Sunday, April 13, 2014

OSPF Overview

Lessons learned:

OSPF –

Open standards Based
-RFC -23238 “OSPF Version 2”

Classless Link-State protocol
-Uses the Dijkstra SPF algorithm
-Maintains active adjacencies
-Supports VLSM
-Support both topology and NLRI summarization
============================================

OSPF is a Core topic in the CCIE R&S Exam.

OSPF Is open standards protocol – the RFC will explain all , packet formats, path selection, etc.

OSPF is a link state as well as a classless protocol, this can have effects on your implementation – as compared to RIP and EIGRP – OSPF forms active adjacencies and runs the SPF Algorithm. There is limitation as to the type of filtering and the logic of the path selection. Some things are set in stone based on how the RFC says the protocol works.

Since OSPF is a classless protocol by default there’s no such thing as auto-summary like in RIP and EIGRP.

It supports topology summarization and network layer reach-ability – NLRI.
NLRI summarization is most like how RIP and EIGRP summarizes, where we take multiple subnets and combine them in an aggregate. EX – multiple /24 routed and combining them into a /23 or /22.

Topology summarization has to do with the logic of how OSPF does intra-area look-ups different that inter-area look-ups, and external look-ups.

Note: the SPF is only used to do lookups on Intra-area destinations.

Enabling OSPF:

Enable the global process
-router ospf (process id)
-- process-id is locally significant
-Must be and up/up interface running IP

Note: Within in OSPF you can have multiple processes within the global routing table, determined by the process number. Technically you can have multiple OSPF processes that are unrelated running on the same router.
Typically you use the same ospf process # throughout the domain. The process # is not included in the any of the hello packets or LSA information.

Enable the interface process
-network (address) (wildcard ) area (area)
- ip ospf (process-id) area (Area)

Note: Once you initialize the process you must have at least one interface that is in the UP/UP state. This will be the interface that is used to generate the OSPF Router ID.

By Default the OSPF Router ID will prefer the highest loopback address – If there are no up loopback interfaces is the up state, it will prefer the next highest IP interfaces. Physical or logical interface OSPF will always prefer the loopback first.

OSPF Router-ID must be unique – it will be used throughout the domain and in the LSA’s. If there is duplicate Router-ID’s there will be issues when flooding the domain and eventually running the SPF process.

Once you define the global OSPF process, then you’ll need to choose what interfaces you want the process to run on and what their area identifies will be.
With the OSPF Area’s – that will be the boundary of the flooding domain, also where SPF will be run.

From a database perspective devices in Area 0 would not run the SPF for devices in Area 2, etc. Area 1 would also be separate from area 2 and other non-backbone areas.

You can issue the process under the interface or process level. They’re essentially going to have the same affect.
The command under the process is easier to read in the config.


OSPF Network Statement:

Enables OSPF on the interface
--wildcard mask does not relate to the subnet mask.

Most specific match wins.
Network 0.0.0. 255.255.255.255 are 0
Network 1.0.0.0 0.255.255.255 area 1
Network 1.2.0.0 0.0.255.255 area 2
Network 1.2.3.0. 0.0.0.255 area 3
Network 1.2.3.4 0.0.0.0 area 4
This config would actually work

Note: the network statement in EIGRP differs from OSPF because OSPF can have multiple network statements that overlap with each other. When the overlapping process does occur the – the network statement with the most specific match towards an interfaces IP address, will ultimately determine what area that link will run in.

Also, like EIGRP – the network statement does not relate to the subnet mask of the link. It’s simply used to match the address that is assigned to the interface.

The only time there would be a different between using the process or interface level command is if the link was unnumbered or not have an address at all.

We can verify OSPF is enabled:
-sh ip ospf
-ship ospf interface (brief)

Neighbor and topology discovery:

Like EIGRP, OSPF uses “hello” packets to discover neighbors
-transport via ip protocol 89 (OSPF)
-sent as multicast to 224.0.0.5 or 224.0.0.6, or unicast.

Hello packets contain attributes that neighbors must agree on to from adjacency
Once adjacency is negotiated, LSDB is exchanged. (link state database)

Once neighbors discover each other, they can form adjacencies.
Neighbors that are adjacent should exchange the link state database. Which means they can use it as an input to the SPF algorithm and come out with the SPF.

In certain cases, not all neighbors actually form an adjacency under normal configurations. Also under mis-configurations. This will ultimately mean that we cannot exchange the link state database and cannot use
The prefix’s for routing.


Negotiating OSPF adjacencies.

Neighbors must agree on attributes to form adjacency
-not all OSPF neighbors actually form adjacency
-most OSPF configuration problems happen at this stage.

Unique attributes include……
-local Router-ID  - used to identify inside the LSA database.
The SPF algorithm builds a graph of the network,  where the routers are considered the nodes. And the links are the growth of the network – the links that are connecting the nodes. The router id is used to identify the nodes.

-Local interface IP address

Common Attributes include….
-interface area-ID  -- Defines the flooding domain for OSPF> ex: All routers in Area 0 are in the same flooding domain.

-Hello interval & dead interval  -- Timers that determine how often we’re sending hello’s and how long to wait to declare a remote neighbor down. This is the opposite of EIGRP – where EIGRP’s Hellos’ timer tells the remote neighbor how long to wait before declaring the local neighbor down. For OSPF they are locally significant – how long does the local routers wait to declare a neighbor down. Not the neighbor telling the local router.

-interface network address –  Basically the subnet. Has to be on the same local subnet.

-Interface MTU --  This is a protection against problems in the data plane. EX: if the local MTU is 1000 and the remote is 1200 – all devices should be sharing the same MTU on the same segment

-Network Type – This is going to control how OSPF updates are sent across the link. How the next-hop value is calculated. Also what particular LSA’s are in the database do a calculation about the graph of the network. Doesn't necessarily have to match but it must be a compatible value. Basically mean that it is possible for LSA with the type Broadcast to form with non-broadcast LSA’s.

-Authentication –  OSPF supports Null, Clear text and MD5 auth. Null or type 0 is the default.

-Stub Flags –  Controls what LSA types the router will accept in the database for the particular area. Ex: If area 1 is a Stub area – all routers in that area need to agree on that flag. Same for a NSSA Area.

-Other optional capabilities
- Opaque LSA’s – used for extensiblity of other applications, for example MPLS traffic; Traffic engineering.
- NSF ex: Graceful restart – Normally for SUP redundancy example on a 6500 with Dual SUP’s

Once OSPF is establishes:

We need to go through a basic verification –
Is OSPF enabled on the interfaces and is it in the correct areas.
Verificaiton:
#sh ip ospf
# sh ip ospf interface
#Sh ip ospf interface brief  - Quick verification that the routers is running the right process, OSPF is enabled on the correct interfaces, and interfaces, and the correct area –ID.

Once we know that OSPF is running we can verify the adjacencies.

Verifications:
# Sh ip ospf neighbors  - if there’s issues between neighbors.
#debug ip ospf adj  -- shows actual hello exchange to help TS neighbors.

Once ADJ is established –
# sh ip ospf database  - The database from any devices in the area – Shows how anyone’s path selection in the network should occur because devices in the same area should have identical copies of the database.



No comments:

Post a Comment