Activating OSPF

As with other routing protocols, the enabling of OSPF on Cisco routers requires taking the following preliminary steps before the process begins 1 Determine the process ID under which OSPF is to run within your network. This process ID must be different from any other OSPF network to which you might be connecting. The possible range for an OSPF process ID is 1-65535. 2 Specify the range of addresses that are to be associated with the OSPF routing process. This is part of one command that must...

Adding OSPF Areas

Figure 6-9 illustrates how each of the RIP clouds can be converted into an OSPF area. All three routers then become ABRs, which control network information distribution between OSPF areas and the OSPF backbone. Each router keeps a detailed record of the topology of its area and receives summarized information from the other ABRs on their respective areas. Figure 6-9 also illustrates VLSM addressing. VLSM uses different size network masks in different parts of the network for the same network...

Adding OSPF to the Center of a RIP Network

A common first step in converting a RIP network to an OSPF network is to convert backbone routers into running both RIP and OSPF, while the remaining network edge devices run RIP. These backbone routers automatically become OSPF ASBRs (redistributing RIP into OSPF). Each ASBR controls the flow of routing information between OSPF and RIP. In Figure 6-8, Routers Morpheus, Neo, and Trinity are configured as ASBRs when redistributing RIP into OSPF. RIP does not need to run between the backbone...

Administrative Distance and Metrics

Regardless of the reason that you have encountered redistribution, there are some characteristics of how it operates within OSPF and on Cisco routers. When redistributing from one routing protocol to another, keep in mind the following items Previous chapters have discussed the metrics used by OSPF and how to manipulate them. Administrative distances help with route selection among different routing protocols, but they can cause problems for redistribution. These problems can be in the form of...

Altering LSA Retransmissions

Cisco routers have the capability to alter the timing in which they retransmit LSAs on a perinterface basis. When a router runs OSPF and when it transmits an LSA to a neighbor, the normal operation of OSPF is to hold that LSA until the router receives an acknowledgment that the LSA was received successfully. By default, a router waits 5 seconds for the acknowledgment and, if needed, the LSA is retransmitted. In certain instances, this waiting period is not long enough for the round trip when a...

Altering OSPF Administrative Distance

An administrative distance is a rating of the priority (that is, trustworthiness) of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is an integer from 0 to 255. Specifically, the higher the numerical value of administrative distance, the lower the trust rating. An administrative distance of 255 means that the routing information source cannot be trusted and should be ignored. Table 5-14 shows administrative distance...

Area Sizing

Determining the number of routers to deploy within each OSPF area is extremely important and should be done with flexibility in mind. Factors that are hard to know during design (such as which links will flap) can be compensated for with flexibility in your design and implementation. During initial network convergence, OSPF uses the CPU-intensive SPF algorithm. Experience has shown that 40 to 50 routers per area is the optimal upper limit for OSPF in the majority of networks. This is not to say...

Backbone Area Design

The OSPF backbone (also known as area 0) is extremely important. If more than one area is configured in an OSPF network, one of these areas must be area 0. When designing networks, it is good practice to start with area 0 and then later expand into other areas. To summarize, the OSPF backbone is the part of the OSPF network that acts as the primary path for traffic that is destined to other areas or networks. Accepted network design theory recommends a three-tiered approach (see Figure 4-24)....

Backbone Design Golden Rules

Use the following guidelines when designing an OSPF backbone (area 0) Understand that area 0 is a transit area, not a destination for traffic. Ensure that the stability of the backbone area is maintained and monitored. Ensure that redundancy is built into the design whenever possible. Ensure that OSPF backbones are contiguous. Keep this area simple. Fewer routers are better. Keep the bandwidth symmetrical so that OSPF can maintain load balancing. Ensure that all other areas connect directly to...

Blocking LSA Flooding

By default, OSPF floods new LSAs out all interfaces in the same area, except the interface on which the LSA arrives. OSPF floods based on the characteristics discussed earlier in this chapter. This is important because OSPF-specific behavior is to continue flooding until an acknowledgment on the link-state update packet is received. Some redundancy is desirable because it ensures robust flooding and accurate routing however, too much redundancy can waste bandwidth and might destabilize the...

Case Study Adding a New OSPF Router to a Network

This case study provides a scenario that covers most of the information presented in this chapter. Suppose that a new OSPF router is added to a network. With this scenario, follow the case study to understand the ramifications of how adding a new OSPF router would affect an operating network. Refer to Figures 2-12 through 2-15, which detail each step of the process as it occurs in the following sequence 1 A new OSPF router is added to the network. 2 This new router immediately transmits a...

Case Study Conclusion

The objective of this case study was to demonstrate how to use, configure, and troubleshoot an OSPF point-to-multipoint link. You have seen an example and explanation for the configuration, which should help you in both design considerations and implementation. The different show and debug commands reviewed can assist you in troubleshooting the point-to-multipoint configuration and, by demonstrating the data, should be helpful in troubleshooting more general OSPF problems as well. A summary of...

Case Study Designing an OSPF Network

This case study uses the technical aspects discussed in the previous two case studies and then follows the design tenets and procedures that were presented in this chapter. Every network is different, having unique requirements and business considerations. Keep in mind that this fictional case study is not designed to be the ultimate answer or the only possible solution instead, consider it an outline on how to successfully meet design needs. Terrapin Pharmaceuticals has 25 regional sales...

Case Study OSPF Network Evolution and Convergence

The preceding two case studies reviewed the link-state database and how it was developed. This case study takes some concepts that were introduced in this chapter and shows how a simple OSPF network evolves and converges. MatrixNet, a high-tech graphics firm that does specialized animations for the movie industry, has approached you to implement OSPF in its core network. The network is connected via Ethernet between the three routers, as shown in Figure 2-19. Figure 2-19 MatrixNet OSPF Core...

Case Study Pointto Multipoint Link Networks

The objective of this case study is to demonstrate how to design, configure, and trouble-shoot an OSPF point-to-multipoint link network. This feature's importance is linked with the increased use of Frame Relay and ATM due to reduced cost for the service. As customers used point-to-multipoint on nonbroadcast media (Frame Relay), they found that their routers could not dynamically discover their neighbors. The OSPF point-to-multipoint link feature allows the neighbor command to be used on...

Case Study VLSMs

In 1987, RFC 1009 was published with the purpose of specifying how a subnetted network could use more than one subnet mask. As discussed earlier in this chapter, when an IP network is assigned more than one subnet mask, it is considered a network with variable-length subnet masks because the subnet masks (prefixes) have varying lengths. If you recall, the use of VLSM brings benefits to a network and routing that allow for increased routing optimization in the form of a smaller and more concise...

Ciscos MIB Extensions

With several hundred unique objects, Cisco's private MIB extensions provide network managers with broad, powerful monitoring and control facilities. Cisco's private MIB supports DECnet (including DECnet routing and host tables), XNS, AppleTalk, Banyan VINES, Novell NetWare, and additional system variables that highlight information such as average CPU utilization over selectable intervals. Furthermore, Cisco developers can add private extensions to the MIB as required. This capability gives...

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the Cisco IOS Software Command Reference. The Command Reference describes these conventions as follows Vertical bars (I) separate alternative, mutually exclusive elements. Square brackets indicate optional elements. Braces indicate a required choice. Braces within brackets indicate a required choice within an optional element. Boldface indicates commands and keywords that are entered literally as shown....

Configuration Example 1 Setting the Default Metric for Redistributed Routes

In Figure 6-2,Router Trinity is receiving the routes 212.54.190.0 24 and 10.1.1.4 30 from Router Neo via EIGRP. These EIGRP routes are initially redistributed into OSPF using the default metric of 20. Figure 6-2 Default Metric Configuration Redistribute EIGRP into OSPF. The default metric is 20. Figure 6-2 Default Metric Configuration Redistribute EIGRP into OSPF. The default metric is 20. Once the network begins routing OSPF, the first thing that you need to verify is that Routers Morpheus and...

Configuration Example 2 External Route Summarization

Configuring external route summarization has the same result as area summarization. The difference is between the type of summarization you are trying to accomplish (that is, area versus external). To have OSPF advertise one summary route for all redistributed routes covered by a single network address and mask, perform the following task in router configuration mode. Summarization is done via the following router OSPF subcommand summary-address summary-ip-address subnet-mask not-advertise tag...

Configuration Example 3 Subnetting with Summarization

Summarization is a wonderful concept in networking that can give networks a variety of benefits, as discussed earlier in this chapter. It is important to provide a template that demonstrates how you might go about designing or redesigning an OSPF network with summarization in place from the beginning. This latter case is the more likely scenario, and you might have already been involved in projects to renumber and readdress networks that needed a new and improved logical look. These situations...

Configuration Example 5 Redistributing OSPF and RIP and Tagging Routes

In your network, you have connected Router Trinity to OSPF area 10 and a RIP network as well. The entire OSPF network needs to know about the following networks These networks are found on Router Trinity and are part of the RIP routing domain. Because the objective is for the entire OSPF network to learn about them, you are going to be monitoring the routing table of Router Apoc to see when it learns of these routes. As you would expect, in the routing table in Example 6-59, Router Apoc has no...

Configuration File Examples

Example 6-25 shows the commands in the configuration file for Router Morpheus that determine the IP address for each interface and enable RIP on those interfaces. Example 6-26 shows the commands in the configuration file for Router Neo to determine the IP address for each interface and enable RIP on those interfaces. interface serial 0 ip address 130.10.62 interface serial 1 ip address 130.10.64 interface ethernet 0 ip address 130.10.17 interface tokenring 0 ip address 130.10.16 Example 6-27...

Configuring Access Lists for Specific Protocols

To control packet transmission for a given protocol, you must configure an access list for that protocol. Table 8-1 identifies the protocols for which you can configure access lists. 502 Chapter 8 Managing and Securing OSPF Networks Table 8-1 Protocols with Access Lists by Range Table 8-1 Protocols with Access Lists by Range Transparent bridging (protocol type) Source-route bridging (protocol type) TIP You should consider configuring access lists for each protocol that you have configured for...

Configuring an Interface as Pointto Multipoint Nonbroadcast

To treat the interface as point-to-multipoint nonbroadcast when the media does not support broadcast, perform the tasks in Table 4-3 in interface configuration mode. Table 4-3 Steps to Assigning a Cost to Each Neighbor in Point-to-Multipoint Nonbroadcast Networks Configure an interface as point-to-multipoint for nonbroadcast media. This is the only difference from Table 4-2. ip ospf network point-to-multipoint non-broadcast Configure an OSPF routing process and enter router configuration mode....

Configuring the RIP Network

Figure 6-7 illustrates a RIP network. Three sites are connected with serial lines. The RIP network uses a Class B address and an 8-bit subnet mask. Each site has a contiguous set of network numbers assigned to it. The creators must have read the first edition of this book when designing the network because they clearly planned for future growth in the OSPF direction Table 6-2 lists the network address assignments for the RIP v2 network, including the network number, subnet range, and subnet...

Contents

Part I OSPF Fundamentals and Communication 3 Chapter 1 Networking and Routing Fundamentals 5 Why Was the OSI Reference Model Needed 6 Characteristics of the OSI Layers 7 Understanding the Seven Layers of the OSI Reference Model 9 Upper Layers 9 Layer 7 Application 9 Layer 6 Presentation 10 Layer 5 Session 10 Lower Layers 10 Layer 4 Transport 10 Layer 3 Network 11 Layer 2 Data Link 11 Layer 1 Physical 12 OSI Reference Model Layers and Information Exchange 13 Headers, Trailers, and Data 13 TCP IP...

Creating Access Lists

Access list definitions provide a set of criteria that are applied to each packet that is processed by the router. The router decides whether to forward or block each packet based on whether the packet matches the access list criteria. Typical criteria defined in access lists are packet source addresses, packet destination addresses, or upper-layer protocol of the packet. However, each protocol has its own specific set of criteria that can be defined. For a given access list, you define each...

Database Exchange State Changes

The following is a brief description of the possible OSPF neighbor state changes when the routers are exchanging DDs. These steps occur when two routers decide to form an adjacency. For example, on broadcast media, a router becomes full only with the DR and the BDR it stays in the 2-way state with all other neighbors ExStart This state indicates the first step in creating an adjacency, the goal of which is to decide which router is the master and which is the slave. The master router is the...

Designated Routers

OSPF builds adjacencies between routers for purposes of exchanging routing information. However, when OSPF has to deal with NBMA or broadcast networks, a problem presents itself. In these types of networks, there are multiple routers, which would result in too many adjacencies. To combat superfluous adjacencies, the Designated Router (DR) was introduced. OSPF designates a single router per multiaccess network to build adjacencies among all other routers. You can calculate the number of...

Document Your Security Plan

This does not mean that you should write down all your network passwords Instead, as you go through the process of identifying and designing your network security needs and actions, you should document your findings and the resulting security actions. Having a written living security document is vital to proper implementation of your overall network security strategy. This also helps those that succeed you understand why the network security was implemented and designed in such a way. It can...

Enable Secret Passwords

The enable secret-encrypted passwords are hashed (that is, encrypted) using the MD5 algorithm. As far as anyone at Cisco knows, it is impossible to recover an enable secret password based on the contents of a configuration file (other than by obvious dictionary attacks), which would allow the password to be guessed if you were to use a word and not a random string of different characters. Please note that impossible means that many people cannot gather the resources needed to crack MD5, as you...

Example 4 Remote Site Router Is in Two Routing Domains

This approach relies on one-way redistribution of multiple instances of a separate routing protocol into OSPF, as shown in Figure 5-26. Auto-summarization must also be disabled in this scenario. Administrative distances should be tweaked to ensure that OSPF is the favored routing protocol. This approach has the advantage that interfaces can be shared among areas, that is, a dedicated set of interfaces for each area is not required. Figure 5-26 Remote Site Router in Two Routing Domains Figure...

Fl fi VI VI

Adjacencies are formed with the DR (Rtr A) and BDR (Rtr D). The charts in this figure show how the adjacencies are formed and developed within the broadcast network shown. When configuring an interface as nonbroadcast, OSPF cannot perform multicasting on that link. Lack of multicast functionality impacts OSPF's operation because OSPF Hellos cannot be properly transmitted. Hellos are multicasted to different well-known OSPF multicast addresses. If OSPF cannot send these multicast Hello packets,...

Flooding Process Protocol

Flooding in OSPF is responsible for validating and distributing link-state updates to the link-state database whenever a change or update occurs to a link. Changes or updates are key concepts regarding when flooding occurs. Flooding is part of the LSDB synchronization mechanism within OSPF. The goal of this mechanism is to keep the LSDBs of the routers in an OSPF domain synchronized within time in the presence of topological changes. In the event of a link-state change (for example, from up to...

Fully Meshed Versus Partially Meshed Network Topology

Nonbroadcast multiaccess (NBMA) clouds, such as Frame Relay or X.25, are always a challenge in OSPF. The combination of low bandwidth and too many LSAs can cause problems. A partially meshed topology has been proven to behave much better than a fully meshed network topology. Figure 4-21 shows the benefits and differences between the two topologies. In some cases, a carefully laid out point-to-point or point-to-multipoint network can work better than multipoint networks, which must deal with LSA...

Golden Rules for Designing a Secure Network

Security measures keep people honest in the same way that locks do. Cyber-thieves by nature go after the least-defended part of a network. Consider this analogy. In a neighborhood where 25 percent of the homes have home security systems, thieves target the least-defended homes (those without security systems) first. This analogy fits well with networking. When a hacker is doing reconnaissance (for example, port scanning, nmap, and so on) against potential targets, a percentage of these hackers...

Hello Process Protocol

Although this is an OSPF book, many different protocols use a concept of Hello packets just like OSPF, for example EIGRP. Therefore, understanding the rationale behind the use and implementation of Hello is important. Specifically in OSPF, the Hello protocol is used for the following purposes To ensure that communication between neighbors is bidirectional (two-way) To discover, establish, and maintain neighbor relationships To elect the DR and BDR on broadcast and NBMA networks To verify that...

Hello Protocol Operational Variations

In broadcast networks (for example, Ethernet or Token Ring), each router advertises itself by periodically sending out multicast Hello packets, which allow neighbors to be discovered dynamically. In NBMA networks (for example, frame relay, X.25, or ATM), the OSPF router can require some additional configuration information in order for the Hello protocol to operate correctly. This configuration is the protocol going out onto the network to find or elect the designated router, as previously...

Hello Protocol Packet Format

The OSPF Hello protocol packets are formatted in only one way. All OSPF packets start with a standardized 24-byte header, which contains information that determines whether processing is to take place on the rest of the packet. The packets contain the fields that are shown in Figure 3-23, always in the same order. All the fields in this format are 32-bit fields, except for the following fields The following list describes what each of the packet fields represents Version Identifies the OSPF...

How OSPF Authentication Works

When OSPF authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives. This is accomplished by the exchange of an authenticating key (sometimes referred to as a password) that is known to both the sending and the receiving router. The following types of OSPF neighbor authentication are used Message Digest Algorithm Version 5 (MD5) authentication Both forms work in essentially the same way, with the exception that MD5 sends a...

I

When route summarization is enabled, OSPF uses the metric of the best route in the summary advertisement. In Cisco IOS Software Release 10.2 and earlier, Cisco's implementation of OSPF assigned default costs to a router's interface, regardless of the bandwidth attached to the interface. For example, Cisco IOS Software would give a 64-kbps line and a T1 link the same OSPF cost clearly a problem. This required the user to override the default value to take advantage of the faster link. Cisco IOS...

Interoperability Issues with VLSM

Routers in a single segment must agree on the network mask. For example, if every router does not agree on the same mask for an Ethernet segment or a Frame Relay link, a breakdown in communication will occur. Consider that IGRP does not support VLSM, so when information is redistributed from OSPF to IGRP or RIP version 1 (RIP-1), only a single mask is used. The best way to make redistribution work is to hide all VLSMs from IGRP. OSPF should summarize the networks to achieve one mask per network...

Introduction to OSPF

It seems appropriate in this chapter to share with you a caption from a small picture that my wife gave me when we celebrated our 13 th wedding anniversary. I keep it on my desk to remind myself of the bigger picture. My daughter also likes it because it has a picture of a family of dolphins swimming, and it struck a chord that I felt was essential to have in my life The family is a harbor of safety in an ocean of change. It is an association established in nature and guided by enduring...

Introduction to SNMP

Until the early to mid-1990s, the network management method used for these devices depended on SNMP-compatible management platforms offered by the hardware vendors. The vendors provided remote configuration of the devices, capabilities for minor and major alarms, and network mapping. All of these items provided benefits to network managers, who no longer had to configure a device on site or look at the LEDs for alarms. Network management could now be controlled via a centrally located...

Limit the Scope of Access

You should create appropriate barriers inside your network so that if intruders access one part of the network, they do not automatically have access to the rest of the network. As with many things, the security of a network is only as good as the weakest security level of any single device in the system. Having a layered approach to security can slow an intruder and allow detection of him or her. Having a big lock is good, but if that lock is your only line of defense, you might want to...

Loopback Interfaces

OSPF uses the highest IP address configured on an active interface as its RID. If the interface associated with this IP address is ever unavailable, or if the address is removed, the OSPF process must recalculate a new RID and flood all its routing information out its interfaces. The highest IP address on a router would be the largest numerical IP address assigned to an active interface. If a loopback interface is configured with an IP address, OSPF defaults to using this IP address as its RID,...

Management Information Base Overview

The MIB is an established database of the hardware settings, variables, memory tables, or records stored within files. These records are called data elements. Data elements contain the information concerning the status, configuration, and statistical information base used to define the functionality and operational capacity of each managed device. This information is referred to as a MIB. Each data element is referred to as a managed object. These managed objects are comprised of a name, one or...

MIBs and Object Identifiers

A MIB can be depicted as an abstract tree with an unnamed root. Individual data items make up the leaves of the tree. Object Identifiers (OIDs) uniquely identify or name MIB objects in the tree. OIDs are like telephone numbers they are organized hierarchically with specific digits assigned by different organizations. The OID structure of an SNMP MIB defines three main branches Consultative Committee for International Telegraph and Telephone (CCITT) Much of the current MIB activity occurs in the...

Multipoint Subinterfaces

Cisco serial interfaces are multipoint interfaces by default, unless specified as a point-to-point subinterface. However, it is possible to divide the interface into separate virtual multipoint subinterfaces. Multipoint interfaces or subinterfaces are still subject to the split horizon limitations, as previously discussed. All nodes attached to a multipoint subinterface belong to the same network number. Typically, multipoint subinterfaces are used in conjunction with point-to-point interfaces...

Mutual Redistribution

So far, you have learned about redistribution, how to generate default routes, and how external routes represent routes that are redistributed into OSPF, but there is still a bit more to redistribution. Enter the last concept before getting into more configuration examples. This concept is known as mutual redistribution. As you should know by now, redistribution is the process of importing route information from one routing protocol into another. The concept is further expanded through mutual...

Neighbor Stuck in 2Way State

In the topology in Figure 3-35, all routers are running OSPF neighbors over the Ethernet network. Example 3-18 provides sample output of the show ip ospf neighbor command on R7. Example 3-18 Output from the show ip ospf neighbor Command for Router 7 Example 3-18 provides sample output of the show ip ospf neighbor command on R7. Example 3-18 Output from the show ip ospf neighbor Command for Router 7 R7 establishes full adjacency only with the DR and BDR. All other routers have a 2-way adjacency...

Network Management

As network deployment and use increase, network management is increasingly becoming the focus of many organizations. These organizations range from those using a network to support their core business to those using networks as sales tools to those outsourcing or selling network management solutions. The goal of everyone involved in network management is to proactively find and fix all network problems before users know that a problem exists. Many obstacles must be tackled ranging from the...

Network Security

Network security has probably been one of the least considered aspects of network operation and design. As enterprise networks evolve, it has become an increasingly larger concern. Is this concern justified The answer is a resounding yes and the concerns are probably late in coming. The Computer Security Institute conducts an annual Computer Crime and Security Survey. In 2002, the Institute reported that 90 of the companies polled detected computer security breaches within the last 12 months,...

Networking and Routing Fundamentals

Achievement Unless you try to do something beyond what you have already mastered, you will never grow. Successories In recent years, the growth of networks everywhere has accelerated as many organizations move into the international business arena and join the Internet community. This expansion continues to drive the development, refinement, and complexity of network equipment and software, consequently resulting in some unique issues and exciting advances. You rarely see an advertisement that...

NSSA Type 7 LSA Filtering

Review the network that was just discussed, and consider how you can accomplish stopping the network 192.168.254.0 24 from being propagated to the rest of the OSPF domain. Because OSPF is a flexible protocol, it has a built-in way of filtering out routes. This is a way to control which Type 7 LSAs are translated and forwarded outside the NSSA. Use the following configuration on either the NSSA ASBR or the NSSA ABR to selectively block the translation of LSAs router ospf 100 summary-address...

OnDemand Circuits

The OSPF on-demand circuit operational capability is an enhancement to the OSPF protocol that allows efficient operation over on-demand circuits such as ISDN, X.25, switched virtual circuits (SVCs), and dial-up lines. This feature set is fully supported by Cisco (in certain Cisco IOS Software versions) and follows the standard as described in RFC 1793, Extending OSPF to Support Demand Circuits. This RFC is worth consulting if you plan to configure OSPF to operate within this type of networking...

OnDemand Circuits Summary

The preceding examples work with dial-on-demand routing as well as dial-backup. Set the metric on the backup interface to be less favorable than that on the primary. Also, set the administrative distance on the backup routing protocol to be greater than that of the primary. (Set both the metric and administrative distance to allow the idle timer to work.) The redistribution of a static route for the backed-up site is mandatory. Not only does it speed convergence, but it also is the controlling...

Operational Considerations

Table 2-1 shows a matrix of operational issues to consider when selecting a routing protocol. Table 2-1 Important Operational Considerations Historically, all routed protocols have had their own independent routing protocols AppleTalk uses Routing Table Maintenance Protocol (RTMP), Novell uses Internetwork Packet Exchange (IPX) RIP, and IP uses RIP, IGRP, or OSPF. This is conceptually simple to understand, but it is often difficult to implement. Yet, it is necessary for network engineers to...

OSPF and Eigrp Mutual Redistribution

Referring to the network in Figure 6-12, you can see in Example 6-46 that Router Cypher has no idea if any of the OSPF routes are possible via its connection to Router Tank. Example 6-46 Routing Table Before Mutual Redistribution Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i -...

OSPF and RIP Mutual Redistribution

The next step is to make the necessary configuration to get the OSPF routes into RIP, as shown in Example 6-62. Example 6-62 Beginning RIP Configuration with Basic Redistribution redistribute ospf 100 metric 5 network 64.0.0.0 Looking at Router Morpheus's routing table in Example 6-63, you can see that all the routes are available and that they have a metric of 5. You would expect this according to the redistribution configuration. Example 6-63 Verifying the Operation Codes C - connected, S -...

OSPF Network Design Methodology

Follow six common steps when designing your OSPF network. These steps are not absolute and do not guarantee the perfect network but provide you with realistic considerations for a well-designed OSPF network. The six time-proven steps to designing a network are as follows Step 2 Develop the network topology. Step 3 Determine the addressing and naming conventions. Step 5 Deploy protocol and Cisco IOS Software features. Step 6 Implement, monitor, and maintain the network. Although your network...

OSPF Network Scalability

Your ability to scale an OSPF internetwork depends on your overall network structure and IP addressing scheme. Adopting a hierarchical network design with a structured address assignment (that is, using summarization whenever possible) is the most important factor in determining the overall scalability of your OSPF network. Network scalability is affected by both operational and technical considerations. Operationally, OSPF networks should be designed so that areas do not need to be split to...

OSPF Network Topology

OSPF works best in a hierarchical routing environment. When designing an OSPF network, the first and most important task is to determine which routers and links are to be included in the backbone (area 0) and which are to be included in each area. The following are three important characteristics to OSPF to ensure that your OSPF network has a hierarchical routing structure The hierarchical routing structure must exist or be created to effectively use OSPF. The benefits of having a single area...

OSPF Router Considerations

The process for activating OSPF on any type of router begins with the network command. However, a variety of OSPF router types exist that have some unique configuration considerations. The sections that follow discuss these considerations. Before starting the OSPF routing process, consider a few general items about how OSPF is going to be configured to operate in your network. These considerations are as follows 1 Decide what OSPF routing process ID number you want to assign within your...

OSPF Routing Hierarchy

One of most important features within the OSPF protocol is its capability to use a hierarchical routing structure. Remember the following characteristics when considering how OSPF operates within this type of hierarchical structure Structure must exist or be created in order for OSPF to operate properly. Explicit topology has precedence over addressing. An AS is a group of areas sharing a common routing strategy that fall under a common administrative domain. Autonomous systems are identified...

OSPF Security

The two kinds of security mechanisms applicable to routing protocols are as follows The routers that participate in an OSPF network are controlled. OSPF contains an optional authentication field. You might think it is possible to control the routing information within an OSPF area. However, for OSPF to operate properly, all routers within an area must have the same database. As a result, it is not possible to use route filters in an OSPF network to provide security because OSPF exchanges route...

Other Passwords

Almost all passwords and other authentication strings in Cisco IOS Software configuration files are encrypted using the weak, reversible scheme used for user passwords. To determine which scheme has been used to encrypt a specific password, check the digit preceding the encrypted string in the configuration file. If that digit is a 7, the password has been encrypted using the weak algorithm. If the digit is a 5, the password has been hashed using 476 Chapter 8 Managing and Securing OSPF...

Pointto Point Subinterfaces

By dividing the partially meshed Frame Relay network into a number of virtual, point-to-point networks using subinterfaces, you can overcome the split horizon problem. Each new point-to-point subnetwork is assigned its own network number. To the routed protocol, each subnetwork now appears to be located on separate interfaces. Routing updates received from site B on one logical point-to-point subinterface can be forwarded to site C on a separate logical interface without violating split...

Privilege Level Configuration Example

To associate a privilege level with a specific command, you need to configure the router as follows Trinity(config) privilege exec level 6 ping Trinity(config) privilege exec level 6 clear The preceding two commands, if applied to a router's vty port (the one you Telnet to), allow anyone accessing the router using just the vty command to perform extended pings and a variety of clear commands (that is, counters, interface, router, and so on). To establish a specific enable password for a...

Redistributing into OSPF with Route Tagging

There are many reasons to tag routes, some of which have already been covered. Some others reflect the desire of network engineers to manipulate routes based on tags. This is a nice way to quickly identify which routes you need. Consider that you want to know which routes are from RIP, say on Router Apoc. You could create an access list and a route map, but what if you tagged all the routes during the redistribution on Router Trinity, thus allowing a more flexible and faster identification of...

Redistribution

The highest courage is to dare to be yourself in the face of adversity. Choosing right over wrong, ethics over convenience, and truth over popularity .these are the choices that measure your life. Travel the path of integrity without looking back, for there is never a wrong time to do the right thing. Author unknown By now, you have discovered that minimizing routing tables and choosing the next-hop destination path are critical for a well-tuned IP network. When routing information from one...

Redistribution Configuration

This section reviews the command that is used to configure redistribution on a Cisco router. Note that the redistribute command can be used in any routing protocol, not just OSPF. Redistributing routes into OSPF from other routing protocols or from static routes causes these redistributed routes to be labeled in the routing tables as OSPF external routes. This makes sense if you recall the external route discussion in Chapter 5, Routing Concepts and Configuration. Because these routes are from...

Remember Human Factors

Many security procedures fail because their designers do not consider how users are going to react to them. For example, because they can be difficult to remember, automatically generated nonsense passwords are often found written on the undersides of keyboards. For convenience, a secure door that leads to the system's only tape drive is sometimes propped open. For expediency, unauthorized modems are often connected to a PC, which is in turn connected to the corporate network to avoid onerous...

Route Tagging

Route tagging is one of the neatest possible ways of manipulating routes. Having learned how to manipulate routes the long way with access control lists, you are now ready for the more efficient manner of manipulation using route tagging. While many network engineers use route tagging as a way to filter routes (which is certainly a good use), there are many other uses. Although this is not a book on route filtering, I have included tagging in this redistribution chapter because it is of value...

Route Types

As discussed in Chapter 2, OSPF has four types of routes that it can handle and report to you. This section looks at these route types in depth so that you can understand the role they play in an OSPF routed network. The four types of OSPF routes are as follows Intra-area Routes to networks within an area, cost based on link. Inter-area Routes to networks in another area, cost based on link. E1 Routes to networks outside an OSPF AS that have total cost to them calculated as follows cost...

Router Configuration Examples

Example 4-11 shows the configurations contained within the routers shown in Figure 4-35. These configurations were built with Cisco IOS Software Release 11.3. They do not work with older releases of Cisco IOS Software. For older releases, add the frame-relay map ip Example 4-11 Case Study Router Configuration for the Network Topology Shown in Figure 4-35 Example 4-11 Case Study Router Configuration for the Network Topology Shown in Figure 4-35 (Continued) Example 4-11 Case Study Router...

Router Trinity Routing Table After Area 201 Stub

In the command output in Example 5-10, area 201 is not a stub area therefore, you can expect to see the external route disappear from the routing table. However, Router Neo (area 201 ABR) is advertising the default route to the entire area. You can see this by executing a show ip ospf database command and noting the advertising router for the 0.0.0.0 route. Example 5-10 Verifying the 0.0.0.0Route Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP...

Router Trinity Routing Table Before Area 201 Stub

When reviewing the command output in Example 5-9, remember that the Type 5 LSAs are present on Router Trinity and in area 201 via the RIP network shown as an OSPF E2 route, as highlighted. Example 5-9 Router Trinity's Routing Table Before Configuring Area 201 as a Stub Area Trinity show ip route Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 -...

Routing Types Within an OSPF Network

The following sections provide general descriptions of these route types. As you move further into designing and implementing OSPF networks, you will be exposed to these different types of routes. Intra-area routing describes routes to destinations within a logical OSPF area. Intra-area routes in OSPF are described by router (Type 1) and network (Type 2) LSAs. When displayed in the OSPF routing table, these types of intra-area routes are designated with an O. Inter-area routing describes...

Setting the Router ID

Chapter 2 discussed the purpose and function of the OSPF router ID (RID) and how it is randomly determined. In certain circumstances, you might not want to use a loopback address or you might want to statically assign the RID in a different way. Fortunately, Cisco IOS Software Release 12.0(1)T or later provides this capability with the router-id command, as follows Trinity(config) router ospf 100 Trinity(config-router) router-id A.B.C.D OSPF router-id in IP address format Trinity(config-router)...

Simple Network Management Protocol

Department of Defense (DoD) Advanced Research Projects Agency (ARPA) in the late 1960s and early 1970s, it was accepted as a USDoD networking standard. The further development of ARPA, or rather the ARPA network (ARPAnet), allowed the continued development of a global set of networks based on the TCP IP protocol. This global set of networks evolved into the Internet. The Internet quickly outgrew the capability of network engineers to manually monitor and...

SPF Overview

OSPF is a link-state routing protocol. Such protocols are also referred to in the literature and technical documents as SPF-based or distributed database protocols. This section discusses the developments in link-state technologies that have influenced the evolution of the OSPF protocol. OSPF is a link-state protocol. For example, you can think of a link as being an interface on the router. The state of the link is a description of that interface. This description would include the interface's...

Standard Area Design

Standard, or nonstub, OSPF areas carry a default route, static routes, intra-area routes, and external routes. The use of standard areas is more resource intensive within an OSPF network. However, standard areas are also the most common, and they carry inter-area routes. Characteristics of standard areas are as follows An area must be a standard area when it contains a router that uses both OSPF and any other protocol, such as the Routing Information Protocol (RIP). Such a router is known as an...

Step 1 Analyze the Requirements

This step details the process of determining expectations and then converting those expectations into a real network. Going into Step 1, you know that an OSPF network is required, but you do not know what it will need to accomplish for your users or how you will physically design the network. The needs of users are always changing. Nevertheless, as the engineer involved in the design of the network, you must still objectively listen and determine the users' needs. In the end, they are going to...

Step 3 Determine the Addressing and Naming Conventions

Step 3 covers the process of assigning the overall network-addressing scheme. By assigning blocks of addresses to portions of the network, you can simplify addressing, administration, and routing and increase scalability. Because OSPF supports VLSM, you can develop a true hierarchical addressing scheme. This hierarchical addressing results in efficient summarization of routes throughout the network. VLSM and CIDR were discussed in Chapter 1, Networking and Routing Fundamentals. You apply these...

Step 4 Provision the Hardware

In Step 4, you must use vendor documentation, salespersons, and system engineers to determine the hardware that is required for your network. This holds for both LAN and WAN components. For LANs, select and provision router models, switch models, cabling systems, and backbone connections. For WANs, select and provision router models, modems, CSUs DSUs (channel service units data service units), and remote access servers. Coming into Step 4, you determined your network requirements, developed a...

Step 5 Deploy Protocol and Cisco IOS Software Features

In Step 5, you deploy the more specific features made possible by the OSPF protocol and Cisco IOS Software running on your routers. It is not necessary to have a network with every option turned on, nor is this something you are likely to see. Some of the features that you need to consider implementing are covered in the two sections that follow. Coming into Step 5, you determined your network requirements, developed a physical network topology, laid out your addressing and naming scheme, and...

Stub Area Configuration

The configuration command area area-id stub turns on stub area routing by converting a standard area into a stub area and must be applied to all routers in the area being designated as a stub. Normal stub areas block only external routes however, they do allow summary routes. For example, LSA Types 1 through 4 are allowed and 5 through 7 are blocked. This is the difference between normal stub areas and the other types of stub areas. The command that configures an area as stub is as follows area...

Summarization Golden Rules

When planning any type of network, consider the following golden rules of design for IP addressing and implementing route summarization. The key in deploying summarization and having it be successful is a well-thought-out IP addressing scheme and deployment plan. To narrow that some, you need to have a clear understanding of the following specifics in a series of golden rules Thoroughly define and deploy your network's addressing structure on paper. This enables you to allocate and plan more...

Summarizations Effect on the Routing Table

Chapter 6 discussed several techniques used to avoid routing loops when dealing with redistribution. Summarization has these issues as well, and there is a unique way to prevent them in summarization. Refer to Figure 7-4 for another view of the network you are summarizing. Figure 7-4 Summarization Sample Network 128.213.96.100 24 64.246.202.1 128.213.97.100 24 Figure 7-4 Summarization Sample Network 128.213.96.100 24 64.246.202.1 128.213.97.100 24 128.213.100.100 24 128.213.101.100 24...

Summarize Area Routes

To allow for a more specific understanding of the category of routes within OSPF that you are going to summarize, review the two types of routes Intra-area Routes to networks within an area, where cost is based on the link type (see Table 5-1). Intra-area routes usually do not need to be summarized because all routers in the area must know about every network within that area. Summarization of an area can be possible or required due to excessive subnetting or improper planning of IP address...

Summarize External Routes

When redistributing routes from other protocols into OSPF, each route is advertised individually in an external link-state advertisement (LSA). External route summarization is specific to external routes that are injected into OSPF via redistribution done by ASBRs. When configuring external route summarization, make sure that external ranges being summarized are contiguous. Summarization that overlaps ranges from two different routers could cause packets to be sent to the wrong destination. You...

Summary

This chapter covered an important aspect of how OSPF communicates information within an OSPF routing domain. You learned about the nine types of OSPF LSAs and how an LSA begins the link-state database synchronization steps. You also learned about the formal processes and protocols that are used with OSPF Hello, exchange, and flooding each of which have different roles and responsibilities within OSPF. This chapter also covered manipulating LSAs as a new default behavior that Cisco implemented...

Technical Considerations

Table 2-2 provides a list of technical issues to consider when selecting a routing protocol. Table 2-2 Important Technical Considerations IS-IS Versus OSPF All routing protocols have three important characteristics when dealing with the issue of convergence 1 Detecting that a change has occurred 3 Updating the network topology to reflect the change IS-IS and OSPF detect certain types of network changes instantly. In general, any change that can be detected by a physical change (such as loss of...

Telnet Nonprivileged Mode Password

Each Telnet port on the router is known as a virtual terminal. There is a default number of five virtual terminal (vty) ports on the router, allowing five concurrent Telnet sessions. On the router, the virtual terminal ports are numbered 0 through 4. You can set up nonprivileged passwords for Telnet access via the virtual terminal ports with the following configuration commands. You configure a password for nonprivileged mode (also known as vty) by entering the following commands in the...

Telnet Privileged Mode Password Enable

Configure a password for privileged mode enable or EXEC by entering the following commands in the router's configuration file. In the following example, the password is HiredGuns To access privileged mode, enter the following command Enter the password HiredGuns to gain privileged access to the router. The router responds as follows Privileged mode is signified by the prompt. In privileged mode (also known as enable mode), you can enter all commands to view statistics and configure the router.

Totally Stubby Area Configuration

To further reduce the number of link-state advertisements sent into a stub area, you configure no-summary on the ABR to prevent it from sending a summary link advertisement (LSA Type 3) into the stub area. By altering the behavior of the ABR, you automatically convert the entire stub area into a totally stubby area. LSA behavior for a stub area is altered from what you have seen in regular areas. Table 5-10 shows which LSAs are active in a stub area. Table 5-10 LSA Operation in Stub Areas...

Totally Stubby NSSA Operation and Configuration

In Table 5-10, you can see how and where the LSAs are transmitted within this type of area. Remember that a default route is also automatically injected by the ABR. 302 Chapter 5 Routing Concepts and Configuration Table 5-12 1LSA Operation in a Totally Stubby NSSA Table 5-12 1LSA Operation in a Totally Stubby NSSA Router link connected intra-area routes ABR summary links inter-area via ABR AS external links external routes via ASBR Not-so-stubby areas NSSA routes via ABR To configure an NSSA as...

Type 2 Network LSAs

Network LSAs are generated only by designated routers (DRs) and describe the set of routers attached to a particular nonbroadcast multiaccess (NBMA) or broadcast network. The purpose of the network LSA is to ensure that only one LSA is generated for the NBMA or broadcast network (as opposed to one from each attached router). This is a form of internal OSPF summarization. Specifically, Type 2 LSAs describe all routers that are attached to a multiaccess network. This information is an indication...