Configuring OSPF


Routers Used: 3640 w/ NM-1FE-TX

IOS: c3640-jk9s-mz.124-16a

Objective
  • In this lab, OSPF will be configured on three Cisco routers. First, configure loopback interfaces to provide stable OSPF Router IDs. Then configure the OSPF process and enable OSPF on the appropriate interfaces. After OSPF is enabled, tune the update timers and configure authentication.
Scenario
  • The backbone of International Travel Agency’s (ITA) WAN, located in Jakarta, consists of three routers connected using an Ethernet core. Configure these core routers as members of OSPF Area 0. Because the core routers are connected to the Internet, it is decided to implement security, preventing unauthorized routers from joining Area 0. Also, within the core, the network failures need to be realized quickly.
Step 1
  • Build and configure the network according to the diagram, but do not configure OSPF yet. A switch or hub is required to connect the three routers through Ethernet.
  • Use ping to verify the work and test connectivity between the FastEthernet interfaces.
Step 2
  • On each router, configure a loopback interface with a unique IP address. Cisco routers use the highest loopback IP address as the OSPF Router ID. In the absence of a loopback interface, the router uses the highest IP address among its active interfaces, which might force a router to change router IDs if an interface goes down. Because loopback interfaces are immune to physical and data link problems, they should be used to derive the router ID. To avoid conflicts with registered network addresses, use private network ranges for the loopback interfaces. Configure the core routers using the following commands:
    Asterix1(config)#interface loopback 0
    Asterix1(config-if)#ip address 192.168.31.11 255.255.255.255

    Asterix2(config)#interface loopback 0
    Asterix2(config-if)#ip address 192.168.31.22 255.255.255.255

    Asterix3(config)#interface loopback 0
    Asterix3(config-if)#ip address 192.168.31.33 255.255.255.255

Step 3
  • Now that loopback interfaces are configured, configure OSPF. Use the following commands as an example to configure each router:
    Asterix1(config)#router ospf 1
    Asterix1(config-router)#network 192.168.1.0 0.0.0.255 area 0

    Note: An OSPF process ID is locally significant. It does not need to match neighboring
    routers. The ID is needed to identify a unique instance of an OSPF database, because
    multiple processes can run concurrently on a single router.
Step 4
  • After enabling OSPF routing on each of the three routers, verify its operation using show commands. Several important show commands can be used to gather OSPF information. First, issue the show ip protocols command on any of the three routers, as follows:
    Asterix1#show ip protocols
    Routing Protocol is "ospf 1"
    Outgoing update filter list for all interfaces is not set
    Incoming update filter list for all interfaces is not set
    Router ID 192.168.31.11
    Number of areas in this router is 1. 1 normal 0 stub 0 nssa
    Maximum path: 4
    Routing for Networks:
    192.168.1.0 0.0.0.255 area 0
    Reference bandwidth unit is 100 mbps
    Routing Information Sources:
    Gateway Distance Last Update
    Distance: (default is 110)
  • Next, use the show ip ospf command, as follows, to get more details about the OSPF
    process.
    Asterix1#show ip ospf
    Routing Process "ospf 1" with ID 192.168.31.11
    Start time: 00:28:45.292, Time elapsed: 00:04:36.424
    Supports only single TOS(TOS0) routes
    Supports opaque LSA
    Supports Link-local Signaling (LLS)
    Supports area transit capability
    Router is not originating router-LSAs with maximum metric
    Initial SPF schedule delay 5000 msecs
    Minimum hold time between two consecutive SPFs 10000 msecs
    Maximum wait time between two consecutive SPFs 10000 msecs
    Incremental-SPF disabled
    Minimum LSA interval 5 secs
    Minimum LSA arrival 1000 msecs
    LSA group pacing timer 240 secs
    Interface flood pacing timer 33 msecs
    Retransmission pacing timer 66 msecs
    Number of external LSA 0. Checksum Sum 0x000000
    Number of opaque AS LSA 0. Checksum Sum 0x000000
    Number of DCbitless external and opaque AS LSA 0
    Number of DoNotAge external and opaque AS LSA 0
    Number of areas in this router is 1. 1 normal 0 stub 0 nssa
    Number of areas transit capable is 0
    External flood list length 0
    Area BACKBONE(0)
    Number of interfaces in this area is 1
    Area has no authentication
    SPF algorithm last executed 00:02:40.240 ago
    SPF algorithm executed 3 times
    Area ranges are
    Number of LSA 4. Checksum Sum 0x01D2C0
    Number of opaque link LSA 0. Checksum Sum 0x000000
    Number of DCbitless LSA 0
    Number of indication LSA 0
    Number of DoNotAge LSA 0
    Flood list length 0
  • The loopback interface should be seen as the router ID. To see the OSPF neighbors, use the show ip ospf neighbor command. The output of this command displays all known OSPF neighbors, including their router IDs, their interface addresses, and their adjacency status. Also issue the show ip ospf neighbor detail command, which outputs even more information as follows:
    Asterix1# show ip ospf neighbor

    Neighbor ID Pri State Dead Time Address Interface
    192.168.31.22 1 FULL/BDR 00:00:36 192.168.1.2 FastEthernet0/0
    192.168.31.33 1 FULL/DR 00:00:33 192.168.1.3 FastEthernet0/0

    Asterix1# show ip ospf neighbor detail
    Neighbor 192.168.31.22, interface address 192.168.1.2
    In the area 0 via interface FastEthernet0/0
    Neighbor priority is 1, State is FULL, 8 state changes
    DR is 192.168.1.3 BDR is 192.168.1.2
    Options is 0x52
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:32
    Neighbor is up for 00:06:26
    Index 2/2, retransmission queue length 0, number of retransmission 1
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec
    Neighbor 192.168.31.33, interface address 192.168.1.3
    In the area 0 via interface FastEthernet0/0
    Neighbor priority is 1, State is FULL, 6 state changes
    DR is 192.168.1.3 BDR is 192.168.1.2
    Options is 0x52
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:30
    Neighbor is up for 00:06:06
    Index 1/1, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
  • Most likely, the router with the highest router ID is the Designated Router (DR), the router with the second-highest router ID is the Backup Designated Router (BDR).
  • Because each interface on a given router is connected to a different network, some of the key OSPF information is interface specific. Issue the show ip ospf interface command for the FastEthernet interface on the router as follows:
    Asterix1#show ip ospf interface
    FastEthernet0/0 is up, line protocol is up
    Internet Address 192.168.1.1/24, Area 0
    Process ID 1, Router ID 192.168.31.11, Network Type BROADCAST, Cost: 1
    Transmit Delay is 1 sec, State DROTHER, Priority 1
    Designated Router (ID) 192.168.31.33, Interface address 192.168.1.3
    Backup Designated router (ID) 192.168.31.22, Interface address 192.168.1.2
    Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
    Supports Link-local Signaling (LLS)
    Index 1/1, flood queue length 0
    Next 0x0(0)/0x0(0)
    Last flood scan length is 0, maximum is 1
    Last flood scan time is 0 msec, maximum is 0 msec
    Neighbor Count is 2, Adjacent neighbor count is 2
    Adjacent with neighbor 192.168.31.22 (Backup Designated Router)
    Adjacent with neighbor 192.168.31.33 (Designated Router)
    Suppress hello for 0 neighbor(s)
  • Ethernet networks are known to OSPF as broadcast networks. The default timer values are ten (10) second hello updates and 40 second dead intervals.
Step 5
  • It is decided to adjust OSPF timers so that the core routers will detect network failures in
    less time. This will increase traffic, but this is less of a concern on the high speed core Ethernet segment than on a busy WAN link. It is also decided that the need for quick convergence at the core outweighs the extra traffic. Manually change the Hello and Dead intervals on Asterix1 as follows:
    Asterix1(config)#interface fastEthernet 0/0
    Asterix1(config-if)#ip ospf hello-interval 5
    Asterix1(config-if)#ip ospf dead-interval 20
  • These commands set the Hello update timer to five (5) seconds and the Dead interval to 20 seconds. Although the Cisco IOS does not require it, configure the Dead interval to four times the Hello interval. This ensures that routers experiencing temporary link problems can recover and are not declared dead unnecessarily, causing a ripple of updates and recalculations throughout the internetwork.
  • After the timers are changed on Asterix1, issue the show ip ospf neighbor command. Does Asterix1 still show that it has OSPF neighbors?
  • To find out what happened to Asterix1’s neighbors, use the IOS debug feature by entering the command debug ip ospf events as follows:
    Asterix1#debug ip ospf events
    OSPF events debugging is on
    Asterix1#
    *Mar 1 01:02:48.943: OSPF: Rcv hello from 192.168.31.22 area 0 from FastEtherne
    t0/0 192.168.1.2
    *Mar 1 01:02:48.943: OSPF: Mismatched hello parameters from 192.168.1.2
    *Mar 1 01:02:48.943: OSPF: Dead R 40 C 20, Hello R 10 C 5 Mask R 255.255.255.0
    C 255.255.255.0
    *Mar 1 01:02:49.231: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 fr
    om 192.168.1.1
    Asterix1#
    *Mar 1 01:02:54.231: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 fr
    om 192.168.1.1
    Asterix1#
    *Mar 1 01:02:56.335: OSPF: Rcv hello from 192.168.31.33 area 0 from FastEtherne
    t0/0 192.168.1.3
    *Mar 1 01:02:56.335: OSPF: Mismatched hello parameters from 192.168.1.3
    *Mar 1 01:02:56.339: OSPF: Dead R 40 C 20, Hello R 10 C 5 Mask R 255.255.255.0
    C 255.255.255.0
  • The Hello and Dead intervals must be the same before routers within an area can form neighbor adjacencies.
  • Turn off debug using undebug all, or just u all.
  • The Hello and Dead intervals are declared in Hello packet headers. In order for OSPF routers to establish a relationship, their Hello and Dead intervals must match.
  • Configure the Asterix2 and Asterix3 Hello and Dead timers to match the timers on Asterix1. Before continuing, verify that these routers can now communicate by checking the OSPF neighbor table.
Step 6
  • Whether intentional, or by accident, no unauthorized routers exchanging updates within Area 0 are wanted. This is accomplished by adding encrypted authentication to each OSPF packet header. Select message digest (MD5) authentication. This mode of authentication sends a message digest, or hash, in place of the password. OSPF neighbors must be configured with the same message digest key number, encryption type, and password in order to authenticate using the hash.
  • To configure a message digest password for Asterix1 to use on its Ethernet interface, use the following commands:
    Asterix1(config)#interface fastethernet 0/0
    Asterixe1(config-if)#ip ospf message-digest-key 1 md5 7 itsasecret
    Asterix1(config-if)#router ospf 1
    Asterix1(config-router)#area 0 authentication message-digest
  • After entering these commands, wait 20 seconds, and then issue the show ip ospf neighbor command onAsterix1. Does Asterix1 still show that it has OSPF neighbors?
  • Use the debug ip ospf events command to determine why Asterix1 does not see its
    neighbors:
    Asterix1#debug ip ospf events
    OSPF events debugging is on
    Asterix1#
    *Mar 1 01:17:09.227: OSPF: Rcv pkt from 192.168.1.2, FastEthernet0/0 : Mismatch
    Authentication type. Input packet specified type 0, we use type 2
    *Mar 1 01:17:09.231: OSPF: Send with youngest Key 1
    *Mar 1 01:17:09.231: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 fr
    om 192.168.1.1
    Asterix1#
    *Mar 1 01:17:12.895: OSPF: Rcv pkt from 192.168.1.3, FastEthernet0/0 : Mismatch
    Authentication type. Input packet specified type 0, we use type 2
  • Again, it is seen that OSPF routers will not communicate unless certain configurations match. In this case, the routers are not communicating because the authentication fields in the OSPF packet header are different.
  • Correct this problem by configuring authentication on the other two routers. Remember that the same key number, encryption type, and password must be used on each router.
  • After the configurations are complete, verify that the routers can communicate by using the show ip ospf neighbors command.
    Asterix1#show ip ospf neighbor

    Neighbor ID Pri State Dead Time Address Interface
    192.168.31.22 1 FULL/BDR 00:00:17 192.168.1.2 FastEthernet0/0
    192.168.31.33 1 FULL/DR 00:00:15 192.168.1.3 FastEthernet0/0
Download

Popular posts from this blog

Cisco binary image unpacker

Connecting to Cisco Router console port using Linux

Examining the DR/BDR Election Process