Table of contents
Network types supported by OSPF:
Network Summary-LSA: Three types of LSA
Inter-regional ring prevention mechanism:
AS External-LSA: Five types of LSA
ASBR Summary-LSA: Four types of LSA
OSPF: Open shortest path first, belongs to dynamic routing protocol, IGP protocol, link state routing protocol
Routing Protocol:
According to the scope of work :
IGP: Interior Gateway Protocol, a protocol used internally by the AS
EGP: Exterior Gateway Routing Protocol, a protocol used between AS and AS
AS: Autonomous system, a domain managed by a unified organization and using the same routing strategy
Features of OSPF:
1. Loop-free, SPF algorithm is used within the domain
2. Convergence is fast, supports triggered updates and periodic updates (1800s), send first and then update
3. It has good scalability and supports area division. Area 0 is the backbone area and the rest are non-backbone areas.
4. Supports authentication, non-authentication, interface authentication and regional authentication (plain text authentication and MD5 authentication)
How OSPF works:
1. Routers that establish OSPF neighbor relationships flood each other’s LSAs (link state information)
2. All LSAs build LSDB (Link State Information Base)
3. According to LSDB, calculate the shortest path to each node through SPF algorithm
4. Add to the routing table through route optimization
Router-ID:
Uniquely identifies a router in the OSPF network, expressed in the same way as the IP address (dotted decimal)
Can be configured manually and automatically elected
Manual configuration :
It is divided into configuration under the process and configuration under the system. In the configuration under the process, only this process uses this RID, and in the configuration under the system, all processes use it.
Automatic election:
If there is no manual configuration, the election will be automatic. The one with the largest loopback interface address will be selected first. If there is no loopback interface address, the one with the largest physical interface address will be selected.
Problems caused by RID consistency:
In the same area:
1. Two devices are directly connected: neighbor relationship cannot be established.
2. Two devices are not directly connected: neighbor relationships can be established, but routes will be published and withdrawn frequently.
In different areas:
There is no problem under normal circumstances. If the router with the same RID introduces external routes, there will be problems.
*OSPF is encapsulated after the IP header, using protocol number 89, and is divided into header and data parts
OSPF message parameters
version: version, OSPFV2, OSPFV3
type: message type, (hello, DD, LSR, LSU, LSACK)
packet length: packet length, indicating the size of the entire OSPF packet
Router ID : The ospf router ID that generated the message
AREA ID: area ID, indicating the range of message delivery
checksum : Check, verify OSPF messages, including headers
auth type: authentication type, 0 no authentication, 1 plain text authentication, 2MD5 authentication
auth data: The data carried is different depending on the authentication method.
OSPF message types:
Hello message : used to discover, establish, and maintain neighbor relationships
DD message : used to negotiate the master-slave relationship and determine whether the LSDB is synchronized
I (start bit): If set to 1, it indicates the first DD message
M (successor bit): If set to 1, it indicates that there will be subsequent DD messages.
MS (master-slave bit): If set to 1, it indicates that it is the master device
LSR message : The request itself is missing an LSA
LSU message : carries complete LSA information
LSACK message : confirmation message
OSPF state machine:
DOWN:
Start sending hello messages
attempt:
Unique to the NBMA network, a hello message is sent, but no response is received and it returns to the down state after 120 seconds.
INIT:
I sent a hello message and received a hello message from my neighbor, but the neighbor list of the neighbor's hello message did not have its own RID.
2-way:
The hello message is received, and the neighbor carries its own RID, indicating that the neighbor relationship is established (DR is elected in this state, the election time is 40 seconds)
Start:
Start sending the first DD message, elect the master-slave relationship, and negotiate the MTU (Huawei does not negotiate by default)
Master MTU > Slave MTU, both are in EXstart state
Master MTU < slave MTU, the master device is in Exstart state, and the slave device is in Exchange state
EXchange:
Send subsequent DD messages carrying the LSDB digest to determine whether the LSDB is synchronized.
loading:
If there is no synchronization, enter this state to send LSR, LSU, LSACK, and synchronize LSDB.
Full:
LSDB synchronization is completed and adjacency relationship is established.
DR
DR : designated router
BDR : Backup designated router
DR and BDR refer to the interface
Election rules: Router priority 0-255, default 1, 0 does not participate in the election, the larger the better, the priority is the same compared to the RID, the larger the better
Function: Reduce adjacency relationships, describe network topology, and simplify network structure
Network types supported by OSPF:
broadcast: broadcast network . When the underlying layer is Ethernet, the default is broadcast type, DR is elected, hello time is 10s, and dead time is 40s.
Multicast sends hello, LSU, LSACK, unicast sends DD, LSR
NBMA (needs to manually specify neighbors): non-broadcast multi-access, when the bottom layer is FR or ATM, the default is NBMA network, elects DR, hello time is 30s, dead time is 120s.
Send all messages in unicast (hello, DD, LSU, LSR, LSACK)
P2P: Point-to-point, when the bottom layer is PPP, HDLC, the default network is P2P, DR is not elected, hello 10s, dead 40s,
Send all messages in multicast (hello, DD, LSU, LSR, LSACK)
P2MP, point-to-multipoint , no underlying protocol is considered P2MP, it can only be modified manually, DR is not elected, hello30s, dead120s.
Multicast sends hello, unicast sends DD, LSU, LSR, LSAC
Can OSPF establish neighbor relationships between different network types? *(The key is the hello message)
NBMA--*: Can only be established normally with the same network type, and cannot be established with other network types (only NBMA networks send hello in unicast)
P2P-P2MP: Modify the hello time to establish
MA-P2P: Can be established
MA-P2MP: Modify the hello time to establish
LSA header parameters:
LS age: LSA aging time, 0s-3600s, 3600s means aging
options: optional, used to represent OSPF features
LS type: LSA type (1, 2, 3, 4, 5, 7)
link State ID : Link state identification, which represents different contents depending on the type of LSA.
ADV router : Notifier router, indicating which router this LSA was generated by, represented by the router's RID.
LS Seq: Link status information sequence number, initially 0x08000001->0x08FFFFFF->0X07000000->0X07FFFFFF, incremented by 1 for each update
LS checksum: link status information check
Length : length size
Uniquely identify an LSA:
LS type +LS ID+LS ADV
Compare the old and new LSA:
LS Age+LS Seq+LS checksum
(First compare the serial numbers, the bigger the better, if the serial numbers are the same, compare the checksum, the bigger the better, the first two are the same and compare the aging time, 3600s is the optimal, then compare the difference between the two, if it is less than 900s, it means the same, if it is greater than 900s, it is the same. The smaller the better)
Router LSA: a type of LSA
Every router running OSPF will generate
LS ID: RID of the producer
ADV: RID of the generator
A type of LSA can describe four link types:
P2P: used to describe topology information of point-to-point networks, (P2P, P2MP)
link ID: RID of point-to-point neighbor
link data: generate the IP address of the LSA interface
TransNet: Used to describe a transmission network (MA/NBMA) and describe the connection to a DR
link ID: IP address of the DR interface
link data: generate the IP address of the LSA interface
SutbNet: Used to describe the routing information of the end node network and P2P network (those without established ospf relationships belong to the end node network, such as connecting terminals and loopback ports)
link ID: network IP
link data: mask
Virtual Link: used to describe virtual connections
link ID: RID of the virtual link neighbor
link Data: IP address of own interface (to the neighbor of the virtual connection)
* In a point-to-point environment, one type of LSA can completely describe the topology and routing information (P2P+StubNet). In a MA network environment, one type of LSA only describes the topology information (TranNet), and two types of LSA are required to describe it together.
Network-LSA: Type 2 LSA
Generated by DR, it can describe routing and topology information in the MA network environment.
LS ID: DR’s interface IP address
ADV: RID of the generator
Relevant parameters for Category 1 and Category 2:
Type: Router #LSA type is one type
Ls id : 2.2.2.2
Adv rtr : 2.2.2.2
Ls age : 180
Len : 48
Options : E
seq# : 80000016
chksum: 0x95ad
Link count: 2 #Number of links
- Link ID: 1.1.1.1
Data : 192.168.1.2
Link Type: P-2-P #link type is P2P
Metric: 1 #Overhead
- Link ID: 192.168.1.0
Data : 255.255.255.0
Link Type: StubNet #The link type is stubnet
Metric : 1
Priority : Low
Type: Network#LSA type is type 2
Ls id : 10.1.134.1
Adv rtr : 1.1.1.1
Ls age : 1717
Len : 36
Options : E
seq# : 80000004
chksum : 0xc6d5
Net mask: 255.255.255.0 #Network mask
Priority : Low
Attached Router 1.1.1.1 #The connected router is represented by RID
Attached Router 3.3.3.3
Attached Router 4.4.4.4
IR: intra-region router, completely within a region
ABR: connects two or more areas and connects the backbone area
ASBR: Autonomous system border router, connected to networks that do not belong to OSPF
Network Summary-LSA: Three types of LSA
Used to describe inter-area routing information (describe routing)
LS ID: Destination network number
ADV router: Router ID of the ABR that generated the LSA
*A category three can only describe one route
Inter-regional ring prevention mechanism:
1. Divide a backbone area and the rest are non-backbone areas.
2. Non-backbone areas must be connected to backbone areas
3. Access between non-backbone areas must pass through the backbone area (Type 3 LSA must pass through the backbone area)
4. Type 3 LSAs passed out from one area cannot be sent back again.
Virtual connection: Solve the problem of discontinuity in the backbone area (the non-backbone area is not connected to the backbone area)
*Virtual connections can only span one non-backbone area
AS External-LSA: Five types of LSAUsed to describe external routing information
LS ID: External routing destination network number
ADV router: RID of ASBR
*A Category 5 describes an external route
*Routers in the same area as ASBR can find the location of ASBR through type 1 and type 2 LSA in the area, so they can access external routes directly through type 5 LSA. However, routers in other areas do not have ASBR location information, only type 5 LSA and others. Zone cannot access external routes
ASBR Summary-LSA: Four types of LSA
Used to describe the location of ASBR
LS ID: RID of ASBR
ADV router: RID of the ABR that generated the LSA
External route type: (default type-2)
type-1: A type of external, high reliability, calculates AS external overhead plus AS internal overhead
type-2: Type 2 external , low reliability, only calculates AS external overhead
*The internal cost of the AS is the cost from the internal device to the ASBR, and the external cost of the AS is the cost of the external route from the ASBR to the ASBR (the default external cost is 1)
Modify the external route type :
import-route static type 1
OSPF route priority:
Intra-area routing>Inter-area routing>Type 1 external>Type 2 external
Does a Type 4 LSA necessarily mean a Type 5 LSA?
Not necessarily. As long as Huawei's OSPF router performs the import action, the ASBR bit of its type 1 LSA will be set. However, there is no detailed route and no corresponding type 5 LSA. For ABR, through a type of LSA in this area, The ASBR bits of the class LSA determine that ASBR has occurred, and four types of LSAs will be generated to other areas to describe the ASBR.
Does a Type 5 LSA necessarily mean a Type 4 LSA?
Not necessarily. If there is only a single area where ASBR is located, there is no need to describe the ASBR in Category 4 (there is no Category 4 LSA in the area where ASBR is located).
OSPF areas are divided into two categories:
Transmission area: not only responsible for data whose source IP/destination IP is in this area, but also needs to bear data whose source and destination IP are not in this area (backbone area)
Terminal area: only need to bear the source IP/destination IP for the data of this area (non-backbone area)
OSPF special areas :
Stub area:
Category 4 and 5 LSAs are not allowed to enter, and Category 1, 2, and 3 details and a Category 3 default LSA (used to access external routes) are transmitted.
totally Stub area :
Category 3 detailed, Category 4, and Category 5 LSAs are not allowed to enter, and Category 1, Category 2, and a Category 3 default LSA are passed (used to access inter-area routing and external routing)
NSSA area:
Category 4 and Category 5 LSAs are not allowed to enter, and Category 1, Category 2, Category 3, Category 7 and a default Category 7 LSA (used to access external routes in other areas) are transmitted.
totally NSSA area:
Category 3 detailed, Category 4, and Category 5 LSAs are not allowed to enter, and Category 1, Category 2, Category 7, a Category 3 default LSA and a Category 7 default LSA are transmitted (the default Category 3 is used to access inter-area routing, default Provincial Category 7 is used to access external routes in other areas)
*The NSSA area accesses external routes through Category 7 LSAs (category 7 details are used to access external routes introduced in this area, and category 7 defaults are used to access external routes imported from other areas)
The difference between the Stub area (including stub and totally stub) and the NSSA area:
The stub area cannot import external routes, but the NSSA area can, but neither type 4 nor type 5 LSA is allowed to enter. Therefore, the NSSA area generates type 7 LSA to describe the external routes imported into this area.
NSSA LSA: Seven types of LSA
Used to describe the external routes of the NSSA area
LS ID: External routing destination network number
ADV router: RID of NSSA area ASBR
Category 7 LSAs are only allowed to be delivered within the NSSA area. Other areas cannot learn the external routes of the NSSA area. An ABR in the NSSA area is required to convert the Category 7 LSAs learned from the NSSA area into the corresponding Category 5 LSAs and deliver them to other areas (Seventh LSAs). to five). For other areas, the ABR that performs the seven-to-five action is the ASBR. Devices that are not in the same area as the ABR also need corresponding four types of LSAs.
| type |
LS ID |
generator |
delivery scope |
effect |
| router-LSA |
Producer's RID |
Every router running OSPF |
within the area |
Describe the routing and topology information of the P2P environment, and describe the topology information of the MA network |
| Network-LSA |
IP address of the DR interface |
The router where the DR is located |
within the area |
Describe routing information and topology information in MA environment |
| Network summary-LSA |
Destination network number |
ABR |
Inter-region/Intra-region |
Describe inter-area routing information |
| ASBR summary-LSA |
RID of ASBR |
ABR |
All areas except the area where ASBR is located and special areas |
Describe the location of ASBR |
| AS External-LSA |
destination network |
ASBR |
All areas except special areas |
Describe external routing information |
| NSSA-LSA |
destination network |
ASBR for NSSA region |
Delivered only in NSSA area |
Describe the external routing information of the NSSA area |
Route summary:
Inter-area route summary: For three types of LSAs, configure it on the ABR to reduce the generation of three types of LSAs.
External route summary: Configure on ASBR for Category 5 LSA/Category 7 LSA to reduce the generation of Category 5 LSA/Category 7 LSA
Command :
abr-summaryNetwork segment after summary (regional view)
asbr-summary summarized network segment (in process view)
Silent interface:
Silent-interface, when the ospf interface is connected to a non-router device, there is no need to establish an OSPF neighbor relationship. Sending OSPF messages will occupy link and device resources. In this case, the interface can be set as a silent interface.
Features:
No OSPF messages will be accepted/sent, but the directly connected routes of this interface can still be advertised to other OSPF neighbors.
Certification
Interface authentication:
Authentication is required for the device connected under this interface. Neighbor relationships can be established normally only after the authentication is passed.
Regional certification:
To authenticate routers in the entire area, their authentication mode, authentication password, etc. need to be the same (the key ID of MD5 also needs to be the same)
Configuration command:
Area authentication mode: All routers in an OSPF area must have the same authentication mode and password in the area.
Interface authentication mode: The authentication mode and password of the directly connected interface of the adjacent router must be consistent.
Interface authentication:
#Interface authentication[R2]interfaceGigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher Huawei
#AreaAuthentication[R2]ospf [R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode simplecipher Huawei