OSPF protocol summary

OSPF: Open Shortest Path First (Open Shortest Path First)

8. LSA (Link State Announcement)

1.LSA header

Please add picture description

**Aging time (ls Age): **The time elapsed since the LSA was sent. Aging time, 1800s cycle is reset to 0, the update is triggered and reset to 0 immediately, the maximum aging is 3609
Options (Option ):
LSA type : it is the LSA type;
Link-state ID (link-state ID) : used to specify part of the OSPF domain described by LSA.
Advertising Router : Originating Router ID
LS Sequence Number : This sequence number will increase every time a new instance of LSA is generated. – Lollipop serial number
Checksum (LS Checksum) : Except for the Age field, the checksum of all information about LSA.
**Length: **The length of the LSA including the LSA header.

LSA type	Spread	Notifier (source)	Information carried
LSA1 router	Source area (single area)	Every OSPF router in this area	Local direct connection topology
LSA2 network	Source area	DR in each network segment	Topology of the MA network segment
LSA3 summary	The entire OSPF domain	ABR equipment	Inter-domain routing (other routing)
LSA4 asbr	The entire OSPF domain except the area where the ASBR is located	APR	ASBR location
LSA5 ase	The entire OSPF domain	ASBR	Out-of-domain routing (other protocols, processes)
LSA7 nssa	Single NSSA area	ASBR	Out-of-domain routing

LSA type	link-ID	Notifier (source)
LSA1router	RID of the notifier	Every ospf router in this area
LSA2 Network	IP address of the DR interface	DR in each network segment
LSA3 summary	Target network segment number	ABR, modified to local when passing the next ABR
LSA4 asbr	RID of ASBR	ABR, modified to local when passing the next ABR
LSA5 ase	Target network number	ASBR (does not change when transmitted throughout the network)
LSA7 nssa	Target network number	ASBR

9. Reduce the amount of OSPF protocol LSA updates

1. Summary

The premise requires good address planning. The purpose is to reduce the number of LSAs in the backbone area.

[1] Inter-domain route summarization (summary 3 types of routes)

Configure on ABR

[r5]ospf 1 

[r5-ospf-1]area 2  只能将本地通过该区域内的1/2类LSA计算所得路由进行汇总

[r5-ospf-1-area-0.0.0.2]abr-summary 6.6.4.0 255.255.252.0

Note: On Huawei equipment, after the summary configuration is completed, the protocol will not automatically generate an air interface anti-loop route, and the administrator needs to manually add it;

[2] Out-of-domain route summary (Summary 5/7 type LSA)

Configure on ASBR

[r1]ospf 1 

[r1-ospf-1]asbr-summary 99.1.0.0 255.255.252.0

Note: On Huawei equipment, after the summary configuration is completed, the protocol will not automatically generate an air interface anti-loop route, and the administrator needs to manually add it;

2. Special areas-reduce the number of LSAs in non-backbone areas

It cannot be a backbone area and cannot have virtual links

[1] There is no ASBR;

1) Peripheral area —This area denies 4/5 LSAs to enter; this area is connected to the ABR of the backbone area, and a type 3 default is issued to the area;

[r5]ospf 1 

[r5-ospf-1]area 2 

[r5-ospf-1-area-0.0.0.2]stub  将该区域定义为末梢区域

Remember: all devices in this area need to be configured, otherwise the neighbor relationship cannot be established

2) Completely stub area —On the basis of the ordinary stub area, further deny Type 3 LSAs, leaving only a type 3 default; first configure the area as a stub area, and then configure the complete action on the ABR;

[r5]ospf 1 

[r5-ospf-1]area 2 

[r5-ospf-1-area-0.0.0.2]stub no-summary

[2] ASBR exists

1) NSSA-Incomplete peripheral area

This area rejects 4/5 LSAs; ASBRs in this area use Type 7 to deliver routes outside the domain. When these routes need to enter the backbone area based on ABR, they are converted to Type 5 (at the same time this ABR becomes another ASBR);

The meaning of the NSSA area is to reject Type 5/4 LSAs generated by ASBRs in other parts of the network;

At the same time, the ABR connected to the backbone area in the NSSA area issues a Type 7 default to the area;

[r1]ospf 1 

[r1-ospf-1]area 1 

[r1-ospf-1-area-0.0.0.1]nssa  该区域每台设备均需配置

2) Complete NSSA-complete incomplete peripheral area

On the basis of NSSA, Type 3 LSA is further rejected; At the same time, the ABR connected to the backbone area in the NSSA area advertises a Type 3 default to the area;

Configure the area as NSSA first, and then define it completely on the ABR;

[r3-ospf-1-area-0.0.0.1]nssa no-summary

10. OSPF protocol extended configuration

1. Certification

The behavior of identity verification between neighbors to ensure the security of updates

1) Interface authentication-configure on the interface directly connected to the neighbor

[r2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher cisco123

The number and secret key between neighbors must be exactly the same

2) Regional certification

[r2]ospf 1 

[r2-ospf-1]area 0 

[r2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher cisco123

Implement authentication configuration on all local interfaces in zone 0

3) Virtual link authentication

[r2-ospf-1-area-0.0.0.0]vlink-peer 3.3.3.3 md5 1 cipher cisco123

2. Silent interface (passive interface)

[r2]ospf 1 

[r2-ospf-1]silent-interface GigabitEthernet 0/0/0

Note: The silent interface will not send any routing protocol information. It is used for the router to connect to the user terminal interface. It cannot be used to connect to the interface of routing protocol neighbors, otherwise it may cause the neighbors to fail to converge;

3. Speed up convergence

Interface hello time 10; dead time 40s; can be maintained

If the interface hello time is 30s, you can modify it as appropriate. Modify the local hello time, the local dead time will automatically match the relationship by 4 times; remember that the hello and dead time between neighbors must be exactly once, otherwise the neighbor relationship cannot be established normally;

[r2-GigabitEthernet0/0/1]ospf timer hello ?

INTEGER<1-65535> Second(s)

[r2-GigabitEthernet0/0/1]ospf timer hello 10

4. Default route

1) Type 3 default -the protocol automatically generates a tip, a complete tip, and a complete NSSA area.

ABR issues a Type 3 default to the area;

2) Type 5 default -border router, which republishes the default route obtained through other methods (static and other dynamic protocols) in the local routing table into the working domain of OSPF

[r2]ospf 1 

[r2-ospf-1]default-route-advertise  向ospf域内发布5类缺省  

向域内重发布一条5类的类型2缺省路由，前提本地路由表中存在其他方式产生的缺省路由；

[r2-ospf-1]default-route-advertise type 1 重发布类型1 路由

 

若本地路由表中不存在任何缺省路由，也可以强制向内部发布一条缺省

[r2-ospf-1]default-route-advertise always 默认为类型2 的缺省

[r2-ospf-1]default-route-advertise always type 1 修改为类型1 ；

3) Type 7 default -when the area is configured as a normal NSSA area, the ABR connected to area 0 will publish a type 7 default to the NSSA;

[r2-ospf-1-area-0.0.0.1]nssa default-route-advertise 向NSSA区域发布一条7类缺省；强制产生；

The most basic routing rule: internal is better than external 5, 7 meets priority and cost first, if the same, 5 is better than 7

Remember: When using special areas and default configurations in the ospf protocol, you need to pay attention to the location of the ISP, which non-backbone area the ISP is connected to, then the area must not be set to any special area, otherwise it may be due to automatic defects. The default direction of the province is opposite to the manual default direction, which is a loop;

11. OSPF extended knowledge points

"1" Appendix E-Problems with the same link-id

If an ABR imports two Type 3 LSAs into other areas; at the same time, the link-id of the two LSAs will be the same;

Assumption: The short mask network segment is entered first, and the link-id is displayed normally; when the long mask is entered, the link-id is added with the reverse mask

20.1.0.0/16–link-id 20.1.0.0

20.1.0.0/24–link-id 20.1.0.255

If the long mask is entered first, and then the short mask is entered, the information of the long mask is refreshed to the reverse mask;

"2" OSPF routing rules

1. A situation irrelevant to AD (Administrative Distance):

r2(config)#router ospf 1

r2(config-router)#distance 109 1.1.1.1 0.0.0.0

Locally learn routing entries from the device with RID 1.1.1.1, and modify the management distance to 109;

When a router learns two identical routes from two OSPF neighbors, it only compares the metric value and does not pay attention to the administrative distance; because the result of modifying the administrative distance for only one neighbor is that either both of them are changed or modified Failure;-pay attention to the IOS version-sometimes modify the RID large router management distance to take effect, sometimes need to modify the device with a small RID;

2. The second case of AD (administrative distance) irrelevant O IA Category 3

O IA and O IA routes meet, and there are two Type 3 routes to the same destination. Both routes are transmitted through non-backbone, focusing only on the cost value and not the administrative distance;

If one is transmitted through the backbone area, the other is transmitted through the non-backbone area-the route of non-backbone transmission is invalid

OSPF area split horizon: Type 3 LSA with area label A cannot be returned to area A;

First compare the type-à area à cost

3. OE and OE E are category 5 and N is category 7. By default, all republished incoming routing entries are of type 2. The cost value of type 2 in the routing table will not display the accumulation along the way, only the starting metric;

Both are OE2 or N2, with the same starting metric; focus on the cumulative metric along the way (the OE2 route in the table does not display the internal metric by default, only the starting metric)

Both are OE2 or N2, with different initial metric; prefer the path with the smaller initial metric;

Note: The above design is convenient for administrators to quickly interfere in route selection;

OE1 routing only compares the total metric (starting metric + accumulation along the way), and only modifying the starting metric may not interfere with routing. You must make a difference in the total metric after modification to interfere with routing;

4. Topology is better than routing 1/2LSA calculated routing is better than 3/4/5/7 category calculations

Internal is better than external 3 categories better than 4/5/7 categories

Type 1 is better than Type 2 E1 is better than E2, N1 is better than N2, E1 is better than N2, and N1 is better than E2;

The encounter of E1 and N1, or the encounter of E2 and N2, is better than the total metric (start + along the way) first; 5 types of consistent metrics are better than 7 types

【4】FA-forwarding address

The Type 5 LSA received in a normal OSPF area does not have an FA value;

Conditions for producing FA:

1. Type 5 LSA ---- Assuming that R2 is an ASBR, g0/0 port works in OSPF, g0/1 port works in a non-ospf protocol or a different ospf process; if g0/1 is also declared in and g0/0 In the same OSPF process, the working mode of the interface is broadcast;

The FA address will appear in Type 5 LSA, the address is the interface ip of R3 in the network segment R2 connected to R3;

2. Type 7 LSA—FA address must appear

Assuming that R9 is an ASBR, S0/0 port works in OSPF, and S0/1 port works in a non-ospf protocol or a different process;

S0/1 is not running OSPF-FA address is the last announced loopback address on R9 (some IOS may also be the largest loopback interface ip address), if R9 has no loopback interface; FA address is the last announced physical interface address on R9 (Individual IOS may also be the largest physical interface ip address)

S0/1 of R9 also works. In the OSPF protocol, the S0/1 interface works as broadcast, so the FA address is the R10 interface ip;

The working mode of S0/1 is point-to-point, then the FA address is s0/1 port ip of R9

Remember: After the FA address appears, Type 4 LSA is invalid; if Type 4 LSA is artificially filtered, it can still reach outside the domain;

When Type 4 LSA exists, but the route to the FA address is artificially filtered, it will not be able to access outside the domain;

Once the FA address appears, all routing calculations are based on the FA address;

1. For Type 5/7 routing with FA, Type 4 LSA is meaningless and only recursive to the FA address; if the FA address is filtered by the policy, it is unreachable;

1 meets N1, or E2 meets N2, which is smaller than the total measurement (start + along the way) first; the same measurement is 5 types better than 7 types