From Internetworkpro

This page or section provides device configuration instructions Please note that the information on this page has not been checked for accuracy and is not intended as a replacement to documentation. Please ensure you understand your desired objectives before attempting to apply any examples listed. See more examples at Category:Configuration

[edit] General IT Network Operations

[edit] Introduction

This document is intended for medium-sized enterprise OSPF implementation and guidelines. This is not an OSPF primer – these are available in plenty of certification material and cisco.com websites. This document is to outline the particular Network requirements of the OSPF Protocol running on Cisco IOS network elements. An assumption is made for the reader to understand basic OSPF network configuration at a CCNA through CCNP level.

This document contains general OSPF configuration standard, diagrams, and specific topology challenges and solutions. This is a living document – it may be edited at any time. The main intent is to provide a single reference point for any implementation of OSPF within the network. As of the writing of this document, there are numerous differences in OSPF deployment, pertaining to route redistribution, OSPF network assignments, loopback addressing, process IDs, prioritization, stability, and performance of our the authors network elements.

The network team needs to avoid environments that are not standardized. An environment that differs from one to another, even on simple points, is prone to errors. A seemingly innocuous difference between two routers that are thought to be identical – an OSPF Process ID, can be put into a script with the incorrect value and take down an entire building or city.

Care and deliberation must be exercised to any OSPF changes on the any network and this document can serve as a guide for any future implementations or repairs and fixes of current architecture.

[edit] OSPF process standards

IT Operations Networks will use OSPF networking as the chosen IP Routing protocol standard. This gives the team flexibility to extend OSPF onto non-cisco proprietary devices and is a forward-looking decision in the event of vendor neutrality. EIGRP, an alternate IGP, may be technically better but is locked down to Cisco network elements only. OSPF Process ID For the purposes of internal consistency, the arbitrary OSPF process ID will always be ‘1’ – We are not a service provider running multiple instances. However, existing OSPF Process IDs of 100 will not be changed unless there is onsite presence who can complete this task safely.

RouterA(config)# router ospf 1

[edit] Loopback Addresses

Loopback addresses must be used for proper operation of OSPF networks. Assigning a loopback address is simple. /32 IPs will be used for address conservation and extracted from a pool of available “Management” related OSPF networks, ideally a /24 network. Since each network element will only obtain a single IP address to be used for management and OSPF router IDs, no summarization is necessary and the /24 may be scattered at will through the network.

The loopback address will be distributed into area 0 for ABRs, and into the local area for an internal or ASBR.

Router(config#) interface loopback0
Router(config-if)# ip address 10.22.196.5 255.255.255.255
Router(config)# router ospf 1
Router(config-router)# network 10.22.196.5 0.0.0.0 area 0

[edit] OSPF Reference bandwidth

Cisco implements an OSPF reference of 100MBps. This means that a 100Mbps link will have an OSPF cost of one. The following table shows default OSPF cost behavior for this link based on link speed. The default OSPF reference bandwidth is 100.

Operations networks will set the OSPF reference bandwidth to 100Gbps – this will not have a negative impact on the network as per the charts below.

The calculation to use is Cost=(Reference BPS)/(Link BPS). For example, a 45Mbps and a reference-bandwidth of 100Gbps will have the following cost of 2222 as per: 100,000,000,000 / 45,000,000 = 2222

The syntax for implementing the 100Gbps reference bandwidth is as follows;

RouterA(config)# router ospf 1
RouterA(config-router)# auto-cost bandwidth 100000

Cost at 100Gbps:          1                       hops @ 24-bit   16777215   hops @ 32-bit 4294967295
Cost at 40Gbps:           2                       hops @ 24-bit    8388607   hops @ 32-bit 2147483647
Cost at 10Gbps:          10                       hops @ 24-bit    1677721   hops @ 32-bit  429496729
Cost at 1Gps:           100                       hops @ 24-bit     167772   hops @ 32-bit   42949672
Cost at 145Mbps:        689                       hops @ 24-bit      24350   hops @ 32-bit    6233624
Cost at 100Mbps:       1000                       hops @ 24-bit      16777   hops @ 32-bit    4294967
Cost at 45Mbps:        2222                       hops @ 24-bit       7550   hops @ 32-bit    1932928
Cost at 10Mbps:       10000                       hops @ 24-bit       1677   hops @ 32-bit     429496
Cost at 6.176Mbps:    16191                       hops @ 24-bit       1036   hops @ 32-bit     265257
Cost at 4.632Mbps:    21588                       hops @ 24-bit        777   hops @ 32-bit     198942
Cost at 3.088Mbps:    32383                       hops @ 24-bit        518   hops @ 32-bit     132628
Cost at 1.544Mps:     64766                       hops @ 24-bit        259   hops @ 32-bit      66314
Cost at 768kbps:      65535   (greater than max)  hops @ 24-bit        256   hops @ 32-bit      65537
Cost at 384kbps:      65535   (greater than max)  hops @ 24-bit        256   hops @ 32-bit      65537
Cost at 128kbps:      65535   (greater than max)  hops @ 24-bit        256   hops @ 32-bit      65537

Thanks for the script nemith OSPF_Reference_Bandwidth_Calculator

[edit] OSPF Logging

The log-adjacency-changes command is similar to the debug commands but uses fewer resources. This command within OSPF can be used to send a syslog message whenever a change in the adjacency has changed, immediately. This allows for prompt and swift troubleshooting by investigating syslogs on a centralized server.

Router(config)# router ospf 1
Router(config-router)# log-adjacency-changes
*Mar  1 00:37:30.195: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.3 on Serial1/0 from LOADING to FULL, Loading Done
*Mar  1 00:37:30.439: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on Serial1/0 from LOADING to FULL, Loading Done

[edit] OSPF Message Digest Authentication

OSPF MD5 hash authentication can provide security, ensuring that received and sent networks are trusted because they come from a source that knows the shared secret. This has two benefits – Security, and the piece of mind that a poorly configured router running a simple OSPF process will not wreak havoc on a production network.

OSPF MD5 authentication is applied at the interface level:

Router(config-if)#ip ospf message-digest-key 1 md5 0 OrgOSPF
Router(config-if)#ip ospf authentication message-digest

The show ip ospf neighbor command can be used to verify if neighbors have become adjacent. If the password is incorrect, the router shows a key mismatch in the syslog.

Both the password and key number must match on both sides. For purposes of standardization, MD5 key #1 and unencrypted password “OrgOSPF” will be used.

The password will be unencrypted in the running and startup configurations unless “service password-encryption” is enabled.

interface FastEthernet0/0
 description Uplink to RouterA
 ip address 192.168.0.2 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OrgOSPF
 duplex auto
 speed auto
!
service password-encryption
…show run..
interface FastEthernet0/0
 ip ospf message-digest-key 1 md5 7 A3258613A2923

[edit] OSPF Priority

OSPF priority should be given to the devices with the most memory and CPU speed available. By default, OSPF elects elements to DR and BDR status based on Priority, and in the event of a tie, IP addressing. This default behavior must be overridden. Consider the network below.

By default, RouterA would be the DR on this network because the loopback address 10.0.0.154 is the highest IP on this segment. This is not optimum. An OSPF priority is by default ‘1’ so this causes the election process between IP addresses rather than CPU or Memory. We can override the priority and use that for DR/BDR election rather than IP.

The preferred DR for this network is RouterC, a Cisco 7206 with an NPE-G2 processor and a gigabyte of RAM. Our preferred BDR is RouterD, with an NPE-200 and 512MB of ram.

RouterC(config)# interface FastEthernet 3/1
RouterC(config-if)# ip ospf priority 10

RouterD(config)# interface FastEthernet 2/1
RouterD(config-if)# ip ospf priority 5

RouterA is too slow for us to even consider, so we don’t want it to become a DR or BDR, ever. A cost of ‘0’ may be used to never elect a router as a DR or BDR.

RouterA(config)# interface ethernet0/0
RouterA(config-if)# ip ospf priority 0

RouterB will be used if both RouterC and RouterD fail. The default priority is ‘1’ so we do not need to change anything.

[edit] OSPF Area structure

[edit] OSPF Area numbering scheme

Area IDs should be consistent and chosen to a standard. Four OSPF octets can be used in the form of an IP Address on the network. The following format is chosen for OSPF:

<Province|State>.<City>.<Hub/Building>.<Area>

“Province” is designated by the following table:

“City” is to be a list maintained in an excel spreadsheet. An example format is as follows:

“Building” is to be used for the distribution-level router in the city, if required.

The fourth octet can be used for multiple areas in that location – Although this may not yet be necessary, and area ‘1’ can be used at each location.

[edit] OSPF Backbone – Area 0

Area 0 will span the entire core and distribution layers of the network. Distribution routers also connect to one other non-backbone area as required. All networks in area 0 will be specifically identified in the OSPF router process with the “network <prefix> <wildcard> area 0” statement.

[edit] OSPF Network Statement

For purposes of readability, the entire network subnet mask will be used for OSPF network statements. Remember, the network statement only refers which interfaces participate in OSPF and is not actually a routing snapshot. Network statements are used rather than redistribute commands to allow for interface bandwidth costs, and route-types being internal rather than External type 1 or type 2 routes.

The router below, based on the config, routes for 192.168.1.0/24, and 10.22.210.0/24.

Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# network 10.22.210.0 0.0.0.255 area 9.1.1.1

[edit] Area border routers and summarization

Area 0 extends through the core and ends at the distribution layer. The distribution routers in each city perform area border router services for that location.

Non-backbone areas will be configured as NSSAs as possible, with inter-area advertisements from area 0 suppressed and OSPF Default routes originated into the NSSA. The following example configuration would appear on the IT7206a and IT7206b routers:

router ospf 1
  network 10.22.197.0 0.0.0.255 area 9.1.2.1 
  area 9.1.2.1 nssa no-summary

All area 0 advertisements would be filtered at the ABR, and not advertised to the Warehouse routers. Additionally, the NSSA network is summarized at the ABR and more specific routes are prevented from being advertised into area 0 with the following:

router ospf 1
 network 10.22.197.0 0.0.0.255 area 9.1.2.1 
 area 9.1.2.1 nssa no-summary
 area 9.1.2.1 range 10.22.202.0 255.255.255.0

This will prevent any routing flaps from within the Slough office from impacting the rest of the network or causing unnecessary SPF computations.

[edit] Passive Interfaces

By default, OSPF will advertise LSAs and Hellos out of every interface that is configured with a network statement. Sometimes this may not be desirable – such as a user access VLAN. OSPF neighbor relationships need to be restricted on interfaces which we strictly want to run OSPF on. “passive-interface default” will be configured on every OSPF router, with the desired interfaces excluded from this default configuration. Networks to route for are still defined for ease of management and configurability.

RouterA(config)# Router ospf 1
RouterA(config-router)# network 10.99.3.0 0.0.0.128 area 0
RouterA(config-router)# network 10.99.6.0 0.0.0.255 area 1.1.1.1
RouterA(config-router)# network 10.99.4.0 0.0.0.255 area 1.1.1.1
RouterA(config-router)# passive-interface default
RouterA(config-router)# no passive-interface Fa2/0

[edit] Interface bandwidth

All OSPF links have a certain bandwidth one way or another. In most cases, the OSPF interface may be a FastEthernet interface, and the bandwidth is 100Mbps. In this case, there is nothing to be done since OSPF will pick up the default interface bandwidth.

Consider the following scenario:

RouterA and RouterB both have 100Mbit uplinks to the ATM circuit, however the provider is only granting a 12.5Mbps VC.

The configuration required to properly calculate OSPF network links is as follows:

RouterA(config)# interface FastEthernet0/0
RouterA(config-if)# bandwidth 12500

[edit] Static Route redistribution

On an Autonomous system boundary router (ASBR) redistributing static routes, a route-map must be used to keep the configuration simple and concise. The best option is to tag static routes with a unique identifier when implementing them.

A route-map is then used that matches the specific tag and sets the OSPF cost/metric to the correct value based on the bandwidth of the link. A description will be used within the comment to identify the route-map to be used.

A static route will only end up in the OSPF Routing table if it matches an administratively defined tag.

RouterA config:

router ospf 1
  redistribute static metric-type 1 subnets route-map static-to-ospf
  network 10.23.3.0 0.0.0.255 area 1.1.1.1
  network 192.168.0.0 0.0.0.255 area 0
  network 10.0.0.1 0.0.0.0 area 0
  auto-cost reference-bandwidth 100000
!
ip route 52.53.108.0 255.255.255.0 10.23.3.129 tag 10
ip route 52.54.100.0 255.255.254.0 10.23.3.129 tag 10
ip route 10.40.20.0 255.255.255.0 10.23.3.129
!
route-map static-to-ospf permit 10
 description Firewall DMZ Hosts (45MBps)
 match tag 10
!

Router “B” will see a redistributed route for 52.53.108.0/24 and 52.54.100.0/23, but not 10.40.20.0/24 since the tag is not matched.

RouterB# <strong>show ip ospf database</strong>
…
                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.0.1        10.0.0.1        926         0x80000006 0x00DB12 2

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.0.1     10.0.0.1        926         0x80000002 0x008623

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.23.3.0      10.0.0.1        1952        0x80000002 0x00A122

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
52.53.108.0   10.0.0.1        1291        0x8000000A 0x008BBE 10
52.53.100.0    10.0.0.1        1291        0x8000000A 0x00240E 10

RouterB# show ip route

<snip>
O E1 52.54.108.0/24 [110/2000] via 192.168.0.1, 00:44:13, FastEthernet0/0
O E1 52.53.100.0/24 [110/2000] via 192.168.0.1, 00:44:13, FastEthernet0/0
O IA    10.23.3.0 [110/2000] via 192.168.0.1, 00:44:13, FastEthernet0/0
O       192.168.0.0 [110/2000] via 192.168.0.1, 00:44:13, FastEthernet0/0
O       10.0.0.1 [110/2000] via 192.168.0.1, 00:44:13, FastEthernet0/0 
C    192.168.0.0/24 is directly connected, FastEthernet0/0

[edit] External type “1” vs External type “2”

External type “1” routes will be used for these learned via redistribution. The cost of thse routes reflects the entire path of the route, and will take into consideration the hop between RouterA and Firewalls, routers, and other extranet devices that we do not participate in OSPF. This will also be important when the Extranet project is completed and will allow best-path to the BCH Extranet elements.

If external type “2” was to be used, then only the cost of the metric would be used and the link speed would not be taken into consideration, only the cost to get to the end network. This could create unusual and undesirable routing with multiple paths to the same destination.

[edit] Putting it all together

In most cases on the network, the OSPF auto-cost bandwidth will be appropriate based on our 100Gbps OSPF reference bandwidth.

A default route is redistributed into this network by means of an example, as a O*E1 route to accurately calculate costs to reach a firewall-enabled network on our LAN.

The redistributed static routes do not always have the same cost as the uplink – in this scenario, a 100Mbps uplink to the public internet firewalls exists, while a DMZ sits behind the network. The DMZ is directly connected and thus has a 100Mbps link cost associated with it, yet the Internet service is only 45Mbps.

Default bandwidth commands are used for the MIPT Voice uplink to 10Mbps. RouterA:

interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 description Internet Router
 bandwidth 100000
 ip address 10.23.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description Extranet router
 bandwidth 100000
 ip address 10.23.5.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet2/0
 description MIPT Voice network
 bandwidth 10000
 ip address 10.30.14.1 255.255.255.0
 duplex half
 speed 10
!
interface FastEthernet3/0
 description Uplink to RouterB
 bandwidth 10000
 ip address 192.168.0.1 255.255.255.0
 ip ospf priority 10
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 auto-cost reference-bandwidth 100000
 redistribute static metric-type 1 subnets route-map static-to-ospf
 passive-interface default
 no passive-interface FastEthernet3/0
 network 10.0.0.1 0.0.0.0 area 0
 network 10.30.14.0 0.0.0.255 area 1.1.1.1
 network 10.23.3.0 0.0.0.255 area 1.1.1.1
 network 10.23.5.0 0.0.0.255 area 1.1.1.1
 network 192.168.0.0 0.0.0.255 area 0
 default-information originate metric 2222 metric-type 1
!
ip route 0.0.0.0 0.0.0.0 10.23.3.129
ip route 10.125.0.0 255.255.0.0 10.30.14.247 tag 30
ip route 10.181.0.0 255.255.0.0 10.23.5.254 tag 20
ip route 172.28.0.0 255.255.0.0 10.23.5.254 tag 20
ip route 52.53.108.0 255.255.255.0 10.23.3.129 tag 10
!
route-map static-to-ospf permit 10
 description Firewall DMZ Hosts (45MBps)
 match tag 10
 set metric 2222
!
route-map static-to-ospf permit 20
 description Routes from BCH Extranet (30Mbps)
 match tag 20
 set metric 3333
!
route-map static-to-ospf permit 30
 description MIPT Voice over IP routes (10Mbps)
 match tag 30
 set metric 10000
!

RouterB:

interface loopback0
 ip address 10.0.0.2 255.255.255.255
! 
interface FastEthernet0/0
 description Uplink to RouterA
 ip address 192.168.0.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 auto-cost reference-bandwidth 100000
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.0.0.2 0.0.0.0 area 0
 network 192.168.0.0 0.0.0.255 area 0
!

[edit] OSPF Troubleshooting

The following commands can be used to help verify the configuration of OSPF in a multi-area network:

The show ip ospf border-routers command

The show ip ospf border-routers command shows the ABRs and ASBRs that the internal router has in its routing table. This can help to troubleshoot configuration errors. This can help show why users cannot connect outside their area.

The show ip route command

The show ip route command can be used to see which routes make it from the OSPF Topology table onto the active routing table on the router.

Flags are available that tell which type of route is in. This can help diagnose redistribution problems.

The show ip ospf database command

Examining the OSPF database to look for a Router or Network ID can help to see if the problem router is participating in the OSPF network.

This command can also be used to see if redistribution is helping by looking for tagged routes across the network.

log-adjacency-changes configuration item

Covered earlier, this command when applied to a router can give helpful syslog information to show adjacency changes – both up and down.

The show ip ospf neighbors command

Shows neighbor relationships and device status. The ideal state of any OSPF neighbor relationship is “FULL”.

When the OSPF neighbor relationship has failed, the state will be “DOWN”. Devices stuck in “INIT” may be experiencing a network or data link layer issue in the manner of flapping elements.

The show ip ospf command

This command displays an overview of the OSPF parameters. Good information to look for are routing processes, Router IDs, hold times, last SPF calculation, and how many OSPF entries are in the device.

The show ip ospf protocols

The show ip protocols command will show a wealth of information – Which routing protocol is used on an interface, any route filters, the Router ID, number of areas, which networks the router is routing for, reference bandwidth, passive interfaces, and routing information sources.

Show ip ospf database

The show ip ospf interface command will show more OSPF information, including Router IDs, Network types (Usually BROADCAST), link costs, DR and BDR, timer intervals, OSPF Neighbors, and more.

The debug ip ospf commands

Router# debug ip ospf ?
  adj             OSPF adjacency events
  database-timer  OSPF database timer
  events          OSPF events
  flood           OSPF flooding
  hello           OSPF hello events
  lsa-generation  OSPF lsa generation
  mpls            OSPF MPLS
  nsf             OSPF non-stop forwarding events
  packet          OSPF packets
  retransmission  OSPF retransmission events
  spf             OSPF spf
  tree            OSPF database tree

[edit] Reference documentation

• Cisco – Redistributing routing protocols http://www.cisco.com/warp/public/105/redist.html
• CCNP BSCI Official Exam Certification Guide, Fourth Edition

Brent D. Steward, Claire Gough Copyright 2008 Cisco Systems, Inc

• RFC 1583 section 2.2 use of external routing information

http://www.freesoft.org/CIE/RFC/1583/8.htm

• Cisco IOS 12.4(17) SSH Service Provider IOS Image on Cisco 3640 platforms