# OSPF

OSPF Router IDs

Before a router can send any OSPF messages, it needs a 32-bit dotted-decimal router identifier (RID).
Election:

- RID configured using router-id _id_ subcommand (best practice).
- Use the highest IP address on any loopback interface
- Use the highest IP address on any non-loopback interface.

Details:

- The RID does not need to be matched by an OSPF network command.
- The RID election occurs when the OSPF process is started or restarted.
- If a router's RID changes, the rest of the routers in the same area will perform a new SPF calculation (Dijkstra algorithm).

Becoming Neighbors, Exchanging Databases, and Becoming Adjacent

OSPF encapsulates the five types of OSPF messages inside IP packets (IP protocol 89):

- Hello: Used to discover and monitor neighbors.
- Database Description (DBD): To exchange brief versions of each LSA (data structure inside the LSDB). Typically on initial topology exchange.
- Link-State Request (LSR): To request full details about one or more LSAs.
- Link-State Update (LSU): Contains fully detailed information about one or more LSAs (in response to an LSR).
- Link-State Acknowledgement (LSAck): To confirm receipt of an LSU.

OSPF neighbor states:

- Down: no hellos received for more than the dead interval.
- Attempt: sending hellos to a manually configured neighbor.
- Init: hello received but does not contain the own RID. Permanent state if parameters do not match.
- 2-way: hello received and contains the own RID. Permanent state of DRother neighbors.
- ExStart: DR election (if needed) and DBD sequence number negotiation.
- Exchange: DBD exchange.
- Loading: LSR, LSU and LSAck.
- Full: complete adjacency (identical LSDB) and routing table calculations begin.

Becoming Neighbors: The Hello Process

Hello messages major functions:

- Discover neighbors.
- Check parameters.
- Monitor health (heartbeat function).

OSPF routers listen for multicast Hello messages sent to 224.0.0.5.
To form a neighbor relationship, these parameters need to match:

- Authentication.
- Primary subnet and subnet mask.
- OSPF area.
- Area type (stub, NSSA, ...).
- Unique RIDs.
- OSPF Hello and Dead timers.
- MTU for successfully DBD exchange.

The hello interval defaults to 10 seconds on LAN interfaces and 30 secons on slower WAN interfaces.
The dead interval defaults to 4 times the hello interval.

Database Descriptor Exchange: Master/Slave Relationship

The router with the higher RID becomes the masters and initiates the database exchange.
The slaves acknowledge each packet received.
Only the master can increment sequence numbers in the DBD exchange (LSA headers) process.

Requesting, Getting, and Acknowledging LSAs

The sequence number permits to know if one LSA is newer than other.
Each sequence number is incremented every time the LSA changes.
New LSAs begin with sequence number 0x80000001 (negative number) and increase to 0x7fffffff (positive number).
LSUs can be acknowledged by the receiver repeating the exact same LSU back to the sender or sending back an LSAck packet.

DR Election on LANs

At boot, after receiving a hello with a 0.0.0.0 DR field, all routers wait the OSPF wait time, which is set to the same value as the dead time, before attempting to elect a DR.
If a router receives a hello with a RID DR field, the router does not have to wait before beginning the election process.

To elect a DR, routers look first the highest priority (1-255, 0 to do not claim as a DR candidate)an finally for the highest RID.
If a received hello implies a better potencial DR, the router stops claiming to want to be a DR. The router not claiming to be the DR, but the second best candidate becomes the BDR.
After DR and BDR election, there is not preemption, but if a DR fails, the BDR becomes the DR and a new BDR election occurs.

Designated Routers on WANs and OSPF Network Types

LAN interfaces default to use an OSPF network type of broadcast (elect a DR and dynamically find neighbors).
HDLC and PPP links use a network type of point-to-point (no DR is elected and neighbors found through hellos).
NBMA networks elect a DR/BDR and requires a manually neighbor command.
Interface type can be set with ip ospf network _type_ interface subcommand.
OSPF network types:

- Broadcast: Uses DR/BDR, 10 secs Hello interval, does not require neighbor command, more than two routers allowed.
- Point-to-point: Does not use DR/BDR, 10 secs Hello interval, does not require neighbor command, two routers allowed.
- NBMA: Uses DR/BDR, 30 secs Hello interval, requires neighbor command, more than two routers allowed.
- Point-to-multipoint: Does not use DR/BDR, 30 seconds Hello interval, does not require neighbor command, more than two routers allowed.
- Point-to-multipoint nonbroadcast: Does not use DR/BDR, 30 seconds Hello interval, requires neighbor command, more than two routers allowed.

Caveats Regarding OSPF Network Types over NBMA Networks

- Check default Hello/Dead timers.
- Check all routers use the neighbor command.
- The DR and BDR must have a PVC (Permanent Virtual Circuit) to every other router in the subnet (DBD and LSU packets).

Two simple options for making OSPF work over Frame Relay, both which do not require a DR or a neighbor command:

- If the design allows the use of point-to-pint subinterfaces, use those.
- If multipoint subinterfaces are needed, or if the configuration must not use subinterfaces, use ip ospf network point-to-multipoint.

Note: A router's neighbor priority setting is compared with the priority inside the Hello it receives from that neighbor. The larger of the two values is used.

Steady-State Operation

- Each router expects to receive Hellos from neighbors within the dead interval.
- Each router advertising an LSA refloods each LSA (after incrementing its sequence number by 1) based on the refresh interval (30 minutes by default).
- Each router expects to have its LSA refreshed within the maxage timer (60 minutes by default).

OSPF Design Terms

Using OSPF areas provides the following benefits:

- Smaller LSDB, requiring less memory.
- Faster SPF computation.
- A link failure in one area only requires a partial SPF computation in other areas.
- Routers may only be summarized at ABRs and ASBRs.

OSPF Path Selection Process

- OSPF always choose an intra-area router over an inter-area route for the same prefix, regardless of metric.
- ABRs ignore Type 3 LSAs learned in a non-area 0, preventing to choose a route that goes into a non-area 0 and then back into area 0.

LSA Types and Network Types

- LSA Type 1 (Router): One per router. Lists RID and all interface IP addresses.
- LSA Type 2 (Network): One per transit network. Created by the DR on the subnet. Represents the subnet and router interfaces connected to the subnet.
- LSA Type 3 (Net Summary): Created by the ABR. Defines the subnets in the origin area, cost, but no topology data.
- LSA Type 4 (ASBR Summary): Advertises a host route to reach the ASBR.
- LSA Type 5 (AS External): External routes injected into OSPF.
- LSA Type 6 (Group Membership): MOSPF.
- LSA Type 7 (NSSA External): Used in NSSA instead of a type 5 LSA.
- LSA Type 8 (External Attributes)
- LSA Type 9 (Opaque): Generic LSA used for OSPF extension.

A transit network is a network over which two or more OSPF routers have become neighbors.
A stub network is a network on which a router has not formed any neighbor relationships.

LSA Types 1 and 2

To signify a network that is down, the apropiate type 1 or 2 LSA is change to show a metric of 16.777.215 (2^24 - 1).

LSA Type 3 and Inter-Area Costs

Each type 3 LSA describes a single vector (subnet, mask, and ABR's cost to reach the subnet).

LSA Types 4 and 5, and External Route Types 1 and 2

External type 1 adds the internal and external metrics togheter to compute the metric.
External type 2 only uses the external metric to compute the metric.
ASBRs inject external routes using type 5 LSA that reach all areas.
When ABRs flood the type 5 LSA into another area, the ABRs create a type 4 LSA, listing the ABR's metric to reach the ASBR that created the type 5 LSA. E1 routes are calculated by adding the cost to reach the ASBR and the cost listed in type 5 LSA.

Stubby Areas

- Stub: Stops type 5 LSAs, does not stop type 3 LSAs, does not create type 7 LSAs.
- Totally stubby: Stops type 5 LSAs, stops type 3 LSAs, does not create type 7 LSAs.
- NSSA: Stops type 5 LSAs, does not stop type 3 LSAs, creates type 7 LSAs.
- Totally NSSA: Stops type 5 LSAs, stops type 3 LSAs, creates type 7 LSAs.

- Stub: area _area-id_ stub
- Totally stubby: area _area-id_ stub no-summary
- NSSA: area _area-id_ nssa
- Totally NSSA: area _area-id_ nssa no-summary

Graceful Restart

Also known as nonstop forwarding (NSF), takes advantage of modern router architectures using separate routing and forwarding planes.
It is possible to continue forwarding without loops while routing process restarts, assuming:

- The router to restart must notify its neighbors sending a "grace LSA".
- The LSDB remains stable during the restart.
- All neighbors support, and are configured for, graceful restart.
- The restart takes place within a "grace period"

This feature is enabled by default and the following commands disable the cisco and IETF versions:
nsf cisco helper disable
nsf ietf helper disable

Choosing the Best Type of Path

Routers ignore the cost and choose the best route based on the following order of precedence:

- Intra-area routes
- Inter-area routes
- E1 routes
- E2 routes

Best-Path Side Effects of ABR Loop Prevention

OSPF applies Split Horizon so an LSA is not advertised into one nonbackarea and then advertised back into the backbone area.
ABRs ignore LSA creates by other ABRs, when learned through a nonbackbone area, when calculating leas-cost paths.

OSPF Configuration

ip ospf dead-interval minimal hello-multiplier 4: 250 ms hello interval and 1 seconds dead interval.
ip ospf priority 255: Maximum priority value to become the DR.
router-id 1.1.1.1: RID manually configured, removing any reliance on an interface address.
The no-summary command option used in stub/nssa areas is only necessary in ABRs.
clear ip ospf process: All OSPF processes are cleared. DOWN -> INIT -> 2WAY -> EXSTART -> EXCHANGE -> LOADING -> FULL
The auto-cost reference-bandwidth 10000 command change the reference bandwidth from 100Mbps (10^8 / bandwidth) to 10.000Mbps (10^10 / bandwidth).
The following list summarizes how IOS chooses OSPF interfaces costs:

- neighbor _RID_ cost _value_ OSPF command.
- ip ospf cost _value_ interface command.
- Default OSPF reference bandwidth.
- Changed OSPF reference bandwidth (auto-cost reference-bandwidth).

Alternatives to the OSPF Network Command

The network 10.3.0.0 0.0.255.255 area 3 OSPF command.
The ip ospf 1 area 3 interface command.
With the first one, OSPF advertises secondary subnets that are matched by the command as stub networks.
With the second one, OSPF advertises all subnets on the interface (primary and secondary as stub networks).

OSPF Filtering

There are three major types of OSPF filtering:

- Filtering routes, not LSAs.
- ABR type 3 LSA filtering.
- ABR using the area range no-advertise option.

Filtering Routes Using the distribute-list Command

With OSPF, the distribute-list command filters what ends up in the IP routing table and does not filter inbound LSAs.
Router(config)# ip prefix-list PREFIX_LIST seq 5 deny 10.1.1.0/24        
Router(config)# ip prefix-list PREFIX_LIST seq 10 permit 0.0.0.0/0 le 32
Router(config)# router ospf 1
Router(config-router)# distribute-list prefix PREFIX_LIST in fa0/0
Router(config)# access-list 2 permit 2.2.2.2
Router(config)# access-list 11 permit 10.1.1.0 0.0.0.255
Router(config)# route-map ROUTE_MAP deny 10
Router(config-route-map)# match ip address 11
Router(config-route-map)# match ip route-source 2
Router(config)# route-map ROUTE_MAP permit 20
Router(config)# router ospf 1
Router(config-router)# distribute-list route-map ROUTE_MAP in

OSPF ABR LSA Type 3 Filtering

The next command filters type 3 LSA going out of area 3:

Router(config)# ip prefix-list PREFIX_LIST seq 5 deny 10.3.2.0/23        
Router(config)# ip prefix-list PREFIX_LIST seq 10 permit 0.0.0.0/0 le 32
Router(config)# router ospf 1
Router(config-router)# area 3 filter-list prefix PREFIX_LIST out

The next command filters type 3 LSA going into area 0:

Router(config-router)# area 0 filter-list prefix PREFIX_LIST in

Filtering Type 3 LSAs with the area range Command

The next command filters type 3 LSA going out of area 3:

Router(config-router)# area 3 range 10.3.2.0 255.255.254.0 not-advertise

The area range command, without the not-advertise option, performs route summarization.

Virtual Link Configuration

OSPF requires that each nonbackbone area be connected to area 0.
OSPF also requires that each router within an area have a contiguous intra-area path to the other routers in the same area.
It is important when authenticating virtual links to remember that the virtual links themselves area in area 0.

Router1(config)# router ospf 1
Router1(config-router)# area 3 virtual-link 3.3.3.3
Router3(config)# router ospf 1
Router3(config-router)# area 3 virtual-link 1.1.1.1

Configuring OSPF Authentication

Basic rules:

- There are three types: type 0 (none), type 1 (clear text) and type 2 (MD5).
- Authentication is enabled using the following interface commands:
!Type 0
ip ospf authentication mull
!Type 1
ip ospf authentication
ip ospf authentication-key SECRET_KEY
!Type 2
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 SECRET_KEY
- The default authentication is type 0.
- The default authentication can be redefined for all interfaces using the following commands under router ospf:
!Type 1
area _num_ authentication
!Type 2
area _num_ authentication message-digest
- Multiple keys are allowed per interface. OSPF sends multiple copies of each message (one for each key).
- Virtual links have no underlying interface so they are configured under router ospf:
!Type 0
area _num_ virtual-link _RID_ authentication null
!Type 1
area _num_ virtual-link _RID_ authentication authentication-key SECRET_KEY
!Type 2
area _num_ virtual-link _RID_ authentication message-digest message-digest-key 1 md5 SECRET_KEY
- The interface authentication takes precedence over router ospf authentication.

OSPF Stub Router Configuration

OSPF converges faster than BGP. Using the stub router feature on ASBRs the metrics are advertised with infinite cost for a configured time period or until BGP convergence is complete.
Under router ospf:

max-metric router-lsa on-startup _seconds_
max-metric router-lsa on-startup wait-for-bgp

OSPF Timer Summary

- MaxAge: The maximum time an LSA can be in the LSDB, without receiving a newer copy, before it is removed. Default is 3600 seconds.
- LSRefresh: Time interval per LSA to reflood an identical LSA. Prevents the expiration of MaxAge. Default is 1800 seconds.
- Hello: Default is 10 or 30 seconds.
- Dead: Time interval in which a Hello should be received from a neighbor. Default is 4 times the hello interval.
- Wait: Time a router will wait after reaching a 2WAY state for asserting a DR. Default is 4 times the hello interval.
- Retransmission: The time between sending an LSU, not receiving an ack, and resending the LSU. Default is 5 seconds.

No comments: