Download presentation
Presentation is loading. Please wait.
1
Advanced Features of OSPF Protocol
Evaluating OSPF Advanced Features of OSPF Protocol
2
Our routing study thus far - idealization
all routers identical network “flat” … not true in practice administrative autonomy – Autonomous Systems(AS) internet = network of networks each network admin may want to control routing in its own network scale: with 200 million destinations: can’t store all destinations in routing tables! routing table exchange would swamp links!
3
OSPF Advanatages No limitation on hop count
Supports classless (VLSM) routing Routing updates sent only when there is a change or very rarely Faster convergence Better load balancing Logical definition of areas Authentication and external routes tagging OSPF addresses most of the issues not included in RIP: 1. With OSPF, there is no limitation on the hop count. 2. The intelligent use of VLSM is very useful in IP address allocation. 3. OSPF uses IP multicast to send link-state updates. This ensures less processing on routers that are not listening to OSPF packets. Also, updates are only sent in case routing changes occur, instead of periodically. This ensures a better use of the bandwidth. 4. OSPF has better convergence than RIP. This is because routing changes are propagated instantaneously and not periodically. 5. OSPF allows for better load balancing. It can use different metrics and supports multipath. 6. OSPF allows for a logical definition of networks where routers can be divided into areas. This will limit the explosion of link state updates over the whole network. This also provides a mechanism for aggregating routes and cutting down on the unnecessary propagation of subnet information. 7. OSPF allows for routing authentication by using different methods of password authentication. 8. OSPF allows for the transfer and tagging of external routes injected into an Autonomous System. This keeps track of external routes injected by exterior protocols such as BGP.
4
Review: Evaluation Criteria for Routing Protocols
Bandwidth Metric calculation Sharing and managing routing information Scalability Convergence Performance Hierarchy Administration and Management Hardware and software resources Reliability Security
5
OSPF - Link State Protocol
an interface on the router Link state description of the interface and the neighboring routers IP address, mask, type, routers connected to Link state database collection of link state advertisement for all routers and networks OSPF is a link-state protocol. We could think of a link as being an interface on the router. The state of the link is a description of that interface (e.g., the router's usable interfaces and reachable neighbors. A description of the interface would include, for example, the IP address of the interface, the mask, the type of network it is connected to, the routers connected to that network and so on. The collection of all these link-states would form a link-state database.
6
OSPF Basic Configuration Example
router ospf 63 network area 1 network area 0 network area 1 Area 0 Area 1 E1 T0 E0 E2 Router (config) # router ospf process-id Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet mask
7
Bandwidth- The Metrics in OSPF
formula: cost = 108 /bandwidth in bps 56 Kbps serial link 64 Kbps serial link T1 (1.544 Mbps serial link) E1 (2.048 Mbps serial link) 4 Mbps token ring Ethernet 16 Mbps token ring FDDI The faster the link, smaller is the number => more desirable is the route The metric (cost) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The metric of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is higher cost and time delays involved in crossing a 56k serial line than crossing a 10M Ethernet line. The formula used to calculate the cost is: cost = / bandwidth (in bits per second) For example, it will cost 10 EXP8/10 EXP7 = 10 to cross a 10M Ethernet line and will cost 108/ = 64 to cross a T1 line. By default, the cost of an interface is calculated based on the bandwidth. However the network administrator can force another cost for an interface.
8
OSPF Metric - OptimisingBandwidth
/24 Lo0 Fa0/0 .1 R2 S0/0/0 S0/0/1 DCE /30 /30 64kbps 128kbps .2 .9 S0/0/0 DCE Fa0/0 S0/0/1 Fa0/0 .17 .1 .10 .33 R1 R3 /28 S0/0/1 S0/0/0 DCE /29 .5 .6 Lo0 /30 Lo0 256kbps When the serial interface is not actually operating at the default T1 speed, the interface requires manual modification. Both sides of the link should be configured to have the same value. Both the bandwidth interface command or the ip ospf cost interface command achieve this purpose - an accurate value for use by OSPF in determining the best route. The bandwidth command is used to modify the bandwidth value used by the IOS in calculating the OSPF cost metric. Router(config-if)#bandwidth bandwidth-kbps For R1, the show ip ospf interface command shows that the cost of the Serial 0/0/0 link is now 1562, the result of the Cisco OSPF cost calculation 100,000,000/64,000. When you are using the bandwidth of the interface to determine OSPF cost, always remember to use the bandwidth value interface command to accurately define the bandwidth of the interface (in kbps). If interfaces that are faster than 100 Mbps are being used, you should use the auto-cost reference-bandwidth ref-bw command on all routers in the network to ensure accurate route calculations. The ref-bw is a reference bandwidth in megabits per second, and ranges from 1 to 4,294,967. You must apply the same reference bandwidth to all OSPF routers in the domain to get the desired results. To override the default cost, manually define the cost using the ip ospf cost interface-cost command on a per-interface basis. The cost value is an integer from 1 to 65,535. The lower the number, the better the link and more strongly preferred. R1(config-router) auto-cost reference-bandwidth
9
OSPF Metric - Cost R2 64kbps 128kbps R1 R3 256kbps 10.10.10.0/24
Lo0 Fa0/0 .1 R2 S0/0/0 S0/0/1 DCE /30 /30 64kbps 128kbps .2 .9 S0/0/0 DCE Fa0/0 S0/0/1 Fa0/0 .17 .1 .10 .33 R1 R3 /28 S0/0/1 S0/0/0 DCE /29 .5 .6 Lo0 /30 Lo0 256kbps An alternative method to using the bandwidth command is to use the ip ospf cost command, which allows you to directly specify the cost of an interface. For example, R1 Serial 0/0/0 could be configured with the following command: R1(config)#interface serial 0/0/0 R1(config-if)#ip ospf cost 1562 The ip ospf cost command is useful in multi-vendor environments where non-Cisco routers use a metric other than bandwidth to calculate the OSPF costs. The main difference between the two commands is that the bandwidth command uses the result of the cost calculation to determine the cost of the link. The ip ospf cost command bypasses this calculation by directly setting the cost of the link to a specific value.
10
Load Balancing and Link Cost
OSPF allows for Equal-Cost load balancing. R6 has two routers to R7 networks Thru R5-R4 Thru R4-R7 Which path will be taken? If you want to load-balance using both paths: R6 needs to believe that the path cost through R5 and R4 are the same. Artificially increase the cost of the currently preferred link of R6, using IP ospf cost command, Once the cost of the current preferred link is increased (made worse) and is made the same as the other path, equal cost load balancing will automatically begin. 500 Kbps 1.5Mbps
11
Bandwidth: Managing Routing information
Routing information is not exchanged in form of routes (Which protocol does that?) Each router generates link-state advertisements containing elements of network topology routers neighbor relationships Connected subnets and Others Link-state advertisements are flooded to all routers when areas are not configured: Issue : LSA flooding -> hampers performance Link-state database is used for storing network topology information Dijkstra’a SPF (Shortest path first) algorithm used to compute shortest path in terms of COST (OSPF metric), and result stored in RIB(routing information database) OSPF RIB is collection of best paths to each destination, installed in Routing table When information in link state database changes, only a partial calculation is necessary OSPF uses a link-state algorithm in order to build and calculate the shortest path to all known destinations. The algorithm by itself is quite complicated. The following is a very high level, simplified way of looking at the various steps of the algorithm: 1- Upon initialization or due to any change in routing information, a router will generate a link-state advertisement (LSA). A router generates an LSA periodically, as well as in response to the discovery of a new neighbor, a link, when a neighbor changes state from up to down or vice versa, or when a link metric changes value. Two routers are neighbors when they have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's Hello Protocol. This advertisement will represent the collection of all link-states on that router. 2- All routers will exchange link-states by means of flooding. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers. Each participating router must have an identical database. 3- After the database of each router is completed, the router will calculate a Shortest Path Tree to all destinations. All routers run the same algorithm, in parallel. The router uses the Dijkstra algorithm to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations will form the IP routing table. 4- In case no changes in the OSPF network occur, such as cost of a link or a network being added or deleted, OSPF should be very quiet. Any changes that occur are communicated via link-state packets, and the Dijkstra algorithm is recalculated to find the shortest path.
12
Issue: Performance - Flooding LSAs
Multi-Access Networks: To avoid flooding LSAs to all routers in the network, Routers are designated: Election of DR (Designated Router)- Routers send LSAs to the DR using the multicast address BDR (Backup Designated Router) : back up for DR, if DR fails R5 - LSA R5 - LSA DR R1 BDR R2 R5 - LSA R5 On multiaccess networks, OSPF elects a Designated Router (DR) to be the collection and distribution point for LSAs sent and received. A Backup Designated Router (BDR) is also elected in case the Designated Router fails. All other routers become DROthers (this indicates a router that is neither the DR or the BDR). DROthers only form full adjacencies with the DR and BDR in the network. This means that instead of flooding LSAs to all routers in the network, DROthers only send their LSAs to the DR and BDR using the multicast address (ALLDRouters - All DR routers). In the slide, R5 sends LSAs to the DR. The BDR listens as well. The DR is responsible for forwarding the LSAs from R5 to all other routers. The DR uses the multicast address (AllSPFRouters - All OSPF routers). The end result is that there is only one router doing all of the flooding of all LSAs in the multiaccess network. R3 DRother R5 - LSA DRother R4 The DR is responsible for forwarding the LSAs from R1 to all other routers. The DR uses the multicast address DRother R5 - LSA
13
Hierarchical Structure
Introduced to put a boundary on the explosion of link-state updates Every area is connected to the backbone area Backbone Area #0 OSPF allows collections of contiguous networks and hosts to be grouped together. Such a group, together with the routers having interfaces to any one of the included networks, is called an area. Areas are introduced to put a boundary on the explosion of link-state updates. Each area runs a separate copy of the basic link-state routing algorithm. This means that each area has its own link-state database and corresponding graph, as explained in the previous section. The topology of an area is invisible from the outside of the area. Conversely, routers internal to a given area know nothing of the detailed topology external to the area. This isolation of knowledge enables the protocol to effect a marked reduction in routing traffic as compared to treating the entire Autonomous System as a single link-state domain. With the introduction of areas, it is no longer true that all routers in the AS have an identical link-state database. A router actually has a separate link-state database for each area it is connected to. Area #2 Area #1 Area #3
14
OSPF Areas The border area is OSPF area 0
all routers belonging to the same area have identical database SPF calculations are performed separately for each area LSA flooding is bounded by area OSPF has special restrictions when multiple areas are involved. If more than one area is configured, one of these areas has be to be a backbone are. The OSPF backbone is the special OSPF Area 0 (often written as Area , since OSPF Area ID's are typically formatted as IP addresses). When designing networks it is good practice to start with area 0 and then expand into other areas later on. The backbone has to be at the center of all other areas, i.e. all areas have to be physically connected to the backbone. The reasoning behind this is that OSPF expects all areas to inject routing information into the backbone and in turn the backbone will disseminate that information into other areas. The OSPF backbone always contains all area border routers. The backbone is responsible for distributing routing information between non-backbone areas. The backbone must be contiguous. However, it need not be physically contiguous; backbone connectivity can be established/maintained through the configuration of virtual links. Two routers belonging to the same area have, for that area, identical area link-state databases.
15
OSPF Router Types OSPF routers are categorized based on the function they perform in the routing domain. The four different types of OSPF routers are: Internal routers: Routers that have all their interfaces in the same area and have identical LSDBs. Backbone routers: Routers that sit on the perimeter of the backbone area and have at least one interface connected to area 0. Backbone routers maintain OSPF routing information using the same procedures and algorithms as internal routers. Area border routers: Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each area to which they connect, and route traffic destined to or arriving from other areas. Area border routers (ABRs) are exit points for the area, which means that routing information destined for another area can get there only via the ABR of the local area. ABRs can be configured to summarize the routing information from the LSDBs of their attached areas. ABRs distribute the routing information into the backbone. The backbone routers then forward the information to the other ABRs. In a multiarea network, an area can have one or more ABRs. Autonomous System Boundary Routers: Routers that have at least one interface attached to an external internetwork (another autonomous system), such as a non-OSPF network. Autonomous system boundary routers (ASBRs) can import non-OSPF network information to the OSPF network and vice versa; this process is called route redistribution. A router can exist as more than one router type. For example, if a router interconnects to area 0 and area 1, in addition to a non-OSPF network, it is both an ABR and an ASBR. A router has a separate LSDB for each area to which it connects; therefore, an ABR could have one LSDB for area 0 and another LSDB for another area in which it participates. Two routers belonging to the same area maintain identical LSDBs for that area. An LSDB is synchronized between pairs of adjacent routers. On broadcast networks like Ethernet, an LSDB is synchronized between the router that is not a DR or a BDR (that is, a DROTHER) and its DR and BDR.
16
OSPF: Multiple Areas Two-level hierarchy: local area, also called backbone.area Link-state advertisements only in area each nodes has detailed area topology; only knows direction (shortest path) to networks in other areas. Area border routers (ABR): “summarize” distances to networks in own area, advertise to other Area Border routers. Backbone routers: run OSPF routing limited to backbone. Autonomous System Boundary routers: connect to other AS’s. (Autonomous Systems) Interior Router (IR) IR Area 3 Area 2 to other AS area 0 Backbone ASBR ABR: Area Border routers Area 4 Before the introduction of areas, the only OSPF routers having a specialized function were those advertising external routing information. When the AS is split into multiple areas, the routers are further divided according to function into the following overlapping categories: Routers connected to only one area are called Interior routers (IR). Routers connected to multiple areas are called area border routers (BR). Routers connected to other autonomous system are Autonmous system border routers (ASBR). Border area routers with the links that connect them, form the backbone of the AS. Virtual links are used for two purposes: 1- Linking an area that does not have a physical connection to the backbone. 2- Patching the backbone in case discontinuity of area 0 occurs. In some rare case where it is impossible to have an area physically connected to the backbone, a virtual link is used. The virtual link will provide the disconnected area a logical path to the backbone. The virtual link has to be established between two ABRs that have a common area, with one ABR connected to the backbone. Area 1 Virtual link ASBR: Autonomous System Border Routers
17
Scaling OSPF Rule of thumb Reality
no more than 150 routers /area Reality no more than 500 routers/area Backbone area is an area that glue all the other areas always marked as area 0 proper use of areas reduces bandwidth summarized routes instability is limited within the area
18
OSPF Basic Configuration Example
router ospf 63 network area 1 network area 0 network area 1 Area 0 Area 1 E1 T0 E0 E2 Router (config) # router ospf process-id Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet mask
19
Route Summarization Example
router ospf 100 network area 2 network area 0 area 0 range area 2 range R1# router ospf 100 network area 1 network area 0 area 0 range area 1 range Area 2 Area 1 Interface Addresses ( mask) R1 Area 0
20
Area Link State Database
Link state database for every area is different Area database is composed of router links advertisements network links advertisements summary links advertisements AS external advertisements Routing in the Autonomous System takes place on two levels, depending on whether the source and destination of a packet reside in the same area (intra-area routing is used) or different areas (inter-area routing is used). In intra-area routing, the packet is routed solely on information obtained within the area; no routing information obtained from outside the area can be used. This protects intra-area routing from the injection of bad routing information. Routes that are generated from within an area (the destination belongs to the area) are called intra-area routes. These routes are normally represented by the letter O in the IP routing table. Routes that originate from other areas are called inter-area or Summary routes. The notation for these routes is O IA in the IP routing table. Routes that originate from other routing protocols (or different OSPF processes) and that are injected into OSPF via redistribution are called external routes. These routes are represented by O E2 or O E1 in the IP routing table. Multiple routes to the same destination are preferred in the following order: intra-area, inter-area, external E1 or E2..
21
Stub Areas: Router performance
OSPF allows certain areas to be configured as stub areas. Configuring a stub area reduces the topological database size inside an area and reduces the memory requirements of routers inside that area. RTC# interface Ethernet 0 ip address interface Serial1 ip address router ospf 10 network area 2 network area 0 area 2 stub RTE# ip address An area could be qualified a stub when there is a single exit point from that area or if routing to outside of the area does not have to take an optimal path.
22
Link State Advertisement (LSA)
Generated periodically or in response to any change Contains: source identification sequence number link state age list of neighbors A router generates an LSA periodically, as well as in response to the discovery of a new neighbor, a link, when a neighbor changes state from up to down or vice versa, or when a link metric changes value. Two routers are neighbors when they have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's Hello Protocol.
23
Load Balancing by Multiple Path
equal or proportional cost multiple paths R2 path 1 N1 N2 path 2 R3 OSPF supports multipath. It means that in case of two or more shortest paths the traffic is divided equally among those paths. This kind of routing helps balancing the load on the network. If the pats are not with equal cost, the distribution might be proportional. R1 Unequal cost multiple paths not supported R4
24
Equal cost paths R1 R2 /32 /32 Two routers are connected to each other via two p2p serial links of equal cost. R1 has Loopback 0 interface /32 and R2 has Loopback 0 interface /32. OSPF is used as the routing protocol. Hence, R1 can reach /32 via two equal-cost paths and R2 can reach /32 via two equal-cost paths. R1# show ip route | begin Gateway Gateway of last resort is not set /32 is subnetted, 1 subnets C is directly connected, Loopback0 /32 is subnetted, 1 subnets O [110/65] via , 00:01:44, Serial0/1 [110/65] via , 00:01:44, Serial0/0 /30 is subnetted, 2 subnets C is directly connected, Serial0/1 C is directly connected, Serial0 R1# show ip route Routing entry for /32 Known via "ospf 1", distance 110, metric 65, type intra area Last update from on Serial0/0, 00:02:10 ago Routing Descriptor Blocks: , from , 00:02:10 ago, via Serial0/1 Route metric is 65, traffic share count is 1 * , from , 00:02:10 ago, via Serial0/0 Route metric is 65, traffic share count is 1
25
Authenticated Routing Updates
Two possibilities are defined no authentication (configured by default) authentication simple password authentication message digest authentication It is possible to authenticate the OSPF packets such that routers can participate in routing domains based on predefined passwords. By default, a router uses a Null authentication which means that routing exchanges over a network are not authenticated. Two other authentication methods exist: Simple password authentication and Message Digest authentication. Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key. The drawback of this method is that it is vulnerable to passive attacks. Message Digest Authentication is a cryptographic authentication. A key (password) and key-id are configured on each router. The router uses an algorithm based on the OSPF packet, the key, and the key-id to generate a "message digest" that gets appended to the packet. Unlike the simple authentication, the key is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPF packet to protect against replay attacks.
26
Simple Password Authentication
Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key. Drawback Vulnerable to passive attacks. Anybody with a link analyzer could easily get the password off the wire. interface Ethernet0 ip address ip ospf authentication-key mypassword router ospf 10 network area 0 area 0 authentication
27
Message Digest Authentication
Cryptographic authentication A key (password) and key-id are configured on each router. The router uses an algorithm based on the OSPF packet, the key, and the keyid to generate a "message digest" that gets appended to the packet. Unlike the simple authentication, the key is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPF packet to protect against replay attacks. interface Ethernet0 ip address ip ospf message-digest-key 10 md5 mypassword router ospf 10 network area 0 area 0 authentication message-digest
28
Memory Issues Usually come up when too many external routes are injected in the OSPF domain. A backbone area with 40 routers and a default route to the outside world would have less memory issues compared with a backbone area with 4 routers and 33,000 external routes injected into OSPF. The total memory used by OSPF is the sum of the memory used in the routing table (show ip route summary) and the memory used in the link-state database. Example: Each entry in the routing table will consume between approximately 200 and 280 bytes Each LSA will consume a 100 byte overhead plus the size of the actual link state advertisement This should be added to memory used by other processes and by the IOS itself. The following numbers are a rule of thumb estimate. Each entry in the routing table will consume between approximately 200 and 280 bytes plus 44 bytes per extra path. Each LSA will consume a 100 byte overhead plus the size of the actual link state advertisement, possibly another 60 to 100 bytes (for router links, this depends on the number of interfaces on the router). This should be added to memory used by other processes and by the IOS itself. If you really want to know the exact number, you can do a show memory with and without OSPF being turned on. The difference in the processor memory used would be the answer (keep a backup copy of the configs). Normally, a routing table with less than 500K bytes could be accommodated with 2 to 4 MB RAM; Large networks with greater than 500K may need 8 to 16 MB, or 32 to 64 MB if full routes are injected from the Internet.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.