Jaycee's Networking

September 29, 2009

Basic Config of JUNOS

Filed under: IS-IS, Junos, OSPF, Static Route — Tags: , — Jaycee @ 7:18 pm

17. The loop argument to the autonomous-system statement allows you to configure tolerance for occurrences of the local ASN in received route updates. It indicates a BGP routing loop and results in the related route being discarded. The default setting of 1 will reject any route with 1 instance of the local AS number. That is, the route with a single instance of the local ASN should be discarded. To support reception of routes with a single instance of the local ASN, specify a loop value of 2.

jc@Junos# set routing-options autonomous-system loops 3

Tolerates as many as 2 instances of the local AS number in received route updates.

16. Martian routes:

jc@Junos> show route martians table inet.0

inet.0:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
128.0.0.0/16 orlonger -- disallowed
191.255.0.0/16 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
223.255.255.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- disallowed

15. Security:

a. SSH:

jc@Junos> set system services ss

b. Direct broadcast msgs:

Junos doesn’t forwared these msgs to prevent DoS, which are datagrams with a destination address of an IP subnetwork broadcast address.

c. Martian addresses:

Martian addresses are host or network addresses about which all routing information is ignored.

(1) In IPv4: 0.0.0.0/8, 127.0.0.0/8, 128.0.0.0/16, 191.255.0.0/16, 192.0.0.0/24, 223.255.255.0/24, 240.0.0.0/4

(2) In IPv6: the loopback address, the reserved and unassigned prefixes from RFC 2373, and the link-local unicast prefix are the default martian addresses

d. Who’s logged in:

jc@Junos> show system users
jc@Junos> request system logout mike
jc@Junos> request message user mike message "End router session now!"
jc@Junos> request message all message "End router session now!"

e. Who’s configuring:

jc@Junos# status
Users currently editing the configuration:
  fred terminal p0 (pid 13329) on since 2008-03-23 15:15:12 UTC

f. Ensure no one else can modify the router while u’re editing:

jc@Junos# configure exclusive

14. IS-IS:

a. IS-IS runs directly on the data link layer (Layer 2). As a result, each interface that runs IS-IS doesn’t need an IP address to exchange IS-IS information.

b. It was developed as part of the OSI network protocols and not part of TCP/IP, thus IS-IS doesn’t use IP addresses.

c. IS-IS addresses are called NETs (Network Entity Titles). NETs can be 8~20 bytes long, but are generally 10 bytes long:

isis

d. All the routers within an area exchange their network topology information in IS-IS LSPs, and run the SPF calculation to keep their link-state database identical.

e. Routers within an area can send summaries of their routes to other areas in the IS-IS network.

f. Two types of routers:

(1) Level 1 systems: When they receive traffic destined for somewhere outside the area, they send the packet toward a Level 2 system.

(2) Level 2 systems:

(2.1) Route traffic b/w 2 IS-IS areas.
(2.2) They route traffic to other ASs.

g. Configure IS-IS:

jc@Junos> set interfaces ge-1/0/0 unit 0 family iso
jc@Junos> set protocols isis interface ge-1/0/0.0

e. Monitor IS-IS:

jc@Junos> show isis database
jc@Junos> show isis adjacency => displays the neighbors 
jc@Junos> show ospf interface 
jc@Junos> show ospf route
jc@Junos> show route protocol isi

13. OSPF:

a. Link-state protocols run a SPF algorithm to create a database of the network’s topology to determine the best path to a destination.

b. Each router goes through the following process to discover the network topology and determine the best path to each destination:

1) OSPF creates LSAs which describe the network topology that the router has in its link-state database.

2) The router floods the LSAs to all routers in the domain.

3) When the router receives LSAs from other routers, it adds the information to its link-state database.

4) The router runs the Dijkstra SPF calculation to determine the shortest path to each destination in the domain. The result of the calculation is the destination address and the next hop.  OSPF places this information in its OSPF routing database. Each router performs the SPF calculation independently, all routers end up with identical link-state databases thought the routers may have different next hops for the destination.

5) When changes occur in the domain, this information is transmitted in LSAs, and all the OSPF routers rerun the SPF calculation and update their link-state database.

c. As an OSPF network gets larger, one of the challenges is keeping all the link-state statements on all routers in sync. => divide it into smaller areas

1) Each area has the same properties: All the routers within the area exchange their network topology information in LSAs, and this smaller group of routers run the SPF calculation to keep their link-state databases identical.

2) ABRs — run 2 SPF calculations, maintain 2 link-state databases, pass route information between the 2 areas but summarize it before sending it into the neighboring area.

Summarization improves the overall stability of the OSPF network.

3) ASBRs — are responsible to advertise externally learned routes into the OSPF administrative domains.

4) All routers in the OSPF backbone must be physically connected to each other. If any routers aren’t physically contiguous, they must be connected by an OSPF virtual link so that they appear to be contiguous.

5) Area ID 0 is normally written as the 32-bit value 0.0.0.0.

6) Stub areas — receive only summarized routing information about other areas within the OSPF domain, and don’t receive any information about external OSPF routes. => Stub areas can’t connect to external networks.

7) NSSAs — can connect to external networks.

d. Configure OSPF:

[edit protocols]
jc@Junos# set ospf area 0.0.0.0 interface ge-1/3/0.0 authentication md5 123456

e. Monitor OSPF:

jc@Junos> show ospf database
jc@Junos> show ospf database summary
jc@Junos> show ospf database brief
jc@Junos> show ospf database router
jc@Junos> show ospf interface
jc@Junos> show ospf neighbor
jc@Junos> show ospf route
jc@Junos> show ospf overview
jc@Junos> show route protocol ospf

12. RIP:

[edit protocols]
jc@Junos# set rip group fred-group neighbor ge-0/0/1.0

a. All RIP neighbors needs to be part of a group with group keyword. (i.e. fred-group)

jc@Junos> show rip neighbor
                     Source      Destination   Send   Receive   In
Neighbor     State   Address     Address       Mode   Mode     Met
--------     -----   -------     -----------   ----   -------  ---
ge-0/0/1.0      Up 10.0.29.2    224.0.0.9     mcast   both      1

b. The last column reports the inbound metric, which is how many hops will be added to received routes.

11. Default Route Preferences:

How Route is Learned Default Route Preference
Directly connected router or network 0
Configured static routes 5
MPLS 7
LDP (Label Distribution Protocol) 9
OSPF internal routes 10
IS-IS Level 1 internal routes 15
IS-IS Level 2 internal routes 18
SNMP 50
RIP 100
PIM 105
DVMRP 110
Aggregate 130
OSPF external routes 150
IS-IS Level 1 external routes 160
IS-IS Level 2 external routes 165
BGP 170
MSDP 175

a. LDP — MPLS-specific protocol that LSRs can use to exchange information about the labels for each FEC so that they can assign the correct labels to each of their forwarding paths.

1) LSR (Label Switching Router) — a networking device that can run the MPLS protocols

2) LSP (Lable Switched Path) — the end-to-end, unidirectional path established through the MPLS network

3) FEC (Forward Equivalency Class) — the set of IP packets assigned to a particular path and identified by its label

10. Routing Table:

Routing Table Description
inet.0 Default table for IPv4 unicast routes, including configured static routes, RIP, OSPF, IS-IS, and BGP.
inet.1 Multicast forwarding cache, used by DVMRP and PIM
inet.3 Stores paths and label information for traffic engineering (MPLS)
inet.6.0 Default table for IPv6 unicast routes
iso.0 ISO routes for IS-IS
mpls.0 Next hops for MPLS label-switched paths (LSPs)
jc@Junos> show route
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.0.0.0/24         *[Direct/0] 9w3d 17:41:54
                    > via ge-0/0/2.0
2.0.0.120/32       *[Local/0] 9w3d 17:41:57
                      Local via ge-0/0/2.0
10.5.0.0/16        *[Static/5] 9w3d 17:41:56
                    > to 10.93.15.254 via fxp0.0
10.10.0.0/16       *[Static/5] 9w3d 17:41:56
                    > to 10.93.15.254 via fxp0.0
10.93.4.52/32      *[Direct/0] 9w3d 17:43:44
                    > via lo0.0
                    [Static/5] 9w3d 17:43:44

__juniper_private1__.inet.0: 14 destinations, 14 routes (8 active, 0 holddown, 6 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/8         *[Direct/0] 9w3d 17:43:44
                    > via fxp1.0
10.0.0.1/32        *[Local/0] 9w3d 17:41:57
                      Local

__juniper_private1__.inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

fe80::/64         *[Direct/0] 9w3d 17:43:44
                    > via fxp1.0
fe80::200:ff:fe00:4/128
                  *[Local/0] 9w3d 17:41:57
                     Local via fxp1.0

a. hold-down state — it occurs before a route is removed from the routing table

b. hidden state — it a result of a plicy that you’ve configured on the router a problem with the route

9. Static Route:

[edit routing-options]
jc@Junos# set static route 192.168.1.1 next-hop 10.1.0.1

8. Interface:

[edit]
jc@Junos# set interfaces ge-1/2/0 unit 0 family inet address 192.168.10.40/24
jc@Junos# set ge1-1/3/0 unit 0 family inet6 address::2/64
jc@Junos# set ge-1/3/0 unit 0 family iso

a. four levels:

physical interfaceunit family protocol family

1) unit is a logical interface

2) at least one family on each logical itnerface

3) at least one protocol family on each logical interface to allow it to receive and transmit protocol traffic

b. common protocols on interfaces:

1) inet – for IPv4

2) inet6 – for IPv6

3) iso – for the interfaces that need to support CLNS, which is the ISO network layer service protocol that is used by IS-IS.

4) mpls

7. Traceoptions:

[edit]
jc@Junos# set protocols ospf traceoptions file ospf.log
jc@Junos# set protocols ospf traceoptions flag all
jc@Junos# set security traceoptions flag policy-manager
jc@Junos# set security traceoptions flag general
jc@Junos# set routing-options traceoptions file trace-events world-readable
jc@Junos# set routing-options traceoptions flag all

6. Syslog:

[edit system]
jc@Junos# set syslog file ?
Possible completions:
 <file-name>          Name of file in which to log data
 cli-commands         Name of file in which to log data
 emergency            Name of file in which to log data
 firewall             Name of file in which to log data
 messages             Name of file in which to log data

[edit system]
jc@Junos# set syslog file messages any notice
jc@Junos# set syslog file messages authorization info
jc@Junos# set syslog file cli-commands interactive-commands any
jc@Junos# set syslog file emergency any emergency
jc@Junos# set syslog file firewall firewall notice
Types of Logging Events Logging Se verity Levels
any notice
Any router event General router operational events of more interest than “info”
authorization info
Authentication and authorization attempts General router operation
interactive-commands any
Commands typed at the command-line interface or by a JUNOScript client application All events
any emergency
Errors that cause the router to stop operating
firewall notice
Packet filtering performed by firewall filters

5.RADIUS:

[edit system]
jc@Junos# set radius-server 192.168.10.1 port 1812 secret 123456
jc@Junos# set radius-server 192.168.10.1 timeout 1
jc@Junos# set radius-server 192.168.10.1 retry 1
jc@Junos# set radius-server 192.168.10.1 source-address 192.168.200.2

[edit system]
jc@Junos# show
radius-server {
    192.168.10.1 {
        port 1812;
        secret "$9$SZQUk.fTz6Ct5TcyevLX"; ## SECRET-DATA
        timeout 1;
        retry 1;
        source-address 192.168.200.2;
    }
}

[edit system]
jc@Junos# set authentication-order [ radius password ]

4.  Junos encrypts all passwords and marks them as ## SECRET-DATA. It allows you to hide the fact that a password is even present in the configuration.

[edit system login]
jc@Junos# show | except SECRET-DATA
class operation {
idle-timeout 0;
permissions all;
}
user operation {
full-name "Operation Team";
uid 2000;
class operation;
authentication {
}
}
user jc {
uid 2005;
class operation;
}

3. User Acct:

jc@Junos# set user jc class super-user
jc@Junos# set user jc authentication plain-text-password

2. Banner:

jc@Junos# set system login message "--------------------\nWARNING: Unauthorized access prohibited. --------------------\n"
jc@Junos# set system announcement "Network maintenance announcement."

1. Keyboard shortcuts:

Ctrl+a — move to beginning of command line

Ctrl+e — move to end of command line

Ctrl+k — delete all text from cursor to end of command line

Esc+b — move back one word

Esc+f — move forward one word

Esc+d — delete the word after the cursor

Esc+Backspace — delete the word before the cursor

May 16, 2009

OSPF – Basic Configuration

Filed under: IOS, OSPF — Tags: — Jaycee @ 11:35 pm

A. Enabling OSPF on the Network:

router ospf 99
network 10.10.1.0 0.0.0.255 area 0

1. We establish an OSPF routing process with the process ID 99.

2. This routing process is responsible for the network 10.10.1.0/24, which belongs to area 0.

3. This router is part of the OSPF backbone area.

4. OSPF will run over all interfaces that match the network commands.

B. Sample Configuration:

1. An OSPF network with a single backbone router:

An OSPF network with a single backbone router

R1:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0

R2:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.11.0.0 0.0.255.255 area 1

R3:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.12.0.0 0.0.255.255 area 2

R4:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.13.0.0 0.0.255.255 area 3

a. It’s important to understand that it’s interfaces, not routers, that belong to area.

b. Router 1 needs a network statement only for area 0 because it doesn’t have interfaces in areas 1, 2, and 3.

b. R2, R3, R4 are all ABRs, and they need 2 network statements because they each participate in 2 areas.

c. Each network statement specifies the subnet that is associated with the area.

2. An OSPF network with a backbone across 3 ABRs:

An OSPF network with a backbone across three ABRs

R2:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.11.0.0 0.0.255.255 area 1

R3:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.12.0.0 0.0.255.255 area 2

R4:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.13.0.0 0.0.255.255 area 3

a. All 3 routers share area 0, which makes them all ABRs with no backbone router.

b. The backbone still exists- it just doesn’t have its own router.

C. Route Summarization:

Route summarization helps reduce the routing table size. OSPF distinguishes between two summarization types: inter-area and external.

1. Inter-area summarization:

a. It occurs when the ABR summarizes an area’s routes. An ABR can summarize routes within its area and beyond,, as long as all the subnets are contiguous and summarizable.

b. Just because areas are adjacent doesn’t mean their addressing is set up to be summarizable.

c. To enable inter-area summarization, use “area range” command.

d. As the example above, R2:

router ospf 99
 network 10.10.0.0 0.0.255.255 area 0
 network 10.11.0.0 0.0.255.255 area 1
 area 1 range 10.11.0.0 255.255.0.0

2. External summarization:

a. It occurs at ASBRs, where the entire network is summarized.

b. We can use external summarization when we are injecting external routes into OSPF.

c. To enable external summarization, use “summary-address” command. For example:

summary-address 10.0.0.0 255.0.0.0

d. We will use this command to summarize the EIGRP routes that get redistributed into OSPF.

D. Virtual Backbone Links:

1. Virtual Link — OSPF includes a mechanism lets you create a backbone out of two separate areas.

An OSPF network with a partitioned Area 0

2. As exameple above, it shows a network that requires a virtual link. In OSPF, all areas must be contiguous, meaning that they must physically be connected to each other.

3. When two areas are not contiguous, we solve the problem by creating a vitual link.

4. As the example above, we want to make R1 and R2 part of area 0, even though they are not contiguous. Since they share area 5, we can mend (修補改正) the partitioned area 0 by adding a virtual link to tunnel area 0 across area 5.

5. This tunneling brings the two distant routers together to act as though they are actually connected.

a. First, we should define a loopback interface, which we use as an unambiguous (清楚明白的) identifier for the router.

=> loopback interface is always up with a unique address and is not assiciated with any hardware.

b. Then we must create the virual link with the area command.

6. Virtual links cannot cross more than one area.

R1:

interface loopback0
 ip address 10.10.7.4 255.255.255.0
router ospf 99
 network 10.10.1.0 0.0.0.255 area 0
 network 10.10.7.0 0.0.0.255 area 0
 network 10.10.2.0 0.0.0.255 area 1
 network 10.10.3.0 0.0.0.255 area 2
 network 10.10.6.0 0.0.0.255 area 5
 ! Create the virtual link to R2's ID
 area 5 virtual-link 10.10.8.5

R2:

interface loopback0
 ip address 10.10.8.5 255.255.255.0
router ospf 99
 network 10.10.1.0 0.0.0.255 area 0
 network 10.10.9.0 0.0.0.255 area 0
 network 10.10.4.0 0.0.0.255 area 3
 network 10.10.5.0 0.0.0.255 area 4
 network 10.10.6.0 0.0.0.255 area 5
 ! Create the virtual link to R1's ID
 area 5 virtual-link 10.10.7.4

E. Interoperability with Other Vendors:

1. “ospf cost” command allows you to define a cost value for OSPF links when talking to another router.

2. Rule for calculating cost: cost = 100,000,000 / bandwidth

3. Example, T1 link would have a cost of 100,000,000/1,544,000 = 64.

interface serial0
 ip ospf cost 64

F. Default Routes in OSPF:

1. With “default-inforamtion” command, an ASBR can generate a default route into an OSPF domain.

2. Example below, the ASBR is told to propagate its default route (172.168.10.1) into the OSPF domain:

ip route 0.0.0.0 0.0.0.0 172.168.10.1
router ospf 99
 network 10.1.1.0 0.0.0.255 area 0
 default-information originate

G. NSSAs:

1. Before NSSAs existed, if a remote site on your network ran another routing protocol, it was difficult to provide full ruoting and also take advatantage of stub area.

2. With an NSSA, redistribution within a sub area is possible.

3. The following is a configuration that uses an NSSA to incorporate a remote network that is using RIP:

a. R2 is an offsite router running RIP; we want to incorporate it into our OSPF network.

b. R1 is connected to our OSPF network.

c. Area 2 joins R1 and R2 with an address of 192.168.44.0, and will be our NSSA.

R1 (is our main office router):

router ospf 99
 network 192.168.42.0 0.0.0.255 area 0
 network 192.168.43.0 0.0.0.255 area 1
 network 192.168.44.0 0.0.0.255 area 2
 area 2 nssa

R2 (is the remote office router running RIP):

router rip
 network 10.0.0.0
router ospf 99
 redistribute rip subnets
 network 192.168.44.0 0.0.0.255 area 2
 area 2 nssa

d. R2 needs to run both OSPF and RIP, but we have managed to shield R1 and the rest of our network from knowing about RIP.

e. “redistribute” command brings RIP information into the OSPF process.

f. “network” command define area 2, and we specify that area 2 is Not So Stubby.

H. OSPF Configuration Example:

1. The following example consists of 4 areas: Area 0 has 2 ABR router; R1 is the ABR for areas 1 and 2, while R4 is the ABR for area 3.

An OSPF network

R1:

interface Etherenet0
 ip address 172.16.1.1 255.255.255.0
interface Serial0
 ip address 10.12.1.1 255.255.255.0
interface serial1
 ip address 10.11.1.1 255.255.255.0
router ospf 100
 network 172.16.1.0 0.0.0.255 area 0
 network 10.11.0.0 0.0.255.255 area 1
 network 10.12.0.0 0.0.255.255 area 2

R2:

interface Etherenet0
 ip address 10.11.2.1 255.255.255.0
interface Serial0
 ip address 10.11.1.2 255.255.255.0
router ospf 100
 network 10.11.0.0 0.0.255.255 area 1

R3:

interface Etherenet0
 ip address 10.12.2.1 255.255.255.0
interface serial1
 ip address 10.12.1.2 255.255.255.0
router ospf 100
 network 10.12.0.0 0.0.255.255 area 2

R4:

interface Etherenet0
 ip address 172.16.1.2 255.255.255.0
interface Serial1
 ip address 172.30.1.1 255.255.255.0
router ospf 100
 network 172.16.1.0 0.0.0.255 area 0
 network 172.30.0.0 0.0.255.255 area 3

R5:

interface Etherenet0
 ip address 172.30.2.1 255.255.255.0
interface Serial0
 ip address 172.30.1.2 255.255.255.0
router ospf 100
 network 172.30.0.0 0.0.255.255 area 3

Verify:

R1#show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet0
     172.30.0.0/24 is subnetted, 2 subnets
O IA    172.30.2.0 [110/84] via 172.16.1.2, 00:03:59, Ethernet0
O IA    172.30.1.0 [110/74] via 172.16.1.2, 00:03:59, Ethernet0
     10.0.0.0/24 is subnetted, 4 subnets
C       10.11.1.0 is directly connected, Serial1
O       10.11.2.0 [110/74] via 10.11.1.2, 00:08:25, Serial1
O       10.12.2.0 [110/74] via 10.12.1.2, 00:08:25, Serial0
C       10.12.1.0 is directly connected, Serial0
R1#show ip ospf neighbor

Neighbor ID   Pri    State       Dead Time    Address        Interface
172.30.1.1      1    FULL/DR     00:00:37     172.16.1.2     Ethernet0
10.12.2.1       1    FULL/ -     00:00:35     10.12.1.2      Serial0
10.11.2.1       1    FULL/ -     00:00:30     10.11.1.2      Serial1

2. Putting route summarization to use:

R4#show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet0
     172.30.0.0/24 is subnetted, 2 subnets
O       172.30.2.0 [110/74] via 172.30.1.2, 00:18:15, Serial1
C       172.30.1.0 is directly connected, Serial1
     10.0.0.0/24 is subnetted, 4 subnets
O IA    10.11.1.0 [110/74] via 172.16.1.1, 00:10:17, Ethernet0
O IA    10.11.2.0 [110/84] via 172.16.1.1, 00:10:17, Ethernet0
O IA    10.12.2.0 [110/84] via 172.16.1.1, 00:10:08, Ethernet0
O IA    10.12.1.0 [110/74] via 172.16.1.1, 00:10:08, Ethernet0

There are 4 routes pointing to 172.16.1.1 for the various 10.x.x.x networks. We can simplify the routing table by changing the configuration on R1. Use “area range” command to do “Inter-area summarization”.

R1:

interface Etherenet0
 ip address 172.16.1.1 255.255.255.0
interface Serial0
 ip address 10.12.1.1 255.255.255.0
interface Serial1
 ip address 10.11.1.1 255.255.255.0
router ospf 100
 network 10.11.0.0 0.0.255.255 area 1
 network 10.12.0.0 0.0.255.255 area 2
 network 172.16.1.0 0.0.0.255 area 0
! Summarize the 10.11.0.0 and 10.12.0.0 networks
 area 1 range 10.11.0.0 255.255.0.0
 area 2 range 10.12.0.0 255.255.0.0
R4#show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet0
     172.30.0.0/24 is subnetted, 2 subnets
O       172.30.2.0 [110/74] via 172.30.1.2, 00:21:41, Serial1
C       172.30.1.0 is directly connected, Serial1
     10.0.0.0/16 is subnetted, 2 subnets
O IA    10.11.0.0 [110/74] via 172.16.1.1, 00:01:22, Ethernet0
O IA    10.12.0.0 [110/74] via 172.16.1.1, 00:01:13, Ethernet0

I. Redistributing EIGRP into OSPF:

Redistribuging EIGRP into OSPF

1. R4 runs EIGRP on interface Serial1, and R5 runs EIGRP exclusively. The challenge is getting redistribution between OSPF and EIGRP working.

R4:

interface Etherenet0
 ip address 172.16.1.2 255.255.255.0
interface Serial1
 ip address 172.30.1.1 255.255.255.0
router eigrp 100
 network 172.30.0.0
 ! Disable EIGRP on E0
 passive-interface Ethernet0
 ! Redistribute our static route into EIGRP
 redistribute static
 ! Stop EIGRP from summarizing routes
 no auto-summary
router ospf 100
 network 172.16.0.0 0.0.255.255 area 0
 ! Use the summary-address command because we're injecting a route into OSPF
 summary-address 172.30.0.0 255.255.0.0
 ! Redistribute EIGRP into OSPF
 redistribute eigrp 100 subnets
 default-metric 10
ip route 0.0.0.0 0.0.0.0 172.16.1.1

R5:

interface Etherenet0
 ip address 172.30.2.1 255.255.255.0
interface Serial0
 ip address 172.30.1.2 255.255.255.0
router eigrp 100
 network 172.30.0.0

Verify:

R1#show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet0
O E2 172.30.0.0/16 [110/10] via 172.16.1.2, 00:07:12, Ethernet0
     10.0.0.0/24 is subnetted, 5 subnets
C       10.11.1.0 is directly connected, Serial1
O       10.11.2.0 [110/74] via 10.11.1.2, 00:07:51, Serial1
O       10.12.2.0 [110/74] via 10.12.1.2, 00:07:51, Serial0
C       10.12.1.0 is directly connected, Serial0
O       10.0.0.0 is a summary, 00:07:45, Null0

2. Since we used the “summary-address” command, there is only one route to the 172.30.0.0/16 network.

J. OSPF show Commands:

1. show ip ospf border routers

R1#show ip border-routers

OSPF Process 100 internal Routing Table

Code: i - Intra-area route, I - Inter-area route

i 172.30.1.1 [10] via 172.16.1.2, ethernet0, ABR, Area 0, SPF 28

2. show ip ospf neighbor

R1#show ip ospf neighbor

Neighbor ID   Pri    State       Dead Time    Address        Interface
172.30.1.1      1    FULL/DR     00:00:37     172.16.1.2     Ethernet0
10.12.2.1       1    FULL/ -     00:00:35     10.12.1.2      Serial0
10.11.2.1       1    FULL/ -     00:00:30     10.11.1.2      Serial1

a. Neighbor ID is the OSPF router ID for the neighbor. (Router ID is either the highest IP of any interface on the router or the IP of the loopback interface.)

b. PRI indicates priority. (Priorities are used to establish the DR router; the router with the highes priority is the DR router.)

c. State reports the state of the connection to the neighbor. (FULL means the routers are fully adjacent)

d. Dead Time is the amount of time the router will wait without hearing a hello from the router before changing the neighbor’s state to DOWN.

e. Address is the IP address of the interface to which the neighbor is connected.

f. Interface shows the interface though which the neighbor is reached.

3. show ip ospf database

It displays the entire OSPF database for the router.

May 13, 2009

OSPF Overview

Filed under: IOS, OSPF — Tags: — Jaycee @ 4:56 am

1. OSPF (Open Shortest Path First) advantage:

(1) OSPF is classless- offering full CIDR and VLSM support
(2) It scales well, converges quickly when the network’s stat changes.
(3) It guarantees loop free routing.
(4) It doesn’t use a lot of network bandwidth.
(5) It supports address summarization
(6) It supports tagging of external routes.
(7) OSPF is open standard.

2. OSPF disadvantage:

(1) It could be complex.
(2) It tends to use a lot of CPU time on the router because the OSPF LSA maintenance algorithms are CPU-intensive.

=> This tendency to be a CPU hog can be controlled by restricting the number of routers per area.

3. OSPF protocol:

(1) OSPF operates directly at the IP layer using IP protocol number 89.
(2) all OSPF routers use 224.0.0.5, and DRs (Designated Routers) use 224.0.0.6.

4. OSPF metric/cost:

(1) Routers distribute the individual link costs to one another.
(2) The maximum cost for an individual link is 65,536, but RFC doesn’t specify a maximum total path cost. (100Mbps/bandwidth = cost).

5. OSPF LSAs (Link State Advertisements):

(1) OSPF routers only start to exchange routing information after they have establishd a neighbor relationship.
(2) OSPF routers don’t actually exchange routing tables directly. They exchange LSAs, which describe the states of different network links. to build their own routing tables.
(3) Routing information can be summarized at the ABRs (Area Border Routers). The routers in one area don’t need to worry about the LSA information from routers in other areas, which improves network stability and convergence times. It also reduces the memory and CPU required to support OSPF on the routers.
(4) The fewer LSA you need to pass between areas, the better OSPF will scale.

LSA type Name Description
1 Router-LSA It includes information about the link states of all of a router’s interfaces. These LSAs are flooded throughout the area, but not into adjacent areas.
Type 1 LSAs contain all the link-state information.
These advertisements describes the router’s links within the area.
2 Network-LSA On NBMA and broadcast-capable network segments, the DR originates Network-LSAs. It describes the routers that are connected to this broadcast or NBMA segment. Network-LSAs are flooded throughout the area, but not into adjacent areas.
Type 2 LSAs contain network-specific information. The designated router of the OSPF network broadcasts this LSA to all area routers.
Network-LSAs are sent by DRs, and describe the routers connected to the network from which the LSA was received.
3 Summary-LSA ABR routers originate Summary-LSAs to describe inter-area routes to networks that are outside of the area but inside of the AS. They are flooded throughout an area. Type 3 LSAs are used for routes to networks.
Type 3 LSAs contain route information for internal networks. This information is broadcast by the ABR to all backbone routers.
Summary LSAs for ABRs are sent by ABRs. These advertisements describe inter-area routes fro networks. They are used to advertise summary routes.
4 Summary-LSA It’s similar to Type 3 LSAs, except that they are used for routes to ASBR routers.
Type 4 LSAs contain route information for ASBR routers.
Summary LSAs for ASBRs are sent by ASBRs and ABRs. It provides next-hop info on “how to get to that ASBR via ABR”.
5 AS-External-LSA ASBR routers originate Type 5 LSAs to describe routes to networks that are external to the AS. Type 5 LSAs are flooded throughout the AS.
Type 5 LSAs contain route information about external networks. Only ASBR routers send these LSAs.
ASE (Autonomous System External) LSAs are sent by ASBRs and ABRs. These advertisements describe networks external to the autonomous system. They are sent everywhere, except to stub area. They are external routes that are being redistributed into OSPF domain.
6 MOSPF-LSA Type 6 LSAs are used for carrying multicast routing information with MOSPF. (Cisco routers don’t support Type 6 LSAs.)
A Cisco router will ignore this type and generate a syslog entry if it does receive one. To suppress the syslog mesage, use the command ignore lsa mospf.
7 NSSA-External-LSA Type 7 LSAs are originated by ASBRs in an NSSA area. They are similar to Type 5 LSAs except that they are only flooded throughout the NSSA area. When Type 7 LSAs reach the ABR, it translates them into Type 5 LSAs and distributes them to the rest of the AS.
NSSA LSAs are sent by ABRs. Theses advertisements describe links within the NSSA.

7. OSPF Areas:

A good design should have no more than 50 routers per area (or 100 interfaces.)

Areas allow summarization of network addresses, which in turn allows for smaller routing tables.
=> Smaller routing tables means faster convergence, less routing protocol bandwidth, and better route determination.
=> However, using a large number of relatively small areas can also mean a more difficult configuration.

a. Stub Area

(1) It doesn’t allow Type 5 ASE LSAs.
(2) no O E1 or O E2 routes will be seen in the area.
(3) Stub areas see detailed routing information on all other areas, but only summary information about networks outside of the AS. ABR sends Type 3 LSA packets to summarize this information
(4) ABR connecting to stub area summarizes routes to external networks outside of the AS. All external routes are reduced to a single summary. => You cannot make connections to external networks via a stub area.
(5) Stub areas are most useful when there are many external routes, so summarizing them saves router resources.

area 1 stub

b. Totally Stub Area (TSA)

(1) It doesn’t allow Type 3, 4 or 5 LSAs, except for the default summary route (as a single Type 3 LSA message). => TSAs see only a default route, and routes local to the areas themselves.
(2) also called “stub no-summary areas”
(3) It summarize not only external routes, but also routes from other areas (inter-area routes).
(4) It’s useful in WAN situations where the overhead of maintaining and updating a large link state database is both onerous(繁重的) and unnecessary.
(5) This is a Cisco invention, so you might have problems implementing it in a multivendor network.

area 1 stub no-summary

c. Not So Stubby Areas (NSSA)

(1) No Type 5 LSAs are allowed.
(2) Type 7 LSAs that convert to Type 5 at the ABR are allowed.
(3) It’s able to connect to external networks. It acoomplishes this by introducing LSA Type 7. It’s used within the area to carry external routes that originate with ASBRs connected to this area.
(4) ABR summarizes only those external routes that are received from other areas, and therefore reached through the ABR.
(5) External routes from ASBRs inside the area are not summarized.
(6) In order to pass the internally generated external routes to the rest of the network, the ABR translates these Type 7 LSAs into Type 5 LSAs before relaying this information into Area 0.
(7) You can use NSSA areas to connect to external networks.
(8) Even a simple redistributed static route is considered an external route.
(9) If you want external routes to be available for the rest of the network, then NSSA is a good way to handle them.

area 1 nssa

d. Totally Stubby NSSA

(1) Totally Stubby NSSA = TSA + NSSA
(2) It doesn’t allow Type 3, 4, or 5 LSAs, except for the default summary route and allow Type 7 that convert to Tyep 5 at the ABR.
(3) It summarizes information from all other areas, but handling external routes like NSSA.
(4) It allows you to summarize internal routes from other areas while still allowing you to put an ASBR inside of the area.
(5) Totally Stubby NSSA area can be used as a transit area to an external network, but it can also benefit from summarization of inter-area routes.
(6) Totally Stuby NSSA area is ideal when you need to connect to an external network through an area that you would really prefer to keep stubby for performance and scaling reasons.

area 1 nssa no-summary

8. Two types of external routes:

a. The cost of a Type 1 external route is the sum of the external metric + the internal cost to reach the ASBR.

b. The cost of a Type 2 external route is just the external metric cost. OSPF doesn’t add in the cost to reach the ASBR for Type 2 external routes.

c. When making routing decisions, OSPF prefers Type 1 to Type 2 external routes.

d. You can use Type 1 external routes to ensure that every internal router selects the closest ASBR that connects to a particular external network. You might also want to setup a backup ASBR that injects Type 2 routes. The internal routers will then prefer the Type 1 routes if they are present.

9. Router ID:

a. By default, the router ID is the address of its loopback interface.

b. If no loopback address is defined, the router ID is the highest IP address of any active interface.

10. DR (Designated Router):

a. Each network segment needs a designated router before it can exchange routing information.

b. OSPF eleects a DR on each multi-access segment.When an OSPF broadcast arrives at the DR, it’s DR’s job to multicast the update to all routers within its area.

=> This keeps OSPF traffic to a minimum, because each router communicates with only the DR to get the routing information.

c. Without this design, the broadcast would have to go to eeach router, which would in turn broadcast again until every router got the message.

=> DR gives us a one-to-many relationship instead of a many-to-many relationship.

d. With DR routers, there is only ONE place to send an update and one router that updates all the ourters within the segment.

Create a free website or blog at WordPress.com.