Table of content

Terminology

OSPF protocol

OSPF (Open Short Path First) - a dynamic routing protocol based on the algorithm of shortest path tree construction. OSPF protocol has the following features:

OSPF area

The number of autonomous system routers that use OSPF to exchange routing information can be large. This leads to a high load of communication channels by the large number of OSPF service messages. To reduce the amount of transmitted service information, the OSPF protocol divides the autonomous system to areas.

Each area has a 32-bit identifier, which is usually written in two formats:

It is not necessary to use sequential identifiers for areas. For example, the network can include areas with identifiers 0, 2 and 7 (Figure 1a).

An interface can belong to an area, not a device. Thus, one router can be connected to multiple areas (Figure 1a).

A special role has the area with the identifier 0.0.0.0 - this area is called backbone. The backbone area is a requirement for OSPF to work. Each area must be directly connected to the backbone area, i.e. a scheme in which some area is connected to another without having a connection to the backbone is prohibited (Figure 1b).

Figure 1a - Permitted network scheme with multiple OSPF areas

Figure 1b - Prohibited network scheme with multiple OSPF areas

Routers types

Depending on the router place in the network, the following types of devices are distinguished (Figure 2):

Figure 2 - Network scheme with different routers types

OSPF operation algorithm

OSPF operation has the following steps. Some steps will require a detailed explanation which is provided in the sections below.

OSPF protocol launch

Two processes are performed when the OSPF service operation starting: selecting a router identifier  and defining a list of interfaces to participate in OSPF.

The router has a 32-bit identifier, which is usually written in the IP address format. Usually, the identifier is not connected with the device's IP address and can be set manually. If the identifier is not set manually, it will be automatically selected as the highest device IP address. In case of manual ID selection, it is recommended to set it equal to the loopback0 interface IP address. This will help to identify devices easier and speed up the network problems diagnostic.

During automatic ID selection, the Infinet device generates a special address from the 224. *. *. * multicast subnet, associated with the router serial number. This helps to avoid ID redefinition when the IP address or the network interface is removed.

The set of interfaces involved in the OSPF protocol is determined in accordance with the following rules:

If OSPF has not been started on the network interface, this does not mean that the network associated with this interface will not be advertised for other routers. Launching OSPF on an interface only affects the neighbor discovery attempt.

Let's look at the examples of executing various commands when starting the OSPF service on router R1 (Figure 3). In the table below, there are the commands examples and the correspondence of router interfaces to this command: if there is a match, a neighbor discovery will be performed on the interface, and if it does not match, no discovery will be performed.

CommandCorrespondence to eth1Correspondence to eth2Комментарий
network 0.0.0.0/0 area 0yesyes

The 0.0.0.0/0 network includes all IP addresses, so the networks associated with eth1 and eth2 are in this range.

Such a configuration has a hidden behavior: if a new IP address appears in the device's configuration, then OSPF will be launched on the interface associated with it. This is because the 0.0.0.0/0 network includes all networks.

network 10.10.30.0/24 area 0

network 192.168.6.0/28 area 1

yesyesThe command contains the networks associated with the eth1 and eth2 interfaces, so OSPF will use both interfaces.

network 10.10.30.0/25 area 0

network 192.168.6.0/28 area 1

noyes

Although the R1 router IP address belongs to the 10.10.30.0/25 network, OSPF will not be launched on this interface. This is because the network associated with interface eth1 contains addresses in the range 10.10.30.0-255, which does not satisfy the command 10.10.30.0/25 (10.10.30.0-127).

OSPF will be launched on eth2.








Figure 3 - The router scheme with two network interfaces

Passive interfaces

After the router has determined the list of interfaces where OSPF is running, it starts looking for neighbors using these interfaces. Besides that, all networks assigned to these interfaces will be advertised to other routers. This behavior can be used by an attacker: the router will establish neighbor relations with the attacker's device and transmit all routing information about the network.

The way to avoid this type of attack is to use passive interfaces. Any interface participating in OSPF can be configured as passive. In this case, the search for neighbors via such interface will not be performed, however, the network assigned to this interface will be announced to other routers.

External routes

List of routes to networks assigned to interfaces is defined when OSPF starts, in addition, OSPF can announce routes to other networks that were added to the device routing table. Announcement of such routes is called redistribution. These routes are external to OSPF.

The routes sources for redistribution can be other dynamic routing protocols, static entries, or directly attached networks not added to OSPF.

Setting up neighborhood relations

Routing information exchange is possible only after the establishment of neighbor relations between the routers. Two routers having a common link will establish a neighborhood relationship if the following parameters match:

Neighborhood relations are established in several steps. Let's look at the network example (Figure 4a): the network consists of three routers R1, R2 and R3 connected to the switch, neighbor relations are established between the routers, R2 router is selected as the designated router (DR), R3 as the backup designated router (BDR) ). Router R4 will be added to the network scheme, and let's assume that the conditions for establishing neighborhood relations are met.

Figure 4a - R4 router was added to the network scheme

Figure 4b - R4 sends Hello messages

Figure 4c - R1, R2, R3 send Hello messages

Figure 4d - 2-Way relationships were established

Figure 4e - Full relationships were established by R4 with DR and BDR

Roles distribution

In each broadcast segment where OSPF is running, DR and BDR elections are performed. Elections are carried out in accordance with the following rules:

The group address 224.0.0.6 is associated with DR and BDR devices, which is used for LSDB synchronization. Devices with DR and BDR roles establish a Full relationship with each router in broadcast segment, it leads to higher demands on device performance compared to DROther. If the devices hardware performance can become a bottleneck, it should be taken into account during network planning, interface prioritization should be set to ensure predictable selection of the highest performing devices as DR and BDR.

The main function of DR is the routing information exchange in the broadcast segment. The main function of the BDR is to monitor DR the state and, if it fails, change the role to DR. Since each DROther establishes a Full relationship with both DR and BDR, the LSDB on the BDR is synchronous with the DR, so the BDR can start performing DR functions without timing database synchronization delays. If BDR becomes DR, then BDR is selected among DROther according to the algorithm described above.

LSDB synchronization

Routing information in OSPF is represented as different types of LSA. The LSDB is a set of LSAs. Note, LSA is not an OSPF service message, therefore, DBD, LSR, LSU, LSAck messages are used to transmit it in accordance with the steps 6-8 of the neighbor relationship establishment algorithm.

Supported by WANFleX OS OSPF version 2 defines 7 LSA types shown in the table below. To explain the purpose of different LSAtypes the network sheme at Figue 5a will be used: the network consists of 6 routers, forming three OSPF areas. This scheme describes the LSA types generated by devices regardless of the establishing neighborhood relations stages.

TypeNameDescriptionExample
1

Router LSA

This type of LSA is distributed by all routers within the same area.

The LSA contains the following routing information:

  • a description of all router communication channels related to this area;
  • the router communication channels costs;
  • a list of area routers with established neighborhood relationship.

LSA of this type are distributed by all routers in the network (Figure 5b).

This LSA type has the following features:

  • R3 will include only the 10.10.234.0/29 network information in LSA type 1 broadcasted in area 0, and 192.168.36.0/24 information in LSA broadcasted in area 36. This behavior is explained by the fact that LSA type 1 is designed to exchange information within an area;
  • Router R5 does not generate LSA type 1 with information about the external network 172.16.0.0/16;
  • Type 1 LSA generated by R4 will be received by R2 and forwarded to R1 with the increased metric value. Thus, LSA type 1 are propagated over the entire area with metric increments, the rest parameters remain unchanged.
2

Network LSA

LSA of this type are distributed by DR within the same area.

The LSA contains the following routing information:

  • the broadcast segment network address;
  • the broadcast segment network mask;
  • a list of routers with established neighborhood relationship.

LSA of this type are generated only by routers with DR role - R1, R2, R3 and R4 (Figure 5c).

Similar to LSA type 1, LSA type 2 is distributed across the entire area with metric value increments.

3

Summary Network LSA

LSA of this type are distributed by ABR and contain routing information about the neighboring area. The LSA types 1 and 2 allow the router to build an area topology and calculate data transmission paths. Type 3 LSA are not sources of topology data, they only contain routing information about neighboring areas. Thus, at the areas borders, OSPF behaves as a distance vector protocol.

ABR generates one LSA type 3 for each network. The messages number can be reduced by routes summarization.

LSA of this type are generated by ABR routers - R3 and R4 (Figure 5d).

R3 router generates following LSA type 3 messages:

  • route to 192.168.36.0/24 network for area 0. R3 router connected to this network via eth1 interface;
  • route to 10.10.234.0/29 network for area 36. R3 router connected to this network via eth0 interface;
  • route to 10.10.21.0/30 network for area 36. Network information is taken from LSA types 1 and 2 received from R1;
  • route to 192.168.45.0/24 network for area 36. The route to this network is taken from LSA type 3 received from router R4. During advertising this network, router R3 setting itself as the route source in LSA. Source substitution is necessary, since the 36 area router is unaware of the R4 location.

Router R4 generates LSA type 3 same way as R3.

4

ASBR Summary LSA

LSA of this type an ABR generates in addition to LSA type 5.

LSA of this type contain information about the ASBR location for the neighboring to ASBR area.

See example for LSA type 5.
5

External LSA

LSA of this type are generated by ASBR for external routes, including default routes. Such messages are distributed throughout the AS unchanged.

Similar to ABR, ASBR can summarize external routes, i.e. replace several routes with one. This reduce the routing table and the service information amount during the further routes distribution.

LSA type 5 is generated by R5 as the only ASBR in the network scheme (Figure 5e).

The type 5 LSA generated by R5 contains information about the 172.16.0.0/16 network and is distributed through the entire autonomous system unchanged. Thus, each router in the scheme has information that the 172.16.0.0/16 network is an external and is available via the R5 router.

The hidden problem is that R1, R2, R3, and R6 do not know the R5 location. LSA type 1 where the the R5 ID specified is only propagated within area 45.

To solve this problem, border routers R4 and R3 generate LSA type 4 in addition to the transmitted LSA type 5. In LSA type 4, routers advertise that all traffic directed to R5 can be sent to ABR.

6

Group Membership LSA

LSAs of this type are used in Multicast networks and contain a list of groups whose consumers are in the network segment. LSA of this type will not be described in this article.

-
7

Type 7 LSA

LSA of this type are similar to LSA type 5 and are used in NSSA areas. The use of LSA type 7 is necessary for compatibility between Stub areas and NSSA. LSA type 7 is converted to LSA type 5 by ABR during export from NSSA area.An example of LSA type 7 generation is presented in the NSSA areas description.

Figure 5a - Network scheme for LSA types analyzing

Figure 5b - LSA type 1 distribution

Figure 5c - LSA type 2 distribution

Figure 5d - LSA type 3 distribution

Figure 5e - LSA type 4 and 5 distribution

Building the shortest paths tree

After LSDB synchronization, each router performs a shortest paths tree calculation using Dijkstra's algorithm.

In networks with channel redundancy, LSDB contains announcements about the same network received from different sources. Such routes are transmitted to the RIB in the following order:

Типы областей

Одним из способов уменьшения объёма служебных сообщений протокола OSPF является использование областей разного типа. Протокол предусматривает следующие типы областей:

Основные свойства областей разного типа рассмотрим на примере следующей схемы (рис. 6): маршрутизаторы R1, R2, R3 и R4 последовательно соединены между собой, образуя три области OSPF. Маршрутизаторы R3 и R4 имеют внешние каналы связи. В каждом из последующих примеров будем менять тип области 4, анализируя типы LSA, связанные с этой областью. В рассматриваемых примерах будут опущены подробности LSA не связанных с областью 4 и LSA типа 1 и 2, т.к. они распространяются в пределах областей любого типа.

Рисунок 6 - Схема сети для рассмотрения типов областей

Normal

Области Normal не вносят изменений в логику распространения и обработки LSA, описанную выше (рис. 7а). Данный тип областей используется устройствами по умолчанию. Частным случаем области Normal является магистральная область.

Рисунок 7а - Распространение LSA в области Normal

Stub

Для области Stub характерны следующие особенности (рис. 7б):

Области Stub применяются в сегментах локальной сети, не имеющих подключения к внешним каналам связи, но маршрутизаторы которой должны получать маршрутную информацию из соседних областей в полном объёме. Применение областей Stub позволяет получить небольшой выигрыш в производительности маршрутизаторов за счёт снижения числа LSA и обезопасить сеть от атак, подразумевающих подключение маршрутизатора к внешнему сегменту сети.

Рисунок 7б - Распространение LSA в области Stub

Totally Stub

Область Totally Stub повторяет поведение области Stub с одним исключением: LSA типов 3 и 5 из соседних областей заменяются на один LSA типа 3 с маршрутом по умолчанию (рис. 7в).

Сценарии использования областей Totally Stub схожи с областями Stub, но маршрутизаторы области не будут обладать всей маршрутной информацией о соседних областях. Это позволит получить существенный выигрыш в производительности, т.к. маршрутизаторы области Totally Stub для передачи данных в соседние области будут использовать единственный маршрут по умолчанию.

Рисунок 7в - Распространение LSA в области Totally Stub

NSSA

Область NSSA обладает характеристиками области Stub с одним исключением: область NSSA может иметь внешний канал связи (рис. 7г). Поскольку для распространения маршрутной информации о внешних каналах связи используются LSA типа 5, запрещённые в областях Stub, то в NSSA для этого используется LSA типа 7. Этот тип LSA повторяет структуру LSA типа 5, но разрешён к распространению в NSSA областях. На стыке областей ABR преобразовывает LSA типа 7 в LSA типа 5, устанавливая себя в качестве источника. Поскольку источником указывается ABR, выполняющий преобразование LSA, то дополнительный LSA типа 4 создавать не нужно.

Как правило, применение области NSSA является следствием развития сети: подключение внешнего канала связи к области Stub требует изменение её типа на NSSA.

Рисунок 7г - Распространение LSA в области NSSA

Totally NSSA

Области Totally NSSA схожи по поведению с областями NSSA за исключением одной особенности: в область Totally NSSA экспортируется только один LSA типа 3 с маршрутом по умолчанию (рис. 7д).

Как правило, использование областей Totally NSSA является следствием развития сети: подключение внешнего канала связи к области типа Totally Stub требует изменения типа области на Totally NSSA.

Рисунок 7д - Распространение LSA в области Totally NSSA

Виртуальный канал связи

Одним из принципов протокола OSPF является возможность соединения двух немагистральных областей только через магистральную область. Несмотря на это, структура некоторых сетей не соответствует этому принципу, что является следствием их исторического развития. Приведение таких сетей в соответствие требованиям OSPF может потребовать крупных затрат, поэтому протокол OSPF был расширен понятием виртуального канала связи (Virtual Link).

Виртуальный канал связи обладает следующими характеристиками (рис. 8):

Рисунок 8 - Схема с виртуальным каналом связи

Особенности протокола OSPF

Особенности протокола OSPF можно сформулировать следующим образом:

Практические примеры по настройки OSPF представлены на дочерней странице документа: engНастройка протокола OSPF.

Дополнительные материал

Вебинары

  1. Типовые сценарии настройки маршрутизации в устройствах Инфинет, часть 2.

Прочее

  1. Команда ifconfig (настройка интерфейсов)
  2. Команда ARDA
  3. Команда OSPF
  4. Команда arip
  5. Команда rip (модуль динамической маршрутизации)
  6. RFC 2328