OSPF
** OSPF NOTES **
IP Protocol 89
224.0.0.5 is the OSPF All-routers multicast
224.0.0.6 is the OSPF All-Designated routers multicast
Hello and Dead Timers must match to form adjacency
OSPF normally sends Hello packets every 10 seconds and set the Dead Timer to 40 seconds.
The OSPF process ID does not need to match to form a neighbor adjacency.
According to RFC 2328, what is the stateful order in which an OSPF router transitions to a full adjacency with a neighbor router?
A. Down, Init, 2-Way, Exstart, Exchange, Loading, and Full
When OSPF adjacency is formed, a router goes through several state changes before it becomes fully adjacent with its neighbor. The states are Down -> Attempt (optional) -> Init -> 2-Way -> Exstart -> Exchange -> Loading -> Full. Short descriptions about these states are listed below:
Down: no information (hellos) has been received from this neighbor.
Attempt: only valid for manually configured neighbors in an NBMA environment. In Attempt state, the router sends unicast hello packets every poll interval to the neighbor, from which hellos have not been received within the dead interval.
Init: specifies that the router has received a hello packet from its neighbor, but the receiving router’s ID was not included in the hello packet
2-Way: indicates bi-directional communication has been established between two routers.
2-Way: indicates bi-directional communication has been established between two routers.
Exstart: Once the DR and BDR are elected, the actual process of exchanging link state information can start between the routers and their DR and BDR.
Exchange: OSPF routers exchange database descriptor (DBD) packets
Loading: In this state, the actual exchange of link state information occurs
Full: routers are fully adjacent with each other
Reference : http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0e.shtml
Interface MTU is not checked during formation of neighbor adjacencies. However, mismatched interface MTU’s will prevent the successful exchange of DD packets and prevent the neighbors from reaching the FULL state.
NBMA (or point-to-multipoint nonbroadcast) interface types require the ‘neighbor’ command to form neighbor adjacencies.
DD (Database Descriptor) packets are acknowledged by sending back an identical DD packet.
For the Database Exchange process (ExStart) the router with the higher RID is designated the Master and is responsible for setting the sequence numbers of the DD packets.
The DD exchange contains LSA headers and sequence number for each LSA (not full LSAs).
If a router does not have an LSA described in a DD packet or has the LSA but with a lower sequence number, the router can request a full copy of the LSA with an LSR (Link State Request).
A router receiveing an LSR responds with a LSU (link state update) that contains a full copy of the LSA requested. Each LSR/LSU is acknowledged by sending back a duplicate LSR/LSU or by sending an LSAack packet.
The OSPF router keeps track of which routers still owe it an acknowledgement, and will re-transmit the LSA to neighbors who have not sent an acknowledgement. The frequency in which the LSA is retransmitted can be configured per interface:
interface serial 1/0
ip ospf retransmit-interval (seconds)
During the full LSA updating process the routers are in the “Loading” state. When finished and all LSA’s are exchanged and updated the routers settle into the “Full” state.
For the DR/BDR election process a routers priority is determined by looking at the priority value recieved in the Hello and comparing it to the priority defined in the ‘neighbor’ statement.
The higher of the two values is used for determining the priority. If the priority recieved in the Hello is higher than the ‘neighbor’ statement, the neighbor statement will be dynamically changed in the configuration to match the priority recieved in the Hello.
If two routers have the same priority the one with the higher RID wins.
Each LSA will be re-flooded every 30 minutes by default (LSRefresh timer). The reflood timer is per LSA, so not all LSA’s in the LSDB will necessarily be re-flooded all at the same time.
Each LSA has a MaxAge timer that it must be refreshed within … default is 60 minutes.
To reduce excessive traffic from LSA re-flooding in large networks you can disable the LSA aging process, basically setting LSA’s with a bit that says “Do Not Age”. This is configured per interface with a feature called OSPF Flood Reduction:
interface serial 1/0
ip ospf flood-reduction
Any LSA transmitted from this interface will be marked as Do Not Age, and therefore periodic LSA re-flooding is not necessary.
Type 2 LSA’s (network) are only created for networks where a DR has been elected.
DR/BDR is only elected on NBMA and Broadcast network types
Only NBMA and Broadcast network types will create a Type 2 LSA (originated from the DR)
Configuring broadcast links (Ethernet) as “Point-to-Point” OSPF network types prevents DR election and Type 2 LSA, reducing the size of topology database and Shortest Path Tree for that area.
Point-to-Point network types only allow (2) neighbors on that segment.
Type 2 LSA’s (network link states) are only flooded within the area by the DR of the network.
Type 1 LSA’s (router link states) are created by each router in the area describing itself, its interfaces, and neighbors.
Type 1 and 2 LSA’s contain the most topology detail and are confined to the area.
Type 3 LSA’s provide summary information about Type 1 and 2 LSA’s for other areas.
Type 3 LSA’s have simple information – the subnet, the mask, and the cost as known by the ABR.
When something changes with a Type 3 LSA (cost), only a partial SPF run is needed. Route summarization at the ABR reduces the amount of Type 3 LSA’s but is not required for partial SPF benefits.
Type 3 LSA’s by themselves provide for partial SPF benefits.
Note: external routes redistributed into an OSPF area do provide partial SPF benefits for that area, whereas internally injected routes via the ‘network’ command do not provide partial SPF benefits for that area. External routes are treated as “Leafs” in the SPF, whereas internal routes are treated as “Nodes”. The loss of a “Leaf” can be handled with partial SPF, whereas the loss of a “Node” requires full SPF.
In a nutshell, redistributed routes are not necessarily a bad thing, especially where there are a large number of routes with a lot change (dial-in).
IS-IS, on the other hand, treats all IP networks as “Leafs” in the SPF.
If a network represented by a Type 3 LSA goes down, the ABR refloods the LSA with the OSPF infinite cost so that the route is quickly removed from all other routers which contain that LSA in their LSDB. The alternative would be to simply stop sending that LSA, however the route would not be removed from the other routers until the LSA aged out (MaxAge – default 60 mintues).
Type 4 LSA’s are generated by ABRs that have an ASBR in an area it touches. The Type 4 LSA is created by the ABR to describe the ASBR and its costs to reach it. Type 4 LSA’s are used when an ASBR is present, which helps routers in other areas calculate the exact metric to reach the external route.
Type 4 LSA’s (Summary ASB) are always generated by an ABR when an ASBR is present in an area it touches. OSPF routers in a different area than the ASBR’s area will look at the Type 5 and Type 4 LSA’s to calculate the path and metric to reach the external route. OSPF routers in the same area as the ASBR can look at just the Type 5 LSA to calculate the path. However, the Type 5 LSA by itself does not have enough information for OSPF routers outside the area*, hence the need for the Type 4 LSA.
* The Type 5 LSA remains unmodified as it passes from area to area. One of the key pieces of information that remains unmodified is the “Advertising Router”. Routers outside of the ASBR’s area do not have the Type 1 LSA describing the ASBR (because its a different area). The Type 4 LSA has information about the ASBR that matches the “Advertising Router” information in the Type 5 LSA. Furthermore, the Type 4 LSA’s “Advertising Router” field changes to that of the ABR as it passes into a new area. All of this information helps the OSPF router in other areas calculate the metric and next hop to reach the external routes.
In an OSPF Stub area (area x stub), Type-5 LSA’s (External Routes) are not allowed. The ABR will advertises a default route instead (as a Type 5 LSA). The cost of the default route advertised by the ABR can be set using the ’area x default-cost’ command. The only Type 5 LSA allowed in this area is the default route from the ABR.
OSPF Stub areas (area x stub) do not allow the generation of Type 5 LSA’s (External Routes) from an ASBR within the area.
OSPF Totally Stubby areas (area x stub no-summary) do not allow Type-5 or Type-3 LSA’s, only a default route from the ABR (as a Type 5 LSA). The only Type 5 LSA allowed in this area is the default route from the ABR. No Type 3 LSA’s are allowed.
OSPF Totally Stubby areas also do not allow the generations of Type 5 LSA’s (External Routes) from an ASBR within the area.
OSPF Not So Stubby Area (NSSA) (area x nssa) is like a Stub area in that it does not allow Type 5 LSA’s. However, the NSSA is allowed to have an ASBR originating External Routes as Type 7 LSA’s.
OSPF Totally Not So Stubby Area (area x nssa no-summary) is like a Totally Stub area in that it does not allow Type 5 LSA’s and Type 3 LSA’s. However, the Totally NSSA area is allowed to have an ASBR originating External Routes as Type 7 LSA’s.
Type 7 LSA’s stay inside the NSSA area. The ABR will convert the Type 7 LSA’s into Type 5 LSA’s when flooded into the backbone area.
OSFP has the following order of route preference before route cost is even considered:
1 – Intra-area routes
2 – Inter-area routes
3 – E1 external routes
4 – E2 external routes
Example: OSPF will choose an E1 external route over E2, even if the E2 has a lower cost.
Only when E2 routes have the same external metric will OSPF check the internal cost to the advertising ASBR.
When all else is equal between a Type-5 LSA and Type-7 LSA (metric type, external metric, internal cost) the OSPF router will prefer the Type-5 LSA.
ABR’s will ignore Type 3-5 LSA’s from other ABR’s over links in the same non-backbone area. In other words, and ABR will always prefer its direct connection to area 0, even if there is a lower cost path through another ABR.
The IP address configured in ‘area x virtual-link 1.1.1.1′ is the RID of the other router participating in the virual link.
An OSPF virtual link cannot exist in a stub area.
An OSPF “stub router” is one that will only route for traffic to/from directly connected networks.
A stub router will the advertise cost to routes not directly connected as infinite, so it will never
become a transit router.
You can tell an OSPF router to set its own Type-1 router LSA to an infinite metric for a specific period of time after a router reload, or until BGP converges after a reload – before acting like a normal OSPF router. This will prevent some black hole situations where an OSPF router is connected to a BGP link. When the OSPF router reboots, the OSPF process will usually converge much faster than BGP, so you can tell OSPF to wait for BGP to converge before advertising a normal Type-1 LSA.
for X amount of time after reload: ’max-metric router-lsa on-startup X’
until BGP converges after reload: ‘max-metric router-lsa on-startup wait-for-bgp’
OSPF uses a default metric of 20 when redistributing from an IGP
OSPF uses a default metric of 1 when redistributing from BGP
‘area x range’ is used to summarize at an ABR. The area x is the area containing the component subnets to be summarized. The ABR will not summarize external routes.
router ospf 10
area 1 range 10.0.0.0 255.0.0.0
(Internal 10.x.x.x subnets exist in Area 1. Send a summary of 10.0.0.0/8 into Area 0)
‘summary-address’ is used to summarize external routes at an ASBR. Only an ASBR can summarize external routes.
router ospf 10
redistribute bgp 10 metric 100 subnets
summary-address 40.0.0.0 255.0.0.0
With either method, ‘not-advertise’ will not advertise the summary or its components to effectively filter the routes from being advertised.
OSPF does not support redistributing a static default route as a means of advertising a default route into OSPF.
‘default-information originate’ must be used to source a default route in OSPF.
essentially redistributes a default route found in the IP routing table (as E2 cost 1)
if no default route is available in the IP routing table the additive ‘always’ can be added.
Filtering Routes
You can filter routing information at an ABR in the same way you summarize routing information.
router ospf 10
area 1 range 10.0.0.0 255.0.0.0 not-advertise
The above will create a summary for 10.0.0.0/8 for Area 1 but not advertise the summary or any of the component subnets, effectively acting as a filter.
You can selectively filter LSA’s at an ABR using a filter list
router ospf 10
area 1 filter-list prefix-list permitted-nets in
ip prefix-list permitted-nets permit 10.1.1.0/24
OSPF Graceful Restart, 2 different methods:
1) OSPF Link Local Signalling (LLS) – This is a change in the format of the OSPF Hello’s from fixed length fields to the use of TLV’s to insert other information, such as Graceful Restart (RS bit).
2) Opaque LSA’s – Send a “Grace LSA” prior to restart informing neighbors. Designed with planned outages in mind.
Cisco IOS uses the LLS method by default
Graceful Restart awareness is on by default
Graceful Restarting is enabled on NSF (non stop forwarding) capable routers with ‘nsf’
router ospf 100
nsf
LSA exponential backoff
A flapping link can cause excessive LSA updates and cause routers to be consumed with processing LSA’s.
Cisco routers running OSPF correct this problem with LSA exponential backoff.
3 Timers:
Initial timer
Incremental time
Maximum time
The router sets a an Initial update timer of 1 second after the first link flap. Meaning it will not generate an LSA until 1 second after the link fails.
After the LSA is sent, it sets the next LSA timer to the Initial timer (1 second) plus the Incremental time (lets say 1 second). So the next LSA update would be scheduled for 2 seconds after link failure.
The link flaps again and the previous 2 second timer is doubled to 4 seconds.
The timer can never be set longer than the Maximum time.
When the link is stable for 2 x the Maximum time, the LSA update timer resets to start from scratch
The same backoff mechanism can be applied to SPF calculations (SPF exponential Backoff)
router ospf 10
timers throttle lsa all (initial timer, incremental time, max time)
timers throttle spf (initial timer, incremental time, max time)
The rate at which a router processes the same LSA (based on LSA-ID) received from neighbors can be throttled
router ospf 10
timers lsa arrival (milliseconds)
Reference: http://bradhedlund.com/notes/ospf/
No comments:
Post a Comment