OSPF Stub region virtual link + + Certification

OSPF Overview

OSPF is an interior gateway protocol is used for routing within a single autonomous system. It is a typical link-state (Link-state) routing protocol.

OSPF is established by the state of the network interface between the router advertisement link state database, to generate the shortest path tree, OSPF each router uses the shortest path routing table. In an AS (Autonomous System, AS), all OSPF router maintains a database describing the AS same structure, which is stored in the database state information of the link of the routing domain.

As a link-state routing protocols, OSPF link state multicast data LSA (Link State Advertisement) transmitted to all routers within a certain area. After receipt of the LSA routers in the area, which will be placed in the LSDB (link state database, link database), the optimal path is calculated therefrom into the routing table.

The OSPF cost value to select the main paths, calculated as: $ {10} ^ {8} $ ÷ interface bandwidth. OSPF will conduct periodic, updated once every 30min, is an update on each LSA, we call this way to avoid it updated.

OSPF also has the concept of neighbors, neighbor relationship to maintain transmits the HELLO packet to the neighbors. 10s hair every time, if the neighbor does not receive a response within 40s neighbor is considered dead.
OSPF packets are directly encapsulated in the IP packet header transmitted.

OSPF several versions:

1. version 1, for the experimental environment
2. version 2, based on the version of IPv4
3. version 3, IPv6-based versions

OSPF of three tables:
Neighbor table. ip ospf neighbor Show
2.LSDB table. ip ospf Database Show
3. routing table. show ip route ospf

OSPF area characteristics:
1. The size of the routing table.
2. The local topology change will only have an impact on the region.
3. The details of the transfer LSA will only stay in the border area ABR (ABR area border router).
ASBR: Autonomous System Border Router (autonomous system boundary router), means connecting two routers running different network protocols.
4. having a hierarchical network.

It should be noted that the routers (area 0) in the backbone area are backbone routers.
A router connected to the backbone area and the usual area must be the ABR (ABR).

---

Several state of OSPF

1.Down: This state has not exchange information with other routers. First, the interface sends hello packets ospf outwardly therefrom, the DR also does not know (if it is a broadcast network) and any other routers. Multicast address 224.0.0.5 sending hello packets.

2.init state: the other party received a hello. But in this hello package also see that they are each other's neighbors, this state is called init state.

3..two-way state: the two sides have exchanged hello completed, the establishment of a neighbor relationship (note different from the adjacency), dr, bdr success of the elections, if both ends are drother router will be stuck in this state.

4.Exstart status: Prior to switching the LSA, both ends of the router chooses a master-slave relationship, determines who initiated first data (DBD, LSR, etc.), router-id greater becomes the master router, the first transmission, the RO from the relationship the state is called exstart state.

About router-id: router-id in ospf, the show played a role identity, different router-id that identity in a different router ospf process. Usually manually choose ip loopback interface address as the router-id router configuration. If no loopback interface, it may not be manually configured, the system automatically selects the largest physical interface ip address.

NOTE: router-id is not configured to 0.0.0.0 and 255.255.255.255.

5.Exchange status: The process of exchanging DBD, DBD own equivalent of a router link state database directory, the other received the DBD according to the directory to ask for the information they need in order to send LSR

6.Loading Status: neighbor receives the other sent to the LSR, LSU reply message to ask the other side, this is a learning process, called the loading state.

7.Full status: full adjacency state databases are synchronized, network convergence is completed, is the last to reach the normal state

8.Attempt state: It is only under special conditions, network status, is not supported by the network (non-broadcast network) broadcast, Ethernet is not, because the need to send ospf hello multicast, so in this network environment under, must be specified using unicast to send a hello, this state is called the attempt state.

Neighbor state machine:

The LSDB establishment procedure:

the OSPF illustrates several packets:

---

OSPF five kinds of network type
1. Internet point
generally refers to the early or T1 Frame Relay network serial network, i.e. line network.

It is connected to a separate network of a pair of routers, since only two routers on the link, and therefore skipped BR BDR election phase, directly into FULL state. On such a network, the target address of an OSPF packet 224.0.0.5 is used, this is called multicast address AllSPFRouters.

Such fast network convergence, so in practical applications, if the router apparatus between two different autonomous systems, then the switch is not connected, the two routers can be set to point to accelerate convergence network.
The Route (config) #interface S0 / 0
the Route (config-IF) #ip OSPF Network Point-to-Point

2. Broadcast Network

Such as Ethernet, Token Ring and FDDI, election over such networks DR and a BDR, the destination address of the packet OSPF DR / BDR transmitted is 224.0.0.5, the OSPF packet carrying the target MAC address of the frame is 0100.5E00.0005 ; in addition to the DR / BDR OSPF packet destination address is 224.0.0.6, the address called AllDRouters.

3. Non-broadcast type (NBMA) network

Such as X.25, Frame Relay, and ATM, do not have the ability to broadcast, so neighbors to manually specify, on such a network to elect DR and BDR, OSPF packets using unicast manner

4. multipoint networks

Is a special configuration of the NBMA network can be seen as a collection of point to point links. DR and BDR election is not over such a network.

The virtual link (virtual link)

OSPF packet sent in unicast manner

---

Six common LSA

The purpose of the LSA classification is to facilitate optimization, reducing the size of the routing table, allowing all kinds of LSA information transfer only in their own region, thereby saving resources of the device.

show ip ospf database to view the link state database.

A Class LSA (in the region of the entry O)

Router Link States: each router in the area will have a Router LSA, LSA propagation only in the region of this, the router described all links and interfaces, status and overhead. Notice of the self.

Two types of LSA (common but not important, just to show who is the DR)

Network LSA: In each of the multi-access network, this will produce DR Network LSA, it is only in this region is generated Network LSA flooding, describes all the routers connected to it (including itself DR).

Three LSA (LSA area between --- O IA)

Network Summary LSA: ABR to the origin, the destination address for announcing the outer region. When other routers receive Network Summary LSA from ABR will not run the SPF algorithm, just simple cost plus the cost to reach the ABR and Network Summary LSA contained by ABR, a route to the destination address and overhead together It was added to the routing table. LSA routing entries between such transmitting region, embodied as O IA entry in the link-state database.

Four types of LSA (common but not important, just to show who is ASBR)

ASBR Summary LSA: issued by the ABR, ASBR summary LSA in addition to the advertised destination is outside a ASBR rather than a network, the other with NetworkSummary LSA.

Five LSA (external autonomous system LSA --- OE)

AS External LSA: ASBR from the bottom of the router. Announcements from the external network to OSPF autonomous system or OSPF LSA default route outside the autonomous system. This LSA will be flooded in the whole AS.

Seven types of LSA (NSSA, completely non-distal region)

NSSA External LSA: from incomplete distal region (not-so-stubby area) within originating ASBR router LSA advertised. Only flooding, which is the difference in the LSA-Type5 NSSA area.

---

OSPF routing type

1, O intradomain routing
2 between O IA-domain routing
3, O E1 route outside, will accumulate metric value (default 20)
. 4, O E2 of the route outside, not accumulated metric value (default 20), by an external redistribution come default OE2.

Redistribution direct connect configuration command:

R(config)#router ospf 100
//若不选择则默认为O E2
R(config-router)#redistribute connected subnets metric-type 1或2

O E1 and the difference between the O E2:
they represent external routes 1 and 2 external routes, whether their difference is added internal routing (metric expenses). The default is O E2 just do not add internal routing, assume that the network is only one exit, then use OE1 and OE2 are the same;

A, if there are multiple ASBR declared a external routes AS external use only when outside the domain need to compare costs, just consider the external cost less on it, no need to consider internal overhead. So preference O E2.

B, single outlet (ASBR), do not count the cost computational domain has no meaning, so the default O E2.

C, if we have only one exit so O E2 can help us to solve all the problems, if we have multiple exits then we can use O E1, it will allow us to make routing decisions at the time to become more accurate. Therefore export more, recommended O E1.

comparing cost values:
O> O IA> O E1> E2 of O

Modify the cost value of the interface:
R & lt (config-IF) #ip OSPF cost value

In practice, if the bandwidth of the interface is higher than 100M, the default cost are 1, to ensure the accuracy of the calculated route, should be considered using the following command:
R & lt (config-Router) # Auto-bandwidth cost-Reference

---

OSPF route summarization

Basic arrangement;
R1

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0 
R1(config-if)#exit
R1(config)#interface f0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit
R1(config)#interface range f0/0 , loopback 0
R1(config-if-range)#ip ospf 100 area 1
R1(config-if-range)#exit
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 1.1.1.0 0.0.0.255 area 0
R1(config-router)#network 12.1.1.0 0.0.0.255 area 0
R1(config-router)#exit

R2

R2(config)#interface f1/0
R2(config-if)#ip address 23.1.1.1 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit
R2(config)#interface f0/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit
R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit
R2(config)#router ospf 100
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 2.2.2.0 0.0.0.255 area 0
R2(config-router)#network 12.1.1.0 0.0.0.255 area 0
R2(config-router)#network 23.1.1.0 0.0.0.255 area 1
R2(config-router)#exit
R2(config)#interface range f0/0 , loopback 0
R2(config-if-range)#ip ospf 100 area 1
R2(config-if-range)#exit
R2(config)#interface range f1/0 , loopback 0
R2(config-if-range)#ip ospf 100 area 0
R2(config-if-range)#exit

R3

R3(config)#interface f0/0
R3(config-if)#ip address 23.1.1.2 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface loopback 0 
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface f1/0
R3(config-if)#ip address 34.1.1.1 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#router ospf 100
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 3.3.3.0 0.0.0.255 area 0
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config-router)#network 34.1.1.0 0.0.0.255 area 2
R3(config-router)#exit 
R3(config)#interface range f0/0 , loopback 0
R3(config-if-range)#ip ospf 100 area 0
R3(config-if-range)#exit
R3(config)#interface range f1/0 , loopback 0
R3(config-if-range)#ip ospf 100 area 2
R3(config-if-range)#exit
R3(config)#interface loopback 1
R3(config-if)#ip address 172.16.1.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface loopback 2
R3(config-if)#ip address 172.16.2.1 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface loopback 3
R3(config-if)#ip address 172.16.3.1 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface range loopback 1 - 3
R3(config-if-range)#ip ospf 100 area 0
R3(config-if-range)#exit

R4

R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown     
R4(config-if)#exit
R4(config)#interface f0/0
R4(config-if)#ip address 34.1.1.2 255.255.255.0
R4(config-if)#no shutdown 
R4(config-if)#exit
R4(config)#router ospf 100
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 34.1.1.0 0.0.0.255 area 2
R4(config-router)#network 4.4.4.0 0.0.0.255 area 2
R4(config-router)#exit
R4(config)#interface range f0/0 , loopback 0
R4(config-if-range)#ip ospf 100 area 2
R4(config-if-range)#exit
R4(config)#interface loopback 1
R4(config-if)#ip address 192.16.1.1 255.255.255.0
R4(config-if)#no shutdown 
R4(config-if)#exit
R4(config)#interface loopback 2
R4(config-if)#ip address 192.16.2.1 255.255.255.0
R4(config-if)#no shutdown 
R4(config-if)#exit
R4(config)#interface loopback 3
R4(config-if)#ip address 192.16.3.1 255.255.255.0
R4(config-if)#no shutdown 
R4(config-if)#exit

Basic Configuration As
we now to view the OSPF routing table on R1, and to compare the results of subsequent operations.

R1(config)#do show ip route ospf
     34.0.0.0/24 is subnetted, 1 subnets
O IA    34.1.1.0 [110/3] via 12.1.1.2, 00:38:43, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/2] via 12.1.1.2, 00:46:23, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/3] via 12.1.1.2, 00:38:38, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 12.1.1.2, 00:38:33, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
O IA    23.1.1.0 [110/2] via 12.1.1.2, 00:46:23, FastEthernet0/0
     172.16.0.0/32 is subnetted, 3 subnets
O IA    172.16.1.1 [110/3] via 12.1.1.2, 00:22:12, FastEthernet0/0
O IA    172.16.3.1 [110/3] via 12.1.1.2, 00:22:12, FastEthernet0/0
O IA    172.16.2.1 [110/3] via 12.1.1.2, 00:22:12, FastEthernet0/0
O E2 192.16.1.0/24 [110/20] via 12.1.1.2, 00:03:03, FastEthernet0/0
O E2 192.16.2.0/24 [110/20] via 12.1.1.2, 00:00:40, FastEthernet0/0
O E2 192.16.3.0/24 [110/20] via 12.1.1.2, 00:00:08, FastEthernet0/0

OSPF routing operations required to do under the summary process.

1. inter-domain Summary : Summary internal OSPF autonomous system, the summary operation to do on the ABR.

To receive route summarization R1, R2 because the routing is emitted from the f0 / 0 ports and aggregated, it should be disposed on R2.

R2(config)#router ospf 100
//为area 0做域间汇总汇总
R2(config-router)#area 0 range 172.16.0.0 255.255.252.0
R2(config-router)#exit

At this point, check the OSPF routing table on R1, you can see the route has been summarized:

R1(config)#do show ip route ospf
     34.0.0.0/24 is subnetted, 1 subnets
O IA    34.1.1.0 [110/3] via 12.1.1.2, 01:27:21, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/2] via 12.1.1.2, 01:35:02, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/3] via 12.1.1.2, 01:27:16, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 12.1.1.2, 01:27:12, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
O IA    23.1.1.0 [110/2] via 12.1.1.2, 01:35:02, FastEthernet0/0
     172.16.0.0/22 is subnetted, 1 subnets
O IA    172.16.0.0 [110/3] via 12.1.1.2, 00:01:02, FastEthernet0/0
O E2 192.16.1.0/24 [110/20] via 12.1.1.2, 00:00:57, FastEthernet0/0
O E2 192.16.2.0/24 [110/20] via 12.1.1.2, 00:00:57, FastEthernet0/0
O E2 192.16.3.0/24 [110/20] via 12.1.1.2, 00:00:57, FastEthernet0/0

2. Extraterritorial Summary : outside the OSPF autonomous system summary, the summary operation to do on the ASBR.

Summary inter-domain with the same external routing entry issued after the summary by the ASBR routers. To R4, for example:

R4(config)#router ospf 100
R4(config-router)#summary-address 192.16.0.0 255.255.252.0
R4(config-router)#exit

See case OSPF routing table on R1 as follows:

R1(config)#do show ip route ospf
     34.0.0.0/24 is subnetted, 1 subnets
O IA    34.1.1.0 [110/3] via 12.1.1.2, 01:34:10, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/2] via 12.1.1.2, 01:41:51, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/3] via 12.1.1.2, 01:34:05, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 12.1.1.2, 01:34:01, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
O IA    23.1.1.0 [110/2] via 12.1.1.2, 01:41:51, FastEthernet0/0
     172.16.0.0/22 is subnetted, 1 subnets
O IA    172.16.0.0 [110/3] via 12.1.1.2, 00:07:51, FastEthernet0/0
O E2 192.16.0.0/22 [110/20] via 12.1.1.2, 00:01:34, FastEthernet0/0

Can be seen, O E2 entry to a summary from the original three.

---

OSPF authentication

There are two OSPF authentication: interface authentication and certification area .

Each type of certification can be divided into the following three: type0 means no authentication, type1 represents plain text authentication, type2 means MD5 authentication. By default no authentication is omitted here to talk about.
Certification is sent in clear text password for authentication, and MD5 authentication is sent message digest.

1. Interface Certification

• Plaintext authentication
  to R1, for example

R1(config)#interface f0/0
//设置密码
R1(config-if)#ip ospf authentication-key  cisco
//启用认证
R1(config-if)#ip ospf authentication
R1(config-if)#exit

After configuration, you'll be prompted neighbor R2:

now configured on the neighbor R2:

R2(config)#interface f0/0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#ip ospf authentication
R2(config-if)#exit

Following interface will appear on the R1, represents plain text authentication is successful

• Ciphertext certification

R1:

R1(config)#interface f0/0
//启用密文认证
R1(config-if)#ip ospf authentication message-digest
//设置密码 
R1(config-if)#ip ospf message-digest-key 1 md5 cisco
R1(config-if)#exit

R2:

R2(config)#interface f0/0
R2(config-if)#ip ospf authentication message-digest 
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
R2(config-if)#exit

R1 View neighbors:

2. Regional Certification

• Plaintext authentication

R1:

R1(config)#interface f0/0
//设置明文密码
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#exit
R1(config)#router ospf 100
//面向area 1开启认证
R1(config-router)#area 1 authentication 

R2:

R2(config)#interface f0/0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#exit
R2(config)#router os
R2(config)#router ospf 100
R2(config-router)#area 1 authentication 
R2(config-router)#exit

• Authentication ciphertext
  R1:

R1(config)#interface f0/0
R1(config-if)#ip ospf message-digest-key 1 md5 cisco
R1(config-if)#exit
R1(config)#router ospf 100
R1(config-router)#area 1 authentication message-digest 
R1(config-router)#exit

R2:

R2(config)#interface f0/0
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
R2(config-if)#exit 
R2(config)#router ospf 100
R2(config-router)#area 1 authentication message-digest 
R2(config-router)#exit

Summary: ciphertext certification are required to set encryption and password at the interface.

---

OSPF default route

1. To load the default route, proved to be GW, and there is a default route points to the public network. Hair default route using OSPF, the route entry is issued to O E2.
R1

R1(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.2

R2

R2(config)#router ospf 100
//下发默认路由
R2(config-router)#default-information originate 
R2(config-router)#exit

2. Another situation: No public network routing point, but requires issued default route.
R2

//强制下发默认路由
R2(config-router)#default-information originate always 
//选择版本，O E1或O E2
R2(config-router)#default-information originate always metric-type ?
  <1-2>  OSPF Link State type

---

OSPF virtual link

Definition: virtual connection is provided between the two routers, a router has two ports connected to the same non-backbone area. Virtual link is considered to belong to the region of the backbone, in the OSPF routing protocol opinion, a virtual link two routers are connected together in a point to point link. In the OSPF routing protocol, routing information is a virtual connection route art to look at.

Usage scenarios: When OSPF routing network situation occurs between conventional area interconnected with each other, such as face some mergers or acquisitions need temporary information synchronization, then you can get through a regular inter-regional tunnel to connect, so that the general area information can be transmitted to the communication backbone area. Configure virtual links through which the area is known as the transmission area.

Experiments now modify the topology shown above. Now the loopback interface 4.4.4.4 R4 and R1 generates a communication like.

FIG above as an example, does not belong 4.4.4.4 OSPF network, to communicate with the area 0, an interval of the Area 1 and area 2 needs to do one by one due to the virtual link configuration virtual link is bidirectional, so that the message sent by the distance You need to do configuration, the reply message back from the need to do configuration.
R2

R2(config)#router ospf 100
//R2本身在area 0内，故只需要对返回的路程做配置
R2(config-router)#area 1 virtual-link 3.3.3.3  

R3

R3(config)#router ospf 100
//R3不在area 0内，故报文来时的通道需要做一次配置
R3(config-router)#area 1 virtual-link 2.2.2.2
//报文返回时做一次配置
R3(config-router)#area 2 virtual-link 4.4.4.4

R4

R4(config)#router ospf 100
//报文发送往area 0的通道进行配置
R4(config-router)#area 2 virtual-link 3.3.3.3

Now check the OSPF routing table on R1:

R1(config)#do show ip route ospf
     34.0.0.0/24 is subnetted, 1 subnets
O IA    34.1.1.0 [110/3] via 12.1.1.2, 00:04:12, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 12.1.1.2, 00:04:12, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/3] via 12.1.1.2, 00:04:12, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 12.1.1.2, 00:04:12, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
O IA    23.1.1.0 [110/2] via 12.1.1.2, 00:04:12, FastEthernet0/0
     172.16.0.0/32 is subnetted, 3 subnets
O       172.16.1.1 [110/3] via 12.1.1.2, 00:04:12, FastEthernet0/0
O       172.16.3.1 [110/3] via 12.1.1.2, 00:04:12, FastEthernet0/0
O       172.16.2.1 [110/3] via 12.1.1.2, 00:04:12, FastEthernet0/0
O E2 192.16.0.0/22 [110/20] via 12.1.1.2, 00:04:12, FastEthernet0/0

Verifiable: virtual link has been opened, may communicate with the external information area 0 backbone area.

---

PW certification

Interface with certification and regional certification as certified virtual link there, it was all for the sake of the security of information and.

• Plaintext authentication

R2

R2(config)#router ospf 100
//通往目标地址的虚链路设置密码
R2(config-router)#area 1 virtual-link 3.3.3.3 authentication-key cisco
//启用密码认证
R2(config-router)#area 1 virtual-link 3.3.3.3 authentication

R3

R3(config)#router ospf 100
R3(config-router)#area 1 virtual-link 2.2.2.2 authentication-key cisco
R3(config-router)#area 1 virtual-link 2.2.2.2 authentication

Because in the same area, so the area 2 the R4 do not need authentication, Rl in the area 0 do not require authentication. In this case R1 may already receive the packet from the area 2.

• Ciphertext certification

R3(config)#router ospf 100
//启用密文认证
R3(config-router)#area 1 virtual-link 2.2.2.2 authentication message-digest
//设置密文认证的密码
R3(config-router)#area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco

---

Stub Area

In OSPF network, not every router needs of network information outside the autonomous system, in order to reduce flood LSA flood volume and routing table entries, create stub area (stub), located Stub border ABR will declare a default route to all Stub routers inside the area, does not accept the AS external information, class 4 also rejected the LSA, Stub area can not contain the ASBR (also unless ABR ASBR)

On the basis of the stub area, if neither accepted nor to accept external route summary routes to other areas within the autonomous system, called the distal region is totally stubby area.

The backbone can not be configured to Stub or the Totally Stub area.
When an area is configured as Stub area, all routers in the area must be configured with the stub command.
When an area is configured to Totally Stub area, all routers must be configured with the stub area command, the ABR in the region need to configure the router stub no-summary command.

4 stub area optimized out classes and 5 LSA, and ABR generates a default route class 3 in the region.

Distal region completely optimized out of the class 3 and LSA ABR generates a class 3 O * IA default route in this region.

R1

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit
R1(config)#interface f0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 1.1.1.0 0.0.0.255 area 1
R1(config-router)#network 12.1.1.0 0.0.0.255 area 1
R1(config-router)#exit

R2

R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit
R2(config)#interface f0/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit
R2(config)#interface f1/0
R2(config-if)#ip address 23.1.1.1 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit
R2(config)#router ospf 100
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 2.2.2.0 0.0.0.255 area 1
R2(config-router)#network 12.1.1.0 0.0.0.255 area 1
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R2(config-router)#exit

R3

R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface f0/0
R3(config-if)#ip address 23.1.1.2 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface f1/0
R3(config-if)#ip address 34.1.1.1 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#interface f0/0
R3(config-if)#ip address 23.1.1.2 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit
R3(config)#router ospf 100
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 3.3.3.0 0.0.0.255 area 0
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config-router)#exit
R3(config)#router eigrp 100
R3(config-router)#no auto-summary 
R3(config-router)#network 34.1.1.0 0.0.0.255
//将eigrp的路由条目重分发进ospf中
R3(config-router)#redistribute eigrp 100 subnets 
R3(config-router)#exit

R4

R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown 
R4(config-if)#exit
R4(config)#interface f0/0
R4(config-if)#ip address 34.1.1.2 255.255.255.0
R4(config-if)#no shutdown 
R4(config-if)#exit
R4(config)#router eigrp 100
R4(config-router)#no auto-summary 
R4(config-router)#network 34.1.1.0 0.0.0.255
R4(config-router)#network 4.4.4.0 0.0.0.255

• Configure stub area

R1(config)#router ospf 100
R1(config-router)#area 1 stub 

R2(config)#router ospf 100
R2(config-router)#area 1 stub 

See in this case the routing table R1, can be found in the LSA 4 class 5 class, i.e., O E2 entry is optimized out.

R1(config-router)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 12.1.1.2 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 12.1.1.2, 00:26:19, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/3] via 12.1.1.2, 00:26:19, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
O IA    23.1.1.0 [110/2] via 12.1.1.2, 00:26:19, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 12.1.1.2, 00:26:20, FastEthernet0/0

• Configuring totally stubby area

R1(config)#router ospf 100
R1(config-router)#area 1 stub 

//在ABR上进行配置
R2(config)#router ospf 100
R2(config-router)#area 1 stub no-summary 

See verify the routing table described earlier.

R1(config-router)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 12.1.1.2 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 12.1.1.2, 00:38:06, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 12.1.1.2, 00:00:38, FastEthernet0/0

---

OSPF prefix suppression

All of the network route and host route matches the network segment when OSPF on the interface will enable network segment posted by LSA, but sometimes host routes or route segments are not want to be released. By inhibiting the prefix configuration can reduce the LSA does not need to carry a prefix that is not to publish certain network route and a host route, thereby enhancing network security, speed up route convergence.

When the enable suppression prefix, as follows:

· P2P and P2MP network types: Type-1 LSA not release the primary address of the interface, i.e., Type-1 LSA in the link type is Stub link 3 is suppressed, the interface is not generated route, but other routes may be calculated correctly, It will not affect the traffic forwarding.

Broadcast type or NBMA network: DR release of Type-2 LSA field is filled into the mask 32, i.e., do not generate network route, but other routes may be calculated normally, without affecting the traffic forwarding. Further, if no neighbors, publishing the Type-1 LSA is not released in the primary address of the interface, i.e., Type-1 LSA in the link type is Stub link 3 is suppressed.

If you need to suppress the prefix release recommend the entire OSPF network are configured in this command.
Configure the prefix suppression process:

R1(config)#router ospf 100
R1(config-router)#prefix-suppression

R2(config)#router ospf 100
R2(config-router)#prefix-suppression

R3(config)#router ospf 100
R3(config-router)#prefix-suppression

Features: By default, the OSPF process, the prefix does not inhibit release.

The interface can not be suppressed from the corresponding address prefix, LoopBack and the interface state is suppressed.

Configuration port prefix inhibition:
by R1, for example, all devices within the entire network need to be configured OSPF

R1(config)#interface f0/0
R1(config-if)#ip ospf prefix-suppression disable

---

NSSA

Function Description: Stub area can not redistribute routes, in order to allow external route advertised to OSPF routing domain portion while maintaining the rest of the features Stub area, the network administrator can configure an NSSA area. NSSA area is also located in a non-backbone areas AS edge.

No-summary parameter specifies the area may be configured to Totally NSSA region, ABR does not pass the region between the area to the routing information of the region when nssa command.

Note: The backbone area can not be configured as an NSSA Totally NSSA area or region.

If you want to configure an area as NSSA area, the area of all the routers must be configured nssa command.

When an area is configured to Totally NSSA region, routers in the area must nssa command, the ABR region of the router needs to be configured nssa no-summary command.

NASS area

R3(config)#router ospf 100
R3(config-router)#area 2 nssa 

R4(config)#router ospf 100
R4(config-router)#area 2 nssa 

R5(config)#router ospf 100
R5(config-router)#area 2 nssa 
//下发默认路由
R3(config-router)#area 2 nssa default-information-originate 

R3 on the routing table shown below:

visible, class 5 to 7 LSA is optimized based routing entries ON.

Totally NSSA area
R3

R3(config)#router ospf 100
R3(config-router)#area 2 nssa no-summary 

R4

R4(config)#router ospf 100
R4(config-router)#area 2 nssa 

In this case R4 in the routing table See:

found Totally NSSA region optimized out routing entries 3 and class-based routing entries uploaded from 4.5 to ABR generates a default route class 3 O * IA ABR point, and to bring ASBR 5 came into OE conversion based routing class 7 LSA. Thereby reducing the routing table, device processing improves the performance of routing entries .

References: Xinhua three Group - Technical -IP Routing Configuration Guide