Mar 12, 2013

Lesson 42 - OSPF Fundamentals Part 5 - The Lab



I try to keep these posts as short and informative as possible. Since it takes a moment to do this lab and analyze the results, the troubleshooting section is going to be included in the form of a video presentation at the end of this post (available soon).

Here is our topology. I have removed Frame-Relay links as it goes beyond the scope of this tutorial (some really crazy workbook/journal I started a few days ago might give you an idea about this complexity.

But let's get back to business!

Pic. 1 - OSPF Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Since there are five different routers and three types of networks (broadcast, point-to-point and loopback) I will create an action plan and implement it step by step. I'll include some stipulations in order to show you a few things which I might have not talked about yet.
Task List

General Requirements:

  • ALL interfaces should be enabled in area 0. 
  • ALL loopback addresses must be advertises with their configured network mask length (/24) or (/28). 
  1. Enable OSPF in the broadcast network connecting R1R2 and R3. Make sure that R1 is elected the DR and R2 is elected the BDR in the broadcast segment (172.31.123.0/24).
  2. Advertise the loopback subnets on R1R2 and R3. On R3 do NOT use the network statement to advertise the subnet of Loopback1. On R3, while enabling OSPF on Loopback2 using the 'network' statement, use the wildcard bits corresponding to the network mask configured (/28).
  3. Enable OSPF between R1 and R4. Advertise the subnet found on R4's loopback0.
  4. Enable OSPF between R2 and R5. On R5 use only one network statement to enable OSPF on ALL interfaces (also the ones created in the future).
  5. Enable the Simple Password authentication in area 0. Use the password 'cisco'.
Lab Solution

Step 1
Enable OSPF in the broadcast network connecting R1R2 and R3.

Note!
Configuration must be done in this order to ensure R1 is elected the DR, R2 is elected the BDR.

R1 Configuration: 

!
R1#conf t
R1(config)#interface f1/0
R1(config)#ip ospf priority 20
R1(config-if)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 172.31.123.1 0.0.0.0 area 0
R1(config-router)#exit  

R2 Configuration:

!
R2#conf t
R2(config)#interface f1/0
R2(config-if)#ip ospf priority 10
R2(config-if)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 172.31.123.2 0.0.0.0 area 0
R2(config-router)#exit

R3 Configuration:

!
R3#conf t
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 172.31.123.3 0.0.0.0 area 0
R3(config-router)#exit


Now, let's give the routers a few seconds to go through the finding neighbors, creating adjacencies. Then a quick verification step shows the following:

Pic. 2 - OSPF Adjacencies.
R3 is adjacent with R1 (DR) and R2 (BDR).

Step 2 
Advertise the loopback subnets on R1R2 and R3. On R3 do NOT use the network statement to advertise the subnet of Loopback1. 

Note!
Loopback interfaces are considered the 'stub' networks by OSPF process and advertised with /32 network mask by default. In order to change it, the 'ip ospf network point-to-point' should be used on loopback interfaces.

Note!
After you have enabled OSPF on the loopbacks, you should check before proceeding to the next router's configuration. Use the following command:
Router#show ip ospf int brief 

R1 Configuration:

!
R1(config)#
R1(config)#interface loopback 1
R1(config-if)#ip ospf network point-to-point
R1(config-if)#router ospf 1
R1(config-router)#network 172.31.1.1 0.0.0.0 area 0
R1(config-router)#exit

R2 Configuration:

!
R2(config)#
R2(config)#interface loopback 1
R2(config-if)#ip ospf network point-to-point
R2(config-if)#router ospf 1
R2(config-router)#network 172.31.2.1 0.0.0.0 area 0
R2(config-router)#exit

Note!
The task stipulates that the subnet of Loopback1 must NOT be advertised like others (no network statement). Also, while enabling OSPF on the Loopback2 use the wildcard mask corresponding to the network mask configured there (/28).

R3 Configuration:

!
R3(config)#
R3(config)#interface loopback 2
R3(config-if)#ip ospf network point-to-point
R3(config-if)#interface loopback 1
R3(config-if)#ip ospf network point-to-point
R3(config-if)#ip ospf 1 area 0
R3(config-if)#router ospf 1
R3(config-router)#network 172.31.3.16 0.0.0.15 area 0
R3(config-router)#

Step 3 
Enable OSPF between R1 and R4. Advertise the subnet found on R4's loopback1.

R1 Configuration:

!
R1(config)#
R1(config)#router ospf 1
R1(config-router)#
R1(config-router)#network 172.31.14.1 0.0.0.0 area 0
R1(config-router)#exit

R4 Configuration:

!
R4(config)#interface loopback1
R4(config-if)#ip ospf network point-to-point
R4(config-if)#router ospf 1
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 172.31.14.4 0.0.0.0 area 0
R4(config-router)#network 192.168.4.1 0.0.0.0 area 0
R4(config-router)#exit

Step 4
Enable OSPF between R2 and R5. On R5 use only one network statement to enable OSPF on ALL interfaces (also the ones created in the future).

R2 Configuration:

!
R2(config)#
R2(config)#router ospf 1
R2(config-router)#network 172.31.25.2 0.0.0.0 area 0
R2(config-router)#exit

R5 Configuration:

!
R5(config)#interface loopback1
R5(config-if)#ip ospf network point-to-point
R5(config-if)#router ospf 1
R5(config-router)#router-id 5.5.5.5
R5(config-router)#network 0.0.0.0 255.255.255.255 area 0
R5(config-router)#exit

Note! 
Of course, before you proceed to the the final step (OSPF authentication) you should check if all neighbors are adjacent and all routers can reach all the addresses in the network.

Step 5 
Enable the Simple Password authentication in area 0. Use the password 'cisco'.

Note!
This configuration is going to break and re-establish OSPF adjacency.

R1 Configuration:

!
R1(config)#
R1(config)#router ospf 1
R1(config-router)#area 0 authentication
R1(config-router)#int f1/0
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#int s0/2
R1(config-if)#ip ospf authentication-key cisco

R2 Configuration:

R2(config)#
R2(config)#router ospf 1
R2(config-router)#area 0 authentication
R2(config-router)#int f1/0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#int s0/2
R2(config-if)#ip ospf authentication-key cisco

R3 Configuration:

R3(config)#
R3(config)#router ospf 1
R3(config-router)#area 0 authentication
R3(config-router)#int f1/0
R3(config-if)#ip ospf authentication-key cisco

R4 Configuration:

R4(config)#
R4(config)#router ospf 1
R4(config-router)#area 0 authentication
R4(config-router)#int s0/2
R4(config-if)#ip ospf authentication-key cisco

R5 Configuration:

R5(config)#
R5(config)#router ospf 1
R5(config-router)#area 0 authentication
R5(config-router)#int s0/2
R5(config-if)#ip ospf authentication-key cisco

After OSPF authentication has been configured you should check if all the adjacencies have been formed and reachability is restored. If you have a problem with this lab in the troubleshooting sections you will find some tips helping you make this lab work.

Troubleshooting

Troubleshooting short videos available soon.

During the weekend your colleague, who's newly hired junior network administrator, was re-configuring your system. He has accidentally erased all backup configurations and also lost the track of all changes that he introduced. You have been called to help him restore the system.

Initial diagnostics the junior administrator has performed revealed the following problems:

Ticket 1
The subnets: 172.31.3.0/28 and 172.31.3.16/28 are no longer reachable from any other router but R3(loopback1 and loopback2 on R3).

Video Presentation:
http://www.youtube.com/watch?v=vKZASyZbDmE

Ticket 2
R4 lost connectivity to all subnets in the network except for directly connected ones.

Video Presentation:
http://www.youtube.com/watch?v=HEOrvxKmQSU

Ticket 3
R5 lost connectivity to all subnets in the network except for directly connected ones.

Video Presentation:
http://www.youtube.com/watch?v=BlS3Z5kV_Rk

Final Verification
Ping using Tcl script - an elegant way of checking connectivity.

Video Presentation:
http://www.youtube.com/watch?v=VuubpKq0rxg

The next post is going to be an introduction to EIGRP routing protocol.

Lesson 41 - OSPF Fundamentals Part 4 - Implementation



In this post, I'm going to present the commands and verification steps with regards to OSPF implementation in a single area. Configuration will also include the authentication of OSPF packets.

If you want to go fancy with OSPF the configuration can be quite challenging. Configuring basic OSPF in a single area is very simple though. There are two basic steps required:

  1. Enable OSPF in the 'config' mode.
  2. Instruct the OSPF process which interfaces should be enabled for OSPF and in which areas the links should operate.
Here is the simple topology we are going to use to see the configuration steps.
Pic. 1 -  Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

OSPF Basic Configuration
The commands which enables OSPF on an interface can look like the below.

Pic. 2 - Example of OSPF Configuration.
router ospf 1 - This command starts the OSPF process 1 on R1.
network 10.1.0.0 0.0.255.2555 area 0 - This statement enables OSPF process on all interfaces which IP addresses are 10.1.x.x (where x.x can be any number as the last two bytes are not checked by the wildcard mask).

What is the wildcard mask in the above statement?

Wildcard mask is an inversed network mask. The bits in the wildcard mask which are set to '0' will check the corresponding bits in the IP address. The bits in the wildcard mask which are set to '1' will ignore the corresponding bits in the IP address.

Pic. 3 - OSPF Wildcard Mask.
Look at the Pic. 2 again. According to the network statement, OSPF will be enabled on F1/0 and S0/1 of R1 (pic. 1).

What network statement could we use in order to enable OSPF on s0/1 interface but not on F1/0?

I can give you a couple of examples. Remember that wildcard mask will use '0s' to check bits in the address and '1s' will ignore them.

Example 1

R1(config)#router ospf 1
R1(config-router)#network 10.1.13.0 0.0.0.255 area 0

This way the wildcard bits are going to check if there are any interfaces which use IP addresses according to 10.1.13.x (where x is any number). These will be OSPF-enabled.

Example 2

R1(config)#router ospf 1
R1(config-router)#network 10.1.13.1 0.0.0.0 area 0

The second example will enable OSPF on the interface that has the EXACT IP address 10.1.13.1. The wildcard bits consists of all '0s' so ALL the corresponding bits in the IP address used must match in order for the interface to be running OSPF protocol.

As you already know, the moment we enable OSPF on an interface, the routing process begins to send the 'hello' packets trying to discover the neighbor(s). If they are discovered the system begins to check parameters in the OSPF header and hello packet. If they agree on the mandatory fields (hello/dead intervale etc.) the are going through several phases to finally synchronize their LSDBs.

Of course, the network statement with wildcard mask does not influence what network mask is going to be advertised along with the IP address. OSPF, being a classless routing protocol, will advertise their networks/subnets as per configuration on the interfaces.

So, let's configure OSPF as per topology diagram (pic. 1) and observe the process of reaching the FULL state (adjacency) using the debug. I will use the most specific wildard mask here but you already know there are a lot of options available to start OSPF on the interfaces.

R1 Configuration:

R1(config)#router ospf 1
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
R1(config-router)#network 10.1.13.1 0.0.0.0 area 0
R1(config-router)#network 172.16.101.1 0.0.0.0 area 0
R1(config-router)#

R3 Configuration:

R3(config)#router ospf 1
R3(config-router)#network 10.1.3.3 0.0.0.0 area 0
R3(config-router)#network 10.1.13.3 0.0.0.0 area 0
R3(config-rotuer)#network 172.16.103.3 0.0.0.0 area 0
R3(config-router)#

Now, here's the output of the debug statement on R3. Pay attention to the highlighted words and compare them with the OSPF Neighbor State Machine (lesson 38 in the archive of this blog). 

Pic. 4 - Debug IP OSPF Events on R3.
Notice, that it is a point-to-point network, so there is no election of DR and BDR roles.

As part of practical exercise, try to use the same debug in you lab on routers connected using broadcast (Ethernet) links. Watch for DR/BDR election.

OSPF Verification Commands
It is important to be able to perform some basic verification steps. Here are the commands that you will use most often.

First, let's check if our network statement was correct (OSPF is enabled on the appropriate interfaces).

Pic. 5 - OSPF-enabled Interfaces.

You can also see a detailed output which shows more information with regards to OSPF running on an interface. Check it out.
Pic. 6 - OSPF-enabled Interface Detailed Output (Fa1/0).


Then, I want to make sure that R1 is in FULL state with R3. Here's my command:

Pic. 7 - OSPF Neighbor Check.

Two more commands will be useful as well. First one showing the brief output of LSDB (more detailed output is beyond the scope of this tutorial).

Pic. 8 - OSPF Database.

Notice that both R1 and R3 advertise four links. The loopback0, F1/0, and S0/1 which counts as two links (point-to-point interfaces are advertised as two: the IP address of the next hop and the subnet/network IP).

And finally, the content of OSPF routing table:

Pic. 9 - OSPF Routing Table.

OSPF Authentication
As part of implementation we can authenticate OSPF packets to prevent some rouge routers joining our OSPF domain. If someone configures and plugs in the router, it won't become adjacent with others in the domain unless the right method and password are used.

There are two methods to authenticate OSPF packets:

  1. Simple Password - The password is sent in the clear text format.
  2. MD5 - The password is not sent at all. The digest is created using the shared password between neighbors.
Both methods can be implemented using two different ways.

Let's start with Simple Password method.
Method 1 (password must match on both routers; here: S3cr3t)

R1(config)#router ospf 1
R1(config-router)#area 0 authentication
R1(config-router)#exit
R1(config)#interface serial0/1
R1(config-if)#ip ospf authentication-key S3cr3t

Method 2

R1(config)#interface serial0/1
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key S3cr3t
R1(config-if)#

The first command enables OSPF authentication using Simple Password method (area 0 authentication or ip ospf authentication)

The second command specifies the password that is going to be used (ip ospf authentication-key)

In the first method, OSPF authentication is enabled on ALL interfaces configured to operate in area 0. The second method allows more control as to which interfaces will be sending authenticated OSPF packets.

Pic. 10 - Simple Password Authentication Enabled.

MD5 method can also be configured in two ways.
Method 1 (password must match on both routers; here: S3cr3t)
R1(config)#router ospf 1
R1(config-router)#area 0 authentication message-digest
R1(config-router)#exit
R1(config)#interface serial0/1
R1(config-if)#ip ospf message-digest-key 1 md5 S3cr3t

Method 2

R1(config)#interface serial0/1
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 S3cr3t
R1(config-if)#

Both the password (here: S3cr3t) and the key number (here: 1) must match between the neighbors.

Use: show ip ospf int s0/1 to check MD5 authentication.

You might try out the following two commands and see what they show: 

R1#show ip protocols
R1#show ip ospf

The next post is going to be the last one in the OSPF series. We are going to configure OSPF in the more complex topology as well as use some troubleshooting techniques to fix the common configuration issues.

Lesson 40 - OSPF Fundamentals Part3 - RouterID and DR/BDR



There are two more notions I need to touch upon before we implement OSPF in our topology. These are: OSPF Router ID and special roles of the routers which are appointed in Broadcast and NBMA(Non-Broadcast Multiple Access) networks called Designated Router (DR) and Backup Designated Router (BDR). I thought I would do the practical implementation here as well, but I want to keep the post as short as possible.

OSPF routers exchange LSAs by flooding them to all OSPF neighbors. This flooding results in creating the same Link-State Database (LSDB) on all routers in the area. LSDB is a topology database, (kind of a "road map"), shared by all routers in the area. Then, each router runs Dijkstra's SPF algorithm to choose the best path to each destination, placing itself as a the root (starting point). The product of SPF algorithm operation is the routing table. Recall that all OSPF packets are encapsulated in the OSPF header (loot at previous post). So, LSAs are signed with the Router ID when the router originates and floods them.

So what is this Router ID in the OSPF world?

Router ID
Router ID is going to be chosen automatically unless configured manually, using the 'router-idA.B.C.D' command in OSPF configuration context. The A.B.C.D are four bytes just like an IP address representing the router ID. It can be changed at a later stage but this may require the process clearing (once the router had its ID chosen, changing it always requires this command):

R1#clear ip ospf process

Clearing the OSPF process is disruptive since the router will need to re-establish adjacency with its neighbors.

Initially, a router tries to choose its ID based on the following order of operation:

  1. Router chooses numerically the highest IP address off of the loopback interface.
  2. In case there is no loopback interface configured, the router is going to choose numerically the highest IP address off of the physical interface. 
Neither of these interfaces have to be enabled for OSPF.


OSPF DR/BDR 
Another concept that requires some explanation is the election of Designated Router (DR) andBackup Designated Router (BDR) elected on Broadcast and NBMA networks (such as Frame-Relay, ATM, X.25). It is a role that is valid on per link basis (Broadcast and NBMA). This means that a router can be DR on F0/0 interface (segment of the network) but BDR or DRother on F0/1 interface.

As you recall, all routers need to establish adjacency (full state) with their neighbors. Only then, are their LSDBs synchronized. The process of sending updates to a great number of neighbors in Broadcast and NBMA networks would be very inefficient as their number can be significant. The routers would create the number of adjacencies according to the following (full mesh) formula:

Number_of_Adjacencies = n(n-1)/2

where the 'n' stands for the number of routers neighbored. In case an LSU (update) is sent, there would be a number of exchanges occurring between all neighbors according to the following formula:

Number_of_LSA_Exchanges = n raised to the power of 2.

Consider the following picture.

Pic. 1 - Broadcast Network with Four Routers.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

The next picture shows in part the LSU propagation of the same failed network on R3. This is only a partial picture. This would have to be done 16 times.

Pic. 2 - Partial LSU Exchange with 4 Routers.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

This situation would be very chaotic indeed. Instead, the system on Broadcast and NBMA networks elect one representative called Designated Router which is going to be responsible for propagation of all updates on this segment. In case of the failure of DR there is going to be a Backup Designated Router elected to assume the role of DR. These roles are initially based on the highest 'priority number' assigned on the interface. The default number is 1, so in case of a tie, the highest Router ID is becoming DR and the second highest becomes the BDR. If a router's interface is set to the priority value of 0, the router automatically becomes DRother and does not participate in the election process.

NOTICE!
DR is the only router authorized to pass the updates on to other routers on Broadcast and NBMA networks. It must have FULL reachability to other routers on the segment. 



This is the reason, there are two different addresses reserved for OSPF:

  • 224.0.0.5 - All OSPF enabled routers listen to this address.
  • 224.0.0.6 - DR/BDR router listen to this address.
Hello packets are sent to 224.0.0.5 (unless unicast is used i.e. NBMA networks)
Updates are sent 224.0.0.5 except Broadcast and NBMA network which use 224.0.0.6 address instead.

So, in our example (pic 1, and pic.2), if R3 loses its directly connected network, it sends the update towards 224.0.0.6 (to DR/BDR), and DR is sending this back to all other routers using 224.0.0.5 address. R3 is also going to receive it, but it will silently ignore it as it is the same update (sequence number). Consider the below picture.

Pic. 3 - DR/BDR Elected on Broadcast and NBMA Networks.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

This post ends the theory aspects in relation to OSPF in one area as per CCNA requirements.

In the next post, I will finally put this OSPF knowledge into practice. Then, we will troubleshoot OSPF using the tools learned in the next one.

Lesson 39 - OSPF Fundamentals Part2 - Hello Packets



Following the previous post, let's continue to look at OSPF basic operation. In this lesson we will focus our attention on the exchange of OSPF Hello packets in order to reach the state allowing LSA exchange.

If these two posts (38 and 39) are a bit too much for you, try to read them again and next week look at my youtube channel. I should have some video published there showing you these things again but this time in on the command line interface.

Before OSPF routers distribute the routing information among their neighbors, they will go through certain stages of operation as explained in Lesson 38. OSPF packets are utilized to take a router from the DOWN state all the way up to the FULL state of operation. We must then, take a closer look at OSPF packets, especially at the Hello packet without which this magic would not be possible.

OSPF uses five types of packets to communicate (explanation of OSPF packet type can be found in my previous post). They are encapsulated in the OSPF header. The whole packet looks like shown in pic. 1.

Pic. 1 - OSPF Packet Encapsulation.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

OSPF header contains the following pieces of information:

Pic. 2 - OSPF Header.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Version - The OSPF version, currently used version is 2. Version 3 is OSPF for IPv6.

Type - The type of OSPF packet (type 1 through type 5).

  • Type 1 - Hello
  • Type 2 - Database Description
  • Type 3 - Link State Request
  • Type 4 - Link State Update
  • Type 5 - Links State Acknowledgement
Packet Length - The length of the protocol in bytes including the standard OSPF header.
Router ID - The router identifier in OSPF .
Area ID - The 32 bit number representing the area in which the interface operates.
Checksum - The number used to check the integrity of the packet including the header (excluding authentication).
AuType - The type of OSPF packet authentication.
  • 0 - no authentication
  • 1 - simple password (clear text) authentication
  • 2 - MD5 authentication
Authentication - The 64 bit field used for authentication

Hello Packet
In order for OSPF routers to exchange their routing databases, they must first discover themselves using so called Hello protocol and agree on a number of parameters. Hello packet (OSPF Type 1 packet) is used to discover the neighbors and exchange these initial parameters.
The purpose of Hello protocol can be summarized as follows:
  • Hello packets are used to discover OSPF neighbors.
  • Hello packets advertise certain parameters (some of the must match in order to become the router's neighbor).
  • On Broadcast or NBMA networks Hello packets are used to elect DR/BDR roles.
  • Hello packets are used as a keepalive mechanism. If the router does not hear the neighbors' Hello packets in a given time (DeadInterval), it considers it down and invalidates information obtained from it.
  • Hello packets ensure bidirectional communication. The router must see its own RouterID in the 'neighbor' field of the Hello packet it receives.
Before I explain what must match in the Hello packets for the routers to reach so called 2-way state, let's take a look at the Hello packet structure.

Pic. 3 - OSPF Hello Packet.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Network Mask - The network mask of the originating interface.
Hello Interval - How often Hello packets are going to be sent.
Options - OSPF options. One of them is a 1 bit flag called: E-bit which denotes the type of area in which the interface operates (1=normal, 0=stub).
Router Priority - Used on Broadcast and NBMA networks to elect DR/BDR. The higher the number, the more likely for the router to become DR and the second highest number becomes BDR. After the election has been accomplished, the number is no longer used to influence DR/BDR role (non-preemptive).
Router Dead Interval - The maximum time before a silent router is declared down (no Hello packet from it in this time).
Designated Router - DR is elected in Broadcast and NBMA network. This field in the Hello packet carries the IP address of the DR on the common subnet (only Broadcast and NBMA networks).
Backup Designated Router - BDR is elected in Broadcast and NBMA network. This is the IP address of DR on the common subnet (only Broadcast and NBMA networks).
Neighbor - The router IDs from which valid Hello packet was received in the last DeadInterval time.

2-way State
OSPF-enabled router is a bit picky when it comes to its operation and choosing its neighbors. In order for the OSPF routers to exchange LSAs (information about network reachability), they must reach the 2-way state first which indicates that some mandatory parameters in their Hello packets are identical between them. The OSPF header encapsulates the Hello packet. Below picture shows this encapsulation and the light-red dots indicate the parameters that must match between the neighbors.

Pic. 4 - Hello Packet Encapsulation.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

So, in a nutshell, the following conditions must be met for the two routers to become neighbors:

  1. The routers must be on common subnet (it's true for all IGP routing protocols).
  2. The Hello and DeadInterval timers must be identical between the neighbor candidates.
  3. The area ID, where the OSPF-enabled interfaces of both neighbors operate, must be identical.
  4. The type of area where the two neighbors must be identical (either normal or stub area).
  5. The type and authentication password (if used) must match between neighbors.
Only if the routers agree on the parameters mentioned above (exact match) and their router IDs are listed in the neighbor's Hello packet '(neighbor' field in the Hello packet) can they reach the2-way state and proceed to ExStart, Exchange, Loading and finally Full state. I will show you the process of going through all phases in the next post using 'debug ip ospf adj' command.

After achieving bidirectional communication between the routers (2-way), they will enter the ExStartstate. During this phase the routers are going to elect the Master and Slave roles to perform the database synchronization in an orderly fashion. During the ExStart state they will also check their MTU size. If it does not match, they will not go any further (no LSA exchange is possible). This is generally not a problem between routers, but if you create configuration between a multilayer switch and a router, this might be a problem if the switch uses larger MTU size than 1500 bytes.

Routers typically use MTU=1500 bytes. On a multilayer switch running OSPF you can check it by issuing the following command:

Switch#show system mtu

If MTU is not 1500 bytes, you can disable MTU check on the interfaces in question:

Router(config-if)#ip ospf mtu-ignore

If all is good, they will eventually reach the Full state.

Before I finish this post I must mention that there are two multicast IP addresses reserved for OSPF communication:
224.0.0.5 = All OSPF speaking routers
224.0.0.6 = AllDRouters (DR/BDR listen on this address).

Unfortunately, sometimes these multicast addresses cannot be used on certain types of media (X.25, Frame-Relay, ATM, which are NBMA types of networks). In such situations, by default, unicast transmission must be used to send OSPF packets (the 'neighbor' statement under OSPF process changes mutlicast into unicast transmissions)

Wrapping things up, I need to add that some states require a bit more explanation (for instance, DR/BDR election on Broadcast/NBMA networks), but it will be easier to show it practically in my next post which is going to be about implementation of OSPF on two types of network: Broadcast and Point-to-Point. Running OSPF on these types of network fall under CCNA level of expertise.

Lesson 38 - OSPF Fundamentals Part1 - Terminology



Open Shortest Path First is the dynamic routing protocol based a link-state algorithm. In the upcoming few posts I will attempt to explain the basics of OSPF operation. Cisco CCNA level of expertise assumes that the candidates know how to implement it in a single area. In my OSPF related posts I will go a bit beyond CCNA requirements but not too much, just enough to help you appreciate this fascinating solution and put OSPF into practice.

Link-state algorithm is faster and more accurate in selecting the best path compared to distance vector approach. The latter algorithm allows routers to know how far the destinations are (distance) and the next-hop router(s) the packets should be sent to (vector). Thus, the routers do not know the topology of the network.

Routers using link-state algorithm create "a map" of the network which allows them to choose paths more accurately. Even though they are more demanding hardware-wise (CPU and RAM memory) they supersede distance vector based solutions.

OSPF Basic Operation
OSPF is a very complex routing protocol but its fundamental operation is quite simple. The steps of operation might be pictured as follows:
  1. Each router sends so called hello packets out of all OSPF-enabled interfaces. This way, the OSPF-enabled router discovers directly connected routers which also run OSPF. If certain parameters in the hello packets match between the neighboring routers, they form the relationship called the adjacency. It is a sort of virtual communication between them. 
  2. Then, each router exchanges special packets called Link State Advertisements (LSAs) with its neighbors (adjacent routers). In OSPF terminology the word link is the same as the interface. LSAs contain details such as: addresses/network masks configured on the links (interfaces running OSPF of course), the metric, the state of the link (which is its relation to the rest of the network), list of neighbors connected to the link.
  3. Each router stores the LSAs in its Link State Database (LSDB). These LSAs are then flooded (advertised) to all OSPF neighbors. As a result of the LSA flooding, all routers in the area have identical LSDBs. An analogy would be having the same road map of a given country which all drivers use. Their journey's starting point is different but the map is still the same.
  4. Each router runs Dijkstra's algorithm to select the best path from this topological database (LSDB). This way, each router creates loop free graph indicating the shortest (best) path to each network/subnet advertised. The best paths end up in the routing table.
OSPF Network Types
OSPF distinguishes between two major types of networks:
  • Transit Networks - Networks which have two or more attached routers. The packets might be originated or passing through this type of network.
  • Stub Networks - Networks which have only one router attached (one exit point). Packets are either originated or destined to these types of networks. A loopback interface is a type of stub network as well. The loopbacks are by default advertised as /32 prefixes (255.255.255.255). If you want to advertise loopbacks with their real network mask length, you must change the OSPF mode of operation to point-to-point (presented in the upcoming posts).
More specifically OSPF defines five different types of networks it can operate on. These are:
  • Broadcast - such as Ethernet, Token-Ring
  • Non Broadcast Multiple Access (NBMA) - such as Frame-Relay, ATM, X.25 (they may but do not have to be fully meshed)
  • Point-To-Multipoint - such as Frame-Relay but treated as point-to-point links (Hub and Spoke)
  • Point-to-Point - such as using PPP, HDLC protocols
  • Virtual Links - used in special situations if the OSPF area 0 (backbone area) is partitioned or if an OSPF area cannot be connected to the area 0 directly
There are some differences in OSPF operation, depending on what type of network it runs on. I will explain the relevant details in the upcoming posts. 

OSPF routers will go through multiple states with their neighbors before they are ready to route the packets. Some of them will be used on all type of the networks but others only on specific types of networks listed above. 

OSPF Neighbor State Machine
All possible states between the neighbors are shown in pic. 1. They are also referred to as Neighbor State Machine.

Pic. 1 - OSPF Neighbor States.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Down
In this state, a router has not heard a hello packet from any OSPF neighbor yet.

Attempt
This state is applied only on NBMA networks in which the neighbors are not discovered dynamically but must be configured manually ('neighbor' statement in the config-router context).

Init
A router has heard a hello packet from its neighbor(s), which among other parameters the Router IDs of all the neighbors are listed  (look at hello packet structure in the next post).

2-Way
A router has seen its own Router ID in the hello packet from the neighbor(s). This means that bidirectional communication has been established between the routers.

ExStart
In this state the master/slave relationship is established necessary to exchange Database Description Packets. Since all the packets have their sequence number allowing routers to detect more recent information, initial numbers are negotiated in this state. The router with the highest Router ID becomes the master.

Exchange
The routers will send Database Description packets (description of the LDSB). Link State Request packets to request more recent LSAs are also sent in this state.

Loading
The Link State Request packets are sent to neighbors in the loading state. They request more recent LSAs discovered in the Exchange state. Link State Updates are sent in response to LSRs.

Full
OSPF neighbors are fully adjacent. All information about networks/subnets have been exchanged and acknowledged. 

OSPF Packet Types
In the Neighbor State Machine description, a few types of OSPF packets were mentioned. OSPF uses five types of packets for communication. Take a look at them (pic. 2):

Pic. 2 - OSPF Packet Types.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Type 1 - Hello
This packet type is used to discover neighbors and maintain the adjacencies between them. More details regarding a hello packet will be presented in the next post.

Type 2 - Database Description
It is used to describe the LSAs so that the receiving router (neighbor) can determine if all LSAs have been synchronized between them (all routers in the area must have the same LSDB). It is accomplished by exchanging the headers of LSAs (Database Description packets aka DD packets) with the neighbor(s). The receiving router will check if it has a match for all LSAs in its local database. If not, LSR packets are sent to retrieve the missing LSAs.

Type 3 - Link State Request
During the exchange state the router creates a list of all missing or older LSAs in the so called Link State Request List. Then, it sends one or more LSR packets asking the neighbor for the copy of all these LSAs.

Type 4 - Link State Update
It is the response to LSR packets. Contains one or more LSAs which are sent to the neighbor which sent LSR. Upon receiving them the router is flooding them to all its neighbors in order to maintain the same LSDB within the OSPF area.

Type 5 - Link State Acknowledgment
Each LSA the router receives must be acknowledged in order to synchronize the LSDB with neighbors reliably. This packet is used to acknowledge the reception of all LSAs.

This lesson's terminology should make it easier for you to understand some details of OSPF operation presented in the upcoming lessons.

In my next post, I will focus in on the process of building adjacency between OSPF routers.