27
Evaluating OSPF Advanced Features of OSPF Protocol 1
Evaluating OSPF
Evaluating OSPFAdvanced Features of OSPF Protocol1Our routing study thus far - idealization
scale: with 200 million destinations:cant store all destinations in routing tables!routing table exchange would swamp links!
administrative autonomy Autonomous Systems(AS)internet = network of networkseach network admin may want to control routing in its own network2all routers identicalnetwork flat not true in practice2OSPF AdvanatagesNo limitation on hop count Supports classless (VLSM) routingRouting updates sent only when there is a change or very rarelyFaster convergenceBetter load balancingLogical definition of areasAuthentication and external routes tagging33OSPF addresses most of the issues not included in RIP: 1. With OSPF, there is no limitation on the hop count. 2. The intelligent use of VLSM is very useful in IP address allocation. 3. OSPF uses IP multicast to send link-state updates. This ensures less processing on routers that are not listening to OSPF packets. Also, updates are only sent in case routing changes occur, instead of periodically. This ensures a better use of the bandwidth. 4. OSPF has better convergence than RIP. This is because routing changes are propagated instantaneously and not periodically. 5. OSPF allows for better load balancing. It can use different metrics and supports multipath.6. OSPF allows for a logical definition of networks where routers can be divided into areas. This will limit the explosion of link state updates over the whole network. This also provides a mechanism for aggregating routes and cutting down on the unnecessary propagation of subnet information. 7. OSPF allows for routing authentication by using different methods of password authentication. 8. OSPF allows for the transfer and tagging of external routes injected into an Autonomous System. This keeps track of external routes injected by exterior protocols such as BGP. Review: Evaluation Criteria for Routing Protocols BandwidthMetric calculation Sharing and managing routing information ScalabilityConvergence Performance Hierarchy Scalability Administration and Management Hardware and software resources Reliability Security 4OSPF - Link State ProtocolLink an interface on the routerLink statedescription of the interface and the neighboring routersIP address, mask, type, routers connected toLink state databasecollection of link state advertisement for all routers and networks55OSPF is a link-state protocol. We could think of a link as being an interface on the router. The state of the link is a description of that interface (e.g., the router's usable interfaces and reachable neighbors. A description of the interface would include, for example, the IP address of the interface, the mask, the type of network it is connected to, the routers connected to that network and so on. The collection of all these link-states would form a link-state database.
6OSPF Basic Configuration Examplerouter ospf 63network 172.16.5.3 0.0.0.0. area 1network 172.16.0.0 0.0.255.255 area 0network 192.168.10.5 0.0.0.0 area 1
Area 0Area 1 172.16.1.1172.16.3.2192.168.10.5 E1T0 E0 172.16.5.3E2
Router (config) # Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet maskrouter ospf process-id6Bandwidth- The Metrics in OSPFformula: cost = 108 /bandwidth in bps756 Kbps serial link175864 Kbps serial link 1562T1 (1.544 Mbps serial link) 65E1 (2.048 Mbps serial link) 484 Mbps token ring 25Ethernet 1016 Mbps token ring 6FDDI 1The faster the link, smaller is the number => more desirable is the route
7The metric (cost) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The metric of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is higher cost and time delays involved in crossing a 56k serial line than crossing a 10M Ethernet line. The formula used to calculate the cost is:
cost = 100 000 000 / bandwidth (in bits per second)
For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and will cost 108/1544000 = 64 to cross a T1 line. By default, the cost of an interface is calculated based on the bandwidth. However the network administrator can force another cost for an interface.
OSPF Metric - OptimisingBandwidthS0/0/0S0/0/1DCE
R2
R1S0/0/0DCES0/0/1192.168.10.8/3010.10.10.0/24172.16.1.32/29
R3172.16.1.16/28Fa0/0Fa0/0192.168.10.0/30.17.1.2.9.10.1.33S0/0/1
.5192.168.10.4/30S0/0/0DCE.6Fa0/0Lo010.1.1.1Lo010.3.3.3Lo010.2.2.264kbps128kbps256kbps
R1(config-router) auto-cost reference-bandwidth 88When the serial interface is not actually operating at the default T1 speed, the interface requires manual modification. Both sides of the link should be configured to have the same value. Both the bandwidth interface command or the ip ospf cost interface command achieve this purpose - an accurate value for use by OSPF in determining the best route.
The bandwidth command is used to modify the bandwidth value used by the IOS in calculating the OSPF cost metric.
Router(config-if)#bandwidth bandwidth-kbps
For R1, the show ip ospf interface command shows that the cost of the Serial 0/0/0 link is now 1562, the result of the Cisco OSPF cost calculation 100,000,000/64,000. When you are using the bandwidth of the interface to determine OSPF cost, always remember to use the bandwidth value interface command to accurately define the bandwidth of the interface (in kbps).If interfaces that are faster than 100 Mbps are being used, you should use the auto-cost reference-bandwidth ref-bw command on all routers in the network to ensure accurate route calculations. The ref-bw is a reference bandwidth in megabits per second, and ranges from 1 to 4,294,967. You must apply the same reference bandwidth to all OSPF routers in the domain to get the desired results.To override the default cost, manually define the cost using the ip ospf cost interface-cost command on a per-interface basis. The cost value is an integer from 1 to 65,535. The lower the number, the better the link and more strongly preferred. OSPF Metric - CostS0/0/0S0/0/1DCE
R2
R1S0/0/0DCES0/0/1192.168.10.8/3010.10.10.0/24172.16.1.32/29
R3172.16.1.16/28Fa0/0Fa0/0192.168.10.0/30.17.1.2.9.10.1.33S0/0/1
.5192.168.10.4/30S0/0/0DCE.6Fa0/0Lo010.1.1.1Lo010.3.3.3Lo010.2.2.264kbps128kbps256kbps
99An alternative method to using the bandwidth command is to use the ip ospf cost command, which allows you to directly specify the cost of an interface. For example, R1 Serial 0/0/0 could be configured with the following command:
R1(config)#interface serial 0/0/0R1(config-if)#ip ospf cost 1562
The ip ospf cost command is useful in multi-vendor environments where non-Cisco routers use a metric other than bandwidth to calculate the OSPF costs.
The main difference between the two commands is that the bandwidth command uses the result of the cost calculation to determine the cost of the link. The ip ospf cost command bypasses this calculation by directly setting the cost of the link to a specific value.Load Balancing and Link Cost
10OSPF allows for Equal-Cost load balancing.
R6 has two routers to R7 networksThru R5-R4Thru R4-R7Which path will be taken?If you want to load-balance using both paths:R6 needs to believe that the path cost through R5 and R4 are the same. Artificially increase the cost of the currently preferred link of R6, usingIP ospf cost command, Once the cost of the current preferred link is increased (made worse) and is made the same as the other path, equal cost load balancing will automatically begin. 1.5Mbps 500 Kbps Bandwidth: Managing Routing information Routing information is not exchanged in form of routes (Which protocol does that?)Each router generates link-state advertisements containing elements of network topology routers neighbor relationshipsConnected subnets and OthersLink-state advertisements are flooded to all routers when areas are not configured: Issue : LSA flooding -> hampers performance Link-state database is used for storing network topology information Dijkstraa SPF (Shortest path first) algorithm used to compute shortest path in terms of COST (OSPF metric), and result stored in RIB(routing information database) OSPF RIB is collection of best paths to each destination, installed in Routing tableWhen information in link state database changes, only a partial calculation is necessary1111OSPF uses a link-state algorithm in order to build and calculate the shortest path to all known destinations. The algorithm by itself is quite complicated. The following is a very high level, simplified way of looking at the various steps of the algorithm: 1- Upon initialization or due to any change in routing information, a router will generate a link-state advertisement (LSA). A router generates an LSA periodically, as well as in response to the discovery of a new neighbor, a link, when a neighbor changes state from up to down or vice versa, or when a link metric changes value. Two routers are neighbors when they have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's Hello Protocol. This advertisement will represent the collection of all link-states on that router. 2- All routers will exchange link-states by means of flooding. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers. Each participating router must have an identical database. 3- After the database of each router is completed, the router will calculate a Shortest Path Tree to all destinations. All routers run the same algorithm, in parallel. The router uses the Dijkstra algorithm to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations will form the IP routing table. 4- In case no changes in the OSPF network occur, such as cost of a link or a network being added or deleted, OSPF should be very quiet. Any changes that occur are communicated via link-state packets, and the Dijkstra algorithm is recalculated to find the shortest path.
Issue: Performance - Flooding LSAs
R2
R1
R3
R4
R5R5 - LSA224.0.0.6DRBDR Multi-Access Networks: To avoid flooding LSAs to all routers in the network, Routers are designated:
Election of DR (Designated Router)- Routers send LSAs to the DR using the multicast address 224.0.0.6
BDR (Backup Designated Router) : back up for DR, if DR fails
R5 - LSA224.0.0.5DRotherDRotherDRotherR5 - LSA224.0.0.5R5 - LSA224.0.0.5 The DR is responsible for forwarding the LSAs from R1 to all other routers. The DR uses the multicast address 224.0.0.5R5 - LSA224.0.0.6
1212On multiaccess networks, OSPF elects a Designated Router (DR) to be the collection and distribution point for LSAs sent and received.
A Backup Designated Router (BDR) is also elected in case the Designated Router fails.
All other routers become DROthers (this indicates a router that is neither the DR or the BDR). DROthers only form full adjacencies with the DR and BDR in the network. This means that instead of flooding LSAs to all routers in the network, DROthers only send their LSAs to the DR and BDR using the multicast address 224.0.0.6 (ALLDRouters - All DR routers).
In the slide, R5 sends LSAs to the DR. The BDR listens as well. The DR is responsible for forwarding the LSAs from R5 to all other routers.
The DR uses the multicast address 224.0.0.5 (AllSPFRouters - All OSPF routers). The end result is that there is only one router doing all of the flooding of all LSAs in the multiaccess network. Hierarchical StructureIntroduced to put a boundary on the explosion of link-state updatesEvery area is connected to the backbone area13BackboneArea #0Area #2Area #1Area #313OSPF allows collections of contiguous networks and hosts to be grouped together. Such a group, together with the routers having interfaces to any one of the included networks, is called an area. Areas are introduced to put a boundary on the explosion of link-state updates. Each area runs a separate copy of the basic link-state routing algorithm. This means that each area has its own link-state database and corresponding graph, as explained in the previous section. The topology of an area is invisible from the outside of the area. Conversely, routers internal to a given area know nothing of the detailed topology external to the area. This isolation of knowledge enables the protocol to effect a marked reduction in routing traffic as compared to treating the entire Autonomous System as a single link-state domain.With the introduction of areas, it is no longer true that all routers in the AS have an identical link-state database. A router actually has a separate link-state database for each area it is connected to.
OSPF Areas The border area is OSPF area 0all routers belonging to the same area have identical databaseSPF calculations are performed separately for each areaLSA flooding is bounded by area1414OSPF has special restrictions when multiple areas are involved. If more than one area is configured, one of these areas has be to be a backbone are. The OSPF backbone is the special OSPF Area 0 (often written as Area 0.0.0.0, since OSPF Area ID's are typically formatted as IP addresses). When designing networks it is good practice to start with area 0 and then expand into other areas later on. The backbone has to be at the center of all other areas, i.e. all areas have to be physically connected to the backbone. The reasoning behind this is that OSPF expects all areas to inject routing information into the backbone and in turn the backbone will disseminate that information into other areas. The OSPF backbone always contains all area border routers. The backbone is responsible for distributing routing information between non-backbone areas. The backbone must be contiguous. However, it need not be physically contiguous; backbone connectivity can be established/maintained through the configuration of virtual links.Two routers belonging to the same area have, for that area, identical area link-state databases.
OSPF Router Types
OSPF routers are categorized based on the function they perform in the routing domain.The four different types of OSPF routers are: Internal routers: Routers that have all their interfaces in the same area and have identical LSDBs. Backbone routers: Routers that sit on the perimeter of the backbone area and have at least one interface connected to area 0. Backbone routers maintain OSPF routing information using the same procedures and algorithms as internal routers. Area border routers: Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each area to which they connect, and route traffic destined to or arriving from other areas. Area border routers (ABRs) are exit points for the area, which means that routing information destined for another area can get there only via the ABR of the local area. ABRs can be configured to summarize the routing information from the LSDBs of their attached areas. ABRs distribute the routing information into the backbone. The backbone routers then forward the information to the other ABRs. In a multiarea network, an area can have one or more ABRs.Autonomous System Boundary Routers: Routers that have at least one interface attached to an external internetwork (another autonomous system), such as a non-OSPF network. Autonomous system boundary routers (ASBRs) can import non-OSPF network information to the OSPF network and vice versa; this process is called route redistribution. A router can exist as more than one router type. For example, if a router interconnects to area 0 and area 1, in addition to a non-OSPF network, it is both an ABR and an ASBR.A router has a separate LSDB for each area to which it connects; therefore, an ABR could have one LSDB for area 0 and another LSDB for another area in which it participates. Two routers belonging to the same area maintain identical LSDBs for that area.An LSDB is synchronized between pairs of adjacent routers. On broadcast networks like Ethernet, an LSDB is synchronized between the router that is not a DR or a BDR (that is, a DROTHER) and its DR and BDR.
OSPF: Multiple Areas16Area 2Area 3Area 4Area 1area 0BackboneASBRInterior Router (IR)IRto other AS Virtual linkTwo-level hierarchy: local area, also called backbone.areaLink-state advertisements only in area each nodes has detailed area topology; only knows direction (shortest path) to networks in other areas.Area border routers (ABR): summarize distances to networks in own area, advertise to other Area Border routers.Backbone routers: run OSPF routing limited to backbone.Autonomous System Boundary routers: connect to other ASs. (Autonomous Systems)
ABR: Area Border routersASBR: Autonomous System Border Routers16Before the introduction of areas, the only OSPF routers having a specialized function were those advertising external routing information. When the AS is split into multiple areas, the routers are further divided according to function into the following overlapping categories:Routers connected to only one area are called Interior routers (IR). Routers connected to multiple areas are called area border routers (BR). Routers connected to other autonomous system are Autonmous system border routers (ASBR). Border area routers with the links that connect them, form the backbone of the AS.Virtual links are used for two purposes: 1- Linking an area that does not have a physical connection to the backbone. 2- Patching the backbone in case discontinuity of area 0 occurs. In some rare case where it is impossible to have an area physically connected to the backbone, a virtual link is used. The virtual link will provide the disconnected area a logical path to the backbone. The virtual link has to be established between two ABRs that have a common area, with one ABR connected to the backbone.Scaling OSPFRule of thumbno more than 150 routers /areaRealityno more than 500 routers/areaBackbone area is an area that glue all the other areasalways marked as area 0proper use of areas reduces bandwidthsummarized routes instability is limited within the area1717 18OSPF Basic Configuration Examplerouter ospf 63network 172.16.5.3 0.0.0.0. area 1network 172.16.0.0 0.0.255.255 area 0network 192.168.10.5 0.0.0.0 area 1
Area 0Area 1 172.16.1.1172.16.3.2192.168.10.5 E1T0 E0 172.16.5.3E2
Router (config) # Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet maskrouter ospf process-id1819Route Summarization ExampleR2R2#router ospf 100network 172.16.64.00.0.31.255 area 2network 172.16.96.0 0.0.31.255 area 0area 0 range 172.16.96.0 255.255.224.0area 2 range 172.16.64.0 255.255.224.0R1#router ospf 100network 172.16.32.0 0.0.31.255 area 1network 172.16.96.0 0.0.31.255 area 0area 0 range 172.16.96.0 255.255.224.0area 1 range 172.16.32.0 255.255.224.0172.16.64.0 - 172.16.95.0255.255.255.0 Area 2172.16.64.1172.16.96.0 - 172.16.127.0255.255.255.0 172.16.127.1172.16.96.1172.16.32.0 - 172.16.63.0255.255.255.0 Area 1172.16.32.1Interface Addresses(255.255.255.0 mask)Interface Addresses(255.255.255.0 mask)
R1
R2Area 0 19Area Link State DatabaseLink state database for every area is differentArea database is composed ofrouter links advertisementsnetwork links advertisementssummary links advertisementsAS external advertisements2020Routing in the Autonomous System takes place on two levels, depending on whether the source and destination of a packet reside in the same area (intra-area routing is used) or different areas (inter-area routing is used). In intra-area routing, the packet is routed solely on information obtained within the area; no routing information obtained from outside the area can be used. This protects intra-area routing from the injection of bad routing information. Routes that are generated from within an area (the destination belongs to the area) are called intra-area routes. These routes are normally represented by the letter O in the IP routing table. Routes that originate from other areas are called inter-area or Summary routes. The notation for these routes is O IA in the IP routing table. Routes that originate from other routing protocols (or different OSPF processes) and that are injected into OSPF via redistribution are called external routes. These routes are represented by O E2 or O E1 in the IP routing table. Multiple routes to the same destination are preferred in the following order: intra-area, inter-area, external E1 or E2..
Stub Areas: Router performanceOSPF allows certain areas to be configured as stub areas.Configuring a stub area reduces the topological database size inside an area and reduces the memory requirements of routers inside that area. RTC#interface Ethernet 0ip address 203.250.14.1 255.255.255.0interface Serial1ip address 203.250.15.1 255.255.255.252router ospf 10network 203.250.15.0 0.0.0.255 area 2network 203.250.14.0 0.0.0.255 area 0area 2 stub RTE#interface Serial1ip address 203.250.15.2 255.255.255.252router ospf 10network 203.250.15.0 0.0.0.255 area 2area 2 stub21
An area could be qualified a stub when there is a single exit point from that area or if routing to outside of the area does not have to take an optimal path.21Link State Advertisement (LSA)Generated periodically or in response to any changeContains:source identificationsequence numberlink state agelist of neighbors2222A router generates an LSA periodically, as well as in response to the discovery of a new neighbor, a link, when a neighbor changes state from up to down or vice versa, or when a link metric changes value. Two routers are neighbors when they have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's Hello Protocol.Load Balancing by Multiple Path23N1N2R2R1R3R4path 1path 2equal orproportional cost multiple pathsUnequal cost multiple paths not supported 23OSPF supports multipath. It means that in case of two or more shortest paths the traffic is divided equally among those paths. This kind of routing helps balancing the load on the network. If the pats are not with equal cost, the distribution might be proportional. Equal cost paths24Two routers are connected to each other via two p2p serial links of equal cost. R1 has Loopback 0 interface 1.1.1.1/32 and R2 has Loopback 0 interface 2.2.2.2/32. OSPF is used as the routing protocol. Hence, R1 can reach 2.2.2.2/32 via two equal-cost paths and R2 can reach 1.1.1.1/32 via two equal-cost paths.
R1R21.1.1.1/322.2.2.2/32R1# show ip route | begin GatewayGateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnetsC 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnetsO 2.2.2.2 [110/65] via 10.2.2.2, 00:01:44, Serial0/1 [110/65] via 10.1.1.2, 00:01:44, Serial0/0 10.0.0.0/30 is subnetted, 2 subnetsC 10.2.2.0 is directly connected, Serial0/1C 10.1.1.0 is directly connected, Serial0R1# show ip route 2.2.2.2Routing entry for 2.2.2.2/32 Known via "ospf 1", distance 110, metric 65, type intra area Last update from 10.1.1.2 on Serial0/0, 00:02:10 ago Routing Descriptor Blocks: 10.2.2.2, from 2.2.2.2, 00:02:10 ago, via Serial0/1 Route metric is 65, traffic share count is 1 * 10.1.1.2, from 2.2.2.2, 00:02:10 ago, via Serial0/0 Route metric is 65, traffic share count is 1
Authenticated Routing UpdatesTwo possibilities are definedno authentication (configured by default)authenticationsimple password authenticationmessage digest authentication
2525It is possible to authenticate the OSPF packets such that routers can participate in routing domains based on predefined passwords. By default, a router uses a Null authentication which means that routing exchanges over a network are not authenticated. Two other authentication methods exist: Simple password authentication and Message Digest authentication. Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want toparticipate in the routing domain will have to be configured with the same key. The drawback of this method is that it is vulnerable to passive attacks.Message Digest Authentication is a cryptographic authentication. A key (password) and key-id are configured on each router.The router uses an algorithm based on the OSPF packet, the key, and the key-id to generate a "message digest" that gets appended to the packet. Unlike the simple authentication, the key is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPF packet to protect against replay attacks. Simple Password AuthenticationSimple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key.Drawback Vulnerable to passive attacks. Anybody with a link analyzer could easily get the password off the wire. interface Ethernet0ip address 10.10.10.10 255.255.255.0ip ospf authentication-key mypasswordrouter ospf 10network 10.10.0.0 0.0.255.255 area 0area 0 authentication26Message Digest AuthenticationCryptographic authentication A key (password) and key-id areconfigured on each router. The router uses an algorithm based on the OSPF packet, the key, and the keyidto generate a "message digest" that gets appended to the packet. Unlike the simple authentication, thekey is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPFpacket to protect against replay attacks. interface Ethernet0ip address 10.10.10.10 255.255.255.0ip ospf message-digest-key 10 md5 mypasswordrouter ospf 10network 10.10.0.0 0.0.255.255 area 0area 0 authentication message-digest27 Memory Issues Usually come up when too many external routes are injected in the OSPF domain. A backbone area with 40 routers and a default route to the outside world would have less memory issues compared with a backbone area with 4 routers and 33,000 external routes injected into OSPF. The total memory used by OSPF is the sum of the memory used in the routing table (show ip routesummary) and the memory used in the link-state database.Example: Each entry in the routing table will consume between approximately 200 and 280 bytes Each LSA will consume a 100 byte overhead plus the size of the actual link state advertisementThis should be added to memory used by other processes and by the IOS itself.28The following numbers are a rule of thumbestimate. Each entry in the routing table will consume between approximately 200 and 280 bytes plus 44bytes per extra path. Each LSA will consume a 100 byte overhead plus the size of the actual link stateadvertisement, possibly another 60 to 100 bytes (for router links, this depends on the number ofinterfaces on the router). This should be added to memory used by other processes and by the IOS itself.If you really want to know the exact number, you can do a show memory with and without OSPF beingturned on. The difference in the processor memory used would be the answer (keep a backup copy of theconfigs).Normally, a routing table with less than 500K bytes could be accommodated with 2 to 4 MB RAM;Large networks with greater than 500K may need 8 to 16 MB, or 32 to 64 MB if full routes are injectedfrom the Internet.28
