Open Shortest Path First (OSPF)
Contents
Subpages
About
Youtube - Kevin Wallace Training, LLC - OSPF Deep Dive
- Many thanks for the introduction!
- Open Standard
Wiki EN Interior Gateway Protocol (IGP) (most commonly used)
- Runs within an autonomous system (AS)
- Link-State routing protocol
Runs Dijkstra's (Shortest path first) algorithm
- based on the metrik cost
- Esablishes adjacencies with other routers
- OSPF Hello-Protocol
- Sends LSAs to other routers in an area
- Constructs a LSDB from LSAs (in LSUs) caontaining a map from the network
- Attempts to inject the best path for each network into the router's IP routing table
- Scaling is limited
- OSPF may not scale to the size required in large enterprises.
- Physical memory for routing tables in switches and routers may be limited.
- May not be able to hold the full Internet routing table, but are totally fine to hold the routing table for a confederated AS.
Standards
Implementations
- Licenses:
- Source code: various Licenses
- Composite binary: GPLv2 or later
- Evolved from
Wiki EN - Quagga, GPLv2
Evolved from GNU Zebra, GPL
- Licenses:
Wiki EN - BIRD (recursive acronym for BIRD Internet Routing Daemon
OSPF addresses
Address family |
Address |
Description |
IPv4 |
224.0.0.5 |
OSPFIGP AllSPFRouters |
IPv6 |
ff02::5 |
OSPFIGP AllSPFRouters |
IPv4 |
224.0.0.6 |
OSPFIGP AllDRouters |
IPv6 |
ff02::6 |
OSPFIGP AllDRouters |
Abbreviations
- ACL
- Access Control List
- AF
- Address Family
- AFI
- Address Family Identifier
- AIGP
- Accumulated Interior Gateway Protocol
- AS
- Autonomous System
- ASN
- Autonomous System Number
- BGP
- Border Gateway Protocol
- CE
- Customer Edge
- DD
- Database Description packages
- DUAL
- Diffusing Update ALgorithm
- eBGP
- External BGP
- EGP
- Exterior Gateway Protocol
- EIGRP
- Enhanced Interior Gateway Routing Protocol
- EOR
- End Of RIB
- EVPN
- Ethernet Virtual Private Network
- FIB
- Forwarding Information Base
- GR
- Graceful Restart
- HA
- High Availability
- iBGP
- Internal BGP
- IGP
- Interior Gateway Protocol
- IGRP
- Interior Gateway Routing Protocol
- IRR
- Internet Routing Registry
- IXP
- Internet Exchange Point
- L2VPN
- Layer 2 Virtual Private Network
- LIR
- Local Internet Registry
- LSA
- Link State Advertisments
- LSDB
- Link State Database
- LSR
- Link State Request
- LSU
- Link State Update
- Packet that may contain multiple LSAs
- MBGP
- Multicast BGP
- MP-BGP
- Multi-Protocol BGP
- NLRI
- Network Layer Reachability Information
- NSF
- Non Stop Forwarding
- NSR
- Non Stop Routing
- OSPF
- Open Shortest Path First
- PA
- Path Attribute
- PE
- Provider Edge
- PMTUD
- Path MTU Discovery
- RIB
- Routing Information Base
- RIR
- Regional Internet Registry
- RR
- Route Reflector
- RS
- Route-Server
- RTP
- Reliable Transport Protocol
- SAFI
- Subsequent Address Family Identifier
- SIA
- Stuck In Action
- SNM
SubNet Mask
- Tier 1 transit provider
- An IP transit provider that can reach any network on the Internet without purchasing transit services.
- SSO
- Stateful Switchover
- uRPF
- Unicast Reverse Path Forwarding
- VXLAN
- Virtual eXtensible LAN
- EoR
- End of RIB
- VTEP
- Virtual Tunnel Endpoint
- VLSM
- Variable Length Subnet Mask
Process ID
- Identifier of an OSPF instance with only local significance.
- Does not have to match the PID of a neighbor.
- Range 16 bit integer (1 to 65535)
- Multiple instances can be driven on a single router, which are isolated from each other.
- LSAs of one Process ID are not published to other instances or adjacent routers, if not configured to do so.
- Separate link-state databases
- Routes from multiple instances update the RIB
- No equal-cost multipathing, first come first serve?
- Relevant only in complex topologies.
- Recommendation is to use a single instance throughout the network.
Neighbors
- in the same network link
- Exchange Hello-messages
- Requires matching
- Area
- Athentication
- Subnet
- Timers
- Stub flags
- MTU
mis-match hangs in state EXSTART/EXCHANGE
Adjacencies
- Must be a neighbor
- Have exchanged LSUs and DDs packages
Cost
- Cost is a function of bandwidth
- Default reference BW = 100.000.000 bit/s (100 Mbps)
Cost = Reference BW / Interface BW
- Cost must be integer and
- Examples with default reference BW
BW
Cost
1 Mbps
100
10 Mbps
10
100 Mbps
1
1 Gbps
1
10 Gbps
1
Reference BW should be increased (e. g. to 100 Gbps) or links with bandwidth >= reference bandwidth are treated as equal cost, which leads to sub-optimal path selection.
Designated Routers (DR)
- Reduces the number of adjacencies
- There may also be a Backup Designated Routers (BDR)
DR election
- Highest router priority wins
- ospf router priority should be configured
- by default 1, which leads to draw
- Prio of "0" prevents a router from participating in election.
Tie-Breaker: Highest #Router ID
Areas
- Area Border Routers (ABR) connect areas
- At least one interface in more than one area
- Autonomous System Boundary Router ASBR
- CPU should not be a bottleneck anymore.
- Old recommendation
- Reasons for breaking up into area
- Heavy amounts of subnets to make the link state database more readable
- Merge of companies
Multi-Area OFPS networks mast have a Backbone Area numbered 0 or 0.0.0.0
- Every other area must touch area 0 (some exemptions)
Link State Advertisements (LSA)s
- Type 1 - Router LSA
- created by each router and contains information about that router's directly attached networks (for every network)
- Type 2 - Network LSA
- Flooded within an area
- is created for each transit network within an area on which a DR is elected.
- like in broadcast domains
- Point-To-Point-links do not qualify
- Type 3 - Summary LSA (OSPFv2) or Inter Area Prefix LSA (OSPFv3)
- is sent from one area to another and is used to advertise a network in the source area for every single network in the source area.
- Type 4 - Summary ASBR LSA
- is created by and ABR to tell members of an area read how to reach an ASBR.
- Type 5 - AS External LSA
- is created by an ASBR to advertise networks in a different AS
- e.g. from EIGRP
- Type 7 - NSSA LSA
- is sent from an ASBR to an NSSA to advertise networks from a different AS
- Carries essentially the same info as type 5
- but type 5 is not ment to be sent into a (totally) stub(by) area
Other types
- Type 6 - OSPF Group Membership LSA
- Designed to work wir multicast OSPF (MOSPF), which is not supported by Cisco and is not widely used. PIM (Protcol independent multicast) is preferred.
- Type 8 - OSPF External Attributes (OSPFv2) and Link Local LSA (OSPFv3)
- Used to carry BGP attributes through OSPF with OSPFv2.
- Used to send IPv6 network information on a link with OSPFv3.
- Type 9 - OSPF Link Scope Opaque (OSPFv2) and Intra-Area Prefix (OSPFv3)
- Used to carry additional ISP information with OSPFv2.
- Used to advertise netowrks within an area including address information (which is not carried by type 1 or 2 LSAs with OSPFv3. (contains also IP-addresses of thie links)
- Type 10 - OSPF Area Scope Opaque
- Can be used to advertise additional information via OSPF (such as information used by MPLS traffic engineering).
- Type 11 - OSPF AS Scope Opaque
- Same as type 10 LSAs except these LSAs are not flooded into Stub areas.
Area types
- Normal areas
- aka transit areas
- Stub area
- Type 3 Summary LSAs and type 3 Default LSA (with default route) injected by ABR into an area
- Default route and more specific routes
- Type 3 Summary LSAs and type 3 Default LSA (with default route) injected by ABR into an area
- Totally Stubby area
- Only Type 3 Default LSA (with default route) injected by ABR into an area
- only default route
- Only Type 3 Default LSA (with default route) injected by ABR into an area
- Not So Stubby area (NSSA)
- Type 3 Summary LSAs injected by ABR
- Type 3 Default LSAs injected by ABR
- Type 7 - NSSA LSA injected by a ASBR
- Totally Not So Stubby area (TNSSA)
- Type 3 Summary LSAs injected by ABR
- Type 3 Default LSAs injected by ABR
- Type 7 - NSSA LSA injected by a ASBR
Network types
- Broadcast network type
- Multi access network (to the same subnet)
- is the default OSPF network type for any Ethernet interface
- DR and BDR are elected
- Default hello interval: 10 s
- Point-To-Point network type
- is the default OSPF network type in a non-frame-Relay serial interface
- DR and BDR are not elected
- Default hello interval: 10 s
- Multi access network (to the same subnet)
- No broadcast nor multicast
- is the default OSPF network type in a physical frame-Relay serial interface
- DR and BDR are elected
- Default hello interval: 30 s
- Point-To-Multipoint network
- No multi access network (multiple subnets)
- DR and BDR are not elected
- Replicates packets to send to neighbors
- Treats each PVC as a Point-To-Point link
- Default hello interval: 30 s
Adjacencies can be built if both do or both don't elect a DR (and BDR).
- BC-BC
- PTP-PTP
- PTP-PTMP
- BC-NBMA
OSPF timers
- Hello timer
- Dead timer (4 * Hello-Timer)
- Meaning opposite of OSPF Holdtime
- Keepalive time is advertised to be matched.
- have to match to form a neighborship
- Defines how long to wait for a neighbor before tearing down the neighborship
OSPF neighbor states
- Down
- Router has not received and Hellos (within Dead Interval) but can send hellos
- Attempt
- Only on NBMA network, where an interface is sending Hellos to a configured neigbor, but has not received Hellos from that neighbor
- Init
- An interface received a Hello packet from a neighbor, but it didn' conain the neighbor's Router ID, That means the neighbor hasn't received a Hello form us.
- 2-Way
- There is abidirectional communication beween the router and a neighborship bas been formed. Then a decision is made whether or not to form an adjacency
- Exstart
- Routers on Broadcast or NBMA netwworks are elected.
- Exchange
- Adjacent routers exchange Database Descriptio (DBD) packets, but not the contents od the Link State Database.
- Loading
- Based on what was learned by the Database Descriptor packets, routers send LSRs to request any needed information.
- Full
- Router are fully adjacent with each other.
Network command
- Defines just address space not network to be advertised
- If an interface address falls into this address space, the network belonging to the interface is advertised
- In IPv6 interface commands are used.
Example
Route filtering
- on ASBR on redistribution configuration
- on ABR
- with a prefix list
- within area
- with a distribution list (between OSPF database and rib)
Route aggregation
- Reduces the size of the routing table
- Makes routing tables more readable
- Increases the efficiency routing table
- Saves cycles and memory
- Works best if summarization is already considered when assigning subnet addressing
- Plan your networks
- Algorithm
- Binary AND of network prefixes to determine common bits.
- Appending bits with value 0 of the resulting network address are counted, subtracted from the maximum length of the SNM (32/128) and converted to decimal to calculate the subnet mask.
- Summarized network address and SNM are concatenated to the summarized network prefix.
- Summarized address
- Be careful, because summarization may also span holes, which may cause issues.
- Should work, because advertisements of network falling into that route are more specific.
- Network with the least cost (OSPF) or highest metric (EIGRP) is picked for the summarized route.
Determine if automatic summarization is configured Automatic summarization
1 show ip protocols
- Summarization only possible on
ABR: area SOURCE-AREA-ID network-address SNM
ASBR: summary-address network-address SNM
Virtual links
- All OSPF areas must be physically or logically adjacent to the backbone area 0 or 0.0.0.0.
- An OSPF virtual link logically spans a transit area.
- Routing updates are tunneled, while data is sent natively, resulting in no tunnel overhead for data (no extra header).
- Destination address should be a loopback address.
OSPFv3
- On Cisco IPv6 routing is disabled by default
Enable it with ipv6 unicast-routing
- Traditionally OSPFv2 for IPv4 and a second instance of OSPFv3 for IPv6
ipv4: router ospf 1
ipv6: ipv6 router ospf 1
Optimization with ipv6 cef (Cisco Express Forwarding)
- no network statements in OSPFv3, this is all done using interface config (also loopbacks) e.g.
New approach router ospfv3 1
- then address-families are configured within ospfv3
- Again no networks are configured only interfaces (also loopbacks)
Security
- Interfaces where no router is to be participating in OSPF
should be declared passive passive-interface.
- No Hello messages are sent out.
- No potential rogue router can form an adjacency and start to corrupt the routing database.
Authentication
- Between to routers or within an area
- Rogue routers can be held out
- SPI (security parameter index) has to be unique
- Relevant with multiple interfaces and on A(S)BRs
- Between routers
- Must match on both ends
- Must match on both ends
- Within area