OSPF deep dive
OSPF LSAs, Stub areas and Network types with config examples.
General
OSPF is a link-state protocol that uses Link-State Advertisments (LSAs) to share information between each other. We can define muliple areas in OSPF to summarize routing information and save resources. Routers within the same subnet and area/network-type are called Adjacencies. They share their whole topology through LSAs. Routers in a different subnet/area do not share the whole topology and are called Neighbors. To check if other routers are still up they send OSPF hello packets.
DR and BDR
In a Multi-Access network (Multiple OSPF routers are connected to a switch) OSPF will elect a Designated Router (DR) and a Backup Designated Router (BDR). Their function is to minimize the amount of repetitive Information. A Router that is not DR or BDR is called DROTHER. DROTHERs only create adjacencies with the DR and BDR. DROTHERs send the LSAs to the DR/BDR with the multicast address 224.0.0.6 and the DR/BDR sends his routing updates to all DROTHERs with the multicast address 224.0.0.5. THE OSPF hello packets gets also send from ALL OSPF routers to the multicast address 224.0.0.5.
Election order for DR/BDR:
- 1. Interface with a configured priority greater 0 tries to become BDR
- 2. Elects itself as BDR if no BDR exists. If there is a tie then highest router-id will be used.
- 3, If there is no DR, the BDR promotes itself as DR.
- 4. The neighbor with the next highest priority is elected BDR.
The router ID selection order:
- 1. Manually configured using the router-id command.
- 2. highest enabled loopback IP
- 3. the highest IP address of any active physical interfaces in the up state.
Network types
To control how OSPF creates adjacencies we use Network Types.
- Point-to-Point - routers that are directly connected with each other. No other device is between them. No DR/BDR will be elected. They establish adjacency.
- Broadcast - Default network type. Routers that are connected to a multi-access network. A DR/BDR will be elected.
- Non-Broadcast - Multi-access network with PVC. Neighbors are statically defined through the neighbor command and Hello Packets are sent via unicast. A DR/BDR will be elected.
- Point-to-Multipoint - Routers will form adjacencies automatically by flooding the network. No DR/BDR will be elected
- Point-to-Multipoint Non-Brodcast - Neighbors are statically defined through the neighbor command and the Routers will form adjacencies with the statically assigned neighbors. No DR/BDR will be elected.
Note: PVC stands for Permanent Virtual Connectin and is a connection that is defined by software. Typical scenarios are Frame-Relay and ATM.
Area Types
To save routing resources OSPF distinguish in 5 areas.
- Backbone Area - Area 0, all other areas must be connected to area 0 in order to share inter-area link information.
- Standard Area - Area 1 and 2 and so on.
- Stub Area - Only receive and advertise LSA type 1, 2 and 3 and a default route to the ASBR to reach external networks. No external networks (type 5 LSA) will be advertised to or from the area.
- Not So Stubby Area - A Stub area, but it advertises external networks to the ASBR and also allows to get external networks through type 7 LSA.
- Totally Stub Area - Only receive and advertise LSA type 1 and 2 and a default route to the ABR. Inter-Area and external routes has to go to the ABR. This is equal to level-1 Routers in IS-IS.
Router Types
- Internal routers – are only in one area.
- Backbone routers – routers that have interfaces in Area 0.
- Area Border routers (ABRs) - connect standard areas to the backbone Area 0.
- Autonomous System Boundary router (ASBR) connects to another non-OSPF network.
LSA Types
To understand LSA types I use the output of D1 from the topology above.
LSA 1
All OSPF routers advertise type 1 LSAs inside their area. It contains the OSPF router IDs (ADV Router) and the amount of OSPF links (link count).
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1460 0x80000005 0x003AC0 1
1.1.1.2 1.1.1.2 1389 0x80000007 0x00646C 2
LSA 2
Only generated and advertised by DR and contains the DR (1.1.1.2) and the link to the DR (10.10.0.2).
Link ID ADV Router Age Seq# Checksum
10.10.0.2 1.1.1.2 1389 0x80000003 0x00B462
LSA 3
ABRs advertise networks from other areas.
Link ID ADV Router Age Seq# Checksum
10.10.4.0 1.1.1.1 441 0x80000002 0x004ED1
10.10.5.0 1.1.1.1 1453 0x80000001 0x0061BA
172.16.0.0 1.1.1.1 1460 0x80000003 0x00D9A2
172.16.1.0 1.1.1.1 441 0x80000003 0x00D8A1
LSA 4
ABRs advertise the existence of an ASBR and how to reach him (Link ID).
Link ID ADV Router Age Seq# Checksum
2.2.2.1 1.1.1.1 958 0x80000002 0x00131C
LSA 5
ASBRs advertise ospf external routes. In this case a default route (Link ID) and the Router (ADV Router) who advertises it. Type 5 LSAs get generated for example when you configure the default-information originate command or when you redistribute routes from other protocols.
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 2.2.2.1 979 0x80000002 0x009F90 123
LSA 7
Used to advertise a default route for all external networks to or from a NSSA area. Since NSSA does not allow LSA type 5.
We redistribute the 10.10.10.0 network on R4 and advertise it to R2 through a Type-7 LSA
Type-7 AS External Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Tag
10.10.6.0 4.4.4.4 15 0x80000001 0x00E16F 0
10.10.10.0 4.4.4.4 15 0x80000001 0x00B597 0
Also we can do it the other way around and send type-7 LSA inside the NSSA area from R2 to R4. We advertise our default route with the command area 3 nssa default-information-originate
Type-7 AS External Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 2.2.2.1 4 0x80000001 0x00D6D3 0
LSA commands
show ip ospf database #all LSAs
show ip ospf database router #lsa 1
show ip ospf database network #lsa 2
show ip ospf database summary #lsa 3
show ip ospf database asbr-summary #lsa 4
show ip ospf database external #lsa 5
Configure Stub areas
NSSA
As the output above states we get a Type-7 LSA with the default route from R2 to R4. The difference between a stub area is that NSSA is able to advertise and receive external networks. The config for a NSSA is quite simple. We need to configure on both routers the area 3 nssa command. Now the route only gets LSA type 1, 2 and 3 and is not able to ping the external network 209.165.200.225 on R2 anymore.
But R4 is advertising the redistributed 10.10.10.10 prefix TO the backbone area (R2).
R4
router ospf 1
area 3 nssa
R2
router ospf 123
area 3 nssa
To be able to advertise external networks in the NSSA area we need to advertise Type 7 LSAs to the NSSA area.
R2
area 3 nssa default-information-originate
Now we advertise a type 7 LSA from R2 to R4 and we are able to ping the external network 209.165.200.225.
Totally stub area
We can advertise and receive only one prefix for inter-area AND external routes by only advertising type 1 and type 2 LSAs and a default route to the ABR.
R2
router ospf 123
area 3 stub
area 3 stub no-summary
R4
router ospf 1
area 3 stub
Output on R4 with show ip ospf database shows that we only get a default route advertised as type 3 LSA
Link ID ADV Router Age Seq# Checksum
0.0.0.0 2.2.2.1 237 0x80000003 0x0077BD
The routing table on R4 now has only one OSPF route.
Gateway of last resort is 10.10.5.1 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/2] via 10.10.5.1, 00:04:34, GigabitEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.5.0/24 is directly connected, GigabitEthernet0/0
L 10.10.5.2/32 is directly connected, GigabitEthernet0/0
If you want to configure a stub area just leave out the area 3 stub no-summary command and the router will advertise and receive only LSAs type 1,2 and 3.
Route Aggregation/Summarization
We can deny certain prefixes from being advertised or summarize prefixes.
To summarize prefixes between areas simply configure the ABR (R2 in this case) or ASBR with following command.
router ospf 123
area 0 range 172.16.0.0 255.255.254.0
Now on R4 we only have one /23 prefix instead of two /24.
172.16.0.0/23 is subnetted, 1 subnets
O IA 172.16.0.0 [110/2] via 10.10.5.1, 00:00:14, GigabitEthernet0/0
If we want to deny certain prefixes from being advertised to us we can configure a distribute-list.
R2
ip access-list standard OSPF-FILTER
deny 10.10.1.0 0.0.0.255
permit any
router ospf 123
distribute-list OSPF-FILTER in
Now the 10.10.1.0/24 prefix won't get advertised to us cause we deny it.
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.10.0.0/30 [110/2] via 172.16.0.2, 00:02:46, GigabitEthernet0/0
O IA 10.10.4.0/30 [110/2] via 172.16.1.2, 00:02:46, GigabitEthernet0/1
C 10.10.5.0/24 is directly connected, GigabitEthernet0/2
L 10.10.5.1/32 is directly connected, GigabitEthernet0/2
O 10.10.6.0/24 [110/2] via 10.10.5.2, 00:02:46, GigabitEthernet0/2
Route Redistribution
You can redistribute routes from other protocols into your ospf process. In this example we will advertise our loopback interface through redistribution to other routers.
R4
int l0
ip add 10.10.10.10 255.255.255.0
router ospf 1
redistribute connected
On R2 we can see the redistributed route in the routing table.
O E2 10.10.10.0/24 [110/20] via 10.10.5.2, 00:00:05, GigabitEthernet0/2
You can also apply a route-map to it if you only want to redistribute specific prefixes into your OSPF process.
Configure Authentication
You can either use clear-text or MD5 authentication to protect our OSPF adjacencies. I configured it on the interface but you could also configure it directly in the OSPF process.
clear-text authentication
int g0/0
ip ospf authentication-key CISCO
ip ospf authentication
md5 authentication
int g0/0
ip ospf message-digest-key 1 md5 CISCO
ip ospf authentication message-digest
Thanks for reading my article. If you have any questions or recommendations you can message me via arvednetblog@gmail.com.