Professional Documents
Culture Documents
OSPF Part of The CCIE EI Workbook Orhan Ergun
OSPF Part of The CCIE EI Workbook Orhan Ergun
OSPF Part of The CCIE EI Workbook Orhan Ergun
0 PRACTICAL BOOK
Topology:
IP address Schema:
Interface Address
Physical Interfaces 192.X.Y.0/24
Loopbacks 10.X.X.X/32
ISP-
ISP-1 to R6 110.1.1.0/30
ISP-
ISP-2 to R8 110.1.2.0/30
ISP-
ISP-3 to R17 110.1.3.0/30
ISP-
ISP-4 to R20 110.1.4.0/30
ISP Prefixes:
ISP Name and AS Prefixes
Prefix Received from ISP-
ISP-1 via BGP AS 1001 101.1.1.0/24
102.1.1.0/24
105.1.1.0/24
Prefix Received from
from ISP-
ISP-2 via BGP AS 1002 201.1.1.0/24
202.1.1.0/24
203.1.1.0/24
204.1.1.0/24
205.1.1.0/24
Prefix Received from ISP-
ISP-3 via BGP AS 1003 103.1.1.0/24
103.2.2.0/24
103.3.3.0/24
103.4.4.0/24
103.5.5.0/24
Prefix Received from ISP-
ISP-4 via BGP AS 1004 104.1.1.0/24
104.2.2.0/24
104.3.3.0/24
104.4.4.0/24
104.5.5.0/24
Tasks:
Task-1:
Configure OSPF Area 0 using ‘Network’ Statement in the backbone as per
the diagram:
Solution:
R1:
router ospf 1
router-id 10.1.1.1
R2:
router ospf 1
router-id 10.2.2.2
R3:
router ospf 1
router-id 10.3.3.3
R4:
router ospf 1
router-id 10.4.4.4
R5:
router ospf 1
router-id 10.5.5.5
R6:
router ospf 1
router-id 10.6.6.6
R7:
router ospf 1
router-id 10.7.7.7
R8:
router ospf 1
router-id 10.8.8.8
Verification:
In All the above OSPF outputs, you can see the Routing Table and OSPF
Neighborship status.
On Our Topology R1 & R2 acts as Core router in backbone area and all other
routers of backbone area forms neighborship with R1 and R2.
In routing table, we can find all the prefix as ‘O’ marked, means all are the
Intra-Area prefixes (within area).
Most of the Router’s have loopback address of 10.x.x.x, where x is the last
digit of the router and all the loopbacks have two paths to reach each other
by all the routers (one by R1 and other one by R2).
While we check the OSPF neighborships, we can see that there are DR/BDR
status also mentioned, as each network segment or broadcast domain have
DR/BDR election by default, even though they are in point-to-point
connectivity form, but as all the ethernet segment are treated as broadcast
network.
We can avoid DR/BDR election by chainging the network type to point-to-
point or point-to-multipoint.
Default Timers on broadcast network are:
Hello: 10 Sec
Dead Interval: 40 Sec
Then there is one more timer which is called ‘Wait Timer’, which is 40 Sec.
and this timer is used for DR/BDR election, if you intiate the OSPF process
on one router of one network segment then the count down of 40 sec starts
and all the routers which comes up with OSPF within that 40 Sec, can only
participate in DR/BDR election, if someone comes after that it won’t
participate on election.
Task-2:
Configure OSPF Area 20 and Area 50 without using ‘Network’ Statement
in the OSPF Process as per the diagram:
R6:
router ospf 1
router-id 10.6.6.6
interface Ethernet0/3
ip ospf 1 area 20
R3:
router ospf 1
router-id 10.3.3.3
interface Ethernet0/3
ip ospf 1 area 20
interface Ethernet0/2
ip ospf 1 area 20
R5:
router ospf 1
router-id 10.5.5.5
interface Ethernet0/3
ip ospf 1 area 20
R22:
router ospf 1
router-id 10.22.22.22
interface Ethernet0/0
ip ospf 1 area 20
interface Ethernet0/1
ip ospf 1 area 20
Interface loopback0
ip ospf 1 area 20
R21:
router ospf 1
router-id 10.21.21.21
interface Ethernet0/0
ip ospf 1 area 20
interface Ethernet0/1
ip ospf 1 area 20
interface Ethernet0/2
ip ospf 1 area 20
Interface loopback0
ip ospf 1 area 20
R23:
router ospf 1
router-id 10.23.23.23
interface Ethernet0/0
ip ospf 1 area 20
interface Ethernet0/1
ip ospf 1 area 20
interface Ethernet0/2
ip ospf 1 area 20
Interface loopback0
ip ospf 1 area 20
R8:
router ospf 1
router-id 10.8.8.8
interface Ethernet0/3
ip ospf 1 area 50
Interface loopback0
ip ospf 1 area 20
R4:
router ospf 1
router-id 10.4.4.4
interface Ethernet0/2
ip ospf 1 area 50
Interface loopback0
ip ospf 1 area 20
R7:
router ospf 1
router-id 10.7.7.7
interface Ethernet1/1
ip ospf 1 area 50
Interface loopback0
ip ospf 1 area 20
R25:
router ospf 1
router-id 10.25.25.25
interface Ethernet0/0
ip ospf 1 area 50
interface Ethernet0/1
ip ospf 1 area 50
interface Ethernet0/2
ip ospf 1 area 50
Here in this task, we are asking about configuring OSPF without the ‘Network’
statement, this is another way of OSPF configuration, where we just enable the OSPF
process and area number under the interface instead of enabling the interface by
putting the ‘Network’ statement under OSPF process.
This way is more used in industry because it reduces the configuration steps and no
need to look for the exact network subnet for enabling OSPF.
OSPFv3 have this way only to enable OSPF, there we won’t have network statement
way of doing that.
We are configuring OSPF instance just to configure router-id explicitly, which is even
not required as it automatically pics up the loopback address as router-id but the
intension here to configure that is just be sure and hadcode the router-id as loopback.
Verification:
R21#show ip protocols
*** IP Routing is NSF aware ***
R25#show ip protocols
*** IP Routing is NSF aware ***
Now in the above verification commands, we can see OSPF database as well
As we have configured a non-backbone area, so we can LSA-3 also which is a
Summary LSA generated by ABR only, this LSA contains the information of
LSA-1 and LSA-2 of the connected non-backbone area and summarize them
into one as LSA-3 and advertise into backbone area and vise-versa from
backbone area to non-backbone area.
Adv. Router for this LSA is always ABR router as it is generated by it only
and gives us a complete picture of the other area into backbone area.
Here in above OSPF database outputs, we can see 3 LSA’s; LSA-1, LSA-2 and
LSA-3.
Let’s talk a bit about these LSA’s:
LSA-1: Router LSA, this LSA is generated by all the routers and shares there
directly connected interface info in it along with there respective router-ids,
scope of this LSA is limited to within area only.
LSA-2: Network LSA, this LSA is generated by DR only and it contains the
summarize network information of the area, and its scope is limited to that
area only.
LSA-3: Summary LSA: this LSA is generated by ABR and it contains the
summarize information of LSA-1 and LSA-2, it combines them and creates a
summarize form of it in LSA-3 and send to backbone area and it vise versa
from backbone to non-backbone.
All the LSA-3 Prefixes are known as Inter-Area routes and they advertised
like that only with ‘O IA’ mark.
In case of our lab, if we take example of R25, we can see all the LSA-3 are
coming thrice, one from R4, one from R7 and other one from R8, because
there are 4 ABR’s who are connecting local area to backbone area and all
three are advertising LSA-3, one with the highest router-id will be choosen
and installed in routing table.
Task-3:
Configure OSPF Area 30 and Area 10 in the OSPF Process as per the
diagram, where in Area 10, Subnet 192.1.191.0/25 R10 should be DR and
R11 should be BDR and there should not be any other DR/BDR election in
Area 10 and Area 30.
R5:
router ospf 1
router-id 10.5.5.5
interface Ethernet0/2
ip ospf 1 area 10
R9:
router ospf 1
router-id 10.9.9.9
interface Ethernet0/0
ip ospf 1 area 10
interface Ethernet0/2
ip ospf 1 area 10
interface Ethernet0/1
ip ospf 1 area 10
Interface loopback0
ip ospf 1 area 10
R19:
router ospf 1
router-id 10.19.19.19
!
interface Ethernet0/0
ip ospf 1 area 10
ip ospf network point-to-point
!
interface Ethernet0/1
ip ospf 1 area 10
ip ospf network point-to-point
!
Interface loopback0
ip ospf 1 area 10
R10:
router ospf 1
router-id 10.10.10.10
!
interface Ethernet0/1
ip ospf 1 area 10
ip ospf network point-to-point
!
interface Ethernet0/0
ip ospf 1 area 10
ip ospf priority 255
!
Interface loopback0
ip ospf 1 area 10
R11:
router ospf 1
router-id 10.11.11.11
!
interface Ethernet0/0
ip ospf 1 area 10
ip ospf priority 254
!
Interface loopback0
ip ospf 1 area 10
This task is very much similar like the previous task, but here
we will be playing around with OSPF network types and
DR/BDR election.
Verification:
In this ouput you can find no DR elected with neighbor R9, as OSPF neighborship is
formed on a point-to-point network type.
In point-to-point network type we won’t have DR/BDR election, to avoid
unnecessary LSA flooding as well as no DR/BDR election will take place.
We can consider this as best practice while running OSPF on point-to-point
ethernet segments.
Here we can see the DR/BDR details under OSPF interface output and
we can see here Network Type, which is explicitly configured as Point-
to-Point.
Different timers are shown here, which can be configured manually or
we can use default.
After completing this task, we are able to see all the Inter-Area prefixes
in backbone are coming from all different area.
Some of the prefixes are having redundant path because of multiple ABR
used to connect multiple areas.
ECMP by default enabled to achive equal cost load balancing in OSPF,
even though OSPF does support un-equal cost load balancing as well,
regarding that we will talk later in the document.
0 10 no no Base
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Next 0x0(0)/0x0(0)
Topology priority is 64
Router is not originating router-LSAs with maximum metric
Number of areas transit capable is 0
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Area 10
SPF algorithm last executed 00:01:04.532 ago
SPF algorithm executed 2 times
Area ranges are
0 10 no no Base
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Next 0x0(0)/0x0(0)
Here in this output you can se DR is R10 (10.10.10.10) and BDR is R11 (11.11.11.11), which you can
see here as per the task,
For achiving this we have manually configured OSPF priority on R10 as 255 and on R11 as 254, which
explicitly make them as DR and BDR, 255 is because if someone in future comes in this segment with
any high priority configured he cannot take over similarly 254 because we don’t want anyone takes
over the BDR role from R11
Some time your configuration won’t come in effect because of DR is already elected, in that case if you
want you configuration to come in effect immediately, you have to reset OSPF process, by using below
command ‘clear ip ospf process’
Task-4:
Configure OSPF Area 40 and Area 60 in the OSPF Process as per the
diagram, where in Area 60, Subnet 192.189.224.0/24 R20 should be DR and
R24 should be BDR.
R7:
router ospf 1
router-id 10.7.7.7
!
interface Ethernet0/2
ip ospf 1 area 60
ip ospf network point-to-point
!
interface Ethernet0/3
ip ospf 1 area 60
R18:
router ospf 1
router-id 10.18.18.18
!
interface Ethernet0/0
ip ospf 1 area 60
ip ospf network point-to-point
!
interface Ethernet0/2
ip ospf 1 area 60
!
Interface loopback0
ip ospf 1 area 60
R20:
router ospf 1
router-id 10.20.20.20
!
interface Ethernet0/0
ip ospf 1 area 60
ip ospf priority 255
!
Interface loopback0
ip ospf 1 area 60
R24:
router ospf 1
router-id 10.24.24.24
!
interface Ethernet0/0
ip ospf 1 area 60
ip ospf priority 254
!
Interface loopback0
ip ospf 1 area 60
R15:
router ospf 1
router-id 10.15.15.15
!
interface range Ethernet0/0 - 2
ip ospf 1 area 40
!
Interface loopback0
ip ospf 1 area 40
R16:
router ospf 1
router-id 10.16.16.16
!
interface Ethernet0/0
ip ospf 1 area 40
!
Interface loopback0
ip ospf 1 area 40
R17:
router ospf 1
router-id 10.17.17.17
!
interface Ethernet0/0
ip ospf 1 area 40
!
Interface loopback0
ip ospf 1 area 40
Verification:
0 10 no no Base
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Next 0x0(0)/0x0(0)
In the above output you can see R20 (10.20.20.20) is elected as DR and R24 (10.24.24.24) is
elected as BDR, as per the task.
R16#sho
R16#show ip os
R16#show ip ospf bo
‘show ip ospf border-routers’ this command is use full, when you are in a
OSPF area which is have many routers and you want to find out who all are the ABR’s
for this area, we can figure out that which all are ABR.
Basically, border routers here are referred as OSPF ABR.
R16#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Topology:
Tasks:
Task-1:
Redistribute BGP on R6 and R8 for redistributing prefixes from ISP-1 and
ISP-2 respectively.
Solution:
R6:
router ospf 1
redistribute bgp 65001 subnets
R8:
router ospf 1
redistribute bgp 65001 subnets
Routes should be visible in the backbone as External type 2, which are received from
ISP-1 and ISP-2 respectively:
Verification:
R1#show ip route ospf | include E2
E1 - OSPF external type 1, E2 - OSPF external type 2
O E2 101.1.1.0 [110/1] via 192.1.16.6, 00:02:36, Ethernet0/3
O E2 102.1.1.0 [110/1] via 192.1.16.6, 00:02:36, Ethernet0/3
O E2 105.1.1.0 [110/1] via 192.1.16.6, 00:02:36, Ethernet0/3
O E2 110.1.1.0 [110/1] via 192.1.16.6, 00:02:36, Ethernet0/3
O E2 110.1.2.0 [110/1] via 192.1.18.8, 00:01:30, Ethernet1/1
O E2 201.1.1.0/24 [110/1] via 192.1.18.8, 00:01:30, Ethernet1/1
O E2 202.1.1.0/24 [110/1] via 192.1.18.8, 00:01:30, Ethernet1/1
O E2 203.1.1.0/24 [110/1] via 192.1.18.8, 00:01:30, Ethernet1/1
O E2 204.1.1.0/24 [110/1] via 192.1.18.8, 00:01:30, Ethernet1/1
O E2 205.1.1.0/24 [110/1] via 192.1.18.8, 00:01:30, Ethernet1/1
We can see all our external routes here orginated by respective ASBR’s (R6
& R8), you can find the ‘tag’ field at the end of database table, this field
basically represents the AS number of remote side, in our case it will be ISP
AS number.
External routes are originated by ASBR as type-5 LSA, External router have
two types:
1. E1 – External Type 1: it adds the internal cost as well as external cost,
which shows the actual cost to reach that repfix.
2. E2 – External Type 2: it does not add the internal cost, it just shows the
external cost which is 20, by default in case of cisco way of
implementation, this is default type of external route, when you
redistribute whithout any specific type.
But if you can se here, we are not having type-4 LSA, which is ASBR
Summary LSA, why?
LSA-5 (ASBR Summary LSA), this LSA is generated by ABR and it contains
the information aboute ASBR, if your ASBR is connected within same area
where you are checking the database then you will not be able to see LSA-4,
as there is no ABR in between but if you check the database on the other
area (non-backbone) are then you can find LSA-4 which is generated by ABR
and contains the rechability information to ASBR.
Task-2:
Configure Area 10 and Area 30 in a way so that all the external routes
should be filtered but there should be reachability to external prefixes.
Pre-Verification:
Area 30:
30:
Here let’s do some pre-verification, which will help us to see all the external routes are propogated
properly.
Currently we should be receiving all the external prefixes in Area 10 and Area 30, which ultimately we
need to block.
Area 10:
Configuration:
Area 30:
R6:
router ospf 1
area 30 stub
R12:
router ospf 1
area 30 stub
R13:
router ospf 1
area 30 stub
R14:
router ospf 1
area 30 stub
R13#
*Apr 2 09:13:57.780: %OSPF-5-ADJCHG: Process 1, Nbr 10.14.14.14 on Ethernet0/1 from FULL to
DOWN, Neighbor Down: Adjacency forced to reset
*Apr 2 09:13:57.780: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.12.12 on Ethernet0/0 from FULL to
DOWN, Neighbor Down: Adjacency forced to reset
*Apr 2 09:13:58.763: %SYS-5-CONFIG_I: Configured from console by console
R13#
*Apr 2 09:14:00.411: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.12.12 on Ethernet0/0 from LOADING to
FULL, Loading Done
R13#
*Apr 2 09:14:06.619: %OSPF-5-ADJCHG: Process 1, Nbr 10.14.14.14 on Ethernet0/1 from LOADING to
FULL, Loading Done
ABR is receiving all the external prefixes from ISP-2 but not from ISP-1 as R6 is ASBR
for ISP-1 and in Stub Area ASBR is not allowed to inject the external prefixes in the
Routing table but it will receive the generate the Type-5 LSA.
But the external routed received from ISP-1 are propagated to backbone.
Verification in Area 30, No LSA-5 and LSA-4 will not be injected but one default route
will be injected into Area 30.
Area 10:
R5:
router ospf 1
area 10 stub
R9:
router ospf 1
area 10 stub
R19:
router ospf 1
area 10 stub
R10:
router ospf 1
area 10 stub
R11:
router ospf 1
area 10 stub
ABR is receiving all the external prefixes from both the ISP’s but not inject into Area 10:
Topology:
Tasks:
Task-1:
Configure Area 30 in a way so that it will filter LSA-3 (Inter-Area) prefixes as well along
with the LSA-4 and LSA-5 and use same default route to reach inter-area prefixes as
well.
Let’s talk a bit about totally stub area first before we proced to the configuration:
Totally stub area is also a special type of OSPF area, which is actually the extension of Stub area, area
needs to be stub area first then only it can be converted into totally stub area.
Where stub area blocks the LSA-5 and LSA-4, totally stub area blocks LSA-3 as well with it, which
means no Inter-Area routes allowed in that area along with external routes.
Configuration for totally stub area is required only on the ABR by adding ‘no-summary’, as soon as
we add this command on ABR, it blocks LSA-3 also and injects same default route to make rechability
to External as well as Inter-Area routes.
Configuration:
Totally Stub configuration is required only on ABR:
R6:
router ospf 1
Verification:
You can see here, complete inter-area prefixes are suppressed and one default route has been
injected into the area from ABR, which will be used for making rechability to the inter-area as well as
external routes.
Topology:
Tasks:
Task-1:
Redistribute BGP on R17 in Area 40 and R20 in area 60 in a way so they
will inject external routes by adding internal cost in it and seed them with
external cost of 60 instead of default external cost.
R17:
router ospf 1
R20:
router ospf 1
Here we are redistributing prefixes from ISP-3 and ISP-4 on R17 and R20,
with seed cost of 60 instead of deault cost of 20 and external route type 1,
which will also include internal cost along with external cost.
Verification:
We can see here, OSPF external routes with external type 1 and cost of 80 on
R15, because cost intiated with 60 and each internal cost will be added into it.
All the prefixes which starts from 103 in first octet belongs to ISP-3 and all the
prefixes from 104 in first octet belongs to ISP-4.
Task-2:
Configure Area 40 and Area 60 in way so that the External Prefix from ISP-1 and ISP-2
should not be allowed in Area and Prefixes from ISP-3 and ISP-4 should be allowed
respectively in areas and populate them in backbone area.
Before we proceed into this task configuration, let’s talk about NSSA Area type.
NSSA (Not So Stuby Area) is also a special type of area which is similar like stub area,
it also block external prefixes (LSA-5 & LSA-4) coming from another area.
But in NSSA, along with filtering external prefixes from another area it allows the
external routes if they are generated in that area itself, if ASBR is in the same area
where you want to filter external route and configuring that area as NSSA then, that
ASBR will be generating external routes not as type-5 instead in will generate type-7
LSA, which is same like type-5 but allowed only within NSSA area.
ABR of NSSA area received LSA-7 and convert that LSA into LSA-5 and flood into
backbone area, this conversion from type-7 to type-5.
R8:
router ospf 1
area 40 nssa
R15:
router ospf 1
area 40 nssa
R16:
router ospf 1
area 40 nssa
R17:
router ospf 1
area 40 nssa
R7:
router ospf 1
area 60 nssa
R18:
router ospf 1
area 60 nssa
R20:
router ospf 1
area 60 nssa
R24:
router ospf 1
area 60 nssa
You can see configuration is quite similar like stub are for NSSA area.
Verification:
You can see here, in Area 40 we are getting prefixes from ISP-2 because of
R8 is ASBR as well as ABR for NSSA Area 40, by default ABR + ASBR will
inject self-generated external route at Type-7 LSA.
For removing these route, additional configuration is required.
R8:
router ospf 1
Verification:
On R8 (ABR), you can find same LSA in type 7 and type 5 because it
receives type 7 and convert it into type 5 and advertise into backbone area.
R24#
R20#
R7:
router ospf 1
By default, OSPF NSSA Area won’t inject any default route into the area, this
means there is no rechability to the external routes coming from another
area, if you want to make a backup rechability towards the external prefixes
from another area also, then you can inject default route manually by
explicit configuration.
This default route will b shown as external default route (N2) in the NSSA
Area.
Verification:
R20#ping 101.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 101.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
R20#ping 201.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R24#ping 101.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 101.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
R24#ping 201.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
With the help of default route injected by ABR, it allows the area to communicate with ISP-1 and
ISP-2, you can see default route as O*N2.
Topology:
Tasks:
Task-1:
Configure OSPF Area 40 in a way, so that it will Restrict the External
prefixes coming from ISP-1 and ISP-2 but should have default route to
reach them as well as it should also allow prefixes coming from ISP-3.
Note: Default Route in Area 40 should be implicit default route.
Configuration:
Note: to Convert NSSA Area into Totally NSSA Area, we only need to make
configuration only on ABR.
R8:
router ospf 1
router-id 10.8.8.8
Verification:
Topology:
Tasks:
Task-1:
- Create Loopback 10 on R11 and assign these addresses:
interface Loopback10
ip address 10.255.2.11 255.255.255.0 secondary
ip address 10.255.3.11 255.255.255.0 secondary
ip address 10.255.4.11 255.255.255.0 secondary
ip address 10.255.5.11 255.255.255.0 secondary
ip address 10.255.6.11 255.255.255.0 secondary
ip address 10.255.7.11 255.255.255.0 secondary
ip address 10.255.1.11 255.255.255.0
!
- Make Sure R2 gets all routes with /24 prefix length
- Summarize those routes to /21
Solution:
Let’s create Lo10 on R11 and advertise the addresses in OSPF, by default the ospf
network type of loopback interface is “loopback” and the primary IP address will be
advertised as a /32 host route:
R11:
interface Loopback10
ip address 10.255.2.11 255.255.255.0 secondary
ip address 10.255.3.11 255.255.255.0 secondary
ip address 10.255.4.11 255.255.255.0 secondary
ip address 10.255.5.11 255.255.255.0 secondary
ip address 10.255.6.11 255.255.255.0 secondary
ip address 10.255.7.11 255.255.255.0 secondary
ip address 10.255.1.11 255.255.255.0
ip ospf 1 area 10
We can change this default behavior by changing the OSPF network type to P2P on
loopback 10 interface:
R11:
interface loopback 10
ip ospf network point-to-point
--More--
Now we can summarize those prefixes into a /21 summary route on ABR (R5), only
ABR can do summarization for Inter-Area routes:
R5:
router ospf 1
area 10 range 10.255.0.0 255.255.248.0
!
Area x range command is being used to summarize area 10 prefixes into area 0.
Also, all specific prefixes are going to be filtered (only summary route is going to be
advertised as LSA Type 3):
R2#show ip route ospf | include 10.255
Task-2:
- Create Loopback 19 on R19 and assign these addresses:
interface Loopback19
ip address 19.255.2.11 255.255.255.0 secondary
ip address 19.255.3.11 255.255.255.0 secondary
ip address 19.255.1.11 255.255.255.0
!
- Make Sure R2 gets all the routes with /24 prefix length
- 19.255.2.0/24 should be filtered when it is advertised to Area 0 (check R2 routing
table)
Solution:
Inter-Area route filtering can be done only on ABR (R5):
R19:
interface Loopback19
ip address 19.255.2.11 255.255.255.0 secondary
ip address 19.255.3.11 255.255.255.0 secondary
ip address 19.255.1.11 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 10
!
R5:
ip prefix-list MATCH-255-2 seq 5 deny 19.255.2.0/24
ip prefix-list MATCH-255-2 seq 10 permit 0.0.0.0/0 le 32
router ospf 1
area 10 filter-list prefix MATCH-255-2 out
!
ABR (R5) has filtered the 19.255.2.0/24 prefix when advertising inter-area routes into
area 0.
Task-3:
- R17 should filter 103.4.4.0/24 when redistributing it into OSPF.
Solution:
This time an ASBR (R17) is going to filter some prefixes when redistributing them into
OSPF:
R17:
ip prefix-list MATCH-4-4 seq 5 deny 103.4.4.0/24
ip prefix-list MATCH-4-4 seq 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix MATCH-4-4 out
!
You can see that 103.4.4.0/24 prefix is missing from the R16 routing table.
Task-4:
- R17 should advertise a summary route into OSPF for BGP received routes.
Solution:
The summarization on an ASBR can be done using summary-address command, this
command has no effect on inter-area route summarization, it can only be used on an
ASBR to summarize redistributed prefixes:
R17:
router ospf 1
summary-address 103.0.0.0 255.0.0.0
!
The ASBR only advertises the summary route and filters the specific routes.
Topology:
Tasks:
Task-1:
Make Area 30 Communication with backbone area using virtual link feature.
Pre-Verification:
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
We will be using Area 10 to build up a Virtual link using the ABR (R9 and
R3) to virtually connect Area 30 with backbone area.
R9:
router ospf 1
router-id 10.9.9.9
area 10 virtual-link 10.3.3.3
R3:
router ospf 1
router-id 10.3.3.3
area 10 virtual-link 10.9.9.9
For configuring virtual link we should configure Router-ID manually and
both the ABR’s will exchange the each other’s Router-ID using Virtual-Link.
*Apr 3 16:47:23.494: %OSPF-5-ADJCHG: Process 1, Nbr 10.9.9.9 on OSPF_VL0 from LOADING to FULL, Loading Done
Both the ABR will for OSPF neighborship using VL0 (Virtual-Link 0)
Interface.
Verification:
You can now find all the Area 30 LSA in backbone area with the help of virtual link.
Virtual link virtually placed the R9 (ABR) into Area 0.
But there is a change, you can see all the Area 30 prefixes with DNA (Do Not Age) LSA
bit.
Periodic LSA refreshes that take place every 30 minutes do not occur with OSPF
demand circuit. When a demand circuit link is established a unique option bit (the DC
bit) is exchanged between neighboring routers. If two routers negotiate the DC bit
successfully, they make a note of it and set a specific bit in the LSA Age called the
DoNotAge bit (DNA).
Do Not Age LSA bit is part of OSPF flood Reduction feature, By design, OSPF requires
link-state advertisements (LSAs) to be refreshed as they expire after 3600 sec. Some
implementations have tried to improve the flooding by reducing the frequency to
refresh from 30 min to around 50 min or so. This solution reduces the amount of
refresh traffic but requires at least one refresh before the LSA expires.
The OSPF Flooding Reduction feature works by reducing unnecessary refreshing and
flooding of already known and unchanged information. To achieve this reduction, the
LSAs are now flooded with the higher bit set, thus making them DoNotAge (DNA) LSAs.
Topology:
Tasks:
Task-1:
Configure Authentication in OSPF Area 20, so that all the routers, should be
authentication OSPF peering with minimum configuration on the interfaces.
Configuration:
R4:
router ospf 1
area 20 authentication message-digest
!
interface Ethernet0/2
ip ospf message-digest-key 1 md5 cisco123
R5:
router ospf 1
area 20 authentication message-digest
!
interface Ethernet0/0
ip ospf message-digest-key 1 md5 cisco123
!
interface Ethernet0/1
ip ospf message-digest-key 1 md5 cisco123
!
interface Ethernet0/2
ip ospf message-digest-key 1 md5 cisco123
R6:
router ospf 1
area 20 authentication message-digest
!
interface Ethernet0/0
ip ospf message-digest-key 1 md5 cisco123
!
interface Ethernet0/1
ip ospf message-digest-key 1 md5 cisco123
R10:
router ospf 1
area 20 authentication message-digest
!
interface Ethernet0/0
ip ospf message-digest-key 1 md5 cisco123
!
interface Ethernet0/1
ip ospf message-digest-key 1 md5 cisco123
Verification:
These are the three different types of authentication supported by OSPF.
Null Authentication—This is also called Type 0 and it means no authentication
information is included in the packet header. It is the default.
Plain Text Authentication—This is also called Type 1 and it uses simple clear-
text passwords.
MD5 Authentication—This is also called Type 2 and it uses MD5 cryptographic
passwords.
Authentication does not need to be set. However, if it is set, all peer routers on the
same segment must have the same password and authentication method.
MD5 authentication provides higher security than plain text authentication. This
method uses the MD5 algorithm to compute a hash value from the contents of the OSPF
packet and a password.
The key ID allows the routers to reference multiple passwords. This makes password
migration easier and more secure.
Task-2:
Configure Authentication over the OSPF Virtual link using secure authentication
mechanism.
Configuration:
R3:
router ospf 1
area 10 virtual-link 10.9.9.9 authentication message-digest
area 10 virtual-link 10.9.9.9 message-digest-key 1 md5 cisco123
R9:
router ospf 1
area 10 virtual-link 10.3.3.3 authentication message-digest
area 10 virtual-link 10.3.3.3 message-digest-key 1 md5 cisco123
Verification:
Task-3:
Configure Authentication on peering between R3 and R7 using secured mechanism
with no Configuration under OSPF process.
R3:
interface Ethernet0/2
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco123
R7:
interface Ethernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco123
Verification: