Getting started
OSPF protocol is widely used routing protocol for IP networks. Basic principles that form a current version of protocol are outlined in RFC 2328. OSPF protocol is a classical Link-State protocol which delivers the following functionality:
- no limitation for the network size
- routes information update sending using multicast addresses
- high speed route definition
- using authentication procedure while routes updating
- classless routing support.
NOTE
In case OSPF traffic is processed by the switch group with SVI interface attached you can only use the IP-address assigned to SVI interface to establish the neighbor relationships with other devices.
Example of a correct configuration:
#interfaces parameters ifc svi1 mtu 1500 up group 1 ifc svi1 192.168.1.1/24 #OSPF configuration ospf start ospf interface svi1 ospf router ospf network 192.168.1.0/24 area 0.0.0.0 ospf end
If you have to use the physical interface to establish OSPF neighbor relationships using IP-address assigned to Ethernet interface there are two options:
- Interface must be added to a switch group with no SVI attached (make sure traffic is not processed by another switch group).
- Interface must not be included into any switch group.
Command language. Basic principles
OSPF has its own CS. To enter the shell, execute the following command:
#1> ospf OSPF>
Commands entered in CS are not case-sensitive and can be shortened until ambiguity appears. To get a quick hint you can press “?” at any time:
OSPF>? configure Configuration from vty interface end End current mode and change to root mode (CTRL+C). exit Back to WANFleX command shell (CTRL+D). help Print command list show Show running system information OSPF>
CS can work in different modes. Current mode is displayed along with command prefix as “OSPF(mode)#”. For example, if "configure" command is entered, CS switches to config mode:
OSPF> configure OSPF(config)#
The following figure shows the transition scheme between different modes of CS.
Every mode has its own set of commands. The following commands are available in any mode:
- "Help" – prints the list of commands for the current mode
- "End" – goes back from the current mode to the base mode
- "Exit" – exit to WANFleX CLI from OSPF CS.
At the start, CS is in the base mode which has a set of commands to view current router state. In order to switch to the configuration mode you should have superuser rights. After entering a configuration mode, the configuration is being blocked and entering in this mode from other terminal (e.g. other telnet session) is prohibited. In order to avoid a “dead” block of the session, CS automatically quits the configuration mode after five minutes of no activity.
Context help is always available using “?”. For example,
OSPF> config OSPF(config)#? access-list Add an access list entry clear Reset functions end End current mode and change to root mode (CTRL+C). exit Back to WANFleX command shell (CTRL+D). help Print command list interface Select an interface to configure no Negate a command or set its defaults prefix-list Build a prefix list route-map Create route-map or enter route-map command mode router Enable a routing process show Show running system information stop stop OSPF(config)# interface? IFNAME Interface's name OSPF(config)# interface eth0 OSPF(config-if)#? authentication Enable authentication on this interface authentication-key Authentication password (key) cost Interface cost dead-interval Interval after which a neighbor is declared dead description Interface specific description end End current mode and change to root mode (CTRL+C). exit Back to WANFleX command shell (CTRL+D). hello-interval Time between HELLO packets help Print command list message-digest-key Message digest authentication password (key) network Network type no Negate a command or set its defaults priority Router priority retransmit-interval Time between retransmitting lost link state show Show running system information transmit-delay Link state transmit delay OSPF(config-if)#
After quitting CS using “exit” command (or Ctrl+D), CS stays in the last active mode.
Commands may have different parameters. Commands parameters are specified in several formats. Parameter’s format is described in the context help or in the list of commands ("help" command) in the following way:
- "A.B.C.D" – a parameter is set in IP-address format. Example: "192.168.0.15"
- "WORD" – a set of characters with no spaces
- "<1-N>" - a parameter is set as a decimal number in a range from 1 to N
- "A.B.C.D/M" – a parameter is set in a format IP-address/subnet mask length. Example: "192.168.0.0/24"
- "IFNAME" – name of a physical network interface. Example: "eth0".
If a parameter can be written in different formats, it will be displayed in round brackets, the options are separated by “|” character. Example: "(A.B.C.D|<0-4294967295>)".
If a parameter is optional, it is put into square brackets: “[]”.
Any command may contain “no” prefix. Having this prefix in the command means deleting a corresponding parameter from the configuration.
Start / stop of OSPF
Start of OSPF router is executed by the following command:
ospf start
In order to stop OSPF, execute the following command in "config" mode:
stop (daemon|clear)
Example,
>ospf OSPF> configure OSPF(config)# stop daemon
If “stop” command is executed with clear parameter, the router will clear its part of the system configuration prior to quitting CS.
Router identifier
Every OSPF router has a unique identifier. Identifier is a 32-bit integer. In order to assign an identifier, execute the following command in "config-router" mode:
router-id A.B.C.D
Example,
OSPF>configure OSPF(config)# router OSPF(config-router)# ospf router-id 195.38.45.107 OSPF(config-router)#
If identifier was not set by administrator, the router will automatically assign an identifier which equals to a maximal (by value) IP-address from all IP-addresses participating in OSPF system.
To cancel identifier assigning, use the following command:
no router-id
Filters
In many parameters of the router participating in the configuration filters are used. Filters are represented by two classes of objects:
- Access lists (access-list)
- Prefixes lists (prefix-list).
Access lists consist of a set of operators. Each operator consists of a range of IP-addresses and "deny" or "permit" command. The range of addresses is set as "<value> <mask for insignificant bits>". The object to be filtrated has its basic parameter in the same format (IP-address, subnet etc). To make a decision whether the object corresponds with a list, each operator from the list is consequently applied to the basic parameter of the object until this parameter satisfies the condition. When a right condition is met, the decision is made according to the record in the command of the operator ("deny" or "permit").
In OSPF router there are three types of access lists:
- Standard. Is identified by numbers 1-99 or 1300-1999 and is used to analyze one parameter of filtration object.
- Extended. Is identified by numbers 100-199 or 2000-2699 and is used to analyze two parameters of filtration object (for example, source address and destination address).
- Nominate. Identical to Standard but is identified by a name (not number). Moreover, operators are configured in the format of "<value>/<mask length>".
In order to create or edit an access list in OSPF router the following commands are used (in "config" mode):
- Standard access lists
| access-list | (<1-99>|<1300-1999>) | (deny|permit) | A.B.C.D | A.B.C.D |
|---|---|---|---|---|
| List identifier | Command | value | Mask of bits | |
| Range of values for the parameter | ||||
This command creates an operator in a standard access list. Value and mask define a range (criteria) for the operator. The mask defines those bits of the value which form the range. For example, in order to specify the range of IP-address from 192.168.12.0 to 192.168.255, one should specify the value of 192.168.12.0 and a mask of 0.0.0.255. For the value and mask of 0.0.0.0 255.255.255.255 there is a key word any. For example, the command:
OSPF(config)# access-list 1 permit 0.0.0.0 255.255.255.255
is equal to the command:
OSPF(config)# access-list 1 permit any
Correspondingly, for the range which consists of only one address, the key word host is used.
For example, the command:
OSPF(config)# access-list 1 permit 192.168.12.150 0.0.0.0
is equal to the following command:
OSPF(config)# access-list 1 permit host 192.168.12.150
- Extended access lists
| access-list | (<100-199>|<2000-2699>) | (deny|permit) | ip | A.B.C.D A.B.C.D | A.B.C.D A.B.C.D |
|---|---|---|---|---|---|
| List identifier | command | The range of source addresses | The range of destination addresses |
- Nominate access lists
| access-list | WORD | (deny|permit) | A.B.C.D/M | [exact-match] |
|---|---|---|---|---|
| List identifier | command | Range | The requirement for the exact match of a parameter to the range |
In this case the list identifier is a character expression. The range is specified in a format of "<value>/<mask length>". For example, if we need to specify the range of IP-addresses from 192.168.12.0 to 192.168.12.255, 192.168.12.0/24 is specified. For 0.0.0.0/0 range the key word any can be used. For example,
OSPF(config)# access-list TestList1 deny 192.168.1.0/24 OSPF(config)# access-list TestList1 permit any
While configuring, the operators are appended to the end of the list.
Lists of prefixes are different from access lists so that each operator has a number aside from a range (condition). Moreover, when a check for the parameter to fit into an operator’s range is performed, one can set up additional condition for the parameter’s mask length.
| prefix-list | WORD | [seq <1-4294967295>] | (deny|permit) | A.B.C.D/M | [ge <0-32>] [le <0-32>] |
|---|---|---|---|---|---|
| List identifier | Operator’s position number | Command | Range | The range of the permitted mask length |
If a sequential number is not specified the router sets it up automatically by adding 5 to the number of the last operator in a list. Thus, the operator will have the biggest number and will be placed in the end of the list.
Link state advertisment
The router can advertise its link states of two types:
- Internal links. These are links which destinations are addresses of the subnets to which a router is connected directly (using one of its network interfaces) and which are described in OSPF router configuration.
- External links. Links which destinations are route’s destinations configured in WANFleX. These can be static routes (route add (kernel)) or routes which appear in the routing table by assigning IP-address (alias) to one of physical network interfaces (connected).
In order to advertise an internal link, a subnet should be specified which destination is an advertised link. This can be done in "config-router" mode:
network A.B.C.D/M area (A.B.C.D|<0-4294967295>)
Network is specified by router’s IP-address/mask which belongs to this network. Area ID can be inputted either in IP-addresses format or in decimal number format.
Example,
OSPF>configure OSPF(config)# router OSPF(config-router)# network 4.7.8.32/24 area 0.0.0.1 OSPF(config-router)# network 192.168.15.1/24 area 0 OSPF(config-router)#
If none of router’s network interfaces has an IP-address from specified subnet, OSPF will not advertise this link although this network will be in configuration (inactive link).
Thus, the router obtains an internal link (for OSPF system) for which a given network is a destination. If this network is a physical interface address (point-to-point) the router gets an internal link with a router ID destination which is connected on the opposite end of point-to-point link.
To cancel internal link advertising use the command:
no network A.B.C.D/M area (A.B.C.D|<0-4294967295>)
In some cases there is a necessity to advertise internal links automatically for the selected network interface. It becomes important when IP-addresses of this interface (aliases) are created and deleted automatically, for example, when CPEs are connecting to the BS via radio. To implement this, use the command in "config-router" mode:
auto-interface IFNAME area (A.B.C.D|<0-4294967295>)
In the command an area ID is specified to which networks (destinations) will be deferred. To cancel an automatic links advertisement for this interface, use the command in "config-router" mode:
no auto-interface IFNAME
To define criteria according to which a router will advertise the link, use the command in "config-router" mode:
distribute-list WORD out (kernel|connected|static)
If this filter is not defined the router will advertise all links of the specified type of a system table, if they are not dejected by route-map configured in redistribute command parameters.
All links of this type are advertised as external type links with metric type 1 or 2 (External Type1|2). Information about external links is spread all over OSPF domain (not only in the area). Stub areas are an exception to which the information about external links is advertised as default gateway through the area border router (ABR) of the area. Two types of metric differ in a way that metric type 1 is a metric which is “commensurable” with inner OSPF links. When calculating a metric to the external destination, the full path metric is calculated as a sum of a path metric of a router which had advertised this link plus the link metric. Thus, a route with the least summary metric will be selected. If external link is advertised with metric type 2 the path is selected which lies through the router which advertised this link with the least metric despite of the fact that internal path to this router is longer (with more cost). However, if two routers advertised an external link and with metric type 2 the preference is given to the path which lies through the router with a shorter internal path. If two different routers advertised two links to the same external destimation but with different metric type, metric type 1 is preferred.
WORD – access list identifier to which destination of system routing table should respond.
Value and type of a metric for external links can be defined in route-map. In this case a type and value of a metric can be defined depending on route parameters (interface, gateway, destination etc).
If type and/or value of a metric left undefined the router will consider these external links to have a default metric and type 2. Default metric is specified using the following command:
default-metric <0-16777214>
If default metric is not defined, it equals 1.
In "redistribute kernel" mode the router will not make an advertisement into OSPF system about having as link to default gateway (destination = 0.0.0.0/0 network), even if it is clearly written in the routing table by the administrator. In order for the router to advertise its link to the default gateway it is necessary to clearly force him to do that using a command in "config-router" mode:
default-information originate [always] [metric-type (1|2)] [metric <0-16777214>] [route-map WORD]
"metric-type (1|2)" and "metric <0-16777214>" attributes define the same parameters of the external link for "redistribute" command. They are also not mandatory. This command also has one optional attribute – always. This attribute makes a router to advertise its default gateway link even if the route is not in the routing table.
To cancel advertising of an external link to default gateway use the command:
no default-information originate
The following command allows setting summary address for the external routes that are injected into theOSPF domain via redistribution:
ospf config router summary-address A.B.C.D/M [metric M] [metric-type T]
In case there is one or more external routes having network prefixes totally covered by the "summary-address" network (A.B.C.D/M) then only the summary route for the A.B.C.D/M network will be announced but not the external routes. Coupled with the accurate address space management this command allows to reduce the number of external network prefixes in the OSPF domain significantly.
To view the list of the possible summary networks and a number of the network prefixes that can be replaced with a summary route use the following command:
ospf show summary-address [detail]
“Detail” option enables detailed output of the command.
NOTE
This command may be used as a tip while planning the network.
Route map (route-map)
For more flexible configuration of metric type and its value for external links, one can use a route-map. Route-map is a set of conditional records. Each record has its number in the map, a condition of correspondence for the importing route of the record, actions to be done with a resulting object in case of its correspondence, resulting action (deny, permit) etc. Routes are listed in the route-map according to their number in ascending order. If a route satisfies a record’s condition:
- If a resulting action is deny, the route is denied, review of map’s records is aborted and a resulting object is cancelled (link is not advertised)
- If a resulting action is permit, all actions specified in the record are performed for a resulting object. Further, records viewing is stopped or, if specified in the scenario, it is resumed depending on the option specified in the scenario:
- "on-match next" – viewing is continued from the record which follows a current record
- "on-match goto <N>" - viewing is continued from the record which number is more or equal N but is not less than current number.
In order to configure a route-map, the following command is used in config mode:
route-map WORD (deny|permit) <1-65535>
where "WORD" – route-map identifier. This identifier is followed by a resulting action and the number of the record. If a record with a specified number does not exist it will be automatically created. After executing this command, CS switched to the mode for editing a selected route-map. For example,
OSPF> configure OSPF(config)# route-map testmap permit 10 OSPF(config-route-map)#
After that, a condition of match between imported route and current record is specified. The following commands are used in "config-route-map" mode:
match address (<1-199>|<1300-2699>|WORD) match address prefix-list WORD match interface WORD match next-hop (<1-199>|<1300-2699>|WORD) match next-hop prefix-list WORD
These commands set matching conditions for the route according to three different parameters: destination, gateway (next hop) and interface. For every record it is permitted to set a number of different conditions. If several conditions are specified they will be conjugated by logical “and”. In "match next-hop" and "match address" command a filtration object is specified (number or name): number or name of "access-list" or "prefix-list" name. In this case the condition will be satisfied if a corresponding route’s parameter belongs to the specified filtering list, according to the rule corresponding to the list type. In "match interface" command a network interface name is specified to which a route (link) belongs.
If a route matches to all record’s rules one can set values for route metric and/or metric type for a link which if formed from this router using commands in "config-route-map" mode:
set metric <0-4294967295> set metric-type (type-1|type-2)
The next step for the record’s behavior, after all conditions are matched by the route, can be configured using one of the following commands:
on-match goto <1-65535> on-match next
Configuration example:
OSPF> configure OSPF(config)# access-list AnyNetwork permit any OSPF(config)# access-list net200 permit 192.168.200.0/24 OSPF(config)# route-map mapForConnected permit 10 OSPF(config-route-map)# match address net200 OSPF(config-route-map)# set metric 7 OSPF(config-route-map)# route-map mapForConnected deny 11 OSPF(config-route-map)# match address AnyNetwork OSPF(config-route-map)# router OSPF(config-router)# redistribute connected route-map mapForConnected OSPF(config-route-map)#
In this configuration the router will advertise external links formed from the connected routes of the system routing table with metric type 2. With this, if a destination for this route is 192.168.200.0/24 network the formed link will have metric 7, any other destination will not lead to external link’s advertising it.
Link metric
Link metric is a cost of traffic delivery through its network interface. OSPF router automatically calculates the cost of internal link taking physical interface’s capacity to which link belongs into consideration:
M = reference_bandwidth/bandwidth.
- reference_bandwidth – by default equals 100 Mbit/sec
- bandwidth – a capacity (bandwidth) of a physical network interface to which the link belongs.
Reference bandwidth can be modified using the following command in "config-router" mode:
auto-cost reference-bandwidth <1-4294967>
The parameter is specified in Mbit/sec.
A method for metric configuration described above is used for all links for which interfaces a specific cost is not set. To set an individual cost (metric) for links one can using the following command in "config-if" mode:
cost <1-65535> [A.B.C.D]
In order to get into "config-if" mode for the particular interface, the following command is used:
interface IFNAME
Example,
OSPF> configure OSPF(config)# interface eth0 OSPF(config-if)# cost 4 192.168.15.1 OSPF(config-if)#
In cost command an IP-address is specified which is assigned to the interface in a subnet which is connected to this subnet. If this parameter is not specified every link for this interface will have a specified cost (metric) regardless from the destination subnet.
OSPF system areas
OSPF protocol has an ability to join adjacent networks and hosts into special groups. This group along with a router that has a link to one (any) of the networks included into the group is called an area. In each area an independent copy of OSPF is functioning. That means that each area has its own database and a corresponding graph.
A router that is configured to advertise only internal links is called an internal router (IR). A router connected to networks in more that one area is called area border router (ABR). A router that advertises its link to external destinations (redistribute command) is called AS Boundary Router (ASBR).
Each area is assigned a unique identifier area-id. An area with area-id equal to zero is called a backbone of OSPF system. OSPF backbone area always includes all ABR. Backbone area is responsible for routing information distribution between other (non-backbone) areas. Backbone area should be contiguous but it does not always imply a physical adjacency – backbone connections can be organized using virtual connections.
ABR models
OSPF router supports four models of ABR:
- cisco – a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area. Moreover, the link to the backbone area should be active (working).
- ibm – identical to cisco model but in this case a backbone area link may not be active
- standard – a router has several active links to different areas
- shortcut – identical to standard but in this model a router is allowed to use a topology of connected areas without involving a backbone area for inter-area connections.
Details on "cisco" and "ibm" models differences can be found in RFC3509. A shortcut model allows ABR to create routes between areas based on the topology of the areas connected to this router but not using a backbone area in case if non-backbone route will be “cheaper”
ABR model is selected using the following command in "config-router" mode:
abr-type (cisco|ibm|shortcut|standard)
If you want to use “shortcut” routes (non-backbone) for inter-area routes, you can use the following command in "config-router" mode:
area (A.B.C.D|<0-4294967295>) shortcut (default|enable|disable)
Three models define a usage of a specified area for routes shortcutting in shortcut mode:
- Default – this area will be used for shortcutting only if ABR does not have a link to the backbone area or this link was lost
- Enable – the area will be used for shortcutting every time the route that goes through it is cheaper
- Disable – this area is never used by ABR for routes shortcutting
Sub areas
Some of the areas may be defined as stub areas. It is used for the area which has either a single ABR or several ABR but route selection does not depend on external destination address. The information about external link (to OSPF system) is not sent to stub areas by ABR. Instead, ABR advertises a default gateway to the stub area with a route coming through this ABR.
The area can be configured as a stub area using the command in "config-router" command:
area (A.B.C.D|<0-4294967295>) stub [no-summary]
"no-summary" option is specified if it is not necessary to advertise a summary ads of other area’s links to this area.
Backbone coherence. Virtual links
In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to the backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized. This can be done using the following command in "config-router" mode:
area (A.B.C.D|<0-4294967295>) virtual-link A.B.C.D
- "(A.B.C.D|<0-4294967295>)" – area identifier through which a virtual link goes
- "A.B.C.D" – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers. For example:
Router 192.168.152.45:
OSPF> configure OSPF(config)# router OSPF(config-router)# area 0.0.0.1 virtual-link 192.168.78.12
Router 192.168.78.12:
OSPF> configure OSPF(config)# router OSPF(config-router)# area 0.0.0.1 virtual-link 192.168.152.45
Formally, the virtual link looks like a point-to-point network connecting two ABR from one area one of which there is a link to backbone area. This pseudo-network is considered to belong to the backbone area.
Link-to-area information filtering
Summary information about area’s links which is advertised by ABR through backbone to other area (export) can be filtered. Moreover, the information from ABR (that came from other areas) can also be filtered (import).
Filters are configured in "config-router" mode:
area (A.B.C.D|<0-4294967295>) export-list NAME area (A.B.C.D|<0-4294967295>) filter-list prefix WORD (in|out) area (A.B.C.D|<0-4294967295>) import-list NAME
- "NAME" – name of a filtering list (access-list),
- "WORD (in|out)" – name of a filtering prefix-list with direction specification (in – import, out – export). Filters can be configured for all areas to which ABR is connected except for the backbone area.
Links aggregation. Advertising suppression
For every area to which OSPF router is connected there is a list of address ranges for link aggregation before sending a summary LSA to the backbone area. Aggregated links are checked to belong to one of the address ranges. If several links belong to one address range, ABR makes an advertisement to the backbone (or to other areas) of only one single link with destination equal to the address range and a metric equal to the maximal metric of all the links or equal to the specified for this range value. It is possible to announce that some range is a blocking one, and then advertising of the links which belong to this range will be blocked. When advertising an aggregated backbone link to other (non-backbone) areas, the aggregation will not be performed if the area to which backbone links are advertised is a transit area (it has virtual links).
The list of addresses ranges for the area consists of the records that consist of the following fields:
- Range of addresses (R)
- Flag of advertisement suppression (not-advertise)
- The metric of an aggregated link (C )
- Advertised link (Rs)
If non-advertise flag is not specified, C and Rs parameters can be configured. If a destination for one or more links belongs to R, the router will advertise one link with R destination (or Rs, if specified) and with metric that is a maximal metric of the links (or C, if specified).
For addresses ranges there are several commands in "config-router" mode.
The command creates a range R and one can specify a “non-advertise” flag:
area (A.B.C.D|<0-4294967295>) range A.B.C.D/M [not-advertise]
The command creates a range R and configures a metric for an aggregated link C:
area (A.B.C.D|<0-4294967295>) range A.B.C.D/M [cost <0-16777215>]
The command creates a range and possibly creates a Rs destination instead of R:
area (A.B.C.D|<0-4294967295>) range A.B.C.D/M substitute A.B.C.D/M
Adjacency. Neighbors
When two or more routers have links to the same network these routers become neighbors in order to synchronize their Link-State Database. Moreover, a network with more than one router connected to it is a transit network; and, if this network is not point-to-point network, it is an active OSPF object (it can advertise its links to the routers). A special designated router makes an LSA. A designated router is selected from a number of active OSPF routers connected to the network based on their priorities, identifiers and IP-addresses of network interfaces by means of which they are connected to the network. The router uses special protocols which parameters should be identical for the neighbors. These parameters are:
- hello-interval
- dead-interval
By default, hello-interval equals 10 seconds; dead-interval equals 40 seconds. To modify these parameters for any network interface, use the following commands in "config-if" mode:
dead-interval <1-65535> [A.B.C.D] hello-interval <1-65535> [A.B.C.D]
The value of the parameter is specified in seconds. “IP-address” defines IP-address of a specific link, if you need to configure this particular link (optional parameter). If this IP-address is not specified, the parameter will be applied to the network interface. Note that in order to creating adjacency relationship between two routers these parameters should be equal.
One of the routers connected to the network is automatically selected to be a designated router (DR) judging by three parameters. If a link priority is specified for the router it acts as a major criterion for DR selection. If priority is not set, only router-id and IP-address affect the selection.
To set up router’s priority for the interface one can using the following command in "config-if" mode:
priority <0-255> [A.B.C.D]
Alike previously mentioned parameters, the priority can be set either to every link on the interface individually or to the interface as a whole. The bigger the priority the more chances this router has to become a designated router for this network. If this parameter is set to zero, this router will never be selected as a designated router.
OSPF protocol requires that Link-State databases of one area routers should be identical. To do that routers exchange LSA information. In particular, transit networks are used. In order to minimize network traffic, routers exchange their LSA not directly with each other but using DR and Backup DR (BDR). BDR is used for backing up DR in case of DR failure. BDR selection rules are identical to DR selection rules. While Link-state database synchronization the routers exchange database descriptions using master-slave relationship and broadcast IP-packets. Each packet reception should be acknowledged. If acknowledge is not received, initiating party makes a series of retransmits. OSPF administrator can control periodicity of these retransmits for each interface and/or interface’s links in "config-if" mode:
retransmit-interval <3-65535> [A.B.C.D]
This retransmit interval is specified in seconds.
LSA exchange is performed in the following cases:
- start of the router or its connection to the network (link creation) after selecting a network designated router
- after receiving LSA from any other area’s router
- periodically after old database information expiration
After receiving updated information about links changes, the router initiates its link-state database synchronization with its neighbors, if it’s a DR. This process does not start right after new information receipt but after a period of time assuming that some more data may come. This is made in order to avoid network “storms”. The time for the delay can be configured for every interface/link in "config-if" mode:
transmit-delay <1-65535> [A.B.C.D]
Moreover, the router automatically updates link-state information with its neighbors. Only obsolete information is updated which age has exceeded a specific threshold. By default, this threshold equals 1800 seconds (half an hour) and it can be changed using the following command in "config-router" mode:
refresh timer <10-1800>
The parameter is specified for the OSPF router in general.
Virtual link is a point-to-point transit network. In this network a neighboring relationship is also established between two routers. For virtual links there are similar parameters for neighboring relationship establishment. These parameters are configured in "config-router" mode:
area (A.B.C.D|<0-4294967295>) virtual-link A.B.C.D (hello-interval| <1-65535> retransmit-interval| transmit-delay| dead-interval)
To log changes in the adjacency state of the router the following command can be used:
OSPF(config-router)# log-adjacency-changes [detail]
Using optional “detail” parameter of the command enables logging of all state changes, i.e. it registers every step the neighboring routers take to establish the adjacency state.
Authentication. Identity check
In order to prevent an unauthorized connection of the routers to OSPF system, the system has an identity check for protocol’s packets. Currently the router has two different options for identity check (authentication):
- Password authentication. All packets sent to the network should have a corresponding value in a 64-bit OSPF authentication header data field. The value is a 64-bit password (not encoded). Simple password authentication is vulnerable for passive attacks (sniffing) because broadcasting is used and the packet has a password in an explicit form.
- Authentication. For each OSPF packet a key is used while generation and check of message-digest signatures which are added to the end of OSPF packet. Digital signature is built based on MD5 algorithm. Digital signature is based on one-way function using OSPF packet and a secret key. As a secret key is never send over the network in a clear form, this gives a protection from passive attacks.
By default, the router does not have any authentication (null-authentication).
Authentication can be configured individually for each interface’s link (or for the interface including virtual link) and/or individually for every area to which the router is connected.
For interfaces authentication parameters are configured using the following commands in "config-if" mode:
- Password authentication:
authentication-key AUTH_KEY [A.B.C.D]
- "AUTH_KEY" – password, IP-address is an optional parameter when individual link configuration is required.
- Key-based authentication:
message-digest-key <1-255> md5 KEY [A.B.C.D]
- "KEY" – secret MD5 key, IP-address of the link in case of individual link configuration
- "<1-255>" - a serial number of a secret key. Thus for the current link or interface one can configure up to 255 secret keys. For packets sending the router will use the latter keys among configured. For packets receiving the router will use the key with the same serial number as was used by the sender.
By setting up authentication parameters, one can turn it on by the config-if mode commands:
[(null|message-digest)] [A.B.C.D]
- "[(null|message-digest)]" - Authentication type. null – no authentication (obligatory authentication suppression). With no parameter at all, a simple password authentication is turned on
- "[A.B.C.D]" - IP-address of interface’s link.
Virtual links authentication is configured in the same way in "config-router" mode:
Parameters:
area (A.B.C.D|<0-4294967295>) virtual-link A.B.C.D authentication-key AUTH_KEY area (A.B.C.D|<0-4294967295>) virtual-link A.B.C.D message-digest-key <1-255> md5 KEY
Type of authentication settings:
area (A.B.C.D|<0-4294967295>) virtual-link A.B.C.D (authentication|) (message-digest|null)
Authentication type can be specified for the whole area to which a network belongs and a link by means of which OSPF packets are received. If authentication is turned on for both interface and the area, the interface authentication type will be used. In order to configure authentication type if it was disabled for interface (link) one can configure authentication type for the area using a command in "config-router" mode:
area (A.B.C.D|<0-4294967295>) authentication [message-digest]
If "message-digest" option is not specified, simple password authentication will be enabled for the area.
As was mentioned before, area authentication type is applied only if interface’s authentication was totally disabled. However, interface’s authentication parameters will be used.
To turn on area authentication, use the following command in "config-router" mode:
no area (A.B.C.D|<0-4294967295>) authentication
Router running configuration view
To review current running configuration of the router there are several commands in the basic mode of CS. In any mode of CS there is a command:
show running-config
This command shows a current router’s configuration.
The configuration is shown as list of commands which brought the router to its current state.
Example,
OSPF> show running-config Current configuration: interface eth0 interface eth1 interface lo0 interface null0 interface tun0 network point-to-point router router-id 195.38.45.107 network 1.1.1.1/32 area 0.0.0.0 network 4.7.8.0/24 area 0.0.0.1 network 192.168.15.1/24 area 0.0.0.1 network 195.38.45.107/26 area 0.0.0.0 area 0.0.0.1 virtual-link 192.168.151.10 end OSPF>
Neighbors
show neighbor [A.B.C.D] [detail]
As a parameter one can specify IP-address of a network interface (link), which state and neighbors list is to be shown. If this parameter is not specified the command shows a summary information for all interfaces.
Example,
OSPF> show neighbor Neighbor ID Pri State Dead Time Address Interface 9.1.1.8 1 Full/DROther 00:00:32 1.1.1.2 tun0:1.1.1.1 192.168.151.1 1 Full/DR 00:00:32 192.168.15.10 eth1:192.168.15.1 192.168.45.116 1 Full/DR 00:00:32 192.168.45.116 eth0:192.168.45.107 192.168.151.10 1 Full/DROther 00:00:39 192.168.151.10 VLINK0 OSPF>
- "Neighbor ID" – neighbor router-id
- "Pri" – priority
- "State" – current state/status. This parameter may be of the following value:
- "Init" - this state means that a Hello packet was recently received from a neighbor with whom a 2-way connection is not yet established
- "2-Way" - a two-way connection is established between two routers. Starting from here an adjacency relationship is initiated
- "ExStart" - the first step in adjacency relationship establishing which sets up master/slave relations
- "Exchange" - in this state a router fully describes its link-state database by sending packets to its neighbor
- "Loading" - a state in which link-state database synchronization happens, i.e. a request for new information is sent to the neighbor
- "Full" - this state means that neighboring relationship is established and list-state database is synchronized
- Current status may be of the following values:
- "Dead Time" – the time left for neighbor acknowledgement packet.
- "Address" – neighbor’s IP-address
- "Interface" – interface (link) through which information with neighbor is exchanged.
If option "detail" is specified in the command, the information on neighbors is shown in the detailed way.
Database
show database
The command shows a summary table with a database contents (LSA).
| show database | (asbr-summary|external|network|router|summary) | [A.B.C.D] | [adv-router A.B.C.D] |
|---|---|---|---|
| Type of link advertisement for review | Link destination which advertisements are to be reviewed | Router-id which link advertisements are to be reviewed |
For example, a database has to be viewed for the links which were announced by transit network, and the advertising router was 192.168.45.107:
OSPF> show database network adv-router 192.168.45.107
OSPF Router with ID (192.168.151.10)
Net Link States (Area 0.0.0.0)
Net Link States (Area 0.0.0.1)
LS age: 473
Options: 0x2 : *|-|-|-|-|-|E|*
LS Flags: 0x6
LS Type: network-LSA
Link State ID: 192.168.15.1 (address of Designated Router)
Advertising Router: 192.168.45.107
LS Seq Number: 80000001
Checksum: 0x9148
Length: 32
Network Mask: /24
Attached Router: 192.168.45.107
Attached Router: 192.168.151.1
Net Link States (Area 0.0.0.2)
OSPF>
Filtration objects
show access-list [(<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]
This command is used to print access lists contents. If list identifier is not specified, all lists are printed. For example:
OSPF> show access-list
IP access list any_network
permit any
IP access list net200
permit 192.168.200.0/24
Similar commands are used for prefix-lists output:
show prefix-list show prefix-list WORD
Routing table
show route
This command prints a routing table. For example:
OSPF> show route
============ OSPF network routing table ============
N IA 1.1.1.1/32 [3] area: 0.0.0.1
via 192.168.15.1, eth0
N IA 1.1.1.2/32 [2] area: 0.0.0.1
via 192.168.15.1, eth0
N 4.7.8.0/24 [2] area: 0.0.0.1
via 192.168.15.1, eth0
N IA 9.1.1.0/24 [12] area: 0.0.0.1
via 192.168.15.1, eth0
N IA 192.168.0.0/24 [3] area: 0.0.0.1
via 192.168.15.1, eth0
N 192.168.15.0/24 [1] area: 0.0.0.1
directly attached to eth0
N IA 192.168.80.0/24 [12] area: 0.0.0.1
via 192.168.15.1, eth0
N 192.168.151.0/24 [1] area: 0.0.0.1
directly attached to eth0
N IA 192.168.152.0/24 [2] area: 0.0.0.1
via 192.168.151.10, eth0
N IA 195.38.45.64/26 [2] area: 0.0.0.1
via 192.168.15.1, eth0
============ OSPF router routing table =============
R 192.168.151.10 [1] area: 0.0.0.1, ABR, ASBR
via 192.168.151.10, eth0
R 195.38.45.107 [1] area: 0.0.0.1, ABR
via 192.168.15.1, eth0
============ OSPF external routing table ===========
N E2 192.168.200.0/24 [1/7] tag: 0
via 192.168.151.10, eth0
OSPF>
This table consists of three parts:
- OSPF network routing table. This section includes a list of acquired routers for all accessible networks (or aggregated area ranges) of OSPF system. "IA" flag means that route destination is in the area to which the router is not connected, i.e. it’s an inter-area path. In square brackets a summary metric for all links through which a path lies to this network is specified. via prefix defines a router-gateway, i.e. the first router on the way to the destination (next hop).
- OSPF router routing table.
- OSPF external routing table. E2 flag points to the external link metric type (E1 – metric type 1, E2 – metric type 2). External link metric is printed in the format of "<metric of the router which advertised the link>/<link metric>".
Interfaces information
show interface [INTERFACE]
This command prints the information on network interfaces including virtual links states. If interface name is not specified, all interfaces information will be printed. For example:
OSPF> show interface
VLINK0 is up
Internet Address 192.168.151.10/24, Area 0.0.0.0
Router ID 192.168.151.10, Network Type VIRTUALLINK, Cost: 2
Transmit Delay is 1 sec, State Point-To-Point, Priority 1
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Neighbor Count is 1, Adjacent neighbor count is 1
eth0 is up
Internet Address 192.168.151.10/24, Area 0.0.0.1
Router ID 192.168.151.10, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 192.168.151.10, Interface Address 192.168.151.10
Backup Designated Router (ID) 192.168.151.1, Interface Address 192.168.151.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Neighbor Count is 1, Adjacent neighbor count is 1
Internet Address 192.168.152.1/24, Area 0.0.0.2
Router ID 192.168.151.10, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 192.168.151.10, Interface Address 192.168.152.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03
Neighbor Count is 0, Adjacent neighbor count is 0
lo0 is up
OSPF not enabled on this interface
null0 is down
OSPF not enabled on this interface
rf5.0 is up
OSPF not enabled on this interface
OSPF>
"passive-interface" command
"passive-interface" is used to manage a routing information. This command enables the routing updates suppression over some interfaces, but it allows to exchange updates through other interfaces in normal mode.
"passive-interface" command defines interfaces that will not be used to establish OSPF neighbor relationships or to send out routing updates.
For example, in case the router has a network 192.168.15.1/24 on "eth0", with only end-users devices and without other routers, the setting configuration will be the following:
OSPF>configure OSPF(config)# router OSPF(config-router)# network 192.168.15.1/24 area 0 OSPF(config-router)# passive-interface eth0
Logging OSPF events (debug)
"debug" command adds OSPF debug information to the system log. Possible log levels are from "0" (no information logged) to "255" (the most verbose logging).
Example:
OSPF(config)# debug level 5