Routing Protocols

Interior Gateway Protocols (IGP)

Exterior Gateway Protocol

(EGP)

Distance Vector

Ripv1

Ripv2

Link State

OSPF

IS-IS

EIGRP

Hybrid

IGRP

Path Vector

BGP

• OSPF – Open Shortest path first
• • OSPF stand for Open Shortest path first
• • Standard protocol
• • It’s a link state protocol
• • It uses SPF (shortest path first) or dijkistra algorithm
• • Unlimited hop count
• • Metric is cost (cost=10 ^8/B.W.)
• • Administrative distance is 110
• • It is a classless routing protocol
• • It supports VLSM and CIDR
• • It supports only equal cost load balancing
• • Introduces the concept of Area’s to ease management and control traffic
• • Provides hierarchical network design with multiple different areas
• • Must have one area called as area 0
• • All the areas must connect to area 0
• • Scales better than Distance Vector Routing protocols.
• • Supports Authentication
• • Updates are sent through multicast address 224.0.0.5
• • Faster convergence.
• • Sends Hello packet every 10 seconds
• • Trigger/Incremental updates
• • Router’s send only changes in updates and not the entire routing tables in periodicupdates

​

• Hello: neighbor discovery, build neighbor adjacencies and maintain them.

​

• DBD: This packet is used to check if the LSDB between the two routers is the same. The DBD is a summary of the LSDB.

​

• LSR: Requests specific link-state records from an OSPF neighbor.

​

• LSU: Sends specific link-state records that were requested. This packet is like an envelope with multiple LSAs in it.

​

• LSAck: OSPF is a reliable protocol, so we have a packet to acknowledge the others.

1. Down: no OSPF neighbors have been detected at this moment.

​

• Init: Hello packet received.

​

• Two-way: own router ID found in received hello packet.

​

• Exstart: master and slave roles determined.

​

• Exchange: database description packets (DBD) are sent.

​

• Loading: exchange of LSRs (Link state request) and LSUs (Link state update) packets.

​

• Full: OSPF routers now have an adjacency

States Of OSPF

Internal Router

A router with that has OSPF neighbor relationships only with devices in the same area.

​

Area Border Router (ABR)

A router that has OSPF neighbor relationships with devices in multiple OSPF areas. ABRs gather topology information from their connected areas and distribute it to the backbone area.

​

Backbone Router

A backbone router is a router that runs OSPF and has at least one interface connected to the OSPF backbone area. Since ABRs are always connected to the backbone, they are always classified as backbone routers.

​

Autonomous System Boundary Router (ASBR)

An ASBR is a router that attaches to more than one routing protocol and exchanges routing information between them

OSPF Router Type

• Neighbor Table : Neighbor table contains information about the directly connected ospf neighbors forming adjacency

​

​

​

​

• Database table : contains information about the entire view of the topology with respect to each router.

​

​

​

​

• Routing information Table: Routing table contains information about the best path

calculated by the shortest path first algorithm in the database table.

OSPF maintains three tables

• Advantages of OSPF
• · Open standard
• · No hop count limitations
• · Loop free
• · Faster convergence

​

• Disadvantages
• · Consume more CPU resources
• · Support only equal cost balancing
• · Support only IP protocol don’t work on IPX and APPLE Talk
• · Summarization only on ASBR and ABR

​

​

OSPF Advantages & Disadvantages

DR/BDR Selection

• First Router to Initialize

• Router with Highest Priority ID

• Router with Highest Router ID

• Set the Highest Router ID

• Highest Loopback Interface IP Address

• Highest Interface IP Address

• OSPF DR/BDR election is a process that occurs on multi-access data links. It is intended to select two OSPF nodes: one to be acting as the Designated Router (DR), and another to be acting as the Backup Designated Router (BDR).

​

• A multi-access network segment, like an Ethernet LAN/VLAN, is a network part that can include more than two devices and where each device can connect to all devices using their layer 2 addresses. Additionally, a multiaccess network can or not support Layer 2 broadcasts. For example, Frame Relay does not support layer 2 broadcasting, while Ethernet does.

​

• To demonstrate the different facts of the DR and BDR roles, I will be using the following network diagram. The routing domain consists of four routers. They are all included in OSPF area 0.

​

DR + BDR

Figure 1 – The Network topology of our routing domain

​

Here are the links to download the initial configurations applied to the routers:

hostname R1

interface GigabitEthernet0/0

ip address 10.0.0.1 255.255.255.0

no shutdown

​

interface GigabitEthernet0/4

ip address 10.0.14.1 255.255.255.0

no shutdown

​

router ospf 1

router-id 1.1.1.1

network 10.0.14.1 0.0.0.0 area 0

network 10.0.0.1 0.0.0.0 area 0

hostname R2

interface GigabitEthernet0/0

ip address 10.0.0.2 255.255.255.0

no shutdown

​

interface GigabitEthernet0/3

ip address 10.0.23.2 255.255.255.0

no shutdown

​

router ospf 1

router-id 2.2.2.2

network 10.0.23.2 0.0.0.0 area 0

network 10.0.0.2 0.0.0.0 area 0

hostname R3

interface GigabitEthernet0/0

ip address 10.0.0.3 255.255.255.0

no shutdown

​

interface GigabitEthernet0/2

ip address 10.0.23.3 255.255.255.0

no shutdown

​

router ospf 1

router-id 3.3.3.3

network 10.0.23.3 0.0.0.0 area 0

network 10.0.0.3 0.0.0.0 area 0

hostname R4

interface GigabitEthernet0/0

ip address 10.0.0.4 255.255.255.0

no shutdown

​

interface GigabitEthernet0/1

ip address 10.0.14.4 255.255.255.0

no shutdown

​

router ospf 1

router-id 4.4.4.4

network 10.0.14.4 0.0.0.0 area 0

network 10.0.0.4 0.0.0.0 area 0

OSPF DR/BDR Election Process

• On a multi-access network, whether it is broadcast or non-broadcast, OSPF routers use the Hello protocol to elect one Designated Router and one Backup Designated router with which the remaining routers on the current network link build OSPF adjacencies.

​

• It is the first step they have to accomplish before start building OSPF relationships in the actual network segment. Moreover, the DR and BDR also build up a full OSPF neighbor relationship.

​

• The OSPF node that has the highest OSPF priority on the current network segment becomes the DR. If there is a tie, the Hello protocol chooses the router with the highest OSPF router ID to become the DR. For example, Router R4 is the DR on subnets 10.0.0.0/24 and 10.0.14.0/24 (Example 1), while R3 is the DR for in subnet 10.0.23.0/24 (Example 2).

• Step 2. The Designated Router decides to build up OSPF adjacencies with all neighbor routers using a similar process to steps 3 to 7, in the previous section.

Besides, the DR is responsible to generate the network LSA of the broadcast/NBMA data link.

​

Likewise, the Backup Designated Router decides to form full neighbor relationships with all OSPF neighbors using the DR’s procedure. Also, the BDR takes over as the DR if the current DR goes down.

​

Finally, note that OSPF neighbor relationships between DROther routers get stuck at the 2-WAY neighbor state.

​

• Why Do OSPF Routers Elect a Designated Router?

In a broadcast/non-broadcast data link consisting of N routers, we would have N-2 DROthers, and each DROther forms 2 OSPF adjacencies one with the DR and another with the BDR.

​

• Adding to that the neighbor adjacency between the DR and BDR, then the network has 2x(N-2) + 1 full OSPF neighbor adjacencies.

​

• Now, imagine that routers on a broadcast/non-broadcast data link do not want to elect a DR. Instead, routers decided to form OSPF adjacencies with each other. In this case, the total of those full neighbor relationships is N x (N-1) / 2, where N is the router count on the data link.

​

• For N=10, electing a DR and BDR decreases the number of OSPF full neighbor relationships from 45 to 17, which diminishes the amount of OSPF traffic exchanged between nodes on the current network segment, especially DBD packets, LS updates, and acknowledgments.

​

When to Disable OSPF DR/BDR Election?

The OSPF DR/BDR election process can sometimes be useless. For example, when the multi-access network does not include more than two OSPF routers. In this case, one router gets selected DR, while the other gets chosen as the BDR, and thus selecting a DR and BDR won’t have any benefit.

In the network diagram (Figure 1), there is no need to elect a DR and a BDR in subnets 10.0.14.0/24 and 10.0.23.0/24, while a DR/BDR election must occur in subnet 10.0.0.0/24.

​

To disable this behavior, change the OSPF network type of the interfaces connecting the routers to the subnets in question to point-to-point, point-to-multipoint, or point-to-multipoint non-broadcast, as shown in these examples.

​

• R1(config)# interface gigabitEthernet 0/4
• R1(config-if)# ip ospf network point-to-point

​

• R2(config)# interface gigabitEthernet 0/3
• R2(config-if)# ip ospf network point-to-point

​

• R3(config)# interface gigabitEthernet 0/2
• R3(config-if)# ip ospf network point-to-point

​

• R4(config)# interface gigabitEthernet 0/1
• R4(config-if)# ip ospf network point-to-point.

OSPF DR/BDR Election Tuning

The Hello protocol relies on interface priority and router ID to select the DR and BDR among eligible OSPF nodes (nodes with OSPF priority greater than zero). To influence the network to choose a particular router as the DR, we can configure its priority to be the highest among all DR-eligible routers, or increase its router ID if many routers share the highest priority value in the current network segment.

​

Using The ip ospf priority Command

In Figure 1, router R4 is the DR and R3 is the BDR. Using the ip ospf priority command, we set R1’s G0/0 interface’s OSPF priority to 200 so that R1 has the highest priority in subnet 10.0.0.0/24.

• The OSPF protocol supports a couple of cool features such as

​

• CIDR
• Subdividing an Autonomous System into areas
• Load balancing
• Fast convergence
• Multicast updates
• Authentication
• Large networks (significant number of routers)
• Open standard (implemented by different router vendors)
• Loop free routing protocol
• Route summarization
• Now, let’s explain some of those features.

​

• Open standard protocol: OSPF is not vendor proprietary, and it is deployed by lots of network device vendors such as Cisco, Juniper, Sophos, HP, Dell, Huawei, MikroTik, and more.

​

​

Some Features of OSPF Routing Protocol

OSPF Lab

Router R1

hostname R1

no ip domain lookup

banner motd # This is R1, Implement Multi-Area OSPFv2 Lab#

interface gi0/0

ip add 172.16.0.2 255.255.255.252

no shut

Ip ospf 1 area 0

exit

​

interface GigabitEthernet0/1

ip address 192.10.0.1 255.255.255.252

no shut

Ip ospf 1 area 1

exit

Router R3

hostname R3

no ip domain lookup

banner motd # This is R3, Implement Multi-Area OSPFv2 Lab #

interface gi0/0

ip add 172.16.1.2 255.255.255.252

no shut

Ip ospf 1 area 0

exit

​

interface Gi0/1

ip address 192.10.4.1 255.255.255.252

no shut

Ip ospf 1 area 2

exit

hostname R2

no ip domain lookup

banner motd # This is R2, Implement Multi-Area OSPFv2 Lab #

interface gi0/0

ip add 172.16.0.1 255.255.255.252

no shut

exit

​

interface Gi0/1

ip address 172.16.1.1 255.255.255.252

no shut

exit

​

interface lo0

​

ip add 209.165.200.225 255.255.255.224

int gi0/2

ip address dhcp

no shutdown

…NAT_Configuration…

​

access-list 1 permit 192.10.1.0 0.0.0.255

access-list 1 permit 192.10.5.0 0.0.0.255

​

​

ip nat inside source list 1 interface gi0/2 overload

​

int gi0/2

ip nat outside

int gi0/0

ip nat inside

int gi0/1

ip nat inside

L3 Switch

------------

hostname D1

conf t

no ip domain lookup

banner motd # This is D1, Implement Multi-Area OSPFv2 Lab #

interface gi0/1

no switchport

ip address 192.10.0.2 255.255.255.252

no shut

Ip ospf 1 area 1

Exit

​

interface gi0/0

no switchport

ip address 192.10.1.1 255.255.255.0

no shut

exit

L3 Switch

------------

hostname D2

no ip domain looku

banner motd # This is D2, Implement Multi-Area OSPFv2 Lab #

interface gi0/0

no switchport

ip address 192.10.4.2 255.255.255.252

no shut

Ip ospf 1 area 2

exit

​

interface gi0/1

no switchport

ip address 192.10.5.1 255.255.255.0

no shut

exit

​

​

OSPF DR/BDR Election

�

Router RA

en

conf t

interface GigabitEthernet0/0

ip ospf hello-interval 5

ip ospf dead-interval 20

ip ospf priority 150

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

router ospf 1

network 192.168.1.0 0.0.0.255 area 0

area 0 authentication message-digest

End

​

​

Router RB

en

conf t

interface GigabitEthernet0/0

ip ospf hello-interval 5

ip ospf dead-interval 20

ip ospf priority 100

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

router ospf 1

network 192.168.1.0 0.0.0.255 area 0

area 0 authentication message-digest

end

​

Router RC ASBR

en

conf t

interface GigabitEthernet0/0

ip ospf hello-interval 5

ip ospf dead-interval 20

ip ospf priority 50

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

​

router ospf 1

passive-interface default

no passive-interface GigabitEthernet0/0

network 192.168.1.0 0.0.0.255 area 0

default-information originate

area 0 authentication message-digest

ip route 0.0.0.0 0.0.0.0 Serial0/0/0 end

Understanding OSPF LSA types is necessary to master the OSPF routing protocol. In an OSPF routing domain, each node creates at least one type of LSA, which is the router LSA. A router may produce more LSAs depending on its functions (DR, BDR, ABR, or ASBR). The set of LSAs within an OSPF area constitutes the area’s link-state database, and it is consistent on all the area’s routers.

​

What is LSA in OSPF?

In an OSPF AS, a link statement advertisement (LSA) is a data format routers use to describe the links connected to them, OSPF adjacent neighbors, internal and external subnets, and ASBRs. Different OSPF LSA types are used by routers within an OSPF domain to build up the graph of the network for the sake of producing the SPF tree.

​

Each node in an OSPF autonomous system creates one or more LSAs based on its configuration and shares them with its adjacent neighbors. In addition, the router will also flood the latest version of any received LSA to its neighbors, except the sender and including the router that originated the LSA. This is if it is not the sender.

​

How Many OSPF LSA Types Do Exist?

There are 11 LSA types in OSPF, and each LSA type is handled differently, with the combined set of all received and sent LSAs establishing the router’s link state database (LSDB). Cisco, Juniper, and Huawei are implementing the following ten OSPF LSA types on their routers, whereas RFC 2328’s specification for OSPFv2 defines only five LSA types:

​

• show ip ospf database asbr-summary

LSA Type 1 (Router LSA)

LSA Type 2 (Network LSA)

LSA Type 3 (Summary LSA)

LSA Type 4 (ASBR Summary LSA)

LSA Type 5 (Autonomous System LSA)

LSA Type 7 (NSSA external LSA)

LSA Type 8 (External-Attributes LSA)

LSA Type 9 (Link-local opaque LSA)

LSA Type 10 (Area-local opaque LSA)

LSA Type 11 (Autonomous System opaque LSA))

LSA – Link state advertisments.

​

• An OSPF link-state advertisement (LSA) contains the link state and link metric to a neighboring router.

​

• Received LSAs are stored in a local database called the link-state database (LSDB);

​

• the LSDB advertises the link-state information to neighboring routers exactly as the original advertising router advertised it.
• All OSPF routers in the same area maintain a synchronized identical copy of the LSDB for that area.

​

• The LSDB provides the topology of the network, providing the router a complete map of the network.

OSPF LSA

The OSPF LSA contains a complete list of networks advertised from that router. OSPF uses six LSA types for IPv4 routing:

​

• Type 1, router – LSAs that advertise network prefixes within an area

​

• Type 2, network – LSAs that indicate the routers attached to broadcast segment within an area

​

• Type 3, summary – LSAs that advertise network prefixes that originate from a different area

​

• Type 4, ASBR summary – LSA used to locate the ASBR from a different area

​

• Type 5, AS external – LSA that advertises network prefixes that were redistributed into OSPF

​

• Type 7, NSSA external – LSA for external network prefixes that were redistributed in a local NSSA area

OSPF LSA

• LSA Type 1 – Router LSA
• LSA Type 1 (Router LSA) packets are sent between routers within the same area.
• LSA Type 1 Packets exchanged between OSPF routers within the same area.

OSPF LSA

• LSA TYPE 2 – NETWORK LSA

​

• LSA Type 2 (Network LSA) packets are generated by the Designated Router (DR) to describe all routers connected to its segment directly.

​

• LSA Type 2 packets are flooded between neighbors in the same area of origin and remain within that area.

​

• LSA Type 2 Packets exchanged between OSPF DR and neighbor routers

OSPF LSA

OSPF LSA

• LSA type 3 – SUmmary LSA
• LSA Type 3 (Summary LSA) packets are generated by ABR.
• It is sharing the Router information to other areas.

LSA TYPE 4 – ASBR SUMMARY LSA

LSA Type 4 (ASBR Summary LSA) packets are the LSAs that advertise the presence of an Autonomous System Border Router (ASBR) to other areas. LSA4 contains the ASBR Router-ID.

• Lsa type 5 – Ospf External LSA
• LSA Type 5 (ASBR External LSA) packets are generated by the ASBR.
• To advertise external redistributed routes into the OSPF.

​

LSA type 7 –

OSPF NOT SO STUBBY AREA (NSSA) EXTERNAL LSA

• Open Shortest Path First (OSPF) is a popular Interior Gateway Protocol (IGP) used to find the best path for packets as they pass through a set of connected networks. It is a link-state routing protocol, meaning it maintains a map of the network topology and calculates the shortest path to each destination. Here’s a detailed explanation of how OSPF works:

​

1. OSPF Basics

• Type: Link-State Routing Protocol
• Protocol: Uses the Internet Protocol (IP)
• Standard: Defined by the IETF (Internet Engineering Task Force) in RFC 2328
• Algorithm: Dijkstra’s Shortest Path First (SPF) Algorithm

​

2. OSPF Operation

• OSPF operates using the following processes:
• A. OSPF Areas
• Area: OSPF networks are divided into areas to optimize routing and reduce overhead. The most common area is the backbone area (Area 0).

​

​

3. Area Types:

• Standard Area: Contains routers that exchange full routing information.
• Stub Area: Blocks external routes to reduce routing table size.
• Totally Stubby Area: Blocks both external routes and inter-area routes.
• Not So Stubby Area (NSSA): Similar to a stub area but can import external routes.

​

OSPF Routing Protocol

OSPF Routers Types:

• Internal Router: All interfaces are in the same OSPF area.
• Backbone Router: Routers with interfaces in Area 0 (the backbone).
• ABR (Area Border Router): Connects one or more areas to the backbone area.
• ASBR (Autonomous System Boundary Router): Connects OSPF to external networks or different routing protocols.

​

OSPF Packets

• OSPF uses different types of packets for communication:
• Hello Packet: Used to discover and maintain neighbor relationships.
• Database Description (DBD) Packet: Contains summaries of the router’s link-state database.
• Link-State Request (LSR) Packet: Requests specific link-state information from neighbors.
• Link-State Update (LSU) Packet: Carries new or updated link-state information.
• Link-State Acknowledgment (LSAck) Packet: Acknowledges receipt of LSUs.

​

OSPF Neighbor Relationships

• Hello Protocol: Routers use Hello packets to discover and maintain neighbor relationships.
• State Machine
• Down: Initial state.
• Init: Hello packets received but not fully acknowledged.
• Two-Way: Routers have exchanged Hello packets and recognize each other.
• Exstart: Routers negotiate the master/slave relationship for Database Description exchange.
• Exchange: Routers exchange DBD packets.
• Loading: Routers request missing information via LSRs and receive it via LSUs.
• Full: The OSPF routers have synchronized their link-state databases.

​

OSPF Routing Table

• Link-State Database (LSDB): Contains information about the network topology.
• Shortest Path First (SPF) Algorithm: OSPF uses Dijkstra’s algorithm to calculate the shortest path to each destination based on the LSDB.

​

OSPF Routing Protocol

Commands:

• router ospf [process-id]`: Enter OSPF configuration mode.
• network [ip-address] [wildcard-mask] area [area-id]`: Specify which interfaces to include in OSPF and the area they belong to.
• show ip ospf`: Displays OSPF routing process information.
• show ip ospf neighbor`: Shows OSPF neighbors and their states.
• show ip ospf database: Displays the OSPF link-state database.

​

It seems like you might be referring to an OSPF (Open Shortest Path First) routing table or a similar concept. In OSPF, the term “table” could refer to several different things, including the OSPF routing table the Link-State Database (LSDB), or even the OSPF topology table. Let me explain each one to give you a comprehensive overview:

​

1. OSPF Routing Table

The OSPF routing table contains the best routes for network destinations based on the OSPF routing protocol. It is used by the router to make forwarding decisions.

​

Components:

• Destination Network: The network address of the destination.
• Next Hop: The next router on the path to the destination.
• Cost: The OSPF metric (cost) to reach the destination.
• Interface: The interface used to reach the next hop.
• Type: The type of route (e.g., intra-area, inter-area, external).

​

2. OSPF Link-State Database (LSDB)

The LSDB is a database that holds the network topology information. Each router in an OSPF network maintains an LSDB, which contains a list of all the link-state advertisements (LSAs) received from other OSPF routers.

​

Components:

• Router LSAs (Type 1): Contain information about the router’s interfaces and their states.
• Network LSAs (Type 2): Describe networks and the routers connected to them.
• Summary LSAs (Type 3 and 4): Provide routing information between different OSPF areas.
• AS External LSAs (Type 5): Describe routes to destinations external to the OSPF autonomous system.

OSPF Routing Protocol

OSPF Topology Table

The OSPF topology table is essentially the same as the LSDB. It represents the OSPF network topology as perceived by each router. It includes all routers and networks, as well as their states and relationships.

​

Viewing OSPF Tables

To view these tables on a router, you typically use specific commands depending on the router’s operating system:

​

Cisco IOS:

• OSPF Routing Table: `show ip route ospf`
• LSDB: `show ip ospf database`
• OSPF Neighbors: `show ip ospf neighbor`

​

Juniper Junos:

• OSPF Routing Table: `show route protocol ospf`
• LSDB: `show ospf database`
• OSPF Neighbors: `show ospf neighbor`

​

Summary

• OSPF Routing Table: Contains the best routes for each destination in the network, including the cost and next-hop information.
• OSPF Link-State Database (LSDB): Holds detailed information about the network topology, received from LSAs.
• OSPF Topology Table: Represents the network topology and is essentially the LSDB.

​

These tables and databases are fundamental to how OSPF functions, allowing routers to make informed routing decisions based on the network’s topology and routing requirements. If you have more specific questions about OSPF or its tables, feel free to ask!

​

OSPF Features

• Scalability: Supports large networks through hierarchical design (areas).
• Fast Convergence: Quickly recalculates paths if network changes occur.
• Load Balancing: Supports equal-cost multi-path (ECMP) routing to balance traffic across multiple paths.

OSPF Routing Protocol

1.Designated Router (DR)

Purpose: (LSA Floading)

• The DR is elected to reduce the amount of OSPF routing traffic on a multi-access network segment (like Ethernet) by serving as the central point for exchanging routing updates.

​

Role:

• Centralized Communication: The DR is responsible for generating and sending Link-State Advertisements (LSAs) for the segment to other OSPF routers. This minimizes the number of LSA updates exchanged between all routers on the network.
• LSA Distribution: All other routers send their LSAs to the DR, which then floods these LSAs to the other routers on the network. This prevents a full mesh of LSAs between all routers, which would be inefficient.

​

Election:

The DR is elected based on the highest Router ID or, if Router IDs are equal, the highest interface IP address. The election process happens during the OSPF initialization phase when routers are in the Two-Way state.

​

2. Backup Designated Router (BDR)

Purpose

• The BDR serves as a backup to the DR. If the DR fails or becomes unreachable, the BDR takes over the role of DR to ensure continued operation.

​

Role

• DR Backup: The BDR listens to all OSPF messages and is prepared to take over the DR’s role if the DR fails.
• Prevention of Service Disruption: The BDR’s existence ensures that there is no interruption in the OSPF routing updates when the DR is not available.

OSPF Routing Protocol

Election:

• The BDR is elected based on the second-highest Router ID or, if Router IDs are equal, the second-highest interface IP address. It is elected during the same process as the DR.

​

DR/BDR Election Process

1. Hello Protocol:
1. Routers on the network segment send Hello packets to discover neighbors and determine the DR and BDR.

​

2. DR/BDR Election:

• Routers send Hello packets containing their Router IDs and other OSPF parameters.
• Routers in the Two-Way state exchange information to elect the DR and BDR based on their Router IDs and IP addresses.

​

3. Role Assignment:

• The router with the highest Router ID becomes the DR.
• The router with the second-highest Router ID becomes the BDR.

​

OSPF Network Types and DR/BDR Roles

• Broadcast Networks: Such as Ethernet, where DR and BDR are commonly used.
• Non-Broadcast Multi-Access (NBMA) Networks: Like Frame Relay, where DR and BDR may also be used.
• Point-to-Point Networks: There is no need for a DR or BDR since there are only two routers directly connected.

​

Summary

• The Designated Router (DR) and Backup Designated Router (BDR) in OSPF play crucial roles in optimizing the exchange of routing information on multi-access networks. By centralizing and streamlining the communication process, OSPF minimizes network traffic and improves routing efficiency, ensuring robust and efficient network operations.

OSPF Routing Protocol

OSPF messages

OSPF uses certain messages for the communication between the routers operating OSPF.

​

Hello message

• These are keep-alive messages used for neighbor discovery /recovery. These are exchanged every 10 seconds. This includes the following information: Router I’d, Hello/dead interval, Area I’d, Router priority, DR and BDR IP address, authentication data.

​

Database Description (DBD)

• It is the OSPF route of the router. This contains the topology of an AS or an area (routing domain).

​

Link state request (LSR)

• When a router receives DBD, it compares it with its own DBD. If the DBD received has some more updates than its own DBD then LSR is being sent to its neighbor.

​

Link state update (LSU)

• When a router receives LSR, it responds with an LSU message containing the details requested.

​

Link state acknowledgement

• This provides reliability to the link-state exchange process. It is sent as the acknowledgement of LSU.

​

Link state advertisement (LSA)

• It is an OSPF data packet that contains link-state routing information, shared only with the routers to which adjacency has been formed.

Note – Link State Advertisement and Link State Acknowledgement both are different messages.

​

Timers –

Hello timer –

• The interval in which the OSPF router sends a hello message on an interface. It is 10 seconds by default.

Dead timer –

• The interval in which the neighbor will be declared dead if it is not able to send the hello packet. It is 40 seconds by default. It is usually 4 times the hello interval but can be configured manually according to need.

OSPF Routing Protocol

​

OSPF supports/provides/advantages

• Both IPv4 and IPv6 routed protocols
• Load balancing with equal-cost routes for the same destination
• VLSM and route summarization
• Unlimited hop counts
• Trigger updates for fast convergence
• A loop-free topology using SPF algorithm.
• Run-on most routers
• Classless protocol

​

​

• There are some disadvantages of OSPF like, it requires an extra CPU process to run the SPF algorithm, requiring more RAM to store adjacency topology, and being more complex to set up and hard to troubleshoot.

​

• OSPF can be used in several types of networks, such as:

​

• Point-to-Point Network: In this network type, two routers are connected via a single point-to-point link. OSPF uses a hello message to maintain the connection between the two routers.

​

• Broadcast Network: In this type of network, there are multiple routers connected to a single broadcast medium, such as Ethernet. OSPF uses a Designated Router (DR) and a Backup Designated Router (BDR) to communicate with all other routers in the network.

​

• Point-to-Multipoint Network: In this type of network, a single router is connected to multiple other routers. OSPF uses a hello message to maintain connections with all other routers in the network.

​

​

OSPF Routing Protocol

​

NBMA Network: Non-Broadcast Multiple Access (NBMA) networks are networks where broadcast is not supported. OSPF can be used in this type of network by using a hello message to discover and maintain connections with other routers in the network.

​

OSPF Configuration

• Configuring OSPF in a network requires a basic understanding of OSPF concepts and a knowledge of the network topology. The following steps outline the basic steps for configuring OSPF in a network:

​

• Define the router ID (RID) for the router. This is a unique identifier for the router in the OSPF network.

​

• Configure the interfaces that will participate in OSPF. This involves enabling OSPF on the interface and defining the network type (point-to-point, broadcast, etc.).

​

• Create an OSPF process and define the area to which the process belongs.

​

• Define the router priority for each interface. This is used to determine which router will be the Designated Router (DR) and Backup Designated Router (BDR).

​

• Enable OSPF authentication, if desired. This is used to secure OSPF communication between routers.

​

• Verify the OSPF configuration and monitor the OSPF status. This can be done using show commands in the router’s CLI.

OSPF Routing Protocol

​

Open Shortest Path First (OSPF) protocol States

Prerequisite – OSPF fundamentals

• Open Shortest Path First (OSPF) is a link-state routing protocol that is used to find the best path between the source and the destination router using its own Shortest Path First). OSPF is developed by Internet Engineering Task Force (IETF) as one of the Interior Gateway Protocol (IGP), i.e, the protocol which aims at moving the packet within a large autonomous system or routing domain. It is a network layer protocol which works on protocol number 89 and uses AD value 110. OSPF uses multicast address 224.0.0.5 for normal communication and 224.0.0.6 for update to designated router(DR)/Backup Designated Router (BDR).

​

OSPF Terms

• Router Id – It is the highest active IP address present on the router. First, the highest loopback address is considered. If no loopback is configured then the highest active IP address on the interface of the router is considered.

​

• Router priority – It is an 8-bit value assigned to a router operating OSPF, used to elect DR and BDR in a broadcast network.

​

• Designated Router (DR) – It is elected to minimize the number of adjacencies formed. DR distributes the LSAs to all the other routers. DR is elected in a broadcast network to which all the other routers share their DBD. In a broadcast network, the router requests for an update to DR, and DR will respond to that request with an update.

​

• Backup Designated Router (BDR) – BDR is a backup to DR in a broadcast network. When DR goes down, BDR becomes DR and performs its functions.
• DR and BDR election – DR and BDR election takes place in the broadcast network or multi-access network. Here are the criteria for the election:
• The router having the highest router priority will be declared as DR.

​

• If there is a tie in router priority then the highest router I’d be considered. First, the highest loopback address is considered. If no loopback is configured then the highest active IP address on the interface of the router is considered.

OSPF Routing Protocol

​

OSPF States

• The device operating OSPF goes through certain states. These states are:

​

• Down In this state, no hello packets have been received on the interface.

Note – The Downstate doesn’t mean that the interface is physically down. Here, it means that the OSPF adjacency process has not started yet.

​

• INIT – In this state, the hello packets have been received from the other router.

​

• 2WAY – In the 2WAY state, both the routers have received the hello packets from other routers. Bidirectional connectivity has been established.

Note – In between the 2WAY state and Exstart state, the DR and BDR election takes place.

​

• Exstart – In this state, NULL DBD are exchanged. In this state, the master and slave elections take place. The router having the higher router I’d become the master while the other becomes the slave. This election decides Which router will send its DBD first (routers who have formed neighbourship will take part in this election).

​

• Exchange – In this state, the actual DBDs are exchanged.

​

• Loading – In this state, LSR, LSU, and LSA (Link State Acknowledgement) are exchanged.

​

Important – When a router receives DBD from other router, it compares its own DBD with the other router DBD. If the received DBD is more updated than its own DBD then the router will send LSR to the other router stating what links are needed. The other router replies with the LSU containing the updates that are needed. In return to this, the router replies with the Link State Acknowledgement.

​

• Full – In this state, synchronization of all the information takes place. OSPF routing can begin only after the Full state.

OSPF Routing Protocol State

• By default, the OSPF cost of an interface equals the integer part of (OSPF Reference Bandwidth ) / (Link Bandwidth). For example, if the bandwidth is 1.544Mbps and the reference bandwidth is 100Mbps, then

​

• (OSPF Reference Bandwidth ) / (Link Bandwidth) = 100Mbps/1.544Mbps= 64.77, and thus the corresponding cost is 64, the integer value of 64.77.

​

• Link Bandwidth is the interface’s bandwidth used to route metrics whether in OSPF or EIGRP. If the bandwidth is greater than the OSPF reference bandwidth, OSPF sets the link cost to 1. The link cost ranges from 1 to 65535; the lowest the cost the faster the interface.

​

• What is The Default OSPF Cost of a Router Interface?
• By default, the reference bandwidth is 100Mbps on Cisco IOS, IOS XE, and IOS XR. Here are the default OSPF costs for different interface types.

How OSPF Cost is Calculated?

• IP OSPF Cost Command
• The ip ospf cost int_cost command configures the cost of an interface, where int_cost is between 1 and 655535. In the following example, we set the OSPF cost of the FastEthernet 0/0 interface to 555.

​

interface fastEthernet 0/0

ip ospf cost 555

How to Configure OSPF Cost

​

• To verify your configuration, use the show ip ospf interface command in enable mode, as shown in the next example.

​

• show ip ospf interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.0.15.5/24, Area 0

Process ID 1, Router ID 10.0.15.5, Network Type BROADCAST, Cost: 555

Enabled by interface config, including secondary ip addresses

• Bandwidth Command

If the ip ospf command is not applied to a particular interface, the cost gets calculated based on the OSPF reference bandwidth and the interface’s bandwidth. Therefore, you can change the cost of the interface by setting a new value for the bandwidth parameter using the bandwidth command.

​

The default OSPF cost of FastEthernet interfaces is 1. To change the cost to 10 using the bandwidth command, we have to set the interface’s bandwidth to 10Mbps. In this way, the resulting value of OSPF bandwidth/interface bandwidth equals 100Mbps/10Mbps=10.

​

In this example, we set the bandwidth of the F0/0 interface to 10 using the bandwidth 10000 statement. The command accepts one value in kbps.

​

Commnd

interface fastEthernet 0/0

bandwidth 10000

​

• To verify your configuration, use the show ip ospf interface command in enable mode, as shown in the following example.

show ip ospf interface fastEthernet 0/0c

FastEthernet0/0 is up, line protocol is up

Internet Address 10.0.15.5/24, Area 0

Process ID 1, Router ID 10.0.15.5, Network Type BROADCAST, Cost: 10

Enabled by interface config, including secondary ip addresses

​

• You can use the ip ospf cost and bandwidth commands to instruct OSPF to choose a particular path over another to reach a particular destination. Additionally, you can change OSPF cost to instruct OSPF to not load balance traffic across paths with the same metric.

​

​

Auto-Cost Command

• While the ip ospf cost and bandwidth command may influence the current router to choose an interface over another to forward IP packets, the auto-cost command does not favor one router interface over another. However, it may only affect other routers’ OSPF routing decisions.

​

• The auto-cost reference-bandwidth ref_dw command allows you to change the reference bandwidth value, which affects link cost calculations. ref_dw ranges from 1-4294967 Mbps. In this example, we set the reference-bandwidth to 100 Gigabits per second. In this way, the default OSPF cost of FastEthernet interfaces becomes 1000.

​

router ospf 1

auto-cost reference-bandwidth 100000

​

• The show ip ospf interface command output below confirms our analysis.

​

​

show ip ospf interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.0.15.5/24, Area 0

Process ID 1, Router ID 10.0.15.5, Network Type BROADCAST, Cost: 1000

Enabled by interface config, including secondary ip addresses

​

​

​

How to Configure OSPF Cost

• clear ip ospf 1 process

​

• interface serial 1/0

ip ospf network broadcast

​

• interface serial 1/0

ip ospf hello-interval 22

​

• interface serial 1/0

ip ospf dead-interval 33

​

• interface serial 1/0

ip ospf cost 100

​

• interface serial 1/1

ip ospf priority 255

​

• show ip ospf database external self-originate

​

• show interfaces serial 1/0

​

• show ip ospf neighbor

​

• show ip ospf interface fastEthernet 0/0

​

• show ip ospf interface fastEthernet 0/0

​

• router ospf 1

passive-interface loopback 0

passive-interface loopback 1

​

• show ip protocols

​

• show ip ospf

OSPF Commnd

• router ospf 1

default-information originate always

​

• show ip ospf int brief

​

• Router RA

conf t interface GigabitEthernet0/0

ip ospf hello-interval 5

ip ospf dead-interval 20

ip ospf priority 150

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

​

• Router RB

conf t interface GigabitEthernet0/0

ip ospf hello-interval 5

ip ospf dead-interval 20

ip ospf priority 100

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

​

• show running-config | section ospf

​

• show ip ospf int s0/1 | include type

​

• show ip ospf database
• show ip ospf database asbr-summary
• show ip ospf database asbr-summary self-originate

• show ip ospf interface fastEthernet 0/0
• show ip ospf
• show running-config interface gigabitEthernet 0/2
• service password-encryption
• show ip ospf spf-log
• show ip ospf statistics detail
• show ip ospf virtual-links
• show ip ospf database asbr-summary

​

hostname R1

router ospf 1

router-id 1.1.1.1

​

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.0

ip ospf 1 area 0

no shut

​

interface FastEthernet0/1

ip address 10.0.13.1 255.255.255.0

ip ospf 1 area 13

no shutdown

​

interface Serial1/0

ip address 10.0.12.1 255.255.255.0

ip ospf 1 area 12

no shut

​

interface Serial1/1

ip address 10.0.16.1 255.255.255.0

ip ospf 1 area 16

no shutdown

hostname R2

​

router ospf 1

router-id 2.2.2.2

​

interface FastEthernet0/0

ip address 10.0.0.2 255.255.255.0

ip ospf 1 area 0

no shut

​

interface FastEthernet0/1

ip address 10.0.2.2 255.255.255.0

ip ospf 1 area 12

no shut

​

interface Serial1/0

ip address 10.0.12.2 255.255.255.0

ip ospf 1 area 12

no shut

hostname R3

​

router ospf 1

router-id 3.3.3.3

​

​

interface FastEthernet0/0

ip address 10.0.0.3 255.255.255.0

ip ospf 1 area 0

no shut

​

interface FastEthernet0/1

ip address 10.0.13.3 255.255.255.0

ip ospf 1 area 13

no shut

​

​

interface loopback0

ip address 10.0.3.3 255.255.255.0

ip ospf 1 area 3

hostname R4

​

router rip

version 2

network 10.0.0.0

no auto-summary

redistribute ospf 1 metric 1

​

​

router ospf 1

router-id 4.4.4.4

redistribute rip subnets

​

​

interface FastEthernet0/0

ip address 10.0.0.4 255.255.255.0

ip ospf 1 area 0

no shut

​

interface FastEthernet0/1

ip address 10.0.45.4 255.255.255.0

no shutdown

hostname R5

interface FastEthernet0/1

ip address 10.0.45.5 255.255.255.0

no shut

​

interface loopback0

ip address 10.0.5.5 255.255.255.0

​

router rip

version 2

network 10.0.0.0

no auto-summary

​

​

​

​

​

hostname R6

router ospf 1

router-id 6.6.6.6

​

interface serial 1/1

ip address 10.0.16.6 255.255.255.0

ip ospf 1 area 16

no shutdown

• Routers in an OSPF routing domain should first build up full relationships before starting to exchange LSAs and then produce the SPF tree. Two routers can become adjacent if they meet some requirements, including having the same OSPF Hello and Dead interval values inserted in the Hello packets they are exchanging.

​

• OSPF uses many timers, including the Hello timer. The Hello timer is an interval timer that is triggered every HelloInterval seconds and instructs the router to send a Hello packet over a particular interface.

​

• HelloInterval is announced in OSPF Hello messages (Figure 1), and represents the amount of time, in seconds, between two consecutive Hello packets sent over the interface. The OSPF Hello interval may not be the same on all router interfaces.

​

Figure 1 – OSPF hello packet sent by R2

​

• Additionally, RouterDeadInterval or Dead interval in OSPF is announced in OSPF Hellos transmitted out an interface (Figure 2), and it represents the amount of time in seconds the router wait to receive a Hello packet from a neighbor before the router declares it down. If the router does not receive Hello packets from a neighbor within RouterDeadInterval seconds, the neighbor in question gets marked down.

​

• Default OSPF Hello and Dead Interval Values
• The default OSPF Hello and Dead interval values vary from one OSPF network type to another. The table below lists all OSPF network types along with their corresponding Hello and Dead interval values.

Router(config)# hostname R1

​

R1(config)# interface GigabitEthernet0/2

R1(config-if)# ip address 10.0.12.1 255.255.255.0

R1(config-if)# ip ospf network point-to-point

R1(config-if)# no shutdown

​

R1(config-if)# interface GigabitEthernet0/4

R1(config-if)# ip address 10.0.14.1 255.255.255.0

R1(config-if)# ip ospf network point-to-multipoint

R1(config-if)# no shutdown

​

R1(config-if)# router ospf 1

R1(config-router)# router-id 1.1.1.1

R1(config-router)# network 10.0.12.1 0.0.0.0 area 0

R1(config-router)# network 10.0.14.1 0.0.0.0 area 0

Router(config)# hostname R2

​

R2(config)# interface GigabitEthernet0/1

R2(config-if)# ip address 10.0.12.2 255.255.255.0

R2(config-if)# ip ospf network point-to-point

R2(config-if)# no shutdown

​

R2(config-if)# interface GigabitEthernet0/3

R2(config-if)# ip address 10.0.23.2 255.255.255.0

R2(config-if)# ip ospf network point-to-multipoint non-broadcast

R2(config-if)# no shutdown

​

R2(config-if)# interface GigabitEthernet0/4

R2(config-if)# ip address 10.0.24.2 255.255.255.0

R2(config-if)# ip ospf network broadcast

R2(config-if)# no shutdown

​

R2(config-if)# router ospf 1

R2(config-router)# router-id 2.2.2.2

R2(config-router)# neighbor 10.0.23.3

R2(config-router)# network 10.0.12.2 0.0.0.0 area 0

R2(config-router)# network 10.0.23.2 0.0.0.0 area 0

R2(config-router)# network 10.0.24.2 0.0.0.0 area 0

Router(config)# hostname R3

​

R3(config)# interface GigabitEthernet0/2

R3(config-if)# ip address 10.0.23.3 255.255.255.0

R3(config-if)# ip ospf network point-to-multipoint non-broadcast

R3(config-if)# no shutdown

​

R3(config-if)# interface GigabitEthernet0/4

R3(config-if)# ip address 10.0.34.3 255.255.255.0

R3(config-if)# ip ospf network non-broadcast

R3(config-if)# no shutdown

​

R3(config-if)# router ospf 1

R3(config-router)# router-id 3.3.3.3

R3(config-router)# neighbor 10.0.23.2

R3(config-router)# neighbor 10.0.34.4

R3(config-router)# network 10.0.23.3 0.0.0.0 area 0

R3(config-router)# network 10.0.34.3 0.0.0.0 area 0

Router(config)# hostname R4

​

R4(config)# interface GigabitEthernet0/1

R4(config-if)# ip address 10.0.14.4 255.255.255.0

R4(config-if)# ip ospf network point-to-multipoint

R4(config-if)# no shutdown

​

R4(config-if)# interface GigabitEthernet0/2

R4(config-if)# ip address 10.0.24.4 255.255.255.0

R4(config-if)# ip ospf network broadcast

R4(config-if)# no shutdown

​

R4(config-if)# interface GigabitEthernet0/3

R4(config-if)# ip address 10.0.34.4 255.255.255.0

R4(config-if)# ip ospf network non-broadcast

R4(config-if)# no shutdown

​

R4(config-if)# router ospf 1

R4(config-router)# router-id 4.4.4.4

R4(config-router)# neighbor 10.0.34.3

R4(config-router)# network 10.0.14.4 0.0.0.0 area 0

R4(config-router)# network 10.0.24.4 0.0.0.0 area 0

R4(config-router)# network 10.0.34.4 0.0.0.0 area 0

• Example 5 – OSPF timers for a non-broadcast OSPF-enabled interface

​

Why Adjusting the Hello and Dead Intervals?

A Higher Hello interval causes OSPF adjacencies to take a long time to get built up. Therefore, lowering the Hello timer’s interval speeds up the process of forming full OSPF neighbor relationships. However, that would generate more OSPF routing traffic.

​

• To sum up, the shorter the hello interval, the faster network topology changes will be noticed.

​

• On the other hand, the higher the Dead interval, the slower the OSPF convergence after a failure. On a non-broadcast network, the dead timer is 120 seconds. If an OSPF node’s interface, connected to a non-broadcast network segment, fails, all its neighbors on that segment will wait 120 seconds before considering the router down and updating their LSDBs based on this change. To circumvent this issue, we need to decrease the Dead interval.

​

• Finally, it is likely to improve convergence if a lower dead interval is defined. However, it may result in additional routing fluctuation because the likelihood of not receiving hellos within a short period of time increases.

​

• Configuring the Hello and Dead Intervals
• Configuring The Hello Interval
• The OSPF Hello interval is the time period between two hello packets that the Cisco IOS software sends on the interface, and is announced in the hello packets.

​

• To set the Hello interval’s value for a particular interface, use the ip ospf hello-interval scnds command in interface configuration mode, where scnds defines the interval in seconds.

​

• The value ranges from 1 to 65535. In a particular network segment, the Hello interval should be the same on all OSPF-enabled interfaces connected to that network for the routers to build up OSPF adjacencies.

• What is OSPF Router ID?

OSPF router ID is a 32-bit binary number, written in a dotted-decimal format similar to an IPv4 address, that must be uniquely assigned to distinguish each router within an OSPF Autonomous System.

​

• As a side note, an autonomous system is a group of routers managed by the same administrative authority. As OSPF areas’ network data are separated from one another, router IDs should be unique only within each area, and not across the entire autonomous system. However, you shouldn’t give the same router ID to two routers regardless of whether they are in separate OSPF areas as that would make troubleshooting harder.

​

• Most of the time, The OSPF RID is one of the IPv4 addresses present on the local router. Now let’s see how a router running OSPF selects the Router ID in Cisco IOS and IOS XR.

​

What is The Purpose of OSPF Router ID?

In OSPF, routers build a network map to calculate the shortest path to every network prefix. Each router labels the other routers before applying Dijkstra’s algorithm. Also, each router needs a way to recognize and track all routers on the map.

Here comes the concept of OSPF router ID, which helps identify all nodes in the OSPF autonomous system. An OSPF router ID consists of a number between 0.0.0.1 and 255.255.255.255 that should be uniquely assigned, and it is used to track every router in the OSPF domain. Additionally, OSPF router ID and priority are used in DR/BDR election on multi-access data links.

​

OSPF Router ID Selection Process on Cisco IOS and IOS XR

OSPF Router ID Selection Process on Cisco IOS

On Cisco routers, you can create many OSPF instances that work independently from one another. Each instance can have a distinct Router ID. It is not mandatory to give them identical Router IDs. Cisco IOS uses the following process to generate the Router ID of a particular OSPF instance:

Step 1. If the RID has been explicitly assigned to the current OSPF instance using the router-id command, Cisco IOS uses that Router ID.

Step 2. If no Router ID has been explicitly configured, Cisco IOS uses the highest IPv4 address on active loopback interfaces. Down loopback interfaces are not used in the selection process.

Step 3. If no IP-enabled loopback interfaces are eligible for use, the router selects the highest IPv4 address on active physical interfaces.

Finally, an interface whether it is loopback or physical does not have to be advertised in the OSPF autonomous system in order to be used in the Router ID selection process.

​

hostname R1

interface loopback0

ip address 1.1.1.1 255.255.255.255

​

interface loopback1

ip address 10.0.10.1 255.255.255.255

shutdown

​

interface gigabitethernet 0/2

ip address 10.0.12.1 255.255.255.0

no shutdown

​

interface gigabitethernet 0/3

ip address 10.0.13.1 255.255.255.0

no shutdown

​

router ospf 1

hostname R2

interface loopback0

ip address 10.0.20.2 255.255.255.255

shutdown

​

interface loopback1

ip address 10.0.21.2 255.255.255.255

shutdown

​

interface loopback2

ip address 10.0.22.2 255.255.255.255

shutdown

​

interface gigabitethernet 0/1

ip address 10.0.12.2 255.255.255.0

no shutdown

​

interface gigabitethernet 0/0

ip address 10.0.234.2 255.255.255.0

no shutdown

​

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

hostname R4

interface loopback0

ip address 10.0.40.4 255.255.255.255

​

interface loopback1

ip address 10.0.4.4 255.255.255.255

​

interface gigabitethernet 0/0

ip address 10.0.234.4 255.255.255.0

no shutdown

​

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

hostname R3

interface loopback0

ip address 10.0.30.3 255.255.255.255

​

interface loopback1

ip address 10.0.31.3 255.255.255.255

​

interface gigabitethernet 0/0/0/1

ip address 10.0.13.3 255.255.255.0

no shutdown

​

interface gigabitethernet 0/0/0/0

ip address 10.0.234.3 255.255.255.0

no shutdown

exit

​

router ospf 1

area 0

interface loopback0

interface loopback1

interface gigabitethernet 0/0/0/1

interface gigabitethernet 0/0/0/0

​

hostname R5

interface loopback0

ip address 10.0.50.5 255.255.255.255

​

interface loopback1

ip address 10.0.51.5 255.255.255.255

​

interface gigabitethernet 0/0

ip address 10.0.234.5 255.255.255.0

no shutdown

​

router ospf 1

router-id 5.5.5.5

network 10.0.0.0 0.0.255.255 area 0

In Exhibit 1, the show ip ospf command output reveals that R4’s OSPF RID is 10.0.40.4, which represents the highest IP address on all active loopback interfaces (Exhibit 2).

• At this point, we enable OSPF simple password authentication in areas 0 and 1 using password cisco, except for the virtual link and subnet 10.0.23.0/24. To configure OSPF Null authentication, issue the ip ospf authentication null command in interface configuration mode, as you can see in the examples below.

​

• Additionally, to set simple password authentication, use the area authentication and ip ospf authentication-key commands. Finally, note that there is no need to set up the authentication key on the loopback interfaces since they are connected to isolated networks.

​

Commnd

• show ip ospf interface fastEthernet 0/0
• show ip ospf
• show running-config interface gigabitEthernet 0/2
• service password-encryption <Plain Text Password Encrypted>

Router R1

router ospf 1

area 0 authentication

area 1 authentication

​

interface fastethernet 0/0

ip ospf authentication-key cisco

​

interface serial 1/0

ip ospf authentication-key cisco

Router R2

router ospf 1

area 0 authentication

area 1 authentication

area 1 virtual-link 3.3.3.3 authentication null

​

interface fastethernet 0/0

ip ospf authentication-key cisco

​

interface fastethernet 0/1

ip ospf authentication null

• OSPF Plain Text Authentication Vs OSPF MD5 and HMAC-SHA Cryptographic Authentication Methods

When you activate OSPFv2 plain text authentication on a data link, routers insert the shared password into the OSPF header of the packets sent over the link. In addition, when a router receives an OSPF packet, it reads the authentication data field and checks it matches the shared password. If there is no match, the packet gets discarded.

​

• Cryptographic authentication methods based on MD5 or HMAC-SHA algorithms set the authentication data field to a hash string calculated from a shared password. In this way, the password is kept secret between neighbors on the same data link and does not get included in OSPF packets. Therefore, hackers (malicious users) have no way to uncover the authentication key, which improves the security of OSPF traffic between neighbor routers.

Router R1

interface serial 1/0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

Router R2

interface serial 1/0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 Area0pa55

• Here is the network topology I will be using. The routing domain consists of five routers and three OSPF areas: 0, 12, and 234.

Figure 1 – The network diagram of an OSPF routing domain

Here are the links to download the initial configurations of the routers.

hostname R1

interface GigabitEthernet0/2

ip address 10.0.12.1 255.255.255.0

no shutdown

​

router ospf 1

router-id 1.1.1.1

network 10.0.12.1 0.0.0.0 area 12

hostname R2

hostname R2

​

interface GigabitEthernet0/1

ip address 10.0.12.2 255.255.255.0

no shutdown

​

interface GigabitEthernet0/3

ip address 10.0.23.2 255.255.255.0

no shutdown

​

router ospf 1

router-id 2.2.2.2

network 10.0.12.2 0.0.0.0 area 12

network 10.0.23.2 0.0.0.0 area 234

​

hostname R4

interface GigabitEthernet0/3

ip address 10.0.34.4 255.255.255.0

no shutdown

​

interface GigabitEthernet0/5

ip address 10.0.45.4 255.255.255.0

no shutdown

​

router ospf 1

router-id 4.4.4.4

network 10.0.34.4 0.0.0.0 area 234

network 10.0.45.4 0.0.0.0 area 0

hostname R3

hostname R3

​

interface GigabitEthernet0/2

ip address 10.0.23.3 255.255.255.0

no shutdown

​

interface GigabitEthernet0/4

ip address 10.0.34.3 255.255.255.0

no shutdown

​

router ospf 1

router-id 3.3.3.3

network 10.0.23.3 0.0.0.0 area 234

network 10.0.34.3 0.0.0.0 area 234

​

• What is OSPF Virtual Link?

The backbone area (area 0) cannot be discontiguous across an OSPF routing domain. This means each router attached to area 0 must have at least one OSPF adjacency with a router in that area. Routers in the backbone area can share LSAs between OSPF areas. if a router is connected to multiple areas, not including area 0, then it cannot share LSAs between areas because if it is not connected to area 0. Here comes the concept of OSPF virtual link.

​

OSPF virtual link is a tool used to connect an OSPF-enabled router to area 0 across a particular transit area.

​

• How Does OSPF Virtual Link Work?

In Figure 1, router R2 is connected to two OSPF areas, not including area 0 (Figure 1). Therefore, it does not flood LSAs received in area 12 into area 234, and vice versa. This way, router R1 does have routes to subnets 10.0.23.0/24, 10.0.34.0/24, and 10.0.45.0/24 (Example 1).

Router 2

R2(config)# router ospf 1

R2(config-router)# area 234 virtual-link 4.4.4.4

Router 4 <Area 0 Router>

R4(config)# router ospf 1

R4(config-router)# area 234 virtual-link 2.2.2.2

Configuring The Hello Interval of an OSPF Virtual Link

The default value of the hello interval on the virtual link between R2 and R4 is 10 seconds. To change it, use the area area_number virtual-link router_id hello-interval seconds, where seconds is between 1 and 8192.

​

• In this example, we set the hello interval of the virtual link between R2 and R4 to 5 seconds.

​

R2(config)# router ospf 1

R2(config-router)# area 234 virtual-link 4.4.4.4 hello-interval 5

​

R4(config)# router ospf 1

R4(config-router)# area 234 virtual-link 2.2.2.2 hello-interval 5

​

To verify the configuration, we use the show ip ospf virtual-links command, as you can see in this example:

​

• show ip ospf virtual-links

​

Configuring The Dead Interval of an OSPF Virtual Link

The default value of the dead interval on OSPF virtual links is 40 seconds. To change it, use the area area_number virtual-link router_id dead-interval seconds, where seconds is between 1 and 8192.

​

In this example, we set the dead interval of the virtual link between R2 and R4 to 60 seconds.

​

R2(config)# router ospf 1

R2(config-router)# area 234 virtual-link 4.4.4.4 dead-interval 60

​

R4(config)# router ospf 1

R4(config-router)# area 234 virtual-link 2.2.2.2 dead-interval 60

​

The following show ip ospf virtual-links command output states that the dead interval of the virtual link interface on R2 is now 60 seconds instead of 40 seconds.

​

• show ip ospf virtual-links

Configuring The Retransmission Interval on an OSPF Virtual Link

• The Retransmit Interval represents the time in seconds OSPF waits before it resends an unacknowledged LSA.

​

• To modify the default retransmit interval, use the area area-id virtual-link router-id retransmit-interval seconds command, where seconds is between 1 and 8192. This parameter does not need to be the same on both ends of the virtual link.

​

• In this example, we configure router R2 to set the retransmit interval of the virtual link to 10 seconds.
• Configuring The Dead Interval of an OSPF Virtual Link
• The default value of the dead interval on OSPF virtual links is 40 seconds. To change it, use the area area_number virtual-link router_id dead-interval seconds, where seconds is between 1 and 8192.

​

• R2(config)# router ospf 1
• R2(config-router)# area 234 virtual-link 4.4.4.4 retransmit-interval 10

​

Configuring The Transmission Delay on an OSPF Virtual Link

To change the default transmit delay value, use the area area-id virtual-link router-id transmit-delay seconds command, where seconds is between 1 and 8192. This parameter does not have to be identical on both ends of the virtual link.

​

In this example, we configure router R2 to set the transmit delay of the virtual link to 2 seconds.

​

• R2(config)# router ospf 1
• R2(config-router)# area 234 virtual-link 4.4.4.4 transmit-delay 2

​

To verify that the change has been applied, we use the show ip ospf virtual-links command in enable mode, as shown below:

• show ip ospf virtual-links

​

​

Configuring The TTL-Security Hops for an OSPF Virtual Link

The area area_id virtual-link router_id ttl-security hops hop_count command allows to instruct Cisco IOS to start checking TTL values on OSPF packets received over a virtual link and set the Time-to-Live (TTL) security hops allowed on one end of a virtual link, where area_id is the ID of the transit area, router_id is the router ID of the other end node of the virtual link, and hop_count is an integer between 1 and 254.

​

You don’t have to configure this setting on both ends of the virtual link, but you should pay attention to not set it to a value that may break OSPF adjacency across the transit. For example, OSPF packets between R2 and R3 traverse two devices, and thus the minimum TTL security hops value should at least be 2. Otherwise, the virtual link between R2 and R4 will fail.

​

In this example, we set the TTL-security hops to 2 on R2 and R4.

​

Commnd

• R2(config)# router ospf 1
• R2(config-router)# area 234 virtual-link 4.4.4.4 ttl-security hops 2

​

• R4(config)# router ospf 1
• R4(config-router)# area 234 virtual-link 2.2.2.2 ttl-security hops 2

​

The show ip ospf virtual-links command output below states that the TTL-security check feature is enabled and the maximum hop count allowed is 2.

​

• show ip ospf virtual-links

​

​

​

OSPF Virtual Link Authentication

• In Cisco IOS, when you activate authentication in the backbone area (area 0), it gets enabled automatically for all virtual links configured on the current router. In this case, either you keep the same authentication for each virtual link or you may implement different authentication types (null, simple password, MD5, or HMAC-SHA).

​

• Moreover, when you enable authentication over an OSPF virtual link, you should set up the same authentication mechanism on both nodes of the virtual link.

​

• Configuring Null Authentication Over a Virtual Link To configure OSPF null authentication over a virtual link, use the area number virtual-link router_id authentication null command in router configuration mode, where number is the ID of the transit area, and router_id is the router ID of the other end node of the virtual link.

​

The command must be issued on both ends of the virtual link. This example configures null authentication on the virtual link between R2 and R4.

​

• R2(config)# router ospf 1
• R2(config-router)# area 234 virtual-link 4.4.4.4 authentication null

​

• R4(config)# router ospf 1
• R4(config-router)# area 234 virtual-link 2.2.2.2 authentication null

​

Configuring Plain Text Password Authentication Over a Virtual Link

To add OSPF plain text authentication to a virtual link, use the area number virtual-link router_id authentication authentication-key psswrd command in router configuration mode, where number is the ID of the transit area, router_id is the router ID of the other end node of the virtual link, and psswrd is the shared password between both ends of the virtual link that is used to generate and authenticate OSPF packets.

​

When simple password authentication is applied over a virtual link, both endpoints of that link should be configured with the same password. In addition, the area virtual-link authentication authentication-key command must be issued on both ends of the virtual link. This example configures plain text authentication over the virtual link between R2 and R4 using the password CISCO.

Configuring HMAC-SHA Authentication Over a Virtual Link

• The area area_id virtual-link router_id authentication key-chain key_chain_name command allows you to enable the OSPF HMAC-SHA cryptographic authentication method over a virtual link, where area_id is the identifier of the transit, router_id is the router ID of the other end of the virtual link, and key_chain_name is a key chain object.

​

• Note that the configurations of the key chain objects on both ends of the virtual link should be the same, but the key ID and password accepted on one end of the virtual link should match the sending key ID and password on the other end.

​

• Here are the steps to configure OSPF HMAC-SHA cryptographic authentication over the virtual link. These steps must be applied on both routers forming the link.

​

Step 1. Construct a key chain object, using the key chain name command in router configuration mode, where name is a string.

​

Step 2. Create the secret key’s identifier using the key command in key chain configuration mode.

​

Step 3. Configure the secret key’s password using the key-string pwd command, where pwd is a string that should not exceed 80 characters.

​

Step 4. Specify the cryptographic authentication algorithm using the cryptographic-algorithm command.

​

Step 5. (optional) configure the KeyStartAccept and KeyStopAccept time constants of the key using the accept-lifetime command.

​

Step 6. (optional) configure the KeyStartGenerate and KeyStopGenerate time constants of the key using the send-lifetime command.

​

Step 7. Apply the key chain object to the virtual link using the area virtual-link authentication key-chain command.

​

For more information about the KeyStartAccept, KeyStopAccept, KeyStartGenerate, and KeyStopGenerate constants, read this article about OSPF HMAC-SHA cryptographic authentication.

​

In the examples below, we configure routers R2 and R4 to activate the OSPF HMAC-SHA authentication method over the virtual link using the HMAC-SHA-512 algorithm, key 1, and password CISCO.