Open Shortest Path First – OSPF

1.Introduction to OSPF

OSPF is an IGP that routes packets within a single AS or domain.

OSPF is a link-state routing protocol and uses link-state advertisements (LSAs) to describe about network topology. Each router gerenates LSAs describe about the network it sees and floods the LSAs throughout the network. At the end, each router has a link-state database (LSDB) that describes about the same topology.

Once the router complete knows the network topology, it runs the SPF (based on Djiktra algorithm) calculation to determine the shortest path to each destination. The calculation results a pair of destination/next-hop that are placed into routing table. This calculation is performed independently on each router.

OSPF runs directly over IP, using IP protocol port 89. It does not use a transport layer protocol such as TCP or UDP.

Each router has a router ID that distinguishes a router with the rest. This router ID is unique. Router ID is a 32-bit number written in dotted decimal notation that looks like IP address. Router ID is typically a lo0 address.

OSPF devides each AS into one or more segments called areas. Each area is a set of networks and hosts that are administrative grouped together.

To exchange information between areas, OSPF uses area border routers (ABRs) which are connected to two or more areas.

ABRs run a separate SPF calculation and maintain a separate link-state database for each area to which they connected. ABRs summarize link-state information from one area before passing to the next, which increase the overall stability for network.

On each multiaccess network, OSPF elects a designated router (DR) that establishes the adjacencies with all router in network. DR election based on the priority which is a number between 0 and 255. DR is a router with the highest priority number. If two routers with equally priority number, the one with lower router ID is selected. It also has a backup designated router (BDR).

OSPF defines some types of area. The core of an OSPF network is the backbone area, which is area 0 (0.0.0.0). All the ABRs attached to area 0.

2.Terminologies

2.1.Link state advertisements – LSAs

Each router maintains a database called link-state database (LSDB), containing the lastest received LSAs. A separate LSDB is maintained for each area connected to the router.

2.1.1. LSA operation

Each LSA is numbered with a sequence number and a timer is run to age out old LSAs. By default, it is 30 minutes.

When a LSA received, it is compared with LSDB. If it is new, it is added to the LSDB and SPF algorithm is run.

If it is from a router ID that is already in the database. The sequence number is compared and older LSAs are discarded. If it is a new LSA, it is incorporated into LSDB and SPF algorithm in run. If it is an older LSA, the newer LSA will be sent back to the one which sent the old LSA.

OSPF sequence number is 32 bits. This sequence number is changed whenever:

-LSA changes because a route is added or deleted

-The LSA ages out. (LSA updates are flooded every 30 minutes, even if nothing happens)

2.1.2. LSA types

OSPF uses different types of LSAs to advertise different types of routes, such as external or internal routing domain.

 2.2.OSPF Operation

OSPF uses several differents type of packets to establishe neighboring and maintains the routing information.

2.2.1.OSPF packets

OSPF uses 5 packet types. It does not use TCP or UDP for transmitting. It runs directly over IP port 89 using an IP header. 5 packet types:

-Hello: identifies neighbors and serves as a keepalive

-Link State request (LSR): request for a Link state update (LSU). Contains the type of LSU request and the ID of router requesting it.

-Database Description (DBD): A summary of LSDB, including RID and sequence of LSA in the LSDB

-Link state update (LSU) : contains a full LSA entry. An LSA includes topology information. One LSU can contain multiple LSAs.

-Link state acknowledgement (LSAck) : Acknowledges all the OSPF packets (except Hellos).

OSPF traffic is multicass to either of two addresses: 224.0.0.5 for all OSPF routers and 224.0.0.6 for OSPF Drs.

2.2.2.OSPF Neighbor relationships

OSPF routers send periodic multicast packet to introduce themselves to other router on link. They become neighbors when they see their own router ID number included in the neighbor field of the Hello from another router. And two routers must be in a same subnet for a neighbor relationship to be performed.

Certain parameters in Hello packet must match for two routers to become neighbors. They include:

-Hello/dead timers

-Area ID

-Authentication type and password (if set)

-stub area flag

OSPF routers can be neighbors without being adjacent. Only adjacent neighbors exchange routing updates and synchronize their databases. On a point-to-point network, the adjacent is established directly when they can communicate. On multiaccess link, OSPF routers establishe adjacent with DR and BDR

Hello also serves as keepalives. A neighbor is considered lost if no Hello packets received within four Hello periods (dead timer). The default Hello/dead timers:

-10 seconds/40 seconds for LAN and point-to-point interfaces

-30 seconds/120 seconds for nonbroadcast multiaccess interfaces.

2.2.3.Establishing neighbors and exchanging routes

The process to establishe the neighbors and route exchange between two routers:

Step1: Down state: OSPF process not yet started, no Hellos sent

Step2: Init state: router sends Hello packets out all OSPF interfaces

Step3: Two-way state: routers receive Hellos from another router that contains its own router ID in neighbor list. All other required elements match, so routers can become neighbors.

When step3 ends, the neighbors are established. The following steps below refer to the exchanging routes.

Step4: Exstart state: If router become adjacent (exchang routes), they determines which one starts the exchange process. In this case, which router with higher router ID will start the process.

Step5: Exchange state: routers exchange the DBDs that describe the local databases.

Step6: Loading state: Each router compares the DBD received to the local contents. It then sends the LSR for missing or outdated LSAs. Each LSR will be responded with a LSU. Each LSU is acknowledged.

Step7: Full state: the LSDB has been synchronized with the adjacent neighbor.

3.Configuring OSPF

3.1. Backbone/single area (area 0)

In this section, I will introduce how to configure OSPF in single-area (area 0). 

Using this topology to illustrate:

Configurations:

=====

R1:

=====

cuong@Jun1# show protocols

ospf {

area 0.0.0.0 {

interface lo0.0;

interface em1.0;

interface em2.0;

}

}

[edit]

==

R2

==

cuong@Jun2# show protocols

ospf {

area 0.0.0.0 {

interface lo0.0;

interface em1.0;

interface em2.0;

}

}

==

R3

==

cuong@Jun3# show protocols

ospf {

area 0.0.0.0 {

interface lo0.0;

interface em1.0;

interface em2.0;

}

}

Using “show ospf route” to determine the ospf routes

cuong@Jun1> show ospf route

Topology default Route Table:

Prefix Path Route NH Metric NextHop Nexthop

Type Type Type Interface Address/LSP

192.168.2.1 Intra Router IP 1 em1.0 10.0.0.6

192.168.3.1 Intra Router IP 1 em2.0 11.0.0.6

10.0.0.0/24 Intra Network IP 1 em1.0

11.0.0.0/24 Intra Network IP 1 em2.0

12.0.0.0/24 Intra Network IP 2 em1.0 10.0.0.6

em2.0 11.0.0.6

192.168.1.0/24 Intra Network IP 0 lo0.0

192.168.1.1/32 Intra Network IP 0 lo0.0

192.168.2.0/24 Intra Network IP 1 em1.0 10.0.0.6

192.168.2.1/32 Intra Network IP 1 em1.0 10.0.0.6

192.168.3.0/24 Intra Network IP 1 em2.0 11.0.0.6

192.168.3.1/32 Intra Network IP 1 em2.0 11.0.0.6

To determine which routes that router has learned from OSPF, check the unicast routing table:

cuong@Jun1> show route protocol ospf table inet.0

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

12.0.0.0/24 *[OSPF/10] 00:21:54, metric 2

> to 10.0.0.6 via em1.0

to 11.0.0.6 via em2.0

192.168.2.0/24 *[OSPF/10] 00:22:46, metric 1

> to 10.0.0.6 via em1.0

192.168.2.1/32 *[OSPF/10] 00:22:46, metric 1

> to 10.0.0.6 via em1.0

192.168.3.0/24 *[OSPF/10] 00:21:54, metric 1

> to 11.0.0.6 via em2.0

192.168.3.1/32 *[OSPF/10] 00:21:54, metric 1

> to 11.0.0.6 via em2.0

224.0.0.5/32 *[OSPF/10] 00:50:42, metric 1

MultiRecv

3.2.Configuring authentication

Authentication is required if you want to prevent the spoofing in neighbor establish process.

==

R1

==

[edit]

cuong@Jun1# show protocols ospf area 0.0.0.0

interface lo0.0;

interface em1.0 {

authentication {

md5 1 key "$9$H.fz9A0hSe36SevW-dk.P"; ## SECRET-DATA

}

}

interface em2.0 {

authentication {

md5 1 key "$9$H.fz9A0hSe36SevW-dk.P"; ## SECRET-DATA

}

}

==

R2

==

[edit protocols ospf area 0.0.0.0]

cuong@Jun2# show

interface lo0.0;

interface em1.0 {

authentication {

md5 1 key "$9$xnD-b2ZUH5Qn4aQn/CB17-V"; ## SECRET-DATA

}

}

interface em2.0 {

authentication {

md5 1 key "$9$oJZDk5Qnp0I.P0IEcvMaZU"; ## SECRET-DATA

}

}

==

R3

==

[edit protocols ospf area 0.0.0.0]

cuong@Jun3# show

interface lo0.0;

interface em1.0 {

authentication {

md5 1 key "$9$hD7yeWNdsJGiLxGik.zFcyl"; ## SECRET-DATA

}

}

interface em2.0 {

authentication {

md5 1 key "$9$rNkKWxbs4Di.Ndi.P56/lKM"; ## SECRET-DATA

}

}