OSPF protocol summary
OSPF: Open Shortest Path First (Open Shortest Path First)
8. LSA (Link State Announcement)
1.LSA header
- **Aging time (ls Age): **The time elapsed since the LSA was sent. Aging time, 1800s cycle is reset to 0, the update is triggered and reset to 0 immediately, the maximum aging is 3609
- Options (Option ):
- LSA type : it is the LSA type;
- Link-state ID (link-state ID) : used to specify part of the OSPF domain described by LSA.
- Advertising Router : Originating Router ID
- LS Sequence Number : This sequence number will increase every time a new instance of LSA is generated. – Lollipop serial number
- Checksum (LS Checksum) : Except for the Age field, the checksum of all information about LSA.
- **Length: **The length of the LSA including the LSA header.
LSA type | Spread | Notifier (source) | Information carried |
---|---|---|---|
LSA1 router | Source area (single area) | Every OSPF router in this area | Local direct connection topology |
LSA2 network | Source area | DR in each network segment | Topology of the MA network segment |
LSA3 summary | The entire OSPF domain | ABR equipment | Inter-domain routing (other routing) |
LSA4 asbr | The entire OSPF domain except the area where the ASBR is located | APR | ASBR location |
LSA5 ase | The entire OSPF domain | ASBR | Out-of-domain routing (other protocols, processes) |
LSA7 nssa | Single NSSA area | ASBR | Out-of-domain routing |
LSA type | link-ID | Notifier (source) |
---|---|---|
LSA1router | RID of the notifier | Every ospf router in this area |
LSA2 Network | IP address of the DR interface | DR in each network segment |
LSA3 summary | Target network segment number | ABR, modified to local when passing the next ABR |
LSA4 asbr | RID of ASBR | ABR, modified to local when passing the next ABR |
LSA5 ase | Target network number | ASBR (does not change when transmitted throughout the network) |
LSA7 nssa | Target network number | ASBR |
9. Reduce the amount of OSPF protocol LSA updates
1. Summary
The premise requires good address planning. The purpose is to reduce the number of LSAs in the backbone area.
[1] Inter-domain route summarization (summary 3 types of routes)
Configure on ABR
[r5]ospf 1
[r5-ospf-1]area 2 只能将本地通过该区域内的1/2类LSA计算所得路由进行汇总
[r5-ospf-1-area-0.0.0.2]abr-summary 6.6.4.0 255.255.252.0
Note: On Huawei equipment, after the summary configuration is completed, the protocol will not automatically generate an air interface anti-loop route, and the administrator needs to manually add it;
[2] Out-of-domain route summary (Summary 5/7 type LSA)
Configure on ASBR
[r1]ospf 1
[r1-ospf-1]asbr-summary 99.1.0.0 255.255.252.0
Note: On Huawei equipment, after the summary configuration is completed, the protocol will not automatically generate an air interface anti-loop route, and the administrator needs to manually add it;
2. Special areas-reduce the number of LSAs in non-backbone areas
It cannot be a backbone area and cannot have virtual links
[1] There is no ASBR;
1) Peripheral area —This area denies 4/5 LSAs to enter; this area is connected to the ABR of the backbone area, and a type 3 default is issued to the area;
[r5]ospf 1
[r5-ospf-1]area 2
[r5-ospf-1-area-0.0.0.2]stub 将该区域定义为末梢区域
Remember: all devices in this area need to be configured, otherwise the neighbor relationship cannot be established
2) Completely stub area —On the basis of the ordinary stub area, further deny Type 3 LSAs, leaving only a type 3 default; first configure the area as a stub area, and then configure the complete action on the ABR;
[r5]ospf 1
[r5-ospf-1]area 2
[r5-ospf-1-area-0.0.0.2]stub no-summary
[2] ASBR exists
1) NSSA-Incomplete peripheral area
This area rejects 4/5 LSAs; ASBRs in this area use Type 7 to deliver routes outside the domain. When these routes need to enter the backbone area based on ABR, they are converted to Type 5 (at the same time this ABR becomes another ASBR);
The meaning of the NSSA area is to reject Type 5/4 LSAs generated by ASBRs in other parts of the network;
At the same time, the ABR connected to the backbone area in the NSSA area issues a Type 7 default to the area;
[r1]ospf 1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]nssa 该区域每台设备均需配置
2) Complete NSSA-complete incomplete peripheral area
On the basis of NSSA, Type 3 LSA is further rejected; At the same time, the ABR connected to the backbone area in the NSSA area advertises a Type 3 default to the area;
Configure the area as NSSA first, and then define it completely on the ABR;
[r3-ospf-1-area-0.0.0.1]nssa no-summary
10. OSPF protocol extended configuration
1. Certification
The behavior of identity verification between neighbors to ensure the security of updates
1) Interface authentication-configure on the interface directly connected to the neighbor
[r2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher cisco123
The number and secret key between neighbors must be exactly the same
2) Regional certification
[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher cisco123
Implement authentication configuration on all local interfaces in zone 0
3) Virtual link authentication
[r2-ospf-1-area-0.0.0.0]vlink-peer 3.3.3.3 md5 1 cipher cisco123
2. Silent interface (passive interface)
[r2]ospf 1
[r2-ospf-1]silent-interface GigabitEthernet 0/0/0
Note: The silent interface will not send any routing protocol information. It is used for the router to connect to the user terminal interface. It cannot be used to connect to the interface of routing protocol neighbors, otherwise it may cause the neighbors to fail to converge;
3. Speed up convergence
Interface hello time 10; dead time 40s; can be maintained
If the interface hello time is 30s, you can modify it as appropriate. Modify the local hello time, the local dead time will automatically match the relationship by 4 times; remember that the hello and dead time between neighbors must be exactly once, otherwise the neighbor relationship cannot be established normally;
[r2-GigabitEthernet0/0/1]ospf timer hello ?
INTEGER<1-65535> Second(s)
[r2-GigabitEthernet0/0/1]ospf timer hello 10
4. Default route
1) Type 3 default -the protocol automatically generates a tip, a complete tip, and a complete NSSA area.
ABR issues a Type 3 default to the area;
2) Type 5 default -border router, which republishes the default route obtained through other methods (static and other dynamic protocols) in the local routing table into the working domain of OSPF
[r2]ospf 1
[r2-ospf-1]default-route-advertise 向ospf域内发布5类缺省
向域内重发布一条5类的类型2缺省路由,前提本地路由表中存在其他方式产生的缺省路由;
[r2-ospf-1]default-route-advertise type 1 重发布类型1 路由
若本地路由表中不存在任何缺省路由,也可以强制向内部发布一条缺省
[r2-ospf-1]default-route-advertise always 默认为类型2 的缺省
[r2-ospf-1]default-route-advertise always type 1 修改为类型1 ;
3) Type 7 default -when the area is configured as a normal NSSA area, the ABR connected to area 0 will publish a type 7 default to the NSSA;
[r2-ospf-1-area-0.0.0.1]nssa default-route-advertise 向NSSA区域发布一条7类缺省;强制产生;
The most basic routing rule: internal is better than external 5, 7 meets priority and cost first, if the same, 5 is better than 7
Remember: When using special areas and default configurations in the ospf protocol, you need to pay attention to the location of the ISP, which non-backbone area the ISP is connected to, then the area must not be set to any special area, otherwise it may be due to automatic defects. The default direction of the province is opposite to the manual default direction, which is a loop;
11. OSPF extended knowledge points
"1" Appendix E-Problems with the same link-id
If an ABR imports two Type 3 LSAs into other areas; at the same time, the link-id of the two LSAs will be the same;
Assumption: The short mask network segment is entered first, and the link-id is displayed normally; when the long mask is entered, the link-id is added with the reverse mask
20.1.0.0/16–link-id 20.1.0.0
20.1.0.0/24–link-id 20.1.0.255
If the long mask is entered first, and then the short mask is entered, the information of the long mask is refreshed to the reverse mask;
"2" OSPF routing rules
1. A situation irrelevant to AD (Administrative Distance):
r2(config)#router ospf 1
r2(config-router)#distance 109 1.1.1.1 0.0.0.0
Locally learn routing entries from the device with RID 1.1.1.1, and modify the management distance to 109;
When a router learns two identical routes from two OSPF neighbors, it only compares the metric value and does not pay attention to the administrative distance; because the result of modifying the administrative distance for only one neighbor is that either both of them are changed or modified Failure;-pay attention to the IOS version-sometimes modify the RID large router management distance to take effect, sometimes need to modify the device with a small RID;
2. The second case of AD (administrative distance) irrelevant O IA Category 3
O IA and O IA routes meet, and there are two Type 3 routes to the same destination. Both routes are transmitted through non-backbone, focusing only on the cost value and not the administrative distance;
If one is transmitted through the backbone area, the other is transmitted through the non-backbone area-the route of non-backbone transmission is invalid
OSPF area split horizon: Type 3 LSA with area label A cannot be returned to area A;
First compare the type-à area à cost
3. OE and OE E are category 5 and N is category 7. By default, all republished incoming routing entries are of type 2. The cost value of type 2 in the routing table will not display the accumulation along the way, only the starting metric;
Both are OE2 or N2, with the same starting metric; focus on the cumulative metric along the way (the OE2 route in the table does not display the internal metric by default, only the starting metric)
Both are OE2 or N2, with different initial metric; prefer the path with the smaller initial metric;
Note: The above design is convenient for administrators to quickly interfere in route selection;
OE1 routing only compares the total metric (starting metric + accumulation along the way), and only modifying the starting metric may not interfere with routing. You must make a difference in the total metric after modification to interfere with routing;
4. Topology is better than routing 1/2LSA calculated routing is better than 3/4/5/7 category calculations
Internal is better than external 3 categories better than 4/5/7 categories
Type 1 is better than Type 2 E1 is better than E2, N1 is better than N2, E1 is better than N2, and N1 is better than E2;
The encounter of E1 and N1, or the encounter of E2 and N2, is better than the total metric (start + along the way) first; 5 types of consistent metrics are better than 7 types
【4】FA-forwarding address
The Type 5 LSA received in a normal OSPF area does not have an FA value;
Conditions for producing FA:
1. Type 5 LSA ---- Assuming that R2 is an ASBR, g0/0 port works in OSPF, g0/1 port works in a non-ospf protocol or a different ospf process; if g0/1 is also declared in and g0/0 In the same OSPF process, the working mode of the interface is broadcast;
The FA address will appear in Type 5 LSA, the address is the interface ip of R3 in the network segment R2 connected to R3;
2. Type 7 LSA—FA address must appear
Assuming that R9 is an ASBR, S0/0 port works in OSPF, and S0/1 port works in a non-ospf protocol or a different process;
S0/1 is not running OSPF-FA address is the last announced loopback address on R9 (some IOS may also be the largest loopback interface ip address), if R9 has no loopback interface; FA address is the last announced physical interface address on R9 (Individual IOS may also be the largest physical interface ip address)
S0/1 of R9 also works. In the OSPF protocol, the S0/1 interface works as broadcast, so the FA address is the R10 interface ip;
The working mode of S0/1 is point-to-point, then the FA address is s0/1 port ip of R9
Remember: After the FA address appears, Type 4 LSA is invalid; if Type 4 LSA is artificially filtered, it can still reach outside the domain;
When Type 4 LSA exists, but the route to the FA address is artificially filtered, it will not be able to access outside the domain;
Once the FA address appears, all routing calculations are based on the FA address;
1. For Type 5/7 routing with FA, Type 4 LSA is meaningless and only recursive to the FA address; if the FA address is filtered by the policy, it is unreachable;
1 meets N1, or E2 meets N2, which is smaller than the total measurement (start + along the way) first; the same measurement is 5 types better than 7 types
【4】FA-forwarding address
The Type 5 LSA received in a normal OSPF area does not have an FA value;
Conditions for producing FA:
1. Type 5 LSA ---- Assuming that R2 is an ASBR, g0/0 port works in OSPF, g0/1 port works in a non-ospf protocol or a different ospf process; if g0/1 is also declared in and g0/0 In the same OSPF process, the working mode of the interface is broadcast;
The FA address will appear in Type 5 LSA, the address is the interface ip of R3 in the network segment R2 connected to R3;
2. Type 7 LSA—FA address must appear
Assuming that R9 is an ASBR, S0/0 port works in OSPF, and S0/1 port works in a non-ospf protocol or a different process;
S0/1 is not running OSPF-FA address is the last announced loopback address on R9 (some IOS may also be the largest loopback interface ip address), if R9 has no loopback interface; FA address is the last announced physical interface address on R9 (Individual IOS may also be the largest physical interface ip address)
S0/1 of R9 also works. In the OSPF protocol, the S0/1 interface works as broadcast, so the FA address is the R10 interface ip;
The working mode of S0/1 is point-to-point, then the FA address is s0/1 port ip of R9
Remember: After the FA address appears, Type 4 LSA is invalid; if Type 4 LSA is artificially filtered, it can still reach outside the domain;
When Type 4 LSA exists, but the route to the FA address is artificially filtered, it will not be able to access outside the domain;
Once the FA address appears, all routing calculations are based on the FA address;
1. For Type 5/7 routing with FA, Type 4 LSA is meaningless and only recursive to the FA address; if the FA address is filtered by the policy, it is unreachable;
2. The metric in the routing table is the metric to the FA address, not the metric to the ASBR;