I am now officially studying for the CCNP Service Provider Track, is a really cool certification with a lot of stuff about OSPF, IS-IS, BGP, and IOS XR. Because IOS XR is something new for me, the best way to digest it, is just setting up a small lab and play with it. I will be using the IOS XR image CSR1000v, running on VMWare workstation. I will not speak about how to set it up, because there are a ton of places on the internet speaking about it, just google it
The blueprint of the OSPF V2 in the exam 642-883 SPROUTE is:
1.1 Describe multi-area OSPFv2 operations
1.2 Implement multi-area OSPFv2 IOS-XR
1.3 Implement different OSPF areas (stubby, totally stubby, NSSA) on IOS-XR
1.4 Implement OSPF neighbor authentication on IOS-XR
1.5 Troubleshoot OSPF IOS-XR configuration errors
Lets Start with the topology:
Is not the coolest topology in the world, but it will allow us to implement all the blue print of OSPF V2.
R1,R2,R4,R5 are running IOS 15, R3 is running IOS XR. All the routers are connected throught ethernet interfaces, but i have configured the network type to point to point explicitly to keep the OSPF database simple.
Every router in the topology has an loopback interface enabled, the loopback interface is part of the routing topology and defines the Router ID value of each router.
Initial Configurations
R1 Config
R1 is the ASBR of the topology, and it will be the connection point with external networks.
interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface GigabitEthernet1/0 ip address 10.162.1.1 255.255.255.248 ip ospf network point-to-point negotiation auto ! interface GigabitEthernet3/0 ip address 10.162.1.18 255.255.255.248 ip ospf network point-to-point negotiation auto ! router ospf 1 router-id 1.1.1.1 network 1.1.1.1 0.0.0.0 area 0 network 10.162.1.0 0.0.0.7 area 0 network 10.162.1.18 0.0.0.0 area 0 !
I have configured the interfaces GigabitEthernet 1/0 , with a wilcard mask that enables the interfaces that fall in the range of the network network 10.162.0.0/29, these networks can be:
10.161.1.0/29
10.162.1.0/30
10.162.1.4/30
And for GigabitEthernet 3/0, I have configured it, with the most specific wilcard mask, that enables only that specific interface.
You can see the diferences between the two diferent ways of enabling ospf in the following output:
R1#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 1.1.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.1.1 0.0.0.0 area 0
10.162.1.0 0.0.0.7 area 0
10.162.1.18 0.0.0.0 area 0
Routing Information Sources:
Gateway Distance Last Update
1.1.1.3 110 00:22:59
1.1.1.2 110 00:19:28
Distance: (default is 110)
You can use the way you prefer, normaly the more specific way is lees error prone.
R2 Config
R2 is an ABR, with two interfaces connected to area 0 and one interface connected to area 1.
interface Loopback0 ip address 1.1.1.2 255.255.255.255 ip ospf 1 area 0 ! interface GigabitEthernet1/0 ip address 10.162.1.2 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 0 negotiation auto ! interface GigabitEthernet2/0 ip address 10.162.1.9 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 0 negotiation auto ! interface GigabitEthernet3/0 ip address 10.162.1.25 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 1 negotiation auto ! router ospf 1 router-id 1.1.1.2 !
In this case, ospf is enabled explicity in every interface with the command ip ospf "process ID" area "area ID", and there is no need to use the network command under the router ospf configuration section. Now the output of the command show ip protocols is a bit different if we compare with R1 output.
R2#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 1.1.1.2
It is an area border router
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
Routing on Interfaces Configured Explicitly (Area 0):
Loopback0
GigabitEthernet2/0
GigabitEthernet1/0
Routing on Interfaces Configured Explicitly (Area 1):
GigabitEthernet3/0
Routing Information Sources:
Gateway Distance Last Update
1.1.1.1 110 00:01:59
1.1.1.3 110 00:01:59
1.1.1.4 110 00:01:49
Distance: (default is 110)
R3 Config
R3 is an ABR with two interfaces connected to area 0 and one interface connected to area 1, but unlike other routers in the topology, R3 is running IOS XR
interface Loopback0 ipv4 address 1.1.1.3 255.255.255.255 ! interface GigabitEthernet0/0/0/0 ipv4 address 10.162.1.10 255.255.255.248 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.162.1.17 255.255.255.248 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.162.1.34 255.255.255.248 ! router ospf 1 router-id 1.1.1.3 area 0 interface Loopback0 ! interface GigabitEthernet0/0/0/0 network point-to-point ! interface GigabitEthernet0/0/0/1 network point-to-point ! ! area 1 interface GigabitEthernet0/0/0/2 network point-to-point ! ! !
In IOS XR the command show ip protocols still works, but the correct command is: show protocols ipv4. And the output is more simple than the IOS version.
RP/0/0/CPU0:R3#show protocols ipv4
Sat Sep 20 19:54:50.337 UTC
Routing Protocol OSPF 1
Router Id: 1.1.1.3
Distance: 110
Non-Stop Forwarding: Disabled
Redistribution:
None
Area 0
Loopback0
GigabitEthernet0/0/0/0
GigabitEthernet0/0/0/1
Area 1
GigabitEthernet0/0/0/2
We can see the status of the interfaces with the command: show ipv4 interface brief. And the output is the same than in IOS.
RP/0/0/CPU0:R3#show ipv4 interface brief Mon Sep 22 21:35:33.493 UTC Interface IP-Address Status Protocol Loopback0 1.1.1.3 Up Up MgmtEth0/0/CPU0/0 unassigned Shutdown Down GigabitEthernet0/0/0/0 10.162.1.10 Up Up GigabitEthernet0/0/0/1 10.162.1.17 Up Up GigabitEthernet0/0/0/2 10.162.1.34 Up Up
We can see one interesting difference between IOS and IOS XR in the following command: show interfaces
This output is from classic IOS:
GigabitEthernet2/0 is up, line protocol is up
Hardware is 82543, address is ca01.3c98.0038 (bia ca01.3c98.0038)
Internet address is 10.162.1.9/29
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
...
...
IOS is showing the MTU, in this case the layer 2 MTU of 1500 Bytes.
And now, the output of the same command in IOS XR:
GigabitEthernet0/0/0/0 is up, line protocol is up
Interface state transitions: 1
Hardware is GigabitEthernet, address is 000c.29fe.b3d3 (bia 000c.29fe.b3d3)
Internet address is 10.162.1.10/29
MTU 1514 bytes, BW 1000000 Kbit (Max: 1000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
...
...
But in IOS XR, it shows the layer 2 MTU of 1514, this means that with the command mtu "number of bytes" under interface configuration in IOS XR we need to include the lenght of the ethernet header, when we are changing the default value of the MTU, whils in Classic IOS not.
We can see easily, the effects of configuring the incorrect mtu in has in the ospf neighbor relationships.
interface GigabitEthernet0/0/0/0 mtu 1500 !
RP/0/0/CPU0:R3#show ipv4 interface gigabitEthernet 0/0/0/0 Mon Sep 22 22:34:04.093 UTC GigabitEthernet0/0/0/0 is Up, ipv4 protocol is Up Vrf is default (vrfid 0x60000000) Internet address is 10.162.1.10/29 MTU is 1500 (1486 is available to IP)
Neighbor ID Pri State Dead Time Address Interface 1.1.1.2 1 EXSTART/ - 00:00:39 10.162.1.9 GigabitEthernet0/0/0/0
Because the MTUs of both routers are different, the neighbor state is stuck in the EXSTART state.
R4 Config
R4 is an internal area 1 router.
interface Loopback0 ip address 1.1.1.4 255.255.255.255 ip ospf 1 area 1 ! interface GigabitEthernet3/0 ip address 10.162.1.26 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 1 negotiation auto ! interface GigabitEthernet4/0 ip address 10.162.1.33 255.255.255.248h ip ospf network point-to-point ip ospf 1 area 1 negotiation auto ! router ospf 1 router-id 1.1.1.4 !
IOS XR OSPF Show Commands
Now OSPF is ready to rock, lets see the commands.
Unlike IOS that all the ospf related commands starts with show ip ospf ...
In IOS XR all the ospf show commands starts with show ospf ...
show route ipv4
Show the IP version 4 routing table, Can anyone tell me the equivalent command for IP version 6?
RP/0/0/CPU0:R3#show route ipv4
Wed Sep 24 00:06:33.401 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
O 1.1.1.1/32 [110/2] via 10.162.1.18, 00:03:51, GigabitEthernet0/0/0/1
O 1.1.1.2/32 [110/2] via 10.162.1.9, 00:04:09, GigabitEthernet0/0/0/0
L 1.1.1.3/32 is directly connected, 00:21:05, Loopback0
O 1.1.1.4/32 [110/2] via 10.162.1.33, 00:04:10, GigabitEthernet0/0/0/2
O 10.162.1.0/29 [110/2] via 10.162.1.9, 00:03:51, GigabitEthernet0/0/0/0
[110/2] via 10.162.1.18, 00:03:51, GigabitEthernet0/0/0/1
C 10.162.1.8/29 is directly connected, 00:21:04, GigabitEthernet0/0/0/0
L 10.162.1.10/32 is directly connected, 00:21:04, GigabitEthernet0/0/0/0
C 10.162.1.16/29 is directly connected, 00:21:04, GigabitEthernet0/0/0/1
L 10.162.1.17/32 is directly connected, 00:21:04, GigabitEthernet0/0/0/1
O 10.162.1.24/29 [110/2] via 10.162.1.33, 00:04:10, GigabitEthernet0/0/0/2
C 10.162.1.32/29 is directly connected, 00:21:04, GigabitEthernet0/0/0/2
L 10.162.1.34/32 is directly connected, 00:21:04, GigabitEthernet0/0/0/2
show ospf neighbor
Shows information of the neighboring routers.
RP/0/0/CPU0:R3#show ospf neighbor
Wed Sep 24 00:20:47.213 UTC
* Indicates MADJ interface
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
1.1.1.2 1 FULL/ - 00:00:37 10.162.1.9 GigabitEthernet0/0/0/0
Neighbor is up for 00:18:24
1.1.1.1 1 FULL/ - 00:00:38 10.162.1.18 GigabitEthernet0/0/0/1
Neighbor is up for 00:18:05
1.1.1.4 1 FULL/ - 00:00:37 10.162.1.33 GigabitEthernet0/0/0/2
Neighbor is up for 00:18:29
Total neighbor count: 3
show ospf interface "interface"
Shows information about the ospf enabled interface.
RP/0/0/CPU0:R3#show ospf interface gigabitEthernet 0/0/0/0
Wed Sep 24 00:27:53.684 UTC
GigabitEthernet0/0/0/0 is up, line protocol is up
Internet Address 10.162.1.10/29, Area 0
Process ID 1, Router ID 1.1.1.3, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT, MTU 1500, MaxPktSz 1500
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Index 3/4, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
LS Ack List: current length 0, high water mark 4
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.2
Suppress hello for 0 neighbor(s)
Multi-area interface Count is 0
show ospf summary
Shows summary information of the ospf processes running in the router.
RP/0/0/CPU0:R3#show ospf summary Wed Sep 24 00:29:22.527 UTC Routing process "ospf 1" Number of OSPF interfaces 4 Number of OSPF interfaces up 4 Number of OSPF virtual interfaces up 0 Number of OSPF sham-link interfaces up 0 Number of neighbors 3 Number of neighbors adjacent 3 Number of areas 2 LSA Type Count Router : 6 Network : 0 Summary Net : 18 Summary ASBR : 0 Type-7 Ext : 0 Opaque Link : 0 Opaque Area : 0 Type-5 Ext : 0 Opaque AS : 0
show ospf databasa
Shows the LSA Database.
RP/0/0/CPU0:R3#show ospf database
Tue Sep 30 20:23:42.303 UTC
OSPF Router with ID (1.1.1.3) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1002 0x80000003 0x00ba52 5
1.1.1.2 1.1.1.2 1000 0x80000003 0x00bf5a 5
1.1.1.3 1.1.1.3 999 0x80000003 0x0052a5 5
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
1.1.1.4 1.1.1.2 1000 0x80000001 0x002d02
1.1.1.4 1.1.1.3 1032 0x80000001 0x002707
10.162.1.24 1.1.1.2 1000 0x80000001 0x002751
10.162.1.24 1.1.1.3 1032 0x80000001 0x002b4b
10.162.1.32 1.1.1.2 1000 0x80000001 0x00e08e
10.162.1.32 1.1.1.3 1362 0x80000001 0x00d09e
...
...
I think these commands and its variants are the more important when working with ospf. Probably i will be missing some one, but now i can not think of anether commands.
Route Sumarization
I have configured some loopback interfaces and published in ospf to simulate some networks.
interface Loopback1 ip address 172.16.0.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! interface Loopback2 ip address 172.16.1.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! interface Loopback3 ip address 172.16.2.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! interface Loopback4 ip address 172.16.3.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 !
We can see R3 is generating a type 3 LSA per network:
172.16.0.0 1.1.1.3 232 0x80000001 0x00ed8a 172.16.1.0 1.1.1.3 393 0x80000001 0x00e294 172.16.2.0 1.1.1.3 338 0x80000001 0x00d79e 172.16.3.0 1.1.1.3 316 0x80000001 0x00cca8
And R4 is receiving this type 3 LSAs from R3
172.16.0.0 1.1.1.3 377 0x80000001 0x00ED8A 172.16.1.0 1.1.1.3 539 0x80000001 0x00E294 172.16.2.0 1.1.1.3 484 0x80000001 0x00D79E 172.16.3.0 1.1.1.3 462 0x80000001 0x00CCA8
We can do route sumarization in R3 because is an ABR and sumarize this four networks in just one summary address: 172.16.0.0/22
router ospf 1 area 0 range 172.16.0.0/22 advertise
And now, R3 is just generating just one type 3 LSA.
172.16.0.0 1.1.1.3 78 0x80000002 0x00dc9d
And R4 is receiving just one type 3 LSA from R3
172.16.0.0 1.1.1.3 471 0x80000002 0x00DC9D
Route Filtering
Inter Area Filtering
We can easilly, do route filtering with the same command but with the option:
range 172.16.0.0/22 not-advertise
And R4 is not receiving any type 3 LSAs for these range of networks.
R4#show ip ospf database adv-router 1.1.1.3
OSPF Router with ID (1.1.1.4) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.3 1.1.1.3 340 0x80000004 0x00C8AC 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.3 340 0x80000004 0x003FEE
1.1.1.2 1.1.1.3 340 0x80000005 0x0033F8
1.1.1.3 1.1.1.3 597 0x80000003 0x00230B
10.162.1.0 1.1.1.3 340 0x80000004 0x001675
10.162.1.8 1.1.1.3 597 0x80000003 0x00BDC7
10.162.1.16 1.1.1.3 597 0x80000003 0x006D10
This type of filtering is really easy, but what happens when the networks are not contiguous. To demostrate how we can acomplish this task, i added some other networks to R4 again with loopback interfaces.
interface Loopback1 ip address 172.16.4.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 1 ! interface Loopback2 ip address 172.16.5.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 1 ! interface Loopback3 ip address 172.16.6.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 1 ! interface Loopback4 ip address 172.16.7.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 1 !
Now we don´t want the 172.16.4.0 and 172.16.7.0 networks advertised to area 0. We can not use the range command with the option not-advertise. But we can use a prefix-set and a route-policy.
prefix-set AREA1_SUBNETS_PSET 172.16.4.0/24, 172.16.7.0/24 end-set
route-policy FILTER_FROM_AREA1
if destination in AREA1_SUBNETS_PSET then
drop
else
pass
endif
end-policy
And we apply the route-policy in the inbound direcction in the area 0 section of the ospf configuration section.
router ospf 1 area 0 route-policy FILTER_FROM_AREA1 in
The LSA database from R3, shows that R3 is not creating the LSAs type 3 in area 0 for these networks.
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
1.1.1.4 1.1.1.3 1206 0x80000009 0x00170f
10.162.1.24 1.1.1.3 1206 0x80000009 0x001b53
10.162.1.32 1.1.1.3 1464 0x80000009 0x00c0a6
172.16.5.0 1.1.1.3 838 0x80000001 0x00b6bc
172.16.6.0 1.1.1.3 838 0x80000001 0x00abc6
And also R1 do not have these two LSAs as well.
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
1.1.1.4 1.1.1.2 1252 0x80000007 0x002108
1.1.1.4 1.1.1.3 1394 0x80000009 0x00170F
10.162.1.24 1.1.1.2 1252 0x80000007 0x001B57
10.162.1.24 1.1.1.3 1394 0x80000009 0x001B53
10.162.1.32 1.1.1.2 1252 0x80000007 0x00D494
10.162.1.32 1.1.1.3 1652 0x80000009 0x00C0A6
172.16.4.0 1.1.1.2 1763 0x80000003 0x00C3AF
172.16.5.0 1.1.1.2 1763 0x80000003 0x00B8B9
172.16.5.0 1.1.1.3 1025 0x80000001 0x00B6BC
172.16.6.0 1.1.1.2 1763 0x80000003 0x00ADC3
172.16.6.0 1.1.1.3 1025 0x80000001 0x00ABC6
172.16.7.0 1.1.1.2 1763 0x80000003 0x00A2CD
We are passing all the routes R3 is receiving from all other areas (area 1 in this case) to a filter, that is preventing them to be advertised to area 0.
But we can achieve the same thing in other way.
router ospf 1 area 1 route-policy FILTER_FROM_AREA1 out
The diferences between the two ways are, in the first way we are preventing the area 1 routers to be advertised to area 0, but it would be advertised to area 2 if we had it. But in the second way we are preventing the prefixes to be advertised to any area.
Intra Area Filtering
In the last examples we were filterinf type 3 LSAs, but sometimes we want to filter intra area routes, because OSPF is a link state protocol and it needs to now the whole topology, we can not stop type 1 and two LSAs from being propagated. In this cases we need to prevent some routes to be entered in the routing table.
R2 has a network connected and we don´t want R3 to send traffic to that network.
interface Loopback1 ip address 172.16.9.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 !
And R3 knows how to route packets to 172.16.9.0/24
RP/0/0/CPU0:R3#show route ipv4 172.16.9.0
Wed Oct 1 00:42:07.631 UTC
Routing entry for 172.16.9.0/24
Known via "ospf 1", distance 110, metric 2, type intra area
Installed Oct 1 00:37:49.449 for 00:04:18
Routing Descriptor Blocks
10.162.1.9, from 1.1.1.2, via GigabitEthernet0/0/0/0
Route metric is 2
prefix-set FROM_R2 172.16.9.0/24 end-set
route-policy FILTER_INTRA_AREA
if destination in FROM_R2 then
drop
else
pass
endif
router ospf 1 area 0 distribute-list route-policy FILTER_INTRA_AREA in
And now, R2 don´t have any more that network in its routing table, but it has the Type 1 LSA in its LSA Database.
RP/0/0/CPU0:R3#sho route ipv4 172.16.9.0 Wed Oct 1 00:51:38.182 UTC % Network not in table
Routing Bit Set on this LSA
LS age: 931
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 1.1.1.2
Advertising Router: 1.1.1.2
LS Seq Number: 8000000c
Checksum: 0xe059
Length: 96
Area Border Router
Number of Links: 6
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.16.9.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
The thing is, filtering intra-area routes is a really good way of creating black holes in your network. We can not stop the flooding of LSAs in the area, so in this case R1 have two paths to the 172.16.9.0, one throught R2 which is the one that R1 have installed in the routing table, and another throught R3. If the link between R1 and R2 goes down, R1 will install the path from R3 and it will send all the packets destined to 172.16.9.0 to R3. But remember, R3 doesn´t know how to reach the 172.16.9.0 and it will drop the packets. The Same behabiour applies to the traffic that comes from Area 1.
Default Routing and Redistribution
R3 is now the ASBR of the topology, it has a defaul route and a connection with some other external networks.
interface Loopback1 ipv4 address 192.168.0.1 255.255.255.0 ! interface Loopback2 ipv4 address 192.168.1.1 255.255.255.0 ! interface Loopback3 ipv4 address 192.168.2.1 255.255.255.0 ! interface Loopback4 ipv4 address 192.168.3.1 255.255.255.0 !
We can create a default route easilly
router static address-family ipv4 unicast 0.0.0.0/0 Null0 ! router ospf 1 default-information originate
If everything is correct, we should have Type 4 and 5 LSAs
R4#show ip ospf database
...
...
Summary ASB Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.3 1.1.1.2 1398 0x80000001 0x001F11
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.3 1403 0x80000001 0x00119B 1
R3 generating the Type 5 LSA indicating it has access to external networks. R2 is generating the Type 4 LSA to indicate to other areas, that it has a path to the ASBR. R3 is not generating this LSA because is connected to and area 1, and routers in area 1 can reach the ASBR with an intra-area route.
To redistribute other networks into ospf, we can use again a route-policy and a prefix-set.
prefix-set LOOPBACKS
192.168.0.0/22 le 24
end-set
route-policy REDISTRIBUTE_LOOPBACKS
if destination in LOOPBACKS then
pass
else
drop
endif
end-policy
!
router ospf 1
redistribute connected route-policy REDISTRIBUTE_LOOPBACKS
In R4´s ospf database we can see the defaul route and the external networks as Type 5 LSAs.
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.3 1494 0x80000003 0x000D9D 1
192.168.0.0 1.1.1.3 462 0x80000001 0x000C25 0
192.168.1.0 1.1.1.3 462 0x80000001 0x00012F 0
192.168.2.0 1.1.1.3 462 0x80000001 0x00F539 0
192.168.3.0 1.1.1.3 462 0x80000001 0x00EA43 0
And the routing table ...
R4#sho ip route ospf 1 | include E2
E1 - OSPF external type 1, E2 - OSPF external type 2
O*E2 0.0.0.0/0 [110/1] via 10.162.1.34, 01:28:20, GigabitEthernet4/0
O E2 192.168.0.0/24 [110/20] via 10.162.1.34, 00:05:01, GigabitEthernet4/0
O E2 192.168.1.0/24 [110/20] via 10.162.1.34, 00:05:01, GigabitEthernet4/0
O E2 192.168.2.0/24 [110/20] via 10.162.1.34, 00:05:01, GigabitEthernet4/0
O E2 192.168.3.0/24 [110/20] via 10.162.1.34, 00:05:01, GigabitEthernet4/0
Stub and totally stubby Areas
I cleared R2, R4 and R3 configuration, R3 is just a ABR, and the ASBR of the topology is R1.
hostname R3 interface Loopback0 ipv4 address 1.1.1.3 255.255.255.255 ! interface GigabitEthernet0/0/0/0 ipv4 address 10.162.1.10 255.255.255.248 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.162.1.17 255.255.255.248 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.162.1.34 255.255.255.248 ! router ospf 1 router-id 1.1.1.3 area 0 interface Loopback0 passive enable ! interface GigabitEthernet0/0/0/0 network point-to-point ! interface GigabitEthernet0/0/0/1 network point-to-point ! ! area 1 interface GigabitEthernet0/0/0/2 network point-to-point ! ! ! end
hostname R1 interface Loopback0 ip address 1.1.1.1 255.255.255.255 ip ospf 1 area 0 ! interface Loopback1 ip address 192.168.0.1 255.255.255.0 ! interface Loopback2 ip address 192.168.1.1 255.255.255.0 ! interface Loopback3 ip address 192.168.2.1 255.255.255.0 ! interface Loopback4 ip address 192.168.3.1 255.255.255.0 ! interface GigabitEthernet1/0 ip address 10.162.1.1 255.255.255.248 ip ospf network point-to-point negotiation auto ! interface GigabitEthernet3/0 ip address 10.162.1.18 255.255.255.248 ip ospf network point-to-point negotiation auto ! router ospf 1 router-id 1.1.1.1 redistribute connected subnets route-map REDISTRIBUTE_LOOPBACKS network 1.1.1.1 0.0.0.0 area 0 network 10.162.1.0 0.0.0.7 area 0 network 10.162.1.18 0.0.0.0 area 0 default-information originate ! ip route 0.0.0.0 0.0.0.0 Null0 ! ip prefix-list LOOPBACKS seq 5 permit 192.168.0.0/22 le 24 ! route-map REDISTRIBUTE_LOOPBACKS permit 10 match ip address prefix-list LOOPBACKS !
hostname R2 ! interface Loopback0 ip address 1.1.1.2 255.255.255.255 ip ospf 1 area 0 ! interface GigabitEthernet1/0 ip address 10.162.1.2 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 0 negotiation auto ! interface GigabitEthernet2/0 ip address 10.162.1.9 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 0 negotiation auto ! interface GigabitEthernet3/0 ip address 10.162.1.25 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 1 negotiation auto ! router ospf 1 router-id 1.1.1.2 !
hostname R4 ! interface Loopback0 ip address 1.1.1.4 255.255.255.255 ip ospf 1 area 1 ! interface GigabitEthernet3/0 ip address 10.162.1.26 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 1 negotiation auto ! interface GigabitEthernet4/0 ip address 10.162.1.33 255.255.255.248 ip ospf network point-to-point ip ospf 1 area 1 negotiation auto ! interface GigabitEthernet5/0 no ip address shutdown negotiation auto ! router ospf 1 router-id 1.1.1.4 !
Stub Areas
To make area 1 a stub area, we need to modify the configuration of R3, R2 and R4.
R3 Config:
router ospf 1 area 1 stub
R2 Config:
router ospf 1 router-id 1.1.1.2 area 1 stub
R4 Config
router ospf 1 router-id 1.1.1.4 area 1 stub
R4 ospf database do not have any external routes or default external route, it only has two default routes in the form of type 3 LSAs.
R4#show ip ospf database
OSPF Router with ID (1.1.1.4) (Process ID 1)
...
...
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 1.1.1.2 367 0x80000001 0x008DAB
0.0.0.0 1.1.1.3 591 0x80000001 0x0087B0
...
...
R4#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.162.1.34 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/2] via 10.162.1.34, 00:03:08, GigabitEthernet4/0
[110/2] via 10.162.1.25, 00:03:08, GigabitEthernet3/0
...
...
And this is a simplified capture of the command show ospf of R3. Where we can see that area 1 is indeed a stub area.
...
...
Area 1
Number of interfaces in this area is 1
It is a stub area
generates stub default route with cost 1
SPF algorithm executed 24 times
Number of LSA 17. Checksum Sum 0x0ca0cd
Number of opaque link LSA 0. Checksum Sum 00000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Number of LFA enabled interfaces 0, LFA revision 0
Number of Per Prefix LFA enabled interfaces 0
Number of neighbors forming in staggered mode 0, 1 full
Another interesting thing that we can see in this output from R1, is that the ABRs connected to the stub area don´t generate anymore the type 4 LSA to indicate to area 1 routers they have a path to the ASBR.
R1#show ip ospf database asbr-summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
But before we made area 1 a stub area, it was there. Like we can see in the following output.
R1#show ip ospf database asbr-summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
Summary ASB Link States (Area 0)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 18
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 1.1.1.4 (AS Boundary Router address)
Advertising Router: 1.1.1.2
LS Seq Number: 80000001
Checksum: 0x151A
Length: 28
Network Mask: /0
MTID: 0 Metric: 1
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 17
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 1.1.1.4 (AS Boundary Router address)
Advertising Router: 1.1.1.3
LS Seq Number: 80000001
Checksum: 0xF1F
Length: 28
Network Mask: /0
MTID: 0 Metric: 1
Totally Stubby Areas
We can simplify more the ospf database making area 1 a totally stubby area. To do this we only have to modify R3 and R2 configurations.
R3 Config:
router ospf 1 area 1 stub no-summary ! ! end
R2 Config:
router ospf 1 router-id 1.1.1.4 area 1 stub no-summary
The output of show ospf from R3
Area 1
Number of interfaces in this area is 1
It is a stub area, no summary LSA in this area
generates stub default route with cost 1
SPF algorithm executed 26 times
Number of LSA 5. Checksum Sum 0x03ad63
Number of opaque link LSA 0. Checksum Sum 00000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Number of LFA enabled interfaces 0, LFA revision 0
Number of Per Prefix LFA enabled interfaces 0
Number of neighbors forming in staggered mode 0, 1 full
And the ospf database from R4, shows no LSAs type 4 and 5, and no type 3 LSAs apart of two type 3 LSAs in the form of two default routes to the ABRs.
OSPF Router with ID (1.1.1.4) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.2 1.1.1.2 659 0x80000006 0x00C3C4 2
1.1.1.3 1.1.1.3 1388 0x8000000B 0x00D897 2
1.1.1.4 1.1.1.4 657 0x8000000B 0x00BCF0 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 1.1.1.2 1345 0x80000003 0x0089AD
0.0.0.0 1.1.1.3 1390 0x80000003 0x0083B2
And R4 routing table shows, just two routes learned from ospf.
R4#sho ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.162.1.34 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/2] via 10.162.1.34, 00:24:57, GigabitEthernet4/0
[110/2] via 10.162.1.25, 00:24:18, GigabitEthernet3/0
Not so Stubby Areas
I changed the configuration of R4 to redistribute external networks and area 1 is a nssa area.
interface Loopback1 ip address 172.16.0.1 255.255.255.0 ! interface Loopback2 ip address 172.16.1.1 255.255.255.0 interface Loopback3 ip address 172.16.2.1 255.255.255.0 ! interface Loopback4 ip address 172.16.3.1 255.255.255.0 ! router ospf 1 redistribute connected subnets route-map REDISTRIBUTE_LOOPBACKS area 1 nssa ip prefix-list LOOPBACKS seq 5 permit 172.16.0.0/22 le 24 route-map REDISTRIBUTE_LOOPBACKS permit 10 match ip address prefix-list LOOPBACKS
And we change the area type of R3, R2 and R1 to a nssa.
hostname R3 router ospf 1 area 1 nssa
hostname R2 router ospf 1 area 1 nssa
hostname R1 router ospf 1 area 1 nssa
with all these commands we made area 1 a not so stubby area. Lets see how is the ospf database and the routing table in the area 1 and area 0 routers.
We can see in the output below, the Type 7 LSAs that correspond to the external networks that we are redistributing into ospf and like we were expecting, no type 4 and 5 LSAs. Another thing we can see in the lsa database, is that R4 doesn´t have a default route. We will check why later.
R4#show ip ospf database
OSPF Router with ID (1.1.1.4) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.2 1.1.1.2 741 0x80000009 0x004B30 2
1.1.1.3 1.1.1.3 1203 0x80000008 0x006CFC 2
1.1.1.4 1.1.1.4 1085 0x8000000B 0x004A59 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.2 736 0x80000001 0x00F03B
1.1.1.1 1.1.1.3 1203 0x80000001 0x00EA40
1.1.1.2 1.1.1.2 736 0x80000001 0x00DC4F
1.1.1.2 1.1.1.3 741 0x80000001 0x00E049
1.1.1.3 1.1.1.2 736 0x80000001 0x00DC4D
1.1.1.3 1.1.1.3 1203 0x80000001 0x00CC5D
10.162.1.0 1.1.1.2 736 0x80000001 0x00BDCC
10.162.1.0 1.1.1.3 1203 0x80000001 0x00C1C6
10.162.1.8 1.1.1.2 736 0x80000001 0x006D15
10.162.1.8 1.1.1.3 1203 0x80000001 0x00671A
10.162.1.16 1.1.1.2 736 0x80000001 0x002752
10.162.1.16 1.1.1.3 1203 0x80000001 0x001762
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
172.16.0.0 1.1.1.4 1298 0x80000001 0x00F9D1 0
172.16.1.0 1.1.1.4 1298 0x80000001 0x00EEDB 0
172.16.2.0 1.1.1.4 1298 0x80000001 0x00E3E5 0
172.16.3.0 1.1.1.4 1298 0x80000001 0x00D8EF 0
R3 because is an ABR, it has the Type 7 LSAs that R4 is generating, and these same LSAs, translated to type 5 by itself. The ABR with the highest router-id is making the transllation (in the case that we have more than one :)). We can see, R3 is not generating the default route for area 1.
RP/0/0/CPU0:R3#show ospf database
Mon Oct 6 22:41:06.334 UTC
OSPF Router with ID (1.1.1.3) (Process ID 1)
...
...
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.4 1.1.1.4 414 0x8000000d 0x00465b 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.2 996 0x80000001 0x00f03b
1.1.1.1 1.1.1.3 1461 0x80000001 0x00ea40
1.1.1.2 1.1.1.2 996 0x80000001 0x00dc4f
1.1.1.2 1.1.1.3 999 0x80000001 0x00e049
1.1.1.3 1.1.1.2 996 0x80000001 0x00dc4d
1.1.1.3 1.1.1.3 1461 0x80000001 0x00cc5d
10.162.1.0 1.1.1.2 996 0x80000001 0x00bdcc
10.162.1.0 1.1.1.3 1461 0x80000001 0x00c1c6
10.162.1.8 1.1.1.2 996 0x80000001 0x006d15
10.162.1.8 1.1.1.3 1461 0x80000001 0x00671a
10.162.1.16 1.1.1.2 996 0x80000001 0x002752
10.162.1.16 1.1.1.3 1461 0x80000001 0x001762
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
172.16.0.0 1.1.1.4 1558 0x80000001 0x00f9d1 0
172.16.1.0 1.1.1.4 1558 0x80000001 0x00eedb 0
172.16.2.0 1.1.1.4 1558 0x80000001 0x00e3e5 0
172.16.3.0 1.1.1.4 1558 0x80000001 0x00d8ef 0
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 1879 0x80000004 0x001794 1
172.16.0.0 1.1.1.3 1460 0x80000001 0x009442 0
172.16.1.0 1.1.1.3 1460 0x80000001 0x00894c 0
172.16.2.0 1.1.1.3 1460 0x80000001 0x007e56 0
172.16.3.0 1.1.1.3 1460 0x80000001 0x007360 0
192.168.0.0 1.1.1.1 1879 0x80000004 0x00121e 0
192.168.1.0 1.1.1.1 1879 0x80000004 0x000728 0
192.168.2.0 1.1.1.1 1879 0x80000004 0x00fb32 0
192.168.3.0 1.1.1.1 1879 0x80000004 0x00f03c 0
We can see the external routes from R4 as OSPF N2 in R3 routing table.
RP/0/0/CPU0:R3#sho route ipv4 ospf Tue Oct 7 00:09:05.962 UTC ... ... O N2 172.16.0.0/24 [110/20] via 10.162.1.33, 01:52:20, GigabitEthernet0/0/0/2 O N2 172.16.1.0/24 [110/20] via 10.162.1.33, 01:52:20, GigabitEthernet0/0/0/2 O N2 172.16.2.0/24 [110/20] via 10.162.1.33, 01:52:20, GigabitEthernet0/0/0/2 O N2 172.16.3.0/24 [110/20] via 10.162.1.33, 01:52:20, GigabitEthernet0/0/0/2 O E2 192.168.0.0/24 [110/20] via 10.162.1.18, 03:39:23, GigabitEthernet0/0/0/1 O E2 192.168.1.0/24 [110/20] via 10.162.1.18, 03:39:23, GigabitEthernet0/0/0/1 O E2 192.168.2.0/24 [110/20] via 10.162.1.18, 03:39:23, GigabitEthernet0/0/0/1 O E2 192.168.3.0/24 [110/20] via 10.162.1.18, 03:39:23, GigabitEthernet0/0/0/1
R2, the same as R3.
R2#show ip ospf database
OSPF Router with ID (1.1.1.2) (Process ID 1)
...
...
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.4 1.1.1.4 1899 0x8000000B 0x004A59 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.2 1549 0x80000001 0x00F03B
1.1.1.1 1.1.1.3 30 0x80000002 0x00E841
1.1.1.2 1.1.1.2 1549 0x80000001 0x00DC4F
1.1.1.2 1.1.1.3 1556 0x80000001 0x00E049
1.1.1.3 1.1.1.2 1549 0x80000001 0x00DC4D
1.1.1.3 1.1.1.3 30 0x80000002 0x00CA5E
10.162.1.0 1.1.1.2 1549 0x80000001 0x00BDCC
10.162.1.0 1.1.1.3 30 0x80000002 0x00BFC7
10.162.1.8 1.1.1.2 1549 0x80000001 0x006D15
10.162.1.8 1.1.1.3 30 0x80000002 0x00651B
10.162.1.16 1.1.1.2 1549 0x80000001 0x002752
10.162.1.16 1.1.1.3 30 0x80000002 0x001563
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
172.16.0.0 1.1.1.4 144 0x80000002 0x00F7D2 0
172.16.1.0 1.1.1.4 144 0x80000002 0x00ECDC 0
172.16.2.0 1.1.1.4 144 0x80000002 0x00E1E6 0
172.16.3.0 1.1.1.4 144 0x80000002 0x00D6F0 0
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 400 0x80000005 0x001595 1
172.16.0.0 1.1.1.3 29 0x80000002 0x009243 0
172.16.1.0 1.1.1.3 29 0x80000002 0x00874D 0
172.16.2.0 1.1.1.3 29 0x80000002 0x007C57 0
172.16.3.0 1.1.1.3 29 0x80000002 0x007161 0
192.168.0.0 1.1.1.1 400 0x80000005 0x00101F 0
192.168.1.0 1.1.1.1 400 0x80000005 0x000529 0
192.168.2.0 1.1.1.1 400 0x80000005 0x00F933 0
192.168.3.0 1.1.1.1 400 0x80000005 0x00EE3D 0
But R2 shows the external routes from R4 as E2.
R2#sho ip route ospf
...
...
172.16.0.0/24 is subnetted, 4 subnets
O E2 172.16.0.0 [110/20] via 10.162.1.26, 00:39:43, GigabitEthernet3/0
O E2 172.16.1.0 [110/20] via 10.162.1.26, 00:39:35, GigabitEthernet3/0
O E2 172.16.2.0 [110/20] via 10.162.1.26, 00:39:28, GigabitEthernet3/0
O E2 172.16.3.0 [110/20] via 10.162.1.26, 00:39:17, GigabitEthernet3/0
Here as we were expecting, the external routes that come from area 1 as type 5 LSA in the LSA Database of one area 0 routers.
R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
...
...
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 560 0x80000005 0x001595 1
172.16.0.0 1.1.1.3 190 0x80000002 0x009243 0
172.16.1.0 1.1.1.3 190 0x80000002 0x00874D 0
172.16.2.0 1.1.1.3 190 0x80000002 0x007C57 0
172.16.3.0 1.1.1.3 190 0x80000002 0x007161 0
192.168.0.0 1.1.1.1 560 0x80000005 0x00101F 0
192.168.1.0 1.1.1.1 560 0x80000005 0x000529 0
192.168.2.0 1.1.1.1 560 0x80000005 0x00F933 0
192.168.3.0 1.1.1.1 560 0x80000005 0x00EE3D 0
And we can see the routes as External Type 2 in the routing table of R1.
R1#show ip route ospf
...
...
O E2 172.16.0.0 [110/20] via 10.162.1.17, 01:48:29, GigabitEthernet3/0
[110/20] via 10.162.1.2, 01:40:43, GigabitEthernet1/0
O E2 172.16.1.0 [110/20] via 10.162.1.17, 01:48:29, GigabitEthernet3/0
[110/20] via 10.162.1.2, 01:40:43, GigabitEthernet1/0
O E2 172.16.2.0 [110/20] via 10.162.1.17, 01:48:29, GigabitEthernet3/0
[110/20] via 10.162.1.2, 01:40:43, GigabitEthernet1/0
O E2 172.16.3.0 [110/20] via 10.162.1.17, 01:48:29, GigabitEthernet3/0
[110/20] via 10.162.1.2, 01:40:43, GigabitEthernet1/0
We still have an issue to resolve, area 1 internal routers doesn´t have an external route and they can´t to comunicate with networks out of the ospf domain. Well the thing is, we don´t have a default route in the nssa area becouse we didn´t tell to the ABRs they have to generate one. In order to acomplish this task we have to change the configuration in R2 and R3 just a litle.
hostname R3 router ospf 1 area 1 nssa default-information-originate
hostname R2 router ospf 1 area 1 nssa default-information-originate
And now, the missing defaul route is injected into area 1, in the form of LSA type 7 for each of the ABRs
R2#show ip ospf database
OSPF Router with ID (1.1.1.2) (Process ID 1)
...
...
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.2 834 0x80000001 0x00E8C3 0
0.0.0.0 1.1.1.3 867 0x80000001 0x00E2C8 0
172.16.0.0 1.1.1.4 760 0x80000001 0x00F9D1 0
172.16.1.0 1.1.1.4 753 0x80000001 0x00EEDB 0
172.16.2.0 1.1.1.4 745 0x80000001 0x00E3E5 0
172.16.3.0 1.1.1.4 734 0x80000001 0x00D8EF 0
...
...
R4 routing table, shows one default route, to each of the ABRs.
R4#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.162.1.34 to network 0.0.0.0
O*N2 0.0.0.0/0 [110/1] via 10.162.1.34, 00:18:32, GigabitEthernet4/0
[110/1] via 10.162.1.25, 00:18:32, GigabitEthernet3/0
Totally Not so Stubby Areas
We just need to change the configuration of R2 and R3.
hostname R3 router ospf 1 area 1 nssa no-summary
hostname R2 router ospf 1 area 1 nssa no-summary
R4 LSA database just contain LSAs Type 1, LSAs Type 7, and two default routes in the form of LSAs Type 3.
R4#show ip ospf database
OSPF Router with ID (1.1.1.4) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.2 1.1.1.2 1871 0x80000007 0x004F2E 2
1.1.1.3 1.1.1.3 1842 0x80000007 0x006EFB 2
1.1.1.4 1.1.1.4 1864 0x80000009 0x004E57 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 1.1.1.2 131 0x80000003 0x00111E
0.0.0.0 1.1.1.3 92 0x80000003 0x000B23
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
172.16.0.0 1.1.1.4 1864 0x80000004 0x00F3D4 0
172.16.1.0 1.1.1.4 1864 0x80000004 0x00E8DE 0
172.16.2.0 1.1.1.4 1864 0x80000004 0x00DDE8 0
172.16.3.0 1.1.1.4 1864 0x80000004 0x00D2F2 0
Authentication
OSPF support plain text authentication and MD5 authentication at interface and area level. We only configure MD5 authenthication, nobody in their right mind will use plain text authentication nowadays.
MD5 Area Authentication
Lets start with IOS XR, you just need two commands at area level configuration section in IOS XR to enable area authentication, and all the interfaces asociated with that area will start to send authenticated ospf packets. And also you can configure it in the router ospf configuration section and all the interfaces in all areas will send autenticated packets. One important thing to remenber is, that the key index needs to match in all the R3 neighbors. If we want to use a different key index, we have to configure it at interface level, to superseed the area level configuration, and use the same key index in the neighboring router.
hostname R3 area 0 authentication message-digest message-digest-key 1 md5 helloospf
In classic IOS we have to type the same commands but in different places. First enable ospf md5 authentication for a given area at router configuration section, and then configure every interface associated with that area explicitily with the command: ip ospf message-digest-key 1 md5 helloospf at interface configuration level.
hostname R1 interface GigabitEthernet1/0 ip ospf message-digest-key 1 md5 helloospf ! interface GigabitEthernet3/0 ip ospf message-digest-key 1 md5 helloospf ! router ospf 1 area 0 authentication message-digest !
hostname R2 interface GigabitEthernet1/0 ip ospf message-digest-key 1 md5 helloospf ! interface GigabitEthernet2/0 ip ospf message-digest-key 1 md5 helloospf ! router ospf 1 area 0 authentication message-digest !
And after configuring area authentication, we can see that R3 still have neighbors ...
RP/0/0/CPU0:R3#sho ospf neighbor
Mon Oct 6 21:44:52.255 UTC
* Indicates MADJ interface
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
1.1.1.2 1 FULL/ - 00:00:38 10.162.1.9 GigabitEthernet0/0/0/0
Neighbor is up for 01:15:06
1.1.1.1 1 FULL/ - 00:00:36 10.162.1.18 GigabitEthernet0/0/0/1
Neighbor is up for 01:15:10
1.1.1.4 1 FULL/ - 00:00:36 10.162.1.33 GigabitEthernet0/0/0/2
Neighbor is up for 01:09:38
Total neighbor count: 3
And authentication is enabled on all area 0 interfaces.
RP/0/0/CPU0:R3#show ospf 1 0 interface
Mon Oct 6 21:59:25.115 UTC
Interfaces for OSPF 1
Loopback0 is up, line protocol is up
Internet Address 1.1.1.3/32, Area 0
Process ID 1, Router ID 1.1.1.3, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
GigabitEthernet0/0/0/0 is up, line protocol is up
Internet Address 10.162.1.10/29, Area 0
Process ID 1, Router ID 1.1.1.3, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT, MTU 1500, MaxPktSz 1500
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Index 3/4, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 2, maximum is 6
Last flood scan time is 0 msec, maximum is 0 msec
LS Ack List: current length 0, high water mark 4
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.2
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
Multi-area interface Count is 0
GigabitEthernet0/0/0/1 is up, line protocol is up
Internet Address 10.162.1.17/29, Area 0
Process ID 1, Router ID 1.1.1.3, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT, MTU 1500, MaxPktSz 1500
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Index 2/3, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 2, maximum is 3
Last flood scan time is 0 msec, maximum is 0 msec
LS Ack List: current length 0, high water mark 6
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
Multi-area interface Count is 0
MD5 Interface Authentication
To enable interface authentication we have to use the same commands, with the only diference that we have to type both of them in the same section. In the case of IOS XR is done inside the area hierarchy, under the interfaces assigned to each area.
hostname R3 area 1 interface GigabitEthernet0/0/0/2 authentication message-digest message-digest-key 2 md5 hello
hostname R2 interface GigabitEthernet3/0 ip ospf authentication message-digest ip ospf message-digest-key 2 md5 hello !
hostname R4 interface GigabitEthernet3/0 ip ospf authentication message-digest ip ospf message-digest-key 2 md5 hello ! interface GigabitEthernet4/0 ip ospf authentication message-digest ip ospf message-digest-key 2 md5 hello !
We can see that we still have neigboors, after configuring md5 interface authentication.
R4#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 1.1.1.3 0 FULL/ - 00:00:39 10.162.1.34 GigabitEthernet4/0 1.1.1.2 0 FULL/ - 00:00:37 10.162.1.25 GigabitEthernet3/0
And here is the output of the command show osp interface of R3 where we can see that authentication is enabled for that interface.
RP/0/0/CPU0:R3#show ospf interface GigabitEthernet 0/0/0/2
Mon Oct 6 20:43:18.558 UTC
GigabitEthernet0/0/0/2 is up, line protocol is up
Internet Address 10.162.1.34/29, Area 1
Process ID 1, Router ID 1.1.1.3, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT, MTU 1500, MaxPktSz 1500
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Index 1/2, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
LS Ack List: current length 0, high water mark 3
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.4
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 2
Multi-area interface Count is 0
Thats it. It´s been a long post. The next one will be shorter, i promiss.
No comments:
Post a Comment