My OSPF Notes

This is my OSPF notes I took when I was working on OSPF technology specific labs.

### Avoid secondary IP advertisement ###
interface <type> <mod>/<num>
 ip ospf <pid> area <#> secondaries none### Disable Syslog logging for type 6 LSAs (MOSPF – not supported on Cisco) ###router ospf <pid>
 ignore lsa mospf

### OSPF Fast Hello Packets – Min dead-interval (1 sec) with hello-multiplier ###
interface <type> <mod>/<num>
 ip ospf dead-interval minimal hello-multiplier <3-20>

### OSPF name lookup — Display OSPF Router-id as router name ####
ip ospf name-lookup
ip host <name> <ip>

### OSPF network type LOOPBACK
Loopback and looped back interfaces use by default LOOPBACK network type, a host route (/32) is advertised for that interface instead of the real mask.

To advertise the loopback ip with real mask, use network type POINT-TO-POINT.
* ip ospf network point-to-point

### OSPF Authentication
-> Plain-text password
can be activated under router: * area <id> authentication
or under interface:            * ip ospf authentication
Authentication key is configured under interface:
* ip ospf authentication-key <string>

-> MD5 auth
can be activated under router: * area <id> authentication message-digest
or under interface:            * ip ospf authentication message-digest
Authentication key is configured under interface:
* ip ospf message-digest-key <key> md5 <string>

### VIRTUAL LINKS
Created between 2 ABRs, one of them should be connected to area 0.
Example: |R1|—-area0—-|R2|—-area1—–|R3|—-area2—-|R4| we should connect area 2 to area 0:
– on R2: * area 1 virtual-link <R3 RID>
– on R3: * area 1 virtual-link <R2 RID>

*** Virtual-links can’t be configured on a stub area, to fix the broken OSFP network we use GRE tunnels.
Create GRE tunnels on the ABRs (one connected to are 0) and advertise them in area 0.
* interface tunnel<#>
*  ip add <ip@> <mask>
*  tun so <ip@>
*  tun de <ip@>
*  ip ospf <pid> a 0

– Virtual-links Authentication
Simple password:

  * area <id> virtual-link <RID> authentication

  * area <id> virtual-link <RID> authentication-key <string>

MD5 Authentication:

  * area <id> virtual-link <RID> authentication message-digest

  * area <id> virtual-link <RID> message-digest-key 1 md5 <string>

*** When authentication is enabled on area 0 in a network using virtual-links,
this authentication should be enable on other ABRs where virtual-links are created ‘coz

those routers are part of area 0 too.

#############################################################################################

### OSPF COST
under interface configuration:
* ip ospf cost <1-65535>

### OSPF REFERENCE COST —— REF BW / BW = COST
By default OSPF cost is calculated based by default on fastethernet interface BW.
To change the refrence bandwidth use under ospf config mode:

* auto-cost reference-bandwidth <bw in Mbits>

This command should be used on every router in the OSPF domain. REF / BW = COST

#############################################################################################

### SUMMARIZATION
The Internal routes can only be summarized on ABRs, whereas the External (redistributed) routes can only be summarized on ASBRs.
– Internal summarization
* area <id> range <summary> <mask> …
!– where area id is the area to which the summary belongs, summarizes type 3 LSAs

– External summarization
* summary-address <summary> <mask> !– summarizes type 5 and 7 LSAs

– Disable creation of NULL0 route when using area range or summary-address command respectively
* no discard-route internal
* no discard-route external

#############################################################################################

### STUB AREAs
– Stub area can’t be used as transit area for virtual but GRE tunnel can be used instead
– A Stub area can not have an ASBR
– Every router and the ABR of that area should have “area <id> stub” command
– For totally stubby area (no type 3, 4 and 5 LSAs) the ABR should have “area <id> stub no-summary command.
– NSSA only receives or propagate LSA types 1, 2, 3 or 7.
area <id> nssa [default-information-originate] [no-summary]
* [default-information-originate] Originate Type 7 default (O*N2) into NSSA area.
* [no-summary] Originate Type 3 default (O*IA) into NSSA area. Do not send summary LSA into NSSA.

– By default the cost of default route injected into a given area is 1, this can be changed using: * area <id> default-cost <0-16777215>
#############################################################################################

### OSPF FILTERING
– To filter a given prefix from the routing table, use:
# distribute-list {acl#|acl_name|prefix|route-map} in [interface]
This has effect only on the router where it is configured, except if the prefix that is being filtered is coming from area 0,
in which case the prefix will be filtered from the database.

– Inter-area filtering: area <id> filter-list prefix <prefix_name> {in|out}. This ONLY works for LSA type 3.

– Filter LSA type 1 (and only type 1) from being injected into a given area:

* area <id> range <summary> <mask> not-advertise

– * distribute-list <acl#> out : only used on ASBR (else it will not have any effect whatsoever) to filter LSA type 5s or 7s from the OSPF database.
We can also use on the ASBR, * summary-address <summary> <mask> not-advertise.

– Prevent flooding of ALL OSPF LSAs out of a given interface:
  interface <type> <num>
   ip ospf database-filter all out

– Prevent flooding of ALL OSPF LSAs to a given neighbor that is reachable through   an interface that has a point-to-multipoint network type at a given ip @.

* neighbor <id> database-filter all out

### TRAFFIC REDIRECTION
– To set a maximum metric for self-originated router-LSAs:

  max-metric router-lsa [summary-lsa | include-stub | external-lsa | on-startup]
[summary-lsa] Overrides summary-lsa metric with max-metric value
[include-stub] Sets maximum metric for stub links in router-LSAs
[external-lsa] Overrides external-lsa metric with max-metric value
[on-startup] Sets maximum metric temporarily after reboot

### DATABASE OVERLOAD PROTECTION

Controls how many prefixes can be received from a neighbor

redistribute maximum-prefix <max> <thresh%> [warning-only]

[warning-only] When exceeding the maximum number apose to dropping the session

#############################################################################################
### OSPF over FRAME-RELAY

MNEMONIC:
*** NON-BROADCAST = need “neighbor” command.
*** BROADCAST = DR/BDR elected
*** POINT-To-x = No DR/BDR election

### OSPF NON-BROADCAST NETWORKS (H 30s, D 120s)
– Non-Broadcast is the default network type on multipoint frame-relay interface, eg a main interface.

– OSPF routers on NBMA networks elect a DR and BDR, but all OSPF packets are unicast between each manually
specified neighbor with the “neighbor” command.

– The default priority is 1, and should be disabled (=0) on ALL SPOKES, to prevent a spoke from becoming a blackhole DR/BDR.

– The next-hop IP is not changed and remains the IP address of the originating router.
If “inverse-arp” is deactivated, spokes will not have NLRI between eatch other. Configure static mapping (toward the hub) to resolve that issue.

### OSPF BROADCAST NETWORKS (H 10s, D 40s)
– There is NO next-hop modification. The next-hop IP remains that of the originating router.

– Layer3 to layer2 resolution is required.

– Broadcast networks can’t have unicast neighbors configured.

### OSPF POINT-TO-POINT NETWORKS (H 10s, D 40s)
– No DR/BDR election, OSPF configured as per normal.

– The next-hop IP is that of the advertising router.

– OSPF ignores subnet mask mismatch on point-to-point links.

### OSPF POINT-TO-MULTIPOINT NETWORKS (H 30s, D 120s)
– No DR/BDR election

– A host route is created for the IP addresses of all the interfaces connected to the FR cloud

– The next hop IP address of the advertised prefixes is set based on the advertising router and not the router that originated the route.

– CISCO proprietary, best choice for NBMA networks.

### OSPF POINT-TO-MULTIPOINT NON-BROADCAST NETWORKS (H 30s, D 120s)
– Cisco proprietary, the same as point-to-multipoint, but configured with the additional ‘non-broadcast’ keyword.

– Was created to allow for the assignment of the cost per neighbor appose to using the interface’s cost.

– neighbor cost and database-filter options are allowed only for a point-to-multipoint network. That’s why we need to combine P2M and non-broadcast to control cost per-neighbor.

– No DR/BDR election, uses unicast appose to multicast, to each manually specified neighbor.

– As a result the directly connected neighbor must be manually defined with the ‘neighbor’ command. This command is only required on the one side.

– Remember that the cost is based on the ‘incoming’ interface’s bandwidth and not the bandwidth of the neighbor’s interface.

############################################################################################

### MISCELLANEOUS

– Suppress OSPF forwarding address in translated type-5 LSAs

> This is used when an NSSA ABR translates type 7 LSAs to type 5 LSAs, but use the 0.0.0.0 as the forwarding address instead of the address specified in the type 7 LSA.
> Routers which are configured not to advertise forwarding addresses into the backbone, will directly forwarded traffic to the translating NSSA ASBRs.
* area <id> nssa translate type7 suppress-fa [<OPTIONS>]

OPTIONS:

[default-information-originate] –  Originate Type 7 default into NSSA area

[no-redistribution] – No redistribution into this NSSA area

[no-summary] – Do not send summary LSA into NSSA

– Generate default route into a NSSA
* area <id> nssa [default-information-originate] [no-summary]
[default-information-originate] Originate Type 7 default (O*N2) into NSSA area.
[no-summary] Originate Type 3 default (O*IA) into NSSA area. Do not send summary LSA into NSSA.

– When an ABR is also an ASBR and is connected to a NSSA, the default behaviour is to advertise the redistributed routes into the NSSA.
> This redistribution can be turned off by adding the ‘no-redistribution’ keyword to the “area nssa” command.
* area <id> nssa no-redistribution ! No redistribution into this NSSA area

More notes are to come, please leave your comments 🙂