet frame on its Ethernet link to router R2
80
When deploying OSPF over EoMPLS, there are no changes to the OSPF
configuration from the customer perspective.
The PE1 and PE2 routers are not visible.
A neighbor relationship is established directly between routers R1 and
R2 (just like any Ethernet broadcast network).
The OSPF network type is a multiaccess broadcast network so DR and
BDR routers are elected.
81
Adjacency over Layer 3 MPLS VPN
To the customer routers running OSPF (routers R1 and R2), the Layer 3
MPLS VPN backbone looks like a standard corporate backbone.
The CE routers form adjacencies with the PE routers.
The OSPF network type of the CE-PE link can be point-to-point, broadcast
or NBMA.
82
OSPF over Frame
Relay
Frame Relay is a multiaccess network similar to Ethernet LAN.
A single access circuit provides access to multiple neighboring routers
(networks).
Unlike Ethernet:
Each virtual circuit between routers needs to be created, managed and
maintained by the frame relay service provider.
Broadcast and multicast packets must be sent as individual packets for
each router. (Non-Broadcast)
By default, OSPF cannot build adjacencies with neighbor routers over
NBMA interfaces
83
Full-mesh
All routers have virtual circuits (VCs) to all other destinations.
Although costly, provides direct connections from each site to all
other sites and allows for redundancy.
As the number of nodes in the full-mesh topology increases, the
topology becomes increasingly expensive.
n(n – 1)/2, where n is the number of nodes in the network.
84
Partial-mesh
Not all sites have direct access to a central site.
This method reduces the cost compared to implementing a full-mesh
topology.
85
Hub-and-Spoke or Star
Most common Frame Relay network topology.
Remote sites connect to a central site that generally provides a service or
application.
The least expensive topology because it requires the fewest PVCs.
The central router provides a multipoint connection because it typically
uses a single physical interface to interconnect multiple PVCs
Each connection between central site and remote sites is a separate PVC
86
There are many ways to implement OSPF over Frame
Relay.
In most cases there is more than one way to do it.
Decisions:
One subnet or individual subnets?
Are multicasts and broadcasts supported by the
network?
Do I want the neighbor adjacencies to be discovered
automatically or should I configure them manually?
Are all my routers Cisco routers?
Do I want the use of a DR/BDR to be the central point of
87
LSA distribution?
ip ospf network
To configure the OSPF network type to a type other than the default for
a given medium, use the ip ospf network command in interface
configuration mode.
The default depends upon the type of medium
88
Broadcast (cisco)
Topologies: Full-mesh or Partial-mesh
Note: Makes the WAN interface look like a LAN
Subnet: One subnet
Adjacency: Automatically discovered by OSPF multicasts
DR/BDR: Elected
RFC or Cisco: Cisco
Notes:
Workaround for statically listing all existing neighboring routers
Take special care to ensure either a full-mesh topology or a static election of the DR
based on the interface priority.
Router(config-router)#ip ospf network broadcast
89
Router(config-router)#ip ospf network non-broadcast
Non- Broadcast (RFC)
Topologies: Full-mesh or Partial-mesh or Star
Note: OSPF emulates operation over a broadcast network.
Subnet: One subnet
Adjacency: Must be manually configured using the neighbor command (nonbroadcast mode)
neighbor statements required only on the DR and BDR
DR/BDR: Elected
DR and BDR must have full connectivity to all other routers (DROTHERs)
DR must be the Hub in Hub-and-Spoke topology
RFC or Cisco: RFC
Notes:
Routers B and C could be configured with the ip ospf priority 0 command and/or
Router A includes the priority 0 option in its neighbor command to ensure Router A 90
becomes the DR.
Router(config-router)#ip ospf network point-to-multipoint
Point-to-Multipoint
(broadcast)(RFC)
Topologies: Partial-mesh or Star
Note: Used when VCs support multicast and broadcast
OSPF treats all router-to-router connections over the nonbroadcast network as if they
are point-to-point links.
Subnet: One subnet
Adjacency: Automatically discovered by OSPF multicasts
DR/BDR: None
RFC or Cisco: RFC
Notes:
Multicasts and broadcasts must be enabled on the VCs for RFC compliant point-tomultipoint to be used.
91
If not routers cannot dynamically discover neighbors - Cisco mode should be used (next)
Router(config-router)#ip ospf network point-to-multipoint non-broadcast
Point-to-Multipoint
non-broadcast (cisco)
Topologies: Partial-mesh or Star
Note: Used when VCs cannot support multicast and broadcast
Subnet: One subnet
Adjacency: Must be manually configured using the neighbor command (like in nonbroadcast mode)
RouterA(config-router)# neighbor 192.168.1.2
RouterA(config-router)# neighbor 192.168.1.3
DR/BDR: None
RFC or Cisco: cisco
Notes:
Used when multicasts and broadcasts cannot be enabled on the VCs, so RFC compliant
point-to-multipoint cannot be used because routers cannot dynamically discover
92
neighbors.
Router(config-router)#ip ospf network point-to-point
Point-to-Point
non-broadcast (cisco)
192.168.1.1
192.168.2.1
192.168.2.2
Topologies: Partial-mesh or Star
Note: Used when only two routers need on form an adjacency on a pair of interfaces
Subnet: Different IP subnet on each interface
Adjacency: Automatically discovered by OSPF multicasts
DR/BDR: none
RFC or Cisco: cisco
Notes:
Cisco point-to-point can also be used with Ethernet interfaces.
ip ospf network point-to-point on an Ethernet interface means no DR or
BDR will be elected.
93
OSPF LSDB Overload
Protection
94
Router keeps count of the number of received (non-self-generated) LSAs
that it keeps in its LSDB.
If other routers are misconfigured, causing, for example, a redistribution of a
large number of prefixes, large numbers of LSAs can be generated.
These excessive LSAs can drain local CPU and memory resources.
OSPF LSDB overload protection can be configured to protect against this
Cisco IOS Software Release 12.3(7)T and later (and some specific
earlier releases)
OSPF command: max-lsa maximum-number [thresholdpercentage] [warning-only] [ignore-time minutes]
[ignore-count count-number] [reset-time minutes]
95
Error Message
Notification Message
Router keeps count of the number of received (non-self-generated) LSAs that it keeps
in its LSDB.
When this number reaches a configured threshold number:
An error message is logged
A notification is sent when it exceeds the threshold number
If the LSA count still exceeds the threshold after one minute:
OSPF goes into the ignore state
OSPF process takes down all adjacencies
Clears the OSPF database
No OSPF packets are sent or received by interfaces that belong to that OSPF
process.
OSPF process remains in the ignore state for the time defined by the ignore-time
parameter.
ignore-count parameter defines the maximum number of times that the OSPF
process can consecutively enter the ignore state before remaining permanently down
and requiring manual intervention.
reset-time parameter defines the time the OSPF process remains normal and then
96
the ignore state counter is reset to 0.
OSPF Passive-Interface
97
passive-interface type number [default] router configuration
command
Prevents OSPF routing updates from being sent through the specified
router interface.
This command can be used with all IP-based routing protocols except BGP
OSPF’s behavior with this command is different than other routing protocols
With OSPF the specified interface appears as a stub network (not a stub
area) in OSPF domain.
OSPF routing information is neither sent nor received through the
interface.
As long as the appropriate network command is still used the router will
still advertise the network to its OSPF neighbors.
98
Router R1 has three interfaces that act as stub networks.
LSAs are not sent or received through these interfaces
The only interface that should participate in the OSPF process is
interface Serial0/0/1.
For Router R2, only one interface is a stub interface, where the propagation
of LSAs should be stopped, interface Ethernet0.
99
Configuring OSPF – Part 2 of 2
CIS 185 CCNP ROUTE
Rick Graziani
Cabrillo College
[email protected]