Narbik’s Advanced Lab Notes — OSPF (II)

Lab 4 (summarization):

  • External routes are summarized on ASBR using “summary-address” command.
  • when summarizing internal routes on ABRs, the “area xx range” command must be used with xx is the area id. The routes that are being summarized originated in area xx (1 in our case), the “area range” command MUST specify the area “area 1 range” followed by the summary network address.
  • In OPSF, the discard route is created automatically whenever summary route is configured. 2 types of summary routes: Internal and External. When internal summary routes are configured, OSPF will inject an internal discard route and same thing with external. This is to prevent loops.
  • to get rid of these discard routes, you do, “no discard-route internal

Lab 5 (Virtual Links and GRE tunnels)

  • ensuring all adv network are reachable by all routers. Use any IP addressing and NOT using virtual link. We will be using GRE tunnels.
  • so if R5 is not connected to area 0 and R4 is the ABR b/w Area 4 and Area 2. The GRE tunnel must be configured b/w R4 and R3.
  • assign any arbitrary network on both routers, and include them in area 0. (e.g 200.1.34.3). This will be the ip address of the GRE tunnel interface “int tun1”. Then make tunnel source to be the link b/w R4 and R3 and the destination to be the other end. Do this on both sides.
  • Neighbor relationship would be formed.
  • The IP address of the tunnel interface MUST be advertised in area 0 or else the tunnel will not work.
  • Configuring authentication over virtual link (simple)
    • router ospf 1 (on R1)
      • area 1 virtual-link 2.2.2.2 authentication
      • area 1 virtual-link 2.2.2.2 authentication-key Cisco
    • router ospf 1 (on R2)
      • area 1 virtual-link 1.1.1.1 auth
      • area 1 virtual-link 1.1.1.1 auth-key Cisco
  • MD5:
    • on router 4
      • Rack1R4(config-router)#$ual-link 3.3.3.3 authentication message-digest
      • Rack1R4(config-router)#$ual-link 3.3.3.3 mess
      • Rack1R4(config-router)#$ual-link 3.3.3.3 message-digest-key 1 md5 cisco
    • on R3:
      • same thing…

Lab 6: Stub, totally stubby and NSSA

  • Stub:
    • stops type 4 and 5. Issue “area xx stub” command on all router and the ABR for that area.
    • stub cannot be a transit area so no virtual link but a GRE tunnel can be used instead.
    • Stub area cannot have an ASBR.
    • backbone area cannot be a stub area.
    • no Lsa type 5 (E1 or E2) are allowed in STUB area, but routers can connect to external routes via default route that is injected in area by ABR.
    • by default, cost of default route is 1; verify using “sh ip ospf” and show ip route. This can be changed by “area xx default-cost yy”.
  • Totally Stubby:
    • does not receive types 3,4 and 5.
    • on all routers “area xx stub” and on the ABR issue “area xx stub no-summary”
    • all IA and E routes are filtered.
    • default route IS injected
  • NSSA:
    • the default 0/0 route will not be injected
  • NSSA with default route:
    • you have to use the command: area xx nssa default-information-originate (on the ABR)
    • will inject a type N2 default route into the area.
  • Totally Stubby NSSA with default route
    • area 1 nssa no-summary on ABR (allows 1,2,7 and default route)

Lab 7 (filtering routes in OSPF)

  • Filter all LSA from other areas to area 2, the other areas do receive routes from area 2. No distribute-list, acl, or any command under router ospf is allowed:
    • go to interface level and issue: “ip ospf database-filter all out”
    • this command ONLY works on point-to-multipoint interfaces.
      • neighbor <ip> database-filter all out
  • Configure R3 or R4 such that R4 does not have reachability to Network 3.0.0.0. Using distribute-list.
    • This must be done on R4 since distribute-list out ONLY works on ASBR and R3 is not an ASBR. So we need to do a “distribute-list in” on R4.
  • Configure the routers such that they don’t have reachability to network 4.4.3.0/24 (which was redistributed on R4). No global config command, neighbor command, int config command or ip ospf command allowed.
    • use “summary-address 4.4.3.0 255.255.255.0 no-advertise”
    • can be used to filter an external network when configured on ASBR
    • not be used to filter internal networks.
  • Configure routers such that R3 and R4 don’t have reachability to 1.1.3.0/24 network
    • use “area 1 range 1.1.3.0 255.255.255.0 not-advertise” command on the ABR. This filters internal routes within an OSPF routing domain and can only be used on an ABR.
  • Configure R2 such that network 1.1.1.0/24 (from area 1) is not advertised to area 2.
    • use prefix-list here
      • ip prefix-list net seq 5 deny 1.1.1.0/24
      • ip prefix-list net seq 10 per 0.0.0.0/0 le 32
      • area 2 filter-list prefix NET in (1.1.1.0 is coming from area 1, but we’re filtering it out of area 2 by using “in”, filtering prefixes advertised in LSA type 3 BETWEEN OSPF area of an ABR)
  • Ways of filtering:
    • ip ospf database-filter all out on interface level
    • neighbor <ip> database-filter all out (on point to multipoint int only)
    • using distribute-list in.
    • using distribute-list out on ASBR
    • using summary-address no-advertise on ASBR
    • using area 1 range not-advertise on ABR
    • using ip prefix list and area filter list to filter LSA type 3s.

Lab 8 (redirecting traffic)

  • R1 has two ways to reach network 4.0.0.0/8. Ensure that R1 uses R2 instead of R3. R1 should go directly to R3 to reach network 3.0.0.0. DO NOT USE, bandwidth, any global config command, OSPF cost or distance command.
    • max-metric router-lsa
    • other routers do not prefer the router as a transit hop in their path to given network.

Lab 9 (limiting number of OSPF redistributed routes)

  • use the command “redistribute maximum-prefix 10 70 (warning-only)”

Lab 10 (OSPF and NBMA)

  • On Non-Broadcast media (like FR) OSPF can run in two modes:
    • NBMA: simulates broadcast model. Two ways to simulate a broadcast model:
      • ip ospf network broadcast (interface sub-command) [on both ends]. Map statements need to have “broadcast”.
      • configure neighbor statements using router ospf. [use “ip ospf priority 2” to assign DR]. Frame relay map commands in this case do NOT need a broadcast parameter because OSPF packets are unicasted with neighbor statement.
    • Point-to-Multipoint: treats non-broadcast networks as a collection of point-to-point links by configuring “ip ospf network point-to-multipoint” command. Need Broadcast statement. No DR and BDR elected when NBMA network is configured Point-to-Multipoint.
  • you MUST define network type on non-broadcast networks to avoid configuring neighbor statements.
  • FR subinterfaces can run in two modes:
    • p2p: the subinterface emulates a p2p network and OSPF treats it as a p2p network type.
    • multipoint: OSPF treats this subinterface as NBMA network type.
  • One end configured as P2P, other as Multipoint Physicaly interface. How do we resolve? Configure the P2P interface on the hub as “ip ospf network non-broadcast” and assign a neighbor command under router ospf. In non-broadcast networks, the “neighbor” command in router config mode must be configured so the OSPF hello packets are exchanged via Unicast.
  • changing an interface from “non-broadcast” to “point-to-point” earlier required changing hello intervals. in the latest IOS releases, hello intervals automatically change when you do “ip ospf network point-to-point”
Advertisements

One thought on “Narbik’s Advanced Lab Notes — OSPF (II)

  1. hello..

    OSPF forms neighbourship if the Timers are the same… but…if the DR/BDR election is the key point for exchange for prefixes.! if you have p2m and nbma then…neighbor will be UP…but no routes will the exchanged.! this is probably becoz in a DR/BDR network type we use 224.0.0.6 to talk to DR/BDR whoz responsible for sendin all the LSAs out using 224.0.0.5!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s