Sign in to follow this  
Followers 0
DarkFiber

OSPF

58 posts in this topic

OSPF

 

OSPF Summary

 

The characteristics of OSPF follow:

 

 Link-state routing protocol.

 Uses Dijkstra algorithm to calculate SPF tree, which is Built around a well-known algorithm from graph theory, E. W. Dijkstra's shortest path algorithm.

 

 Uses IP protocol 89.

 

 Classless protocol (supports VLSMs and CIDR).

 

 Metric is cost, based on interface bandwidth by default (10^8 / BW in bps).

 

 Sends partial route updates only when there are changes.

 

 Use LSA messages, LSA are sent in a Sequence manner. ( sequence number )

 

 Send hello packets every 10 sec with dead timer of 40 sec over P-P & BC networks.

 

 Send hello packets every 30 sec with dead timer of 120 sec over NBMA networks.

 

 If the network is stable and there have been no updates within 30 min (LSRefreshTime), a compressed update is sent.

 

 MaxAge (60 min), LSRefreshTime (30 min) and MaxAgeDiff (15 min) are OSPF architectural constants.

 

 LSRefreshTime is used to reset the MaxAge timer.

 

 The numbering scheme is a 4-byte number that begins with 0x80000001 and ends with 0x7FFFFFFF.

 

 Routes labeled as intra-area, interarea, external Type 1, or external Type 2.

 

 Support for authentication.

 

 Default administrative distance is 110.

 

 Uses multicast address 224.0.0.5 (ALLSPFRouters).///mac adresss

 

 Uses multicast address 224.0.0.6 (ALLDRouters). ).///mac adresss

 

 The reply for the hello is done in a unicast way./////////

 

 Up to 16 Links for load balance, Over equal Cost metric for same paths type default is 4 paths

 

 Recommended for large networks.

 

 For 2 routers to be adjacent :

1st. Hello packets must be sent & received.

2nd They must have the same hello & dead timers

also same Net ID with subnet mask.

3rd They must be in the same area.

 

 

Check attachment for more info.

Hope it might help

OSPF_CCNP.doc

-1

Share this post


Link to post
Share on other sites
Hello Guys , any questions regarding this Topic : )

You are missing 2 additional factors when OSPF becomes neighbors according to W. Odom's ICDN2 CiscoPress-CCNA-level book.

One of them is on CCNA Test, so It is very IMPORTANT.

Edited by martinlo
0

Share this post


Link to post
Share on other sites
You are missing 2 additional factors when OSPF becomes neighbors according to W. Odom's ICDN2 CiscoPress-CCNA-level book.

One of them is on CCNA Test, so It is very IMPORTANT.

 

Friend martinlo,,,

 

OSPF in CCNP is different! the concepts are same, but the discussion is in depth and very detailed, so the initial things like "forming neighborship" steps are discussed at the very beginning of the OSPF chapters and it should be known very well before in depth discussion. Maybe thats why DF didn't mention it.

 

 

 

0

Share this post


Link to post
Share on other sites

I forgot to mention; don't miss to download the attached file, its useful and contain what you asked about.

 

Thanks to DF.

0

Share this post


Link to post
Share on other sites
Friend martinlo,,,

 

OSPF in CCNP is different! the concepts are same, but the discussion is in depth and very detailed, so the initial things like "forming neighborship" steps are discussed at the very beginning of the OSPF chapters and it should be known very well before in depth discussion. Maybe thats why DF didn't mention it.

Oh, ya, thanks for reminding me. it is missing in his OSPF, SPF your LIFE - CCNA post as well.

I will check .doc again, but I think it is NOT there as well.

Any one else spot missing requirement?

0

Share this post


Link to post
Share on other sites
Oh, ya, thanks for reminding me. it is missing in his OSPF, SPF your LIFE - CCNA post as well.

I will check .doc again, but I think it is NOT there as well.

Any one else spot missing requirement?

 

Martinlo , Kindly post the missing requirement that you advised, so we can share it with our friends here :)

 

0

Share this post


Link to post
Share on other sites
Martinlo , Kindly post the missing requirement that you advised, so we can share it with our friends here :)

authentication (if configured) must match on routers.

 

both OSPF and EIGRP use authentication to secure network. otherwise, an attacker connects a rouge router to the network and can easily cause a denial-of-service (DoS) attack and/or reconnaissance attacks.

 

attachment lists requirements for OSPF and EIGRP

 

post-199469-1241081414_thumb.jpg

0

Share this post


Link to post
Share on other sites
authentication (if configured) must match on routers.

 

both OSPF and EIGRP use authentication to secure network. otherwise, an attacker connects a rouge router to the network and can easily cause a denial-of-service (DoS) attack and/or reconnaissance attacks.

 

attachment lists requirements for OSPF and EIGRP

 

post-199469-1241081414_thumb.jpg

 

1- I think you need to download a read the attached file first. Authentication and how to configure it is already mentioned their.

2- Those topics are considered to be a "NOTES" not references. It is glimpses and reminders.

 

0

Share this post


Link to post
Share on other sites
1- I think you need to download a read the attached file first. Authentication and how to configure it is already mentioned their.

2- Those topics are considered to be a "NOTES" not references. It is glimpses and reminders.

Yes it is mentioned, but not where is important.

 

For 2 routers to be adjacent :

1st. Hello packets must be sent & received.

2nd They must have the same hello & dead timers

also same Net ID with subnet mask.

3rd They must be in the same area.

 

All requirements must be fulfilled or relationship fails. That is ALL; not 3 of 4 or 4 of 5; get it? All.

How can you create relationship when you missing one of requirements?

if your notes have holes (incomplete), good luck studying technology, passing exam, or troubleshoot at work!

0

Share this post


Link to post
Share on other sites
Yes it is mentioned, but not where is important.

 

All requirements must be fulfilled or relationship fails. That is ALL; not 3 of 4 or 4 of 5; get it? All.

How can you create relationship when you missing one of requirements?

if your notes have holes (incomplete), good luck studying technology, passing exam, or troubleshoot at work!

 

Ok, i agree with you, so could you please state ALL the requirements needed in order to have OSPF neighborship?

0

Share this post


Link to post
Share on other sites
Yes it is mentioned, but not where is important.

Taken from my attached OSPF file here

Notes: passwords & key ID must be the same between neighbors, and all area must support authentication, as authentication if enabled it must be enabled on the entire area.

Still OSPF doesn’t support key-chain config till the time of this writing.

 

Why the hell could some one authenticate only one side neighbor and leave the other, ofcorse it wont work, that's ABC design.

And YES its NOT an important requirement , or a Default requirment Unless you use the optional Authentication OSPF feature ;)

 

END OF STORY :)

 

 

All requirements must be fulfilled or relationship fails. That is ALL; not 3 of 4 or 4 of 5; get it? All.

How can you create relationship when you missing one of requirements?

if your notes have holes (incomplete), good luck studying technology, passing exam, or troubleshoot at work!

MAN, are you talkn to me ?

Edited by DarkFiber
0

Share this post


Link to post
Share on other sites
Martinlo , Kindly post the missing requirement that you advised, so we can share it with our friends here :)

 

Besides authentication (optional), what about IP MTU?

 

All requirements are matching except IP MTU, will two routers become neighbors or not?

 

I am talking to everybody who wants to be CCNA. Pay attention to details!

0

Share this post


Link to post
Share on other sites

You can find that info. in various books and study materials

 

Thanks

Upen

 

 

Thanks a lot!!! ........very good doc on EIGRP & OSPF

 

0

Share this post


Link to post
Share on other sites
Besides authentication (optional), what about IP MTU?

 

All requirements are matching except IP MTU, will two routers become neighbors or not?

 

I am talking to everybody who wants to be CCNA. Pay attention to details!

 

 

NOW WE CAN TALK

 

The IP MTU Must match for new IOS versions, between neighbors, by default is the same on all routers, so it wasn't an issue, but after introduction of Multi-layer switches, the problem started.

when u configure OSPF between a router & a switch, OSPF neighbor didn't come up, as MTU value is different

 

So you must adjust the IP MTU to be the same, But Cisco made another thing, A cmd that will make the OSPF neighbors ignore the MTU ;)

 

Config-if)# ip ospf mtu-ignore

 

 

@martinlo , I have this info in my documents , but for the CCIE section :)

 

For 2 routers to be adjacent :

1st. Hello packets must be sent & received.

2nd They must have the same hello, dead timers

same Net ID with subnet mask & equal MTU on both side

3rd They must be in the same area.

Edited by DarkFiber
0

Share this post


Link to post
Share on other sites
NOW WE CAN TALK

 

The IP MTU Must match for new IOS versions, between neighbors, by default is the same on all routers, so it wasn't an issue, but after introduction of Multi-layer switches, the problem started.

when u configure OSPF between a router & a switch, OSPF neighbor didn't come up, as MTU value is different

 

So you must adjust the IP MTU to be the same, But Cisco made another thing, A cmd that will make the OSPF neighbors ignore the MTU ;)

 

Config-if)# ip ospf mtu-ignore

 

 

@martinlo , I have this info in my documents , but for the CCIE section :)

 

For 2 routers to be adjacent :

1st. Hello packets must be sent & received.

2nd They must have the same hello, dead timers

same Net ID with subnet mask & equal MTU on both side

3rd They must be in the same area.

 

Hi all. Well there are two points which are being neglected from the very start.

 

First regarding adjacency.

 

For P2P and P2MP links ONLY THE SUBNET ID NEEDS TO BE SAME AND NOT THE MASK. IF THE MASK IS SAME, ITS FINE, IF ITS NOT ITS FINE AGAIN :-)

For Broadcast and non broadcast networks (involving DR) the subnet mask and ID must both be same !!.

 

Now regarding the MTU.

 

This is often misleading. Ip ospf mtu ignore may get you to 2WAY state but no more then that. Sometimes it works and sometimes it doesnt. You will see situations when even running this command will not relieve routers from their exchange hangning state. The only solution that i can think of is to determine the exact mtu of either side and configure it.

 

How to determine the MTU of a path ?

 

Well we can use ping command with DF bit set and gradually increasing the byte by increments of 100 and 200 so a point will come the ping will not be responded. A bit more close examination will help you determine the exact mtu of the link.

 

If you guys are interested then i will surely be telling a real life case i faced 2 weeks ago where adjacency wasnt coming up even after mtu ignore.

 

Hope this helps

 

0

Share this post


Link to post
Share on other sites
Hi all. Well there are two points which are being neglected from the very start.

 

First regarding adjacency.

 

For P2P and P2MP links ONLY THE SUBNET ID NEEDS TO BE SAME AND NOT THE MASK. IF THE MASK IS SAME, ITS FINE, IF ITS NOT ITS FINE AGAIN :-)

For Broadcast and non broadcast networks (involving DR) the subnet mask and ID must both be same !!.

 

Now regarding the MTU.

 

This is often misleading. Ip ospf mtu ignore may get you to 2WAY state but no more then that. Sometimes it works and sometimes it doesnt. You will see situations when even running this command will not relieve routers from their exchange hangning state. The only solution that i can think of is to determine the exact mtu of either side and configure it.

 

How to determine the MTU of a path ?

 

Well we can use ping command with DF bit set and gradually increasing the byte by increments of 100 and 200 so a point will come the ping will not be responded. A bit more close examination will help you determine the exact mtu of the link.

 

If you guys are interested then i will surely be telling a real life case i faced 2 weeks ago where adjacency wasnt coming up even after mtu ignore.

 

Hope this helps

 

To be honest i never faced a situation where the mtu-ignore cmd didn't work , I always apply it on both sides to be sure...loool

Kindly advise your real life example, so we can share our experience...thanks in advance :)

 

Regarding the MU path discovery , you wont use it for OSPF , as OSPF is between 2 Directly connected neighbors.

But for other troubleshooting & applications, Yes this is a great & smart Idea to detect the Largest MTU you can use.

I used to use this idea in troubleshooting several years ago.

 

 

STARTING TO FEEL THAT NEW CCNP GUYS WILL RULE THE WORLD SOON......

 

0

Share this post


Link to post
Share on other sites
To be honest i never faced a situation where the mtu-ignore cmd didn't work , I always apply it on both sides to be sure...loool

Kindly advise your real life example, so we can share our experience...thanks in advance :)

 

Regarding the MU path discovery , you wont use it for OSPF , as OSPF is between 2 Directly connected neighbors.

But for other troubleshooting & applications, Yes this is a great & smart Idea to detect the Largest MTU you can use.

I used to use this idea in troubleshooting several years ago.

 

 

STARTING TO FEEL THAT NEW CCNP GUYS WILL RULE THE WORLD SOON......

 

Dear Dark, i am not a ccnp and i never will be ;-). this post might be a bit long....

 

I was looking at my hub router's logging for some other issue and i realized that one of my branch was flapping between exchange to down. I knew that i have to run ospf ignore so simply passed. It was a wimax link and we are asked by the ISP to configure mtu of 14oo on our links. To further confuse the matter there were some branches that didnt had this mtu configured but still were working fine !!!.

 

Day 1.

 

I logged on the router and checked the command on both side. Hub and branch. both has mtu ignore configured but the status was confusing. On hub it was exstart and on branch it was exchange. I knew it had to do mtu so i manually configured it but no success. Now i blindly configured it on tunnel interface still no success. I knew it was ISP issue and i have to consult them but i thought why shouldnt make it working by myself if i think i am an ospf expert (i just think i am, but i am not ;-) ). I left it since i was getting late.

 

Day 2.

 

I again logged on, tried everything to take it to full state and it was successful but over that wimax link nothing was working. Only the adjacecny was in full state but i could take dame ware session, ssh session so this further confirms my point that it was mtu issue. I read somewhere that DBD packets (process during exhange/exstart state) had DF bit set to 1. Later i checked and it wasnt but i still tried setting the DF bit to 0 but still no success.

 

It was time for drastic action ;-).

 

I opened another wimax branch with exactly same configuration. means

Same IOS

Same router 1841

link was terminated on HWIC 4ESW and ip was given on Vlan 1. Mtu was to be 1400

 

I ping the hub address from the working branch with DF bit set to 1 and size set to 1400. Ping was successful

I ping the hub with DF bit set to 1 and size set to 1401, and PING WAS UNSUCCESSFUL.

 

This proved my point so i tried the same thing on troubled branch.

I ping with DF bit set to 1 and size of 1300, it was failed

i pinged with 1000 DF set to 1 and ping failed

i pinged with 500 and it succeded !!!!

i pinged with 550 and it was failed again.

 

Interesting part:

 

I went to interface and you will not believe it, the moment i entered ip mtu 500, adjacecny come up !!!!. Everything was working fine now on that link ;-).

I called the ISP and they admitted it was their issue and resolved it in approx half hour.

 

And they lived happily every after ;-)

0

Share this post


Link to post
Share on other sites
Dear Dark, i am not a ccnp and i never will be ;-). this post might be a bit long....

 

I was looking at my hub router's logging for some other issue and i realized that one of my branch was flapping between exchange to down. I knew that i have to run ospf ignore so simply passed. It was a wimax link and we are asked by the ISP to configure mtu of 14oo on our links. To further confuse the matter there were some branches that didnt had this mtu configured but still were working fine !!!.

 

Day 1.

 

I logged on the router and checked the command on both side. Hub and branch. both has mtu ignore configured but the status was confusing. On hub it was exstart and on branch it was exchange. I knew it had to do mtu so i manually configured it but no success. Now i blindly configured it on tunnel interface still no success. I knew it was ISP issue and i have to consult them but i thought why shouldnt make it working by myself if i think i am an ospf expert (i just think i am, but i am not ;-) ). I left it since i was getting late.

 

Day 2.

 

I again logged on, tried everything to take it to full state and it was successful but over that wimax link nothing was working. Only the adjacecny was in full state but i could take dame ware session, ssh session so this further confirms my point that it was mtu issue. I read somewhere that DBD packets (process during exhange/exstart state) had DF bit set to 1. Later i checked and it wasnt but i still tried setting the DF bit to 0 but still no success.

 

It was time for drastic action ;-).

 

I opened another wimax branch with exactly same configuration. means

Same IOS

Same router 1841

link was terminated on HWIC 4ESW and ip was given on Vlan 1. Mtu was to be 1400

 

I ping the hub address from the working branch with DF bit set to 1 and size set to 1400. Ping was successful

I ping the hub with DF bit set to 1 and size set to 1401, and PING WAS UNSUCCESSFUL.

 

This proved my point so i tried the same thing on troubled branch.

I ping with DF bit set to 1 and size of 1300, it was failed

i pinged with 1000 DF set to 1 and ping failed

i pinged with 500 and it succeded !!!!

i pinged with 550 and it was failed again.

 

Interesting part:

 

I went to interface and you will not believe it, the moment i entered ip mtu 500, adjacecny come up !!!!. Everything was working fine now on that link ;-).

I called the ISP and they admitted it was their issue and resolved it in approx half hour.

 

And they lived happily every after ;-)

 

That's wired, but some times funny things happens..........

 

One of my night shift working days , i was logging to a router to make troubleshooting on it, and guess what .........after couple of min the router started popping this logs

 

PPQC123#readread read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read

PPQC123#

PPQC123#

PPQC123#read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read read

 

So i was shocked, i told my self, did it really happened, i know that there are ppl who can listen & understand to Trees , animals...but not routers...loool.......did GOD gave me a gift that i can talk & understand what routers can say !!!!!

May be the router was telling me , read the IOS bugs 1st your peace of sh*t...loool

 

 

 

0

Share this post


Link to post
Share on other sites

Hi i just want to thank you for your work on topics that summarizes these technologies(RIPv2,IP multicas,OSPF,EIGRP), they are really handy ;)

 

Cheers

Thead

0

Share this post


Link to post
Share on other sites

DarkFiber I really like you OSPF CCNP DOC Can you please provide me the same DOC for BGP and IPS,

 

As i am going to appear for CCIE SEcurity LAb this years help me out for that

0

Share this post


Link to post
Share on other sites
DarkFiber I really like you OSPF CCNP DOC Can you please provide me the same DOC for BGP and IPS,

 

As i am going to appear for CCIE SEcurity LAb this years help me out for that

 

Thanks , will be doing it in Spetember, as my CCIE SP LAB is next month :(

 

Also im not good in IPS

 

0

Share this post


Link to post
Share on other sites

DarkFiber, if I'm running OSPF on a router and I have 2 networks on one interface but I only want to advertise one of them, what is the best way to do it?

 

Thanks.

Edited by Migael
0

Share this post


Link to post
Share on other sites
DarkFiber, if I'm running OSPF on a router and I have 2 networks on one interface but I only want to advertise one of them, what is the best way to do it?

 

Thanks.

 

config-if)# ip add <>

config-if)# ip add <> secondary

config-if)# ip ospf <process #> area <#> secondaries none

 

Use this cmd, to enable OSPF explicitly on an interface & secondary none word is used to Prevents secondary IP addresses on the interface from being advertised

 

Tell me if you need any thing more ;)

 

0

Share this post


Link to post
Share on other sites
config-if)# ip add <>

config-if)# ip add <> secondary

config-if)# ip ospf <process #> area <#> secondaries none

 

Use this cmd, to enable OSPF explicitly on an interface & secondary none word is used to Prevents secondary IP addresses on the interface from being advertised

 

Tell me if you need any thing more ;)

 

Awesome. Thanks. If I wanted to go a step further and I had 4 IPs on the interface, but I only wanted to advertise 2, is there a way to do that also?

0

Share this post


Link to post
Share on other sites
Awesome. Thanks. If I wanted to go a step further and I had 4 IPs on the interface, but I only wanted to advertise 2, is there a way to do that also?

 

hmmm....teh command i advised you will block all the secondary IPs , even if you have 10 secondary IPs, they will be all blocked.

 

You may not use this command, and do a filter-list to filter all the un needed LSAs, hope you want to advertise them across area's.

0

Share this post


Link to post
Share on other sites

Hi Friends,

 

Good to know that ppl are diving into concepts rather than braindumping them....awesome...Now for the OSPF neighbor relationships...

 

Following are the parameters i feel, must match for a neighbor relationship to form in OSPF:-

 

 

1) Hello and dead timers

2) Authentication password(MD5) if configured

3) Area id

4) MTU (take care during multi vendor scenario)

5) Subnet mask

6) Stub area flag if its a stub area configuration

 

 

And remember there's a logical AND between above parameters..... ;)

0

Share this post


Link to post
Share on other sites

Following are the parameters i feel, must match for a neighbor relationship to form in OSPF:-

1) Hello and dead timers

2) Authentication password(MD5) if configured

3) Area id

4) MTU (take care during multi vendor scenario)

5) Subnet mask

6) Stub area flag if its a stub area configuration

And remember there's a logical AND between above parameters..... ;)

You forgot:

 

7) K-values

0

Share this post


Link to post
Share on other sites

Hi.. My name is Param… I am a Network Engineer.. well…. I was searching some forum or something like that where I can get a live help through voice.. but unable to find any kind of this…. So I thought to initiate a forum / public chat in skype. ( Skype is famous for voice call as well as for online chatting with written words.. u can google ‘skype’ to find out more about this ). where all the Network Engineer and related person can come together … for the benefit of each other.. ( I believe that through mutual help We can solve any problem and can gain lots of information in this craving field, where knowledge is power )

It's address is.. " http://www.skype.com/go/joinpublicchat?skypename=parameng&topic=Network%20Engineer&blob=MeYoVT92967jrT0VEMdnCVsvJqqCnP7Ad13KTixGuSjLbGzGKePDDJ9mTKLR8yLcUw "

Click the above link or paste the above address in the address bar of ur browser.. and follow the instruction.... If u have any doubt, question or facing any problem in joining this forum.. than u can mail me at param020709@hotmail.com

 

Tags:- Network Live help, Network Engineer Forum, Exam related queries, CCNA exam, CCNP exam, From where to prepare for CCNA, From where to prepare for CCNP, What is Network....

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0