Presentation on theme: "Advanced Features of OSPF Protocol"— Presentation transcript:
1Advanced Features of OSPF Protocol Evaluating OSPFAdvanced Features of OSPF Protocol
2Our routing study thus far - idealization all routers identicalnetwork “flat”… not true in practiceadministrative autonomy – Autonomous Systems(AS)internet = network of networkseach network admin may want to control routing in its own networkscale: with 200 million destinations:can’t store all destinations in routing tables!routing table exchange would swamp links!
3OSPF Advanatages No limitation on hop count Supports classless (VLSM) routingRouting updates sent only when there is a change or very rarelyFaster convergenceBetter load balancingLogical definition of areasAuthentication and external routes taggingOSPF addresses most of the issues not included in RIP:1. With OSPF, there is no limitation on the hop count.2. The intelligent use of VLSM is very useful in IP address allocation.3. OSPF uses IP multicast to send link-state updates. This ensures less processing on routers that are not listening to OSPF packets. Also, updates are only sent in case routing changes occur, instead of periodically. This ensures a better use of the bandwidth.4. OSPF has better convergence than RIP. This is because routing changes are propagated instantaneously and not periodically.5. OSPF allows for better load balancing. It can use different metrics and supports multipath.6. OSPF allows for a logical definition of networks where routers can be divided into areas. This will limit the explosion of link state updates over the whole network. This also provides a mechanism for aggregating routes and cutting down on the unnecessary propagation of subnet information.7. OSPF allows for routing authentication by using different methods of password authentication.8. OSPF allows for the transfer and tagging of external routes injected into an Autonomous System. This keeps track of external routes injected by exterior protocols such as BGP.
4Review: Evaluation Criteria for Routing Protocols BandwidthMetric calculationSharing and managing routing informationScalabilityConvergencePerformanceHierarchyAdministration and ManagementHardware and software resourcesReliabilitySecurity
5OSPF - Link State Protocol an interface on the routerLink statedescription of the interface and the neighboring routersIP address, mask, type, routers connected toLink state databasecollection of link state advertisement for all routers and networksOSPF is a link-state protocol. We could think of a link as being an interface on the router. The state of the link is a description of that interface (e.g., the router's usable interfaces and reachable neighbors. A description of the interface would include, for example, the IP address of the interface, the mask, the type of network it is connected to, the routers connected to that network and so on. The collection of all these link-states would form a link-state database.
6OSPF Basic Configuration Example router ospf 63network area 1network area 0network area 1Area 0Area 1E1T0E0E2Router (config) #router ospf process-idRouter (config-router) # network address wildcard-maskarea area-idWild card mask: inverse of subnet mask
7Bandwidth- The Metrics in OSPF formula: cost = 108 /bandwidth in bps56 Kbps serial link64 Kbps serial linkT1 (1.544 Mbps serial link)E1 (2.048 Mbps serial link)4 Mbps token ringEthernet16 Mbps token ringFDDIThe faster the link, smaller is the number => more desirable is the routeThe metric (cost) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The metric of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is higher cost and time delays involved in crossing a 56k serial line than crossing a 10M Ethernet line. The formula used to calculate the cost is:cost = / bandwidth (in bits per second)For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and will cost 108/ = 64 to cross a T1 line.By default, the cost of an interface is calculated based on the bandwidth. However the network administrator can force another cost for an interface.
8OSPF Metric - OptimisingBandwidth /24Lo0Fa0/0.1R2S0/0/0S0/0/1DCE/30/3064kbps128kbps.2.9S0/0/0DCEFa0/0S0/0/1Fa0/0.17.1.10.33R1R3/28S0/0/1S0/0/0DCE/29.5.6Lo0/30Lo0256kbpsWhen the serial interface is not actually operating at the default T1 speed, the interface requires manual modification. Both sides of the link should be configured to have the same value. Both the bandwidth interface command or the ip ospf cost interface command achieve this purpose - an accurate value for use by OSPF in determining the best route.The bandwidth command is used to modify the bandwidth value used by the IOS in calculating the OSPF cost metric.Router(config-if)#bandwidth bandwidth-kbpsFor R1, the show ip ospf interface command shows that the cost of the Serial 0/0/0 link is now 1562, the result of the Cisco OSPF cost calculation 100,000,000/64,000.When you are using the bandwidth of the interface to determine OSPF cost, always remember to use the bandwidth value interface command to accurately define the bandwidth of the interface (in kbps).If interfaces that are faster than 100 Mbps are being used, you should use the auto-cost reference-bandwidth ref-bw command on all routers in the network to ensure accurate route calculations. The ref-bw is a reference bandwidth in megabits per second, and ranges from 1 to 4,294,967. You must apply the same reference bandwidth to all OSPF routers in the domain to get the desired results.To override the default cost, manually define the cost using the ip ospf cost interface-cost command on a per-interface basis. The cost value is an integer from 1 to 65,535. The lower the number, the better the link and more strongly preferred.R1(config-router) auto-cost reference-bandwidth
9OSPF Metric - Cost R2 64kbps 128kbps R1 R3 256kbps 10.10.10.0/24 Lo0Fa0/0.1R2S0/0/0S0/0/1DCE/30/3064kbps128kbps.2.9S0/0/0DCEFa0/0S0/0/1Fa0/0.17.1.10.33R1R3/28S0/0/1S0/0/0DCE/29.5.6Lo0/30Lo0256kbpsAn alternative method to using the bandwidth command is to use the ip ospf cost command, which allows you to directly specify the cost of an interface. For example, R1 Serial 0/0/0 could be configured with the following command:R1(config)#interface serial 0/0/0R1(config-if)#ip ospf cost 1562The ip ospf cost command is useful in multi-vendor environments where non-Cisco routers use a metric other than bandwidth to calculate the OSPF costs.The main difference between the two commands is that the bandwidth command uses the result of the cost calculation to determine the cost of the link. The ip ospf cost command bypasses this calculation by directly setting the cost of the link to a specific value.
10Load Balancing and Link Cost OSPF allows for Equal-Cost load balancing.R6 has two routers to R7 networksThru R5-R4Thru R4-R7Which path will be taken?If you want to load-balance using both paths:R6 needs to believe that the path cost through R5 and R4 are the same. Artificially increase the cost of the currently preferred link of R6, usingIP ospf cost command,Once the cost of the current preferred link is increased (made worse) and is made the same as the other path, equal cost load balancing will automatically begin. 500 Kbps1.5Mbps
11Bandwidth: Managing Routing information Routing information is not exchanged in form of routes (Which protocol does that?)Each router generates link-state advertisements containing elements of network topologyroutersneighbor relationshipsConnected subnets and OthersLink-state advertisements are flooded to all routers when areas are not configured: Issue : LSA flooding -> hampers performanceLink-state database is used for storing network topology informationDijkstra’a SPF (Shortest path first) algorithm used to compute shortest path in terms of COST (OSPF metric), and result stored in RIB(routing information database)OSPF RIB is collection of best paths to each destination, installed in Routing tableWhen information in link state database changes, only a partial calculation is necessaryOSPF uses a link-state algorithm in order to build and calculate the shortest path to all known destinations. The algorithm by itself is quite complicated. The following is a very high level, simplified way of looking at the various steps of the algorithm:1- Upon initialization or due to any change in routing information, a router will generate a link-state advertisement (LSA). A router generates an LSA periodically, as well as in response to the discovery of a new neighbor, a link, when a neighbor changes state from up to down or vice versa, or when a link metric changes value. Two routers are neighbors when they have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's Hello Protocol. This advertisement will represent the collection of all link-states on that router.2- All routers will exchange link-states by means of flooding. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers. Each participating router must have an identical database.3- After the database of each router is completed, the router will calculate a Shortest Path Tree to all destinations. All routers run the same algorithm, in parallel. The router uses the Dijkstra algorithm to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations will form the IP routing table.4- In case no changes in the OSPF network occur, such as cost of a link or a network being added or deleted, OSPF should be very quiet. Any changes that occur are communicated via link-state packets, and the Dijkstra algorithm is recalculated to find the shortest path.
12Issue: Performance - Flooding LSAs Multi-Access Networks:To avoid flooding LSAs to all routers in the network,Routers are designated:Election of DR (Designated Router)- Routers send LSAs to the DR using the multicast addressBDR (Backup Designated Router) : back up for DR, if DR failsR5 - LSAR5 - LSADRR1BDRR2R5 - LSAR5On multiaccess networks, OSPF elects a Designated Router (DR) to be the collection and distribution point for LSAs sent and received.A Backup Designated Router (BDR) is also elected in case the Designated Router fails.All other routers become DROthers (this indicates a router that is neither the DR or the BDR). DROthers only form full adjacencies with the DR and BDR in the network. This means that instead of flooding LSAs to all routers in the network, DROthers only send their LSAs to the DR and BDR using the multicast address (ALLDRouters - All DR routers).In the slide, R5 sends LSAs to the DR. The BDR listens as well. The DR is responsible for forwarding the LSAs from R5 to all other routers.The DR uses the multicast address (AllSPFRouters - All OSPF routers). The end result is that there is only one router doing all of the flooding of all LSAs in the multiaccess network.R3DRotherR5 - LSADRotherR4The DR is responsible for forwarding the LSAs from R1 to all other routers. The DR uses the multicast addressDRotherR5 - LSA
13Hierarchical Structure Introduced to put a boundary on the explosion of link-state updatesEvery area is connected to the backbone areaBackboneArea #0OSPF allows collections of contiguous networks and hosts to be grouped together. Such a group, together with the routers having interfaces to any one of the included networks, is called an area. Areas are introduced to put a boundary on the explosion of link-state updates. Each area runs a separate copy of the basic link-state routing algorithm. This means that each area has its own link-state database and corresponding graph, as explained in the previous section. The topology of an area is invisible from the outside of the area. Conversely, routers internal to a given area know nothing of the detailed topology external to the area. This isolation of knowledge enables the protocol to effect a marked reduction in routing traffic as compared to treating the entire Autonomous System as a single link-state domain.With the introduction of areas, it is no longer true that all routers in the AS have an identical link-state database. A router actually has a separate link-state database for each area it is connected to.Area #2Area #1Area #3
14OSPF Areas The border area is OSPF area 0 all routers belonging to the same area have identical databaseSPF calculations are performed separately for each areaLSA flooding is bounded by areaOSPF has special restrictions when multiple areas are involved. If more than one area is configured, one of these areas has be to be a backbone are. The OSPF backbone is the special OSPF Area 0 (often written as Area , since OSPF Area ID's are typically formatted as IP addresses).When designing networks it is good practice to start with area 0 and then expand into other areas later on. The backbone has to be at the center of all other areas, i.e. all areas have to be physically connected to the backbone. The reasoning behind this is that OSPF expects all areas to inject routing information into the backbone and in turn the backbone will disseminate that information into other areas.The OSPF backbone always contains all area border routers. The backbone is responsible for distributing routing information between non-backbone areas. The backbone must be contiguous. However, it need not be physically contiguous; backbone connectivity can be established/maintained through the configuration of virtual links.Two routers belonging to the same area have, for that area, identical area link-state databases.
15OSPF Router TypesOSPF routers are categorized based on the function they perform in the routing domain.The four different types of OSPF routers are:Internal routers: Routers that have all their interfaces in the same area and have identical LSDBs. Backbone routers: Routers that sit on the perimeter of the backbone area and have at least one interface connected to area 0. Backbone routers maintain OSPF routing information using the same procedures and algorithms as internal routers. Area border routers: Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each area to which they connect, and route traffic destined to or arriving from other areas. Area border routers (ABRs) are exit points for the area, which means that routing information destined for another area can get there only via the ABR of the local area.ABRs can be configured to summarize the routing information from the LSDBs of their attached areas. ABRs distribute the routing information into the backbone. The backbone routers then forward the information to the other ABRs. In a multiarea network, an area can have one or more ABRs.Autonomous System Boundary Routers: Routers that have at least one interface attached to an external internetwork (another autonomous system), such as a non-OSPF network. Autonomous system boundary routers (ASBRs) can import non-OSPF network information to the OSPF network and vice versa; this process is called route redistribution.A router can exist as more than one router type. For example, if a router interconnects to area 0 and area 1, in addition to a non-OSPF network, it is both an ABR and an ASBR.A router has a separate LSDB for each area to which it connects; therefore, an ABR could have one LSDB for area 0 and another LSDB for another area in which it participates. Two routers belonging to the same area maintain identical LSDBs for that area.An LSDB is synchronized between pairs of adjacent routers. On broadcast networks like Ethernet, an LSDB is synchronized between the router that is not a DR or a BDR (that is, a DROTHER) and its DR and BDR.
16OSPF: Multiple AreasTwo-level hierarchy: local area, also called backbone.areaLink-state advertisements only in areaeach nodes has detailed area topology;only knows direction (shortest path) to networks in other areas.Area border routers (ABR): “summarize” distances to networks in own area, advertise to other Area Border routers.Backbone routers: run OSPF routing limited to backbone.Autonomous System Boundary routers: connect to other AS’s. (Autonomous Systems)InteriorRouter (IR)IRArea 3Area 2to other ASarea 0BackboneASBRABR: Area Border routersArea 4Before the introduction of areas, the only OSPF routers having a specialized function were those advertising external routing information. When the AS is split into multiple areas, the routers are further divided according to function into the following overlapping categories:Routers connected to only one area are called Interior routers (IR). Routers connected to multiple areas are called area border routers (BR). Routers connected to other autonomous system are Autonmous system border routers (ASBR). Border area routers with the links that connect them, form the backbone of the AS.Virtual links are used for two purposes:1- Linking an area that does not have a physical connection to the backbone.2- Patching the backbone in case discontinuity of area 0 occurs.In some rare case where it is impossible to have an area physically connected to the backbone, a virtual link is used. The virtual link will provide the disconnected area a logical path to the backbone. The virtual link has to be established between two ABRs that have a common area, with one ABR connected to the backbone.Area 1Virtual linkASBR: Autonomous System Border Routers
17Scaling OSPF Rule of thumb Reality no more than 150 routers /areaRealityno more than 500 routers/areaBackbone area is an area that glue all the other areasalways marked as area 0proper use of areas reduces bandwidthsummarized routesinstability is limited within the area
18OSPF Basic Configuration Example router ospf 63network area 1network area 0network area 1Area 0Area 1E1T0E0E2Router (config) #router ospf process-idRouter (config-router) # network address wildcard-maskarea area-idWild card mask: inverse of subnet mask
19Route Summarization Example router ospf 100 network area 2 network area 0area 0 range area 2 rangeR1#router ospf 100 network area 1 network area 0area 0 range area 1 rangeArea 2Area 1Interface Addresses ( mask)R1Area 0
20Area Link State Database Link state database for every area is differentArea database is composed ofrouter links advertisementsnetwork links advertisementssummary links advertisementsAS external advertisementsRouting in the Autonomous System takes place on two levels, depending on whether the source and destination of a packet reside in the same area (intra-area routing is used) or different areas (inter-area routing is used). In intra-area routing, the packet is routed solely on information obtained within the area; no routing information obtained from outside the area can be used. This protects intra-area routing from the injection of bad routing information.Routes that are generated from within an area (the destination belongs to the area) are called intra-area routes. These routes are normally represented by the letter O in the IP routing table. Routes that originate from other areas are called inter-area or Summary routes. The notation for these routes is O IA in the IP routing table. Routes that originate from other routing protocols (or different OSPF processes) and that are injected into OSPF via redistribution are called external routes. These routes are represented by O E2 or O E1 in the IP routing table. Multiple routes to the same destination are preferred in the following order: intra-area, inter-area, external E1 or E2..
21Stub Areas: Router performance OSPF allows certain areas to be configured as stub areas.Configuring a stub area reduces the topological database size inside an area and reduces the memory requirements of routers inside that area.RTC#interface Ethernet 0ip addressinterface Serial1ip addressrouter ospf 10network area 2network area 0area 2 stubRTE#ip addressAn area could be qualified a stub when there is a single exit point from that area or if routing to outside of the area does not have to take an optimal path.
22Link State Advertisement (LSA) Generated periodically or in response to any changeContains:source identificationsequence numberlink state agelist of neighborsA router generates an LSA periodically, as well as in response to the discovery of a new neighbor, a link, when a neighbor changes state from up to down or vice versa, or when a link metric changes value. Two routers are neighbors when they have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's Hello Protocol.
23Load Balancing by Multiple Path equal orproportional costmultiple pathsR2path 1N1N2path 2R3OSPF supports multipath. It means that in case of two or more shortest paths the traffic is divided equally among those paths. This kind of routing helps balancing the load on the network. If the pats are not with equal cost, the distribution might be proportional.R1Unequal costmultiple pathsnot supportedR4
24Equal cost pathsR1R2/32/32Two routers are connected to each other via two p2p serial links of equal cost. R1 has Loopback 0 interface /32 and R2 has Loopback 0 interface /32. OSPF is used as the routing protocol. Hence, R1 can reach /32 via two equal-cost paths and R2 can reach /32 via two equal-cost paths.R1# show ip route | begin Gateway Gateway of last resort is not set /32 is subnetted, 1 subnets C is directly connected, Loopback0 /32 is subnetted, 1 subnets O [110/65] via , 00:01:44, Serial0/1 [110/65] via , 00:01:44, Serial0/0 /30 is subnetted, 2 subnets C is directly connected, Serial0/1 C is directly connected, Serial0R1# show ip route Routing entry for /32 Known via "ospf 1", distance 110, metric 65, type intra area Last update from on Serial0/0, 00:02:10 ago Routing Descriptor Blocks: , from , 00:02:10 ago, via Serial0/1 Route metric is 65, traffic share count is 1 * , from , 00:02:10 ago, via Serial0/0 Route metric is 65, traffic share count is 1
25Authenticated Routing Updates Two possibilities are definedno authentication (configured by default)authenticationsimple password authenticationmessage digest authenticationIt is possible to authenticate the OSPF packets such that routers can participate in routing domains based on predefined passwords. By default, a router uses a Null authentication which means that routing exchanges over a network are not authenticated.Two other authentication methods exist: Simple password authentication and Message Digest authentication. Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want toparticipate in the routing domain will have to be configured with the same key. The drawback of this method is that it is vulnerable to passive attacks.Message Digest Authentication is a cryptographic authentication. A key (password) and key-id are configured on each router.The router uses an algorithm based on the OSPF packet, the key, and the key-id to generate a "message digest" that gets appended to the packet. Unlike the simple authentication, the key is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPF packet to protect against replay attacks.
26Simple Password Authentication Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key.DrawbackVulnerable to passive attacks. Anybody with a link analyzer could easily get the password off the wire.interface Ethernet0ip addressip ospf authentication-key mypasswordrouter ospf 10network area 0area 0 authentication
27Message Digest Authentication Cryptographic authenticationA key (password) and key-id areconfigured on each router.The router uses an algorithm based on the OSPF packet, the key, and the keyidto generate a "message digest" that gets appended to the packet. Unlike the simple authentication, thekey is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPFpacket to protect against replay attacks.interface Ethernet0ip addressip ospf message-digest-key 10 md5 mypasswordrouter ospf 10network area 0area 0 authentication message-digest
28Memory IssuesUsually come up when too many external routes are injected in the OSPF domain.A backbone area with 40 routers and a default route to the outside world would have less memory issues compared with a backbone area with 4 routers and 33,000 external routes injected into OSPF.The total memory used by OSPF is the sum of the memory used in the routing table (show ip routesummary) and the memory used in the link-state database.Example:Each entry in the routing table will consume between approximately 200 and 280 bytesEach LSA will consume a 100 byte overhead plus the size of the actual link state advertisementThis should be added to memory used by other processes and by the IOS itself.The following numbers are a rule of thumbestimate. Each entry in the routing table will consume between approximately 200 and 280 bytes plus 44bytes per extra path. Each LSA will consume a 100 byte overhead plus the size of the actual link stateadvertisement, possibly another 60 to 100 bytes (for router links, this depends on the number ofinterfaces on the router). This should be added to memory used by other processes and by the IOS itself.If you really want to know the exact number, you can do a show memory with and without OSPF beingturned on. The difference in the processor memory used would be the answer (keep a backup copy of theconfigs).Normally, a routing table with less than 500K bytes could be accommodated with 2 to 4 MB RAM;Large networks with greater than 500K may need 8 to 16 MB, or 32 to 64 MB if full routes are injectedfrom the Internet.