OSPF (Open Shortest Path First)
Shortest Path First (SPF) or Dijkstra’s alrgorith,
OSPFv1 -> OLD and not used OSPFv2 -> Used for IPv4 OSPFv3 -> Used for IPv6 and IPv4
LSA -> Link State Advertisements LSDB -> Link State Database
Routers will flood LSAs until all routers in the OSPF area develop the same LSDB.
Router ID is in IPv4 format, and can be manually configured, taken from highest loopback, or highest physical interface.
SPF is used to calculate the best path to a network based on the LSAs in the LSDB, for every route.
Each LSA has a 30 minute expiration.
Three main steps to determine the best path:
- Become neighbors with other routers connected to the same segment.
- Exchange LSAs with neighbor routers
- Calculate the best route to the destination and add it to the routing table.
Area -> group of routers that share the same LSDB Backbone Area -> special area that all other areas must connect to Internal Routers -> only connected to one area Backbone Router, any router in the backbone area. Can also be ABRs. Area Border Routers -> Routers that connect to more than one area
- Keeps a different LSDB for each area, be careful, can overburden Autonomous System Border Router -> routers that connect backbone to another routing protocol or AS Intra-Area Route -> Route which destination is in the same area Interarea Route -> Route which destination is in a different area
All OSPF areas must have atleast one ABR connected to the Backbone area.
router ospf 1 router-id 1.1.1.1 network 10.0.12.0 0.0.0.3 area 0Process ID is only locally significant.
ip route 0.0.0.0 0.0.0.0 203.113.2router ospf 1 default-informaion originateWhen you configure default-information originate command, that router will automatically become an ASBR. You can add always to make it so that even if the DFGW route is down, it will still advertise.
OSPF does support ECMP load balanceing over 4 paths by default.
router ospf 1 maximum-paths 4route ospf 1 distance 110Run the show ip protocols command to see all the above info.
OSPF’s metric is called cost
Auto calulated based on the bandwidth of the interface
Interface cost is calced by reference bandwidth / interface bandwidth
Default Reference Bandwidth is 100,000 Kbps
By default it caps out at 1, anything less than 1 is defaulted to 1.
Therefor anything higher than 100Mbps is cost of 1.
router ospf 1 auto-cost reference-bandwidth [mbps]You should configure the reference bandwidth to be higher than the fasted link in your netwokr (100x if possible)
The OSPF Cost is the to a dest is the total cost of the egress interfaces.
Loopbacks always have a cost of 1 - 1 is still added though when trying to reach it.
ip ospf cost [cost] <- this changes the whole cost of an interface
NOTE: Bandwidth similar to DLY is just used for metric calc, does not affect data plane.
Suammry of how to change cost
- change the reference bandwith from router mode
- change tyhye ip ospf cost per interface
- changfe the interface bandwdith variable
OSPF Neighbors
When ospf is activiated the oruter starts sending hellos. These are used to introduct the router by exchanging hellos they dtermine their ocmpatability and start negotiations Multicast is 224.0.0.5 for hello messages OSPF IP header has a value of 89 to indicate ospf
ospf is activated on r1 g0/0 interface sends hello to 224.0.0.5
- RID 1.1.1.1
- Neighbor RID: 0.0.0.0 router is now in down and init
r2 gets it and sets r1 as an init state. r2 then sends a hello packet with both upon recept of the hello that has:
- RID 2.2.2.2
- Neighbor RID: 1.1.1.1
- now r1 is in 2way then when r2 gets the same hello BACK with matching info from R1 again it sets itself as 2 way.
SENDING A FULLY QUALIFIED HELLO ENTER THAT NEIGHBOR TO 2WAY IN THE SOURCE ROUTERS TABLE
2 way state means that a router has received a hello with its own RID in it.
They are now ready to share LSAs.
If they fail to reach 2 way, you know you have to troubleshoot or you know its DR or BDR.
AT THIS POINT, if you have DR or BDR they will be elected at this point
the routers have to choose which one will be master and slave.
- they decide in the exstart state
- the router with the higher RID will become the master
- They do this by sending DBD packets.
they send empty DBDs to eachother.
- R2 sees R1 claim to be the master
- R2 responds to R1 and says no ill be the master because my RID is more
- NOTE: the RID from the hello is not considered, for this only the RID in the BDB packet is considered.
Now they are in EXCHANGE state
- In this state they send actaul DBS, whcihc are just snapshots of their LSA, no actual routing info.
- This is for identifying what they have dont have and need for the next state.
Now they are in LOADING state
- routers send LSR for neighbors to send any LSAs that they dont have base don the DBD from before.
- LSRs are responded to with an LSU with all the LSA details
- Then the original device sends an LSAck
Now they are in a Full state, meaning they are a full neighbor and have identifcal LSDBs
Every time a hello packet is received the dead timer is received. if they miss hellos for a default of 40 seconds, the neighbor is removed.
DR/BDR election:
-
- Highest OSPF interface priority
-
- Highest OSPF router ID
Default OSPF interfce priority is 1 on all interfaces. Configure it with:
ip ospf priority [0-255]NOTE: if you set it to 0 it CANNOT be DR/BDR
DR/BDR is non-preemptive. They will keep their role until OSPF is reset.
NOTE that when a reelection is done, the BDR will ALWAYS become the new DR, then the best priority becaomes the new BDR.
In broadcast, routers only form full adjacencies with the DR and BDR of the segment. Therefor routers only exchange LSAs with the DR and BDR. DROthers will not exchange LSAs with eachother.
When messages are sent to the DR/BDR they are sent multicast to 224.0.0.6.
Neighbors are when they are in 2 way. Adjacensies are when they are full.
ip ospf network point-to-point
OSPF Neighbor Requirements:
- Area number must match
ip ospf hello-interval #ip ospf dead-interval #ip ospf authenticationip ospf authentication-key [string]LSA Types
Type 1: Router LSA
- Every router makes this type
- Lists netwokrs tied to its OSPF-interfaces
Type 2: Network LSA
- Generated by the DR of each broadcast network
- Lists the router whichg are attached to the broadcast network Type 5: AS-External LSA
- Generated by the ASBR to describe routes to desitnations outside of the AS (OSPF domain)
https://www.youtube.com/watch?v=u89NCxK4FVU&list=PLxbwE86jKRgOb2uny1CYEzyRy_mc-lE39&index=70
AUTHENTICATION
Type 0: null auth, aka no authentication (default) Type 1: simple password authentication
- Maximum of 8 characters
-
int g0ip ospf authenticationip ospf authentication-key [password]
router ospf 1 area [id] authentication
Type 2: Cryptographic authentication- sends a digest of the hash, not the full hash- LEGACY - rollover is automatic, by sending one ospf message with the active key and the youngest key until the neighbor router switches to teh youngest key too - ``` int g1 ip ospf message-digest ip ospf message-digest-key [id] md5 [password]
router ospf 1 area [id] authentication message-digest ```- KEYCHAIN- ``` key chain [mame] key [id] key-string [password] cryptogrphic-algorithm [md5, hmac-sha1, hmac-sha-512, etc]
int g1 ip ospf authentication key-chain [name]- Note that for KEYCHAIN version you just need one command instead of two per interface, and there is no global version.
OSPFv3 Standard Mode
ipv6 router ospf 1 auto-cost reference-bandwidth 1000
interface g0/0 ipv6 ospf 1 area 0Note that there is no network command for IPv6
OSPFv3 Address-Family Mode
router ospfv3 1 address-family ipv4 unicast auto-cost reference-bandwidth 1000 address-family ipv6 unicast auto-cost reference-bandwidth 1000
interface g0/0 ospfv3 1 area 0 ipv4 ospfv3 1 area 0 ipv6You must use
show ip route ospfv3orshow ospfv3 neighborswith the ospfv3 keyword for show commands.
Virtual Links
Use Router-IDs as the targets for the virtual links. Needs to be configured on both ABRs to point at eachother. Cannot be in a stub area.
router ospf 1 area 1 virtual-link 3.3.3.3router ospf 1 area 1 virtual-link 7.7.7.7OSPF Adjacency Process
OSPF Packet: Header
OSPF Packet Header 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Version # | Type | Packet Length |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Router ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Area ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Checksum | Auth Type |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Authentication |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Authentication (cont.) |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Description________________________________1 Hello2 Database Description3 Link State Request4 Link State Update5 Link State AcknowledgmentThese types determine what the data of the packet will be.
OSPF Packet: Hello (Data only)
OSPF Packet: Hello Data 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ...Header |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Network Mask |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| HelloInterval | Options | Rtr Pri |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| RouterDeadInterval |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Designated Router |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Backup Designated Router |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Neighbor |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |
Neighbor field repeats for every neighbor the router has.
OSPF Packet: Database Description (Data only)
OSPF Packet: Database Description Data 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Interface MTU | Options |0|0|0|0|0|I|M|MS+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| DD sequence number |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| |+- -+| |+- LSA Header -+| |+- -+| |+- -+| |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |
OSPF Packet: Link State Request (Data only)
OSPF Packet: Link State Request (Data) 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| LS type |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Link State ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Advertising Router |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |
OSPF Packet: Link State Update (Data only)
OSPF Packet: Link State Update (Data) 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| # LSAs |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| |+- +-+| LSAs |+- +-+| ... |
OSPF Packet: Link State Acknolgement (Data only)
Identical to the update but with a different code in the OSPF header.
OSPF Packet: LSA Header
All LSAs begin with a common 20 byte header. This header contains enough information to uniquely identify the LSA (LS type, Link State ID, and Advertising Router).
LS Type Description___________________________________1 Router-LSAs2 Network-LSAs3 Summary-LSAs (IP network)4 Summary-LSAs (ASBR)5 AS-external-LSAs OSPF Packet: LSA Header 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| LS Age | Options | LS Type |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Link State ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Advertising Router |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| LS Sequence Number |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| LS Checksum | Length |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+OSPF Packet: Router-LSA (1)
OSPF Packet: Router-LSA 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| 0 |V|E|B| 0 | # links |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Type | # TOS | metric || Link ID (Network Address) || Link Data (Subnet Mask) |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| ... |In router-LSAs, the LSA header’s Link State ID field is set to the router’s OSPF Router ID. Router-LSAs are flooded throughout a single area only.
- This is saying that the Link State ID field in the SLA Header is set to the OSPF Router ID
OSPF Packet: Network-LSA (2)
Stub
- No type 5 Totally stub
- No type 3 ontop of type 5
Not So Stub
- acts as a stub area
- but blocks all default routes coming in from ospf
- but when there is a ASBR (redistributer) those routes are transformed into type 7 so it can go out.
- if you make a router in the NSSA area use
area 1 nssa default-information-originatethat can be used to share the DFGW in the intra-area.
Totally Not So Stubby Area
- acts as a NSSA but blocks type 3
- DEFAULT ROUTES ARE NOT BLOCKED