Configuring OSPF Auth, debug output

Configuring just for Area 0 (Hub and Spoke NBMA portion of below net diagram):

Topology_OSPF_Stubs

So I had no issues with the configurations for authentication for OSPF, except when it came to entering the password on the interface, I kept typing “ip ospf authentication …” when the command is actually “ip ospf message-digest-key 1 md5 CCNP” on the interface.

One behavior I found worth mentioning, is that as soon as I type in the “area 0 authentication message-digest” on R1, the Dead timer immediately began it’s countdown to dropping adjacencies, before I even entered an md5 password on the interface for authentication – So just enabling authentication itself begins the countdown to dropping adjacencies:

R1(config-router)#area 0 authentication message-digest
*Mar  1 11:15:47.646: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Mar  1 11:15:52.819: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

It took the whole 3 minutes for them to drop as I bumbled around trying to remember the proper syntax from memory rather than notes, but it did drop before I even entered a password for authentication, and it did require the Dead timer to expire. Once I managed to apply the password, I went to R2 and applied the commands, and noticed it seemed to take forever for the adjacency to reform after typing in the authentication commands in correctly. It did eventually reform, I would guess about 60 seconds after entering both the authentication enable command and the password on the interface, but with both “debug ip ospf adj” and “debug ip ospf packet” running the output was a bit messy.

That being said, instead of editing my troubleshooting show commands and such out of the output on R2, I went to R3 and immediately ran “debug ip ospf adj” after entering authentication commands and waited for a clean run of the output which is as follows:

R3(config-router)#area 0 authentication message-digest
R3(config-router)#do show ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.12.23.3     YES NVRAM  administratively down down
FastEthernet0/1            172.12.34.3     YES NVRAM  up                    up
Serial0/2                  172.12.123.3    YES NVRAM  up                    up
Serial0/3                  172.12.13.3     YES NVRAM  down                  down
Loopback3                  3.3.3.3         YES NVRAM  up                    up
R3(config-router)#int s0/2
R3(config-if)#ip ospf mess
R3(config-if)#ip ospf message-digest-key 1 md5 CCNP
R3(config-if)#^Z
R3#debu
*Mar  1 12:13:17.601: %SYS-5-CONFIG_I: Configured from console by console
R3#debug ip ospf adj
OSPF adjacency events debugging is on
R3#
*Mar  1 12:13:40.354: OSPF: Send with youngest Key 1
R3#
*Mar  1 12:14:10.355: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.403: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.479: OSPF: Rcv DBD from 172.16.11.1 on Serial0/2 seq 0xB12 opt 0x52 flag 0x7 len 32  mtu 1500 state INIT
*Mar  1 12:14:10.479: OSPF: 2 Way Communication to 172.16.11.1 on Serial0/2, state 2WAY
*Mar  1 12:14:10.479: OSPF: Neighbor change Event on interface Serial0/2
*Mar  1 12:14:10.483: OSPF: DR/BDR election on Serial0/2
*Mar  1 12:14:10.483: OSPF: Elect BDR 0.0.0.0
*Mar  1 12:14:10.483: OSPF: Elect DR 172.16.11.1
*Mar  1 12:14:10.483:        DR: 172.16.11.1 (Id)   BDR: none
*Mar  1 12:14:10.483: OSPF: Send DBD to 172.16.11.1 on Serial0/2 seq 0x143D opt 0x52 flag 0x7 len 32
*Mar  1 12:14:10.483: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.483: OSPF: NBR Negotiation Done. We are the SLAVE
*Mar  1 12:14:10.487: OSPF: Send DBD to 172.16.11.1 on Serial0/2 seq 0xB12 opt 0x52 flag 0x2 len 252
*Mar  1 12:14:10.487: OSPF: Send with youngest Key 1
*Ma
R3#r  1 12:14:10.700: OSPF: Rcv DBD from 172.16.11.1 on Serial0/2 seq 0xB13 opt 0x52 flag 0x3 len 252  mtu 1500 state EXCHANGE
*Mar  1 12:14:10.700: OSPF: Send DBD to 172.16.11.1 on Serial0/2 seq 0xB13 opt 0x52 flag 0x0 len 32
*Mar  1 12:14:10.700: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.700: OSPF: Database request to 172.16.11.1
*Mar  1 12:14:10.700: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.704: OSPF: sent LS REQ packet to 172.12.123.1, length 36
*Mar  1 12:14:10.708: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.772: OSPF: Rcv DBD from 172.16.11.1 on Serial0/2 seq 0xB14 opt 0x52 flag 0x1 len 32  mtu 1500 state EXCHANGE
*Mar  1 12:14:10.772: OSPF: Exchange Done with 172.16.11.1 on Serial0/2
*Mar  1 12:14:10.772: OSPF: Send DBD to 172.16.11.1 on Serial0/2 seq 0xB14 opt 0x52 flag 0x0 len 32
*Mar  1 12:14:10.776: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.804: OSPF: Synchronized with 172.16.11.1 on Serial0/2, state FULL
*Mar  1 12:14:10.804: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.11.1 on Serial0/2 from LOADING to FULL, Loading Done
*Mar  1 12:14:10.828: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.984: OSPF: Send with youngest Key 1
*Mar  1 12:14:10.984: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000004, process 1
R3#
R3#
*Mar  1 12:14:13.308: OSPF: Send with youngest Key 1
R3#
*Mar  1 12:14:15.808: OSPF: Send with youngest Key 1

There is a lot of output there, but I wanted to get the whole chunk of it to show the time stamps of events happening on R3, give the first time stamp I would say that the key on the interface was probably entered at 12:13:10, which means that the first Authentication related message was sent roughly 30 seconds later:

*Mar  1 12:13:40.354: OSPF: Send with youngest Key 1

What’s curious to me is that it then repeats this message again 30 seconds after that, and the debug immediately spilled out the neighbor formation output and the adjacency was reformed, so after the correct Authentication commands were entered the adjacency came up exactly 60 seconds later – The exact time of the NBMA Hello time despite the fact it had sent the Key 1 after 30 seconds of it being entered on the interface.

Then as can be seen, the Key 1 is sent every 2-3 seconds once the adjacency is formed, so I just have to assume at this point that authentication sends traffic faster than Hello’s however that Hello must be sent before the adjacency will form. Very interesting behavior.

Also going through the debug output you can see the adjacency took less than an entire second to go through all the states of forming ( INIT -> 2WAY -> EXCHANGE -> FULL ), and at which points it exchanged DBD’s and ran through the DR election process, note that the BDR elected in the output is 0.0.0.0 which means nobody is the BDR in this Hub-and-Spoke network. Lots of good information in the output for “debug ip ospf adj”, not just for the Authentication piece but also a good example of the neighbor relationship forming on an NBMA spoke with Priority 0 set on the interface.

OSPF Authentication Configuration

This will be brief, as there is not a whole lot to OSPF Authentication, just a few good to know debug / verification commands and a few commands to configure the authentication itself.

***One thing to note before going into the commands to configure the authentication itself, it will always require two commands, one to ENABLE authentication for OSPF interfaces (can be done in two different places) and one to set the authentication key / passphrase which will always be done directly on the interface level***

Firstly, you must enable OSPF Authentication on the OSPF Interface(s) on the local router, which can be done either per interface directly on the interface, or globally in router configuration mode for all OSPF enabled interfaces in a particular Area:

“ip ospf authentication [message-digest]” interface configuration mode to ‘enable’ authentication on the interface in either clear text or using md5 hash.

“area 0 authentication [message-digest]” router configuration mode, equivalent to ip ospf authentication for all interfaces in the specified area, “message-digest” optional to add onto the command if configuring md5 hashed key authentication on interfaces.

The above commands must be issued first to start or enable the authentication, it just depends on if you need a single interface configured for authentication, or if you want every interface for an Area on the local router to require authentication. That being said, the following two commands are how to configure authentication keys on the interface:

“ip ospf authentication-key CCNP” configured on the interface, sets a clear-text key / passphrase to be used for authentication (CCNP in this example)

“ip ospf message-digest-key 1 md5 CCNP” configured on the interface, defines key # 1 as CCNP using MD5 to create a hashed key / passphrase for authentication, requires OSPF authentication be configured in router configuration mode with message-digest syntax

  • Enabling authentication on a single router will not immediately drop adjacencies to other routers in the Area, but the Dead timer will count down until it drops if you do not configure authentication on the neighbor before the dead timer expires

“debug ip ospf adj” is a good command to verify authentication, will show if / why an interface is not authenticating, and shows 3 OSPF Authentication types in its output:

  • OSPF Auth Type 0 = No authentication set
  • OSPF Auth Type 1 = Clear-text authentication set
  • OSPF Auth Type 2 = Hashed authentication set

So if you have Hashed authentication set on the local router, and the debug shows the neighbor is configured with Type 1, you have an authentication mismatch.

“show ip ospf” will show if authentication is set down in the ‘Areas’ segments

“show ip ospf int s0/1” will show if authentication is set for the particular interface

I have not added authentication to the lab yet, so I will need update with any findings during the lab session (if any), or if I find any sort of output I believe will be beneficial for clarity of this topic though I think authentication at this point is pretty straight forward.

  • One final oddity, “debug ip ospf adjacency” is NOT  a valid command, you must type in “debug ip ospf adj” – Again, this command gives almost any output you could want to find an issue between OSPF traffic or neighbors!

OSPF Metric Types (E1, E2) config, OSPF Route Summary

I will be using the same lab where I left off before, at least the same logical topology with possibly some loopbacks thrown in there to perform different types of Summarization:

Topology_OSPF_Stubs

The first thing to address with the above topology, is that the External (O E2) routes brought into the OSPF network via Redistribution on the ASBR router R1, is that their seed or default cost / metric is not from the local router to the destination but rather from the ASBR to the destination with a ‘seed’ or default metric of 20. In the route table the Admin Distance / Cost appears as [110/20].

To change this behavior of Redistribution into OSPF you can issue the follow command on the ASBR to turn the E2 or Type 2 External route in the route table into an E1 / Type 1 External route:

“redistribute connected subnets metric-type [1/2]” in router config mode, I put both 1 and 2 in brackets because you can also change E1’s back to E2’s if needed with that command.

A couple of interesting things to note, starting with R5’s NSSA Total Stub Area, and how it reacts to the change in Metric type as we don’t have E2’s and E1’s because it accepts Type 7 LSA’s which show as N1 and N2 routes in the route table – Not type 5 LSA’s:

R5#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is 172.12.15.1 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.15.1, 00:12:35, FastEthernet0/1
100.0.0.0/16 is subnetted, 7 subnets
O N2     100.1.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1
O N2     100.2.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1
O N2     100.3.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1
O N2     100.4.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1
O N2     100.5.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1
O N2     100.6.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1
O N2     100.7.0.0 [110/20] via 172.12.15.1, 00:05:58, FastEthernet0/1

And then I remove the old redistribute statements in router config and entered the new statement including metric-type 1:

R1(config)#router ospf 1
R1(config-router)#no redistribute connected subnets
R1(config-router)#redistribute connected subnets metric-type 1

And then went back to R5 to see how this has impacted the route table:

R5#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is 172.12.15.1 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.15.1, 00:13:37, FastEthernet0/1
100.0.0.0/16 is subnetted, 7 subnets
O N1     100.1.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1
O N1     100.2.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1
O N1     100.3.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1
O N1     100.4.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1
O N1     100.5.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1
O N1     100.6.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1
O N1     100.7.0.0 [110/21] via 172.12.15.1, 00:00:14, FastEthernet0/1

It did not change the NSSA Total Stub area much at all, aside from changing the N2 Redistributed routes into N1’s, and changing that seed metric / cost in the route table from 20 to 21. I am not sure if this is because the next hop router R1 (ABR and ASBR) is directly connected via FastEthernet or if it is something to do with the Area type, however it wasn’t a big enough change in cost to really drive the point home so I looked at R2’s previous OSPF route table before and after the metric-type change:

R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:05:24, Serial0/0
100.0.0.0/16 is subnetted, 7 subnets
O E2    100.4.0.0 [110/20] via 172.12.123.1, 00:00:16, Serial0/0
O E2    100.5.0.0 [110/20] via 172.12.123.1, 00:00:15, Serial0/0
O E2    100.6.0.0 [110/20] via 172.12.123.1, 00:00:15, Serial0/0
O E2    100.7.0.0 [110/20] via 172.12.123.1, 00:00:15, Serial0/0
O E2    100.1.0.0 [110/20] via 172.12.123.1, 00:00:15, Serial0/0
O E2    100.2.0.0 [110/20] via 172.12.123.1, 00:00:15, Serial0/0
O E2    100.3.0.0 [110/20] via 172.12.123.1, 00:00:15, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:05:24, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 00:05:24, Serial0/0
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:05:24, Serial0/0

R2 is not configured with any kind of Stub configurations or anything, so this is pure OSPF cost on the Inter-Area routes, and the E2 routes are showing their Seed metric of 20, until that Metric-Type is changed to an E1:

R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:26:17, Serial0/0
100.0.0.0/16 is subnetted, 7 subnets
O E1    100.4.0.0 [110/84] via 172.12.123.1, 00:14:24, Serial0/0
O E1    100.5.0.0 [110/84] via 172.12.123.1, 00:14:23, Serial0/0
O E1    100.6.0.0 [110/84] via 172.12.123.1, 00:14:23, Serial0/0
O E1    100.7.0.0 [110/84] via 172.12.123.1, 00:14:23, Serial0/0
O E1    100.1.0.0 [110/84] via 172.12.123.1, 00:14:23, Serial0/0
O E1    100.2.0.0 [110/84] via 172.12.123.1, 00:14:23, Serial0/0
O E1    100.3.0.0 [110/84] via 172.12.123.1, 00:14:23, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:26:17, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 00:26:17, Serial0/0
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:26:17, Serial0/0

And there we have it, we can now see the true path metric / cost from the local router to the destination network being redistributed into OSPF by the ASBR R1. I figured with all these oddities, something had to have happened to the Total Stub Area 34 specifically on R4’s table the I previously summarized down to a single default route, so I looked at the OSPF route table on R4 as well to see how the Metric-Type impacted it:

R4#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 172.12.34.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.34.3, 00:27:04, FastEthernet0/1

NOT A THING, R4 COULD HAVE CARED LESS. That is because making an area a Total Stub prevents Type 3, 4, and 5 LSA’s from being flooded into that Area, Type 5 being External / Redistributed route Advertisements and Type 3 being what is next coming up – Summmary Route advertisements!

*** THE ABOVE EXAMPLES OF CHANGING THE METRIC-TYPE FOR REDISTRIBUTED ROUTES AND WHAT TYPE OF LSA’S ARE MAKING IT TO WHICH NETWORKS IS VERY IMPORTANT, DO NOT OVERLOOK THESE EXAMPLES BEFORE TEST TIME***

Now I will get back to regular font, and speak upon Route Summarization in OSPF, as there are two ways to go about doing it: Area Range or Summary-Address. However first you must learn to make a Summary Route and appropriate mask. For this example I found notes from my CCNA studies actually where I summarized network numbers 172.16.8.0 – 172.16.11.0 /24 by breaking them out into Binary, I skipped and just did the third octet because the first two will obviously be the same for all four of the networks:

  • 00001000
  • 00001001
  • 00001010
  • 00001011
  •                ^ This is the last common bit among all binary strings of IP addresses, so this is how we will determine both the route, and mask.

I tend to count octets from left to right, speaking out loud 128 – 64 – 32 – 16 – 8 -4 – 2 – 1, and though this summary route actually ends on the 6th bit the network will be 172.16.8.0 because that is the last “on” bit however the address technically stops matching on a line of 0’s – DO NOT LET THIS TRIP YOU UP IN ASSIGNING THE APPROPRIATE SUMMARY MASK!

The best way to think about it to get a visual idea is to write 1’s over the columns of bits that match in the binary strings, and the first column that doesn’t match the rest will be 0’s for the rest of the octet(s) going right starting at that first mismatch, count all the 1’s up and you have your mask – convert your range of 1’s from binary to dotted decimal for your Summary Address.

So because the first two octets all match into the 6th bit of the third octet (8 + 8 + 6 = 22 bits),  the Summary Address will be 172.16.8.0 /22, leaving 10 host bits.

Now to make the first type of OSPF Summary Route using the Area Range command:

“area 11 range 172.16.8.0 255.255.252.0” – A few things to note about this, bullet point style:

  • This type of summarization is for Internal or Inter-Area routes, so it is only configured on the ABR, and the routes to be summarized must be entered in router config mode as well via ‘network’ statements in the Area being summarized
  • In the Area Range command, ***USE THE AREA THE ROUTES ARE SUMMARIZED IN, NOT THE AREA THE ROUTES ARE BEING SUMMARIZED INTO***
  • WILD CARD MASKS ARE ***NOT*** USED FOR EITHER OSPF ADDRESS SUMMARIZATION TYPES, BOTH AREA RANGE AND SUMMARY-ADDRESS USE NORMAL SUBNET MASKS – REALLY MENTALLY NOTE THAT FOR TEST TIME!

I will quickly hop to the different routers to “show ip route ospf” from R5 the NSSA Total Stub, R4 the Total Stub, and R2 with absolutely no Stub configs (Along with R1 for fun):

R1(config-router)#area 11 range 172.16.8.0 255.255.252.0

R1#show ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/65] via 172.12.123.2, 00:10:34, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:10:34, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 00:10:34, Serial0/0
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O       172.16.8.0/22 is a summary, 00:10:34, Null0

R5#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is 172.12.15.1 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.15.1, 01:39:08, FastEthernet0/1
100.0.0.0/16 is subnetted, 7 subnets
O N1     100.1.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1
O N1     100.2.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1
O N1     100.3.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1
O N1     100.4.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1
O N1     100.5.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1
O N1     100.6.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1
O N1     100.7.0.0 [110/21] via 172.12.15.1, 01:25:45, FastEthernet0/1

NO CHANGES TO THE NSSA TOTAL STUB AREA

R4#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 172.12.34.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.34.3, 01:43:12, FastEthernet0/1

NO CHANGES TO THE TOTAL STUB AREA EITHER (NO TYPE 3 LSA’S!)

HERE IS R2’S ROUTE TABLE BEFORE SUMMARIZATION:

R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:37:32, Serial0/0
100.0.0.0/16 is subnetted, 7 subnets
O E1    100.4.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
O E1    100.5.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
O E1    100.6.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
O E1    100.7.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
O E1    100.1.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
O E1    100.2.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
O E1    100.3.0.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 01:42:31, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 01:42:31, Serial0/0
O IA    172.12.15.0 [110/65] via 172.12.123.1, 01:42:31, Serial0/0
172.16.0.0/32 is subnetted, 4 subnets
O IA    172.16.9.1 [110/65] via 172.12.123.1, 00:00:13, Serial0/0
O IA    172.16.8.1 [110/65] via 172.12.123.1, 00:00:14, Serial0/0
O IA    172.16.11.1 [110/65] via 172.12.123.1, 00:00:14, Serial0/0
O IA    172.16.10.1 [110/65] via 172.12.123.1, 00:00:14, Serial0/0

HERE IS R2’S ROUTE TABLE AFTER SUMMARIZATION:

R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:36:42, Serial0/0
100.0.0.0/16 is subnetted, 7 subnets
O E1    100.4.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
O E1    100.5.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
O E1    100.6.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
O E1    100.7.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
O E1    100.1.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
O E1    100.2.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
O E1    100.3.0.0 [110/84] via 172.12.123.1, 00:17:28, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 01:41:40, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 01:41:40, Serial0/0
O IA    172.12.15.0 [110/65] via 172.12.123.1, 01:41:40, Serial0/0
172.16.0.0/22 is subnetted, 1 subnets
O IA    172.16.8.0 [110/65] via 172.12.123.1, 00:17:33, Serial0/0

As can be seen the 4 routes have been Summarized into 1 route, but something really needs to be done with those Redistributed routes as those are half the routing table.

That is where “Summary-Address” comes in! It works to summarize routes being brought into OSPF via Route Redistribution, which I will show just the commands performed on R1, then the impact it has on R2 as it is now our only router left with base OSPF configs:

R1(config-router)#summary-address 100.0.0.0 255.248.0.0 <- NOT A WILDCARD MASK!

AND HERE IS HOW R2’S OSPF ROUTE TABLE NOW LOOKS:

R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:50:10, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1    100.0.0.0 [110/84] via 172.12.123.1, 00:01:51, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 01:55:08, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 01:55:08, Serial0/0
O IA    172.12.15.0 [110/65] via 172.12.123.1, 01:55:08, Serial0/0
172.16.0.0/22 is subnetted, 1 subnets
O IA    172.16.8.0 [110/65] via 172.12.123.1, 00:06:49, Serial0/0

KAPOW! WE NOW HAVE A SINGLE SUMMARY ROUTE WITH A NON-REDISTRIBUTE SEED METRIC OF 20 IN OUR ROUTE TABLE ON R2! BUT WAIT A MINUTE, DID I HEAR SANTA’S SLEIGH BELLS JINGLING OVER BY R5, OUR NSSA TOTAL STUB ROUTER:

R5#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is 172.12.15.1 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.15.1, 01:58:11, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
O N1     100.0.0.0 [110/21] via 172.12.15.1, 00:03:24, FastEthernet0/1

WEEE HAAAAAAVE AAAAA TOOOOOOOUUUCHDOOOOOOOWNNNN!!!

To be completely honest, I am not sure how R5 would have received the summary-address for the external routes, as I believe in a previous lab session I made this a Total Stub which should be blocking the Summary Advertisement LSA’s from reaching the router. So I went back onto R1 to re-issue the command in case powering down without doing a ‘wr’ wiped out the config, let’s see what happens:

R1(config-router)#area 15 nssa no-summary

R5#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is 172.12.15.1 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.15.1, 02:13:38, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
O N1     100.0.0.0 [110/21] via 172.12.15.1, 00:18:51, FastEthernet0/1

AND WE STILL HAVE THE SUMMARY ROUTE DESPITE JUST MAKING IT A TOTAL STUB.

I verified on R4 (Total Stub Area 34) that it still only has a single default route, so there has to be something either with the type of Not So Stubby part of NSSA, or it has something to do with it being directly connected over a FastEthernet segment. Either way I am completely fried, and that is all I have to say about that (for now).

OSPF Redistribution, Stubs, Total Stubs, NSSAs

The following is a quick logical topology I whipped up in Paint, leaving out the Loopback info as that would make for a lot of micro-text, this is what will be configured once we go through some Redistribution and Stub Area configuration:

Topology_OSPF_Stubs

 

To inject routes into OSPF, which then makes the router an ASBR, you enter the following command in router config mode:

“redistribute connected subnets” – This is what I am working with for now, though the basis of the command starts out as “redistribute …” in router config. If you do not add ‘subnets’ onto the connected redistribution, it will only bring in classful networks, and if issued without ‘subnets’ in the command it will need to be removed with “no redistribute connected” and add back in with subnets command.

“show ip ospf” shows what type of routes are being redistributed, what type of router the local router is, and all sorts of information for about anything OSPF related.

The first type of Stub area to speak upon is just that, a “Stub Area.” To configure a stub area, the command is:

“area 34 stub” – And this must be configured in router config mode on both neighbors, here is an example of the OSPF route table before creating the Stub Area:

R4#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/66] via 172.12.34.3, 00:01:19, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/66] via 172.12.34.3, 00:00:45, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 172.12.34.3, 00:00:17, FastEthernet0/1
5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/67] via 172.12.34.3, 00:03:16, FastEthernet0/1
100.0.0.0/16 is subnetted, 7 subnets
O E2     100.1.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
O E2     100.2.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
O E2     100.3.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
O E2     100.4.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
O E2     100.5.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
O E2     100.6.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
O E2     100.7.0.0 [110/20] via 172.12.34.3, 00:02:32, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
O        172.12.15.0/24 [110/66] via 172.12.34.3, 00:03:16, FastEthernet0/1
O        172.12.123.0/24 [110/65] via 172.12.34.3, 00:03:16, FastEthernet0/1

This creates a stub area, which will eliminate O E2 (External routes Redistributed into OSPF), and create a single default Inter-Area route to the next hop IP address, indicated in the OSPF route table as O*IA, however Inter-Area routes (IA) will still show the OSPF route table for the Stub Area, for example:

R4(config-router)#do sh ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 172.12.34.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.34.3, 00:00:07, FastEthernet0/1
1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/66] via 172.12.34.3, 00:00:07, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/66] via 172.12.34.3, 00:00:07, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 172.12.34.3, 00:00:07, FastEthernet0/1
5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/67] via 172.12.34.3, 00:00:07, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
O IA     172.12.15.0/24 [110/66] via 172.12.34.3, 00:00:07, FastEthernet0/1
O IA     172.12.123.0/24 [110/65] via 172.12.34.3, 00:00:07, FastEthernet0/1

To further reduce the OSPF route table, you must make the area a Total stub, by issuing the following command **ON THE ABR**, though it CAN be issued on both routers without affecting the outcome and both routers must still be configured as Stubs to begin with:

“area 34 stub no-summary” – This prevents Summary LSA’s from entering the Area, and further reducing the OSPF route table to a single default route to the next hop IP:

R3(config-router)#area 34 stub no-summary
R3(config-router)#
ASR#4
[Resuming connection 4 to r4 … ]

R4(config-router)#do sh ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 172.12.34.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.34.3, 00:00:08, FastEthernet0/1

The cost of 2 was explained as being the cost not of the local router to the destination network, but the cost of the ASBR to the destination network, there are ways to manipulate this coming up later.

  • Stub Areas prevent type 5 LSA’s from entering the Area
  • Total Stub Areas prevent types 3, 4, and 5 LSA’s from entering the Area
  • Area 0 / Backbone Area cannot be configured as ANY kind of Stub Area
  • Areas containing Virtual-Links cannot be Stub Areas

NSSAs (Not So Stubby Area) are configured very similar to a Stub network, however some of the behaviors are different at first glance. To begin the command issued again on both neighbors router config mode is:

“area 15 nssa” – I used routers 1 and 5 for my NSSA and left 3 and 4 for Total stub usage.

Here is how the routing table transforms as you configure an NSSA Stub network, beginning with how R5 see’s OSPF routes prior to any Stub configurations:

R5#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/2] via 172.12.15.1, 00:00:59, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/66] via 172.12.15.1, 00:00:59, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/66] via 172.12.15.1, 00:00:59, FastEthernet0/1
100.0.0.0/16 is subnetted, 7 subnets
O E2     100.1.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
O E2     100.2.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
O E2     100.3.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
O E2     100.4.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
O E2     100.5.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
O E2     100.6.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
O E2     100.7.0.0 [110/20] via 172.12.15.1, 00:00:59, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
O IA     172.12.34.0/24 [110/66] via 172.12.15.1, 00:00:59, FastEthernet0/1
O IA     172.12.123.0/24 [110/65] via 172.12.15.1, 00:00:59, FastEthernet0/1

After configuring “area 15 nssa” on both routers, this is the new route table:

R5(config-router)#do show ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/2] via 172.12.15.1, 00:00:09, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/66] via 172.12.15.1, 00:00:09, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/66] via 172.12.15.1, 00:00:09, FastEthernet0/1
5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback5
100.0.0.0/16 is subnetted, 7 subnets
O N2     100.1.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
O N2     100.2.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
O N2     100.3.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
O N2     100.4.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
O N2     100.5.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
O N2     100.6.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
O N2     100.7.0.0 [110/20] via 172.12.15.1, 00:00:09, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
C        172.12.15.0/24 is directly connected, FastEthernet0/1
L        172.12.15.5/32 is directly connected, FastEthernet0/1
O IA     172.12.34.0/24 [110/66] via 172.12.15.1, 00:00:09, FastEthernet0/1
O IA     172.12.123.0/24 [110/65] via 172.12.15.1, 00:00:09, FastEthernet0/1

The E2 (External / Redistributed) routes have turned into N2 route types, which I am not sure at this point what significance that has, however it did not summarize them and create a default Inter-Area route like as happened when creating a basic stub Area.

To further summarize and “Stub” this area, you must make this a Not So Stubby Total Stub Area, which requires the exact same configuration syntax that you add to a regular stub area to make it a Total stub area, again configure it on the ABR:

“area 15 nssa no-summary” – This will create one default Inter-Area static route for all the Inter-Area (O IA) routes in your route table, however the External / Redistributed routes still are sticking in the OSPF route table as shown in the following output:

R1(config-router)#area 15 nssa no-summary
R1(config-router)#
ASR#5
[Resuming connection 5 to r5 … ]

R5(config-router)#do show ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route

Gateway of last resort is 172.12.15.1 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.15.1, 00:00:06, FastEthernet0/1
5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback5
100.0.0.0/16 is subnetted, 7 subnets
O N2     100.1.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
O N2     100.2.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
O N2     100.3.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
O N2     100.4.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
O N2     100.5.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
O N2     100.6.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
O N2     100.7.0.0 [110/20] via 172.12.15.1, 00:07:26, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.12.15.0/24 is directly connected, FastEthernet0/1
L        172.12.15.5/32 is directly connected, FastEthernet0/1

I am not sure yet if there is a way to configure the NSSA Area to condense the External / Redistributed routes into a single default Inter-Area route, I have a suspicion it has to do with that Type 7 LSA, or it might just be what makes it Not So Stubby?

We shall see, on to the next topic, Summarization in OSPF!

OSPF Router and LSA Types

This will be another bullet point style post, as I have not fully delved into these LSA types with labs yet. One thing I have noticed, “show ip ospf database” will not give you the LSA type or number just in one of the columns of the output, they will need to be known by the headers in the column (I believe, need to verify). I will need to update this once my understanding of the LSA types develops, but I’ll put some initial information on both OSPF router acronyms and LSA information as I have it (some CCNA refresher material):

  • Area 0 is the Backbone area, any OSPF router with an interface in Area 0 is a Backbone router (Including ABR’s and Internal routers)
  • ABR = Area Boarder Router, has at least one interface in Area 0, and another interface in a non-Backbone area
  • Internal Router = All interfaces in a single Area
  • ASBR = Autonomous System (Boundary / Boarder) Router, an OSPF router that is injecting routes into OSPF via Route Redistribution
  • LSA Type 1 = Generated by every OSPF router for every Area that router has an OSPF link in, literally floods the link state of all its links to one Area (Area 0?)
  • LSA Type 2 = Only sent by DR’s, will show in the ospf database as the DR’s RID as the Advertising Rtr
  • LSA’s 1 and 2 are confined to a single Area (another plus for multi-area OSPF)
  • LSA Type 3 = Summary Network Link States, summarize inter-Area routes from one Area to another, generated by ABRs, not flooded into Total Stub Areas
  • LSA Type 4 = Describes path to ASBR, generated by ABRs, not flooded into Total Stub Areas
  • LSA Type 5 = Describes links external to the OSPF domain, this link describes networks injected via Route Redistribution, generated only by ASBRs, not flooded into Stub and Total Stub Areas
  • LSA Type 6 = Specialty LSA only generated by routers using Multicast extensions to OSPF (MOSPF)
  • LSA Type 7 = Only generated by ASBRs and sent into NSSAs (Not So Stubby Area), once the are sent in they do not come back out, unless the router in the NSSA convert them into Type 5 LSA’s and send them back out of their NSSA

Summary of what LSAs OSPF Router types send:

  • LSA Type 1 = Sent by all router
  • LSA Type 2 = Sent by DRs only
  • LSA Type 3, 4 = Sent by ABRs only
  • LSA Type 5, 7 = Sent by ASBRs only
  • LSA Type 6 = Reserved for MOSPF

 

Will try to clean this up as I move on with my studies, but will definitely be moving forward into OSPF Stub areas and hope these LSA types are expanded upon there.

OSPF Fundamentals in a can

This again will be bullet point facts on Fundamental OSPF concepts, with a taste into Advanced topics, but I will save the Advanced topics for their posts (such as LSA’s, Stub Areas, IPv6, etc). This will get me up to speed in Chris Bryants Book so I am where I am at on his video series, where I will be launching into the more Advanced topics, so the posts will be more grueling to read and probably post from this point forward!

  • A Backbone router can be both a Backbone router AND an Area Boarder Router, but an Area Boarder Router cannot be a Backbone router, here is why:
  • Backbone Router = A router that has an interface in Area 0 – That’s it.
  • Area Boarder Router (ABR) = A router that has at least one interface in Area 0 and an interface in a non-0 Area
  • Internal Router = An OSPF router with all of it’s interfaces in a single Area, but that Area does not have to be Area 0, like R4 in Area 34 (if it’s loopback were removed)
  • Autonomous System Boarder / Boundary Router = A router Redistributing routes
  • Any router in Area 0 is considered a Backbone Router, an ABR, and possibly an ASBR,  however routers without an interface in Area 0 are non-backbone routers
  • LSU’s (Link State Update) are exchanged by OSPF speaking routers once an Adjacency is formed, which contain LSA’s (Link State Advertisement) that are put into the ‘Link State Database’
  • The Dijkstra / SPF Algorithm is run against this database when a new LSA is received to update the OSPF routing table, routers should all have synched link-state DB’s
  • “show ip ospf database” to see links, link types, sequence numbers, and time since LSA was received (Age)
  • The SPF Algorithm calculates what’s called the ‘Shortest Path Tree’, and that Tree is used to create the routing table – No more details currently on Shortest Path Tree
  • LSA Sequence numbers ensure OSPF routers have the most recent information
  • If there is no entry for that link, the receiving router will make one and flood the LSA out every OSPF enabled interface except the one it was received on
  • If there is an entry for the link, one of the following three situations occur:
  • The sequence # is the same, the LSA is discarded, no further action taken
  • The sequence # received is lower, the LSA is ignored, and an LSU containing the more recent LSA is sent back to the original sender to update its link state DB
  • The sequence # received is higher, the router adds the LSA to its link state DB and sends an LSAcknowledgment to the sender, it will then flood the LSA and run the SPF algorithm to update its OSPF routing table
  • After the initial LSA exchange between two OSPF neighbors is complete, there will not be an exchange until a network topology change occurs, however OSPF routers do send out summary LSA’s once every 30 minutes
  • ***IMPORTANT*** For neighbors to form an adjacency, the routers must agree on Area number, Hello and Dead timers, and whether the Area is a stub or not (and also any Authentication configured in the Area)
  • The OSPF Process # (router ospf #) is locally significant only
  • “show ip ospf neighbor” is the only command to show neighbor loading states, shows Neighbor ID (RID), Priority, State, Dead Timer, Neighbor IP, Interface neighbor was learned off of
  • “show ip ospf interface s0/1” gives you A LOT of details regarding Area / Network type / RID / DR and BDR’s RID / Hello and Dead timers / Neighbor info / etc – ***Very good show command for troubleshooting OSPF***
  • When a topology change occurs, the detecting router sends a multicast to 224.0.0.6 (The all DR address) which is heard only by the DR and the BDR, the DR will then multicast the change to 224.0.0.5 to the (All non-DR/BDR OSPF router address) to update DROthers of the topology change, followed by the DROthers sending an LSAck back to the DR to confirm they received the update, the BDR only updates its database when it receives an update on 224.0.0.6 to keep an up to date DB but does nothing else in terms of updating any other OSPF routers
  • ***DR / BDR Election process***:
  • All routers with a Priority of 1 or greater are eligible to participate in the DR / BDR election, Priority 1 is the OSPF default, Priority 0 disables election participation
  • The router with the highest Priority is elected the DR, if there is a tie in Priority the RID is used as a tie breaker
  • The RID is comprised firstly and preferably of the highest loopback interface on the router, if no loopback is present the highest physical interface is used, even if that interface is not OSPF enabled (non-OSPF enabled RID interfaces will not be automatically advertised to the OSPF network)
  • Manually setting the RID in router configuration (“router-id x.x.x.x”) will override the OSPF determined RID for the election process
  • Manually setting the Priority directly on a router interface will also rig an election to make a router the DR / BDR / Not participate at all with command “ip ospf priority #”
  • The process is repeated to elect the BDR – A router cannot be the DR AND the BDR for an OSPF segment
  • If a DR goes down temporarily, the BDR is promoted to DR, and the next highest priority / RID will become the BDR, even if the original DR comes back online. Unlike STP, where a new switch with a lower BID will become the root bridge, once the DR and BDR are elected it stays that way until the go down or you ‘clear ip ospf proc’ which brings down all neighbor adjacencies
  • For example: Router A has Priority 100, Router B has Priority 50, Router C has Priority 10. Router A is the DR, Router B is the BDR, Router C is the DROther. If A goes down, B is promoted to DR, C is promoted to BDR, and when A comes back online it is a DROther. If Router B now goes down (DR), then Router C (BDR) will be promoted to the DR, and Router A with the highest Priority will then be promoted to BDR. When Router B comes back online, it will be a DROther, Router C will be the DR, Router A the BDR. Finally, Router C is rebooted, promoting Router A back to DR, Router B is now promoted to BDR, and when Router C comes back up it is now once again the DROther. (I believe this entire confusing process can be done via “clear ip ospf nei”)
  • Different network segment types (Broadcast, NBMA, Point-to-Point) have different hello and dead timers by default, and will need or need to not have a DR or BDR
  • **IMPORTANT NOTE** Area 0 is the Backbone Area, any routers without an interface in Area 0 is a non-backbone router, ALL NONE BACKBONE AREA’S MUST CONTAIN A ROUTER THAT HAS AN INTERFACE IN AREA 0 (or a virtual-link to it)
  • Ethernet segments default to ‘Broadcast’ network type, with Hello / Dead timers of 10/40, and a DR and BDR will be elected
  • NBMA segments default to Non-Broadcast network type, Hello / Dead timers are 30/120 by default, if it is a Hub-and-Spoke network type, only the Hub can be the DR with no BDR’s, this is because if the Hub goes down a spoke router on the segment won’t be able to get Multicasts to the other spoke router, AND ROUTERS DO NOT FORWARD BROADCASTS OR MULTICASTS
  • When configuring OSPF over Frame Relay, make sure your “frame map ip …” statements on the Hub have the ‘broadcast’ option enabled
  • Also ensure both the interfaces on the spokes in the OSPF segment are set to Priority 0 so they do not participate in the election process, again this is done directly on the interface with “ip ospf priority 0”
  • NBMA networks can have a DR and a BDR, but this requires there to be more than one Hub router, as spokes cannot be allowed to become the BDR
  • ***IMPORTANT NOTE*** On Hub router in an NBMA running OSPF, Hub MUST be configured with neighbor statements to the spokes, on all Hub routers to all spokes they communicate to, with “neighbor 172.12.123.2” in router configuration
  • Point-to-Point network types Hello / Dead timers default is 10/40, no DR / BDR will be elected as there is no need for one a PtP link, State will show a Full/- instead of Full/Dr or Full/DROther because no DR/BDR was elected, no neighbor statement necessary on this type of link, same goes for point-to-multipoint networks, as OSPF see this as a collection of point-to-point links
  • Point-to-Multipoint links default to Broadcast network types, but can be changed on the interface with “ip ospf network point-to-multipoint non-broadcast” configured on the interface, this network type doesn’t require “neighbor” statements in router configuration, but can be used to set the interface cost with “neighbor 172.12.123.2 cost #” to set the cost for that particular neighbor
  • Virtual-Links are used to allow Area’s on a non-backbone router (no physical interfaces in Area 0) form a logical connection to a Backbone router (it is a logical extension of Area 0), through an existing Area between the backbone and non-backbone router must be present – This is referred to as the “Transit Area” of the Virtual-Link, and this Area cannot be ANY type of stub Area
  • To configure the virtual link, the Area not connected to a backbone router must be configured in router configuration via “network …” command, then the following command must be issued on both the backbone and non-backbone router using the NEIGHBORS RID ON THE LOCAL CONFIGURATION
  • “area 34 virtual-link 4.4.4.4” in router configuration would be the command issued on R3 for a virtual-link between R3 and R4, then “area 34 virtual-link 3.3.3.3” on R4 to complete the configuration, some errors may pop up until the config is complete
  • “show ip ospf virtual-link” to see link details (much like an interfaces details), and can also see the adjacency with “show ip ospf nei” as the virtual link will show up as a seperate adjacency to the same neighbor
  • ***IMPORTANT*** If Area 0 is using Authentication, then the Virtual-Link must also be using Authentication – Be sure to check this! Another important note, the Transit Area for a Virtual-Link CANNOT BE ANY KIND OF STUB AREA!!!
  • Why not one big Area 0 – Because OSPF was created to use a hierarchical design, so that routers would not need to contain unnecessary routes outside of their Area or logical grouping, thus saving valuable resources like CPU and Memory, because there are less SPF calculations / less LSU and LSA traffic / more Concise route tables
  • “show ip ospf” is a very important troubleshooting commandIt will give you information on the OSPF process running locally, and all Area’s information as well that are seen by the router this command is issued on (including whether Authentication is running)
  • Cost, Bandwidth, and 4 OSPF routers on an Ethernet behavior is covered in detail in my previous post “Finished OSPF Fundamentals, onto Advanced Concepts”
  • OSPF Neighbor formation / Adjacency states is covered in detail as well in a previous post “OSPF Adjacency / Neighbor Formation States” (I know, how fitting)

 

My last two bullet points refer to previous OSPF posts from me that covers the end of chapter material in details, that I don’t want to rehash here point by point. That is is for the “Fundamentals” to keep in mind when working with OSPF, posts moving forward I imagine will grow increasingly more detailed and difficult to understand 🙂

My Physical Lab – List of equipment, IOS code info, and why I prefer physical to virtual

That right there is my bundle of Cisco pride and joy!

A breakdown of my equipment, and what I use for my topologies:

From top device to the bottom:

  • 2509 Access Router w/octal cable
  • 2950 L2 switch
  • 3560 L3 switch
  • 1841 ISR (R5) w/VPN Module
  • 2621XM Router (R1 – NBMA)
  • 2611XM Router w/4-Serial interface card (Frame-Switch – NBMA)
  • 2611XM Router (R2 – NBMA)
  • 2611XM Router (R3 – NBMA)
  • 2801 Voice Router w/CME IOS image for Voice studies (R4)
  • Currently unused 3550 L3 switch at the very bottom of the rack

I want to note first and foremost that my NBMA routers R1 / R2 / R3 including the Frame-Switch itself simulating the NBMA are all running IOS code 12.x, however the 1841 (R5) and and 2801 (R4) are running code 15.x that’s used on the current ROUTE exam.

I see and work with the differences in output, and solve troubleshooting with logical configuration, and any important differences in code I do use the 15.x routers – That is actually why they are on opposite ends of the NBMA network to hit any restraints on 12.x boarders (NBMA) so I know if IOS code compatibility is becoming an issue during the labbing session.

So if the newer material doesn’t work on the older code, I work with my 15.x routers to give accurate output for anyone viewing.

That being said…

Using a Physical lab vs a Virtual lab is equivalent to using a tread mill instead of going outside for a jog. On a tread mill I feel like I am just lifting my feet at the right intervals, and jogging outside feels like it really takes the muscles whole effort to move forward.

I feel quite the same about the Physical lab, there may come a day I use GNS3 or an emulator to lab on the go, but getting on your hands and knees to re-wire your rack using the correct cables, watching the lights go on (and sometimes amber / off) when something is amiss. It feels much more genuine to me then a program sort emulating a router, and their sooooo cheap now adays, noone can really say they can’t afford a small rack if they can afford to dine out or buy video games.

That and when I walk by my lab room and see my rack, a lot of nights I was going to slack and take the night off studying, I’d see the physical rack sitting there and started to ponder what I could lab up quick that would eventually turn to hours of lab work (which is a good thing, usually). Starting up the lab and hearing the hum, it is a beautiful sounds, like a soothing waterfall for the average CCNP candidate I’d imagine.

So if you can afford it, I encourage you to get a small 3-4 router lab and a couple layer 3 switches, it has pulled me into labbing so much it has already paid for itself in opportunities I have been offered in my career because that rack kept me chugging through CCNA studies and now through CCNP 🙂