Saturday, 24 March 2012

 OSPF Routing - Area Types and Options 1

Virtual Links
You would never design a network with virtual links in mind, they are there to be used as a fix (band-aid) till you can fix/redesign the network;


 Notice the lack of connection to AREA0 from AREA2... this could of been a company merger or take over, where AREA0 is the HQ, AREA 1 are the branch offices and AREA 2 is the competetion (which you just took over) so as a quick fix you can create a virtual link back into area 0

Lets see up Router2:
Once i added that last network statement, that then violated the OSPF rules, as AREA2 does not have a link back to AREA0, lets jump on R3 and see whats happening:

So R3 does not have any new routes learnt, and we can see R4 has an Inter Area route from R3 and R2 (their WAN link).  What we need to do is add a virtual link between R3 and R2



The command is adding a virtual link from the ABR (AREA1) that joins us to the backbone area (AREA0), Notice it is after the ID, which is the IP address of the neighbour (the RID), now we have to add the link the other way (back from R2 to R3)
















Once we have applied the command, the neighbourship is formed, notice the VL0 (Virtual Link zero) now this interface will not appear under show ip int brief, but you can see it with show ip ospf virtual-links.

Now you could do this with the virtual link, with other tunnels ..GRE tunnels (as Jeremy mentions on the CCIE lab, you have to link an are back to AREA0 but without using the virtual-links command)*












We are now getting the route on R3 and also R4 :0)


* See Darrens blog for a lab which shows this "virtual link" but via a GRE tunnel:
http://mellowd.co.uk/ccie/?p=1683





OSPF AREAS AND ROUTER TYPES

RECAP:
We divide off areas of our network, to help with the load of the SPF algorighm running to often, updates being to numeours (when the network is to large), so by splitting it into smaller areas we make the topology database smaller which increases performance and we can also summarise on the area boundaries (the ABR's)


  • LSA 1 (Router LSA)
Generated by all routers in an area to describe their directly attached links (Intra-area routes). These do not leave the area.
  • LSA 2 (Network LSA)
Generated by the DR of a broadcast or Nonbroadcast segment to describe the neighbors connected to the segment. These do not leave the area.
  • LSA 3 (Summary LSA)
Generated by the ABR to describe a route to neighbors outside the area. (Inter-area routes)
  • LSA 4 (Summary LSA)
Generated by the ABR to describe a route to an ASBR to neighbors outside the area.
  • LSA 5 (External LSA)
Generated by ASBR to describe routes redistributed into the area. These routes appear as E1 or E2 in the routing table. E2 (default) uses a static cost throughout the OSPF domain as it only takes the cost into account that is reported at redistribution. E1 uses a cumulative cost of the cost reported into the OSPF domain at redistribution plus the local cost to the ASBR.
  • LSA 6 (Multicast LSA)
Not supported on Cisco routers.
  • LSA 7 (NSSA External LSA)
Generated by an ASBR inside a NSSA to describe routes redistributed into the NSSA. LSA 7 is translated into LSA 5 as it leaves the NSSA. These routes appear as N1 or N2 in the ip routing table inside the NSSA. Much like LSA 5, N2 is a static cost while N1 is a cumulative cost that includes the cost upto the ASBR.






















Lets look at R1s routing table;


Notice how R1 is getting route information about the other WAN links, the RIP external routes, but in all honestly R1 doesn't need to know all this information as his only way out to the rest of the network is via R2....its like OSPF is overkill really, a simple static would surfice, but then this takes away the ease of administration etc etc ...

Thats where .....

 to config STUBBY AREA (this is industry standard), its very easy, we go under the OSPF process on R2;









the neighbourship will drop, as if you recall the stubby flags in the HELLO packet must match between neighbours, and currently they do not, so hence we had to change R1 and then neighbourship came back up

Notice, the routing table for R2 will not change:










the Stub config will only apply to the router within the AREA, not the ABR! So lets check R1:









Notice all the External routes are gone (192.....) and we have a default route in there from the ABR, which knows it is filtering some routes for R1, so it passes on this default route :0)

Next, lets look at the TOTALLY STUBBY area (This is cisco proprietary, although other vendors have implement it in similar ways, so the ABR has to be a cisco device with this config), now remember this will block everything from coming in, lets check R5's routing table first though:

















lets config the routers:












Notice i do not have to put no-summary at the end of the config on R5, we can keep this industry standard, as it is only recieving the messsages.

Lets check the routing table:











Sweet, there it is....a default route from R4, everything else has been removed (all what we would see is routes from our own area, had we had any)


NOT SO STUBBY AREAS
If we now look at R5, it is configured a TOTALLY STUBBY area, but it is now connected to a RIP network, which makes it a ASBR .... BUT it cannot send this RIP routes into the OSPF network becuase it is a totally stubby area, thats where the NOT SO STUBBY config comes from:

So in our case R4 will convert these back to LSA TYPE 5's for the rest of the network .... pretty kool!
we also need to remove the stub config we put in before:















lets check the routing table:









Excellent, there it is :0) lets get the redistribution of them RIP routes on the ASBR, here we need to use the subnets command so we dont get the classful networks along with setting the metric:




So if we check out OSPF database we can see the RIP routes in the type 7 LSA's





























and if jump over to R4 he is recieving the TYPE7 LSA's but sending them out (externally) as TYPE 5 LSA's































See the 192.168..... addresses in the TYPE 7 and TYPE 5 section of the OPSF database.
So if we were to jump onto R2, this should not see TYPE7 LSA's as R4 is doing the conversion, lets check:



























Excellent, its all working

These methods help reduce the routing tables and the OSPF load, although bear in mind that the router must only have 1 exit out of the network to be a stub.

OSPF Routing - Implementing OSPF over NBMA LAB OBJECTIVE 3




Okay so we are looking good and most of the lab is done, lets see if we can ping from R4 to R5 & R6's loopbacks

Checking the routing table, we know about the loopback interfaces from the two routers ...
 
 R4#show ip route

     1.0.0.0/24 is subnetted, 1 subnets
O IA    1.1.1.0 [110/129] via 10.24.0.2, 00:10:05, Serial0/0.1
     2.0.0.0/24 is subnetted, 1 subnets
O IA    2.2.2.0 [110/65] via 10.24.0.2, 00:10:05, Serial0/0.1
     3.0.0.0/24 is subnetted, 1 subnets
O IA    3.3.3.0 [110/129] via 10.24.0.2, 00:10:05, Serial0/0.1
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     5.0.0.0/24 is subnetted, 1 subnets
O IA    5.5.5.0 [110/193] via 10.24.0.2, 00:03:49, Serial0/0.1
     6.0.0.0/24 is subnetted, 1 subnets
O IA    6.6.6.0 [110/193] via 10.24.0.2, 00:01:40, Serial0/0.1
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA    10.12.3.0/24 [110/128] via 10.24.0.2, 00:10:07, Serial0/0.1
C       10.24.0.0/24 is directly connected, Serial0/0.1
O IA    10.35.6.3/32 [110/128] via 10.24.0.2, 00:06:10, Serial0/0.1
O IA    10.35.6.0/24 [110/256] via 10.24.0.2, 00:03:52, Serial0/0.1





R4#   ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


R4#ping 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)



Okay, lets do a traceroute and see where this is going (lets turn off domain-lookup as i dont have DNS configured on these)



R4(config)#no ip domain lookup
R4(config)#do traceroute 5.5.5.5

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 10.24.0.2 68 msec 64 msec 28 msec
  2  *  *  *
  3  *  *  *
  4  *





So it looks like are dying at Router2, lets jump over to Router2;

R2#show ip route

     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/65] via 10.12.3.1, 00:13:48, Serial0/0.1
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     3.0.0.0/24 is subnetted, 1 subnets
O       3.3.3.0 [110/65] via 10.12.3.3, 00:13:48, Serial0/0.1
     4.0.0.0/24 is subnetted, 1 subnets
O       4.4.4.0 [110/65] via 10.24.0.4, 00:17:45, Serial0/1.1
     5.0.0.0/24 is subnetted, 1 subnets
O IA    5.5.5.0 [110/129] via 10.12.3.3, 00:11:30, Serial0/0.1
     6.0.0.0/24 is subnetted, 1 subnets
O IA    6.6.6.0 [110/129] via 10.12.3.3, 00:09:22, Serial0/0.1
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.12.3.0/24 is directly connected, Serial0/0.1
C       10.24.0.0/24 is directly connected, Serial0/1.1
O IA    10.35.6.3/32 [110/64] via 10.12.3.3, 00:13:51, Serial0/0.1
O IA    10.35.6.0/24 [110/192] via 10.12.3.3, 00:11:34, Serial0/0.1
R2# ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Nope, as thought going no where, trace route confirms;


R2(config)#no ip domain loo
R2(config)#do traceroute 5.5.5.5

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1  *  *


If we look at the routing table again, notice the routes are learnt via 10.12.3.3 ... here lies the problem, as R2 is NOT directly connected to R3, although it believes it is (as being on the same subnet, it would believe it is) but it has to go to R1 first!




As objective 4 says, we cannot add PVCs by modifying the FRS configs, SO .... lets check our map status on the interface

R2#show run int ser0/0.1
interface Serial0/0.1 multipoint
 ip address 10.12.3.2 255.255.255.0
 ip ospf priority 0
 frame-relay map ip 10.12.3.1 201 broadcast
end



We are going to need another frame-relay map statement so that R2 knows what dlci to go to in order to reach R3:


R2(config)#inter seri0/0.1
R2(config-subif)#frame-relay map ip 10.12.3.3 201 broadcast






Now, we need R3 to have a mapping back to R2, same principle:


R3(config)#inter seri0/0.1
R3(config-subif)#frame-relay map ip 10.12.3.2 301 broadcast



thats better:

R3#show frame-relay map
Serial0/0.1 (up): ip 10.12.3.1 dlci 301(0x12D,0x48D0), static,
              broadcast,
              CISCO, status defined, active
Serial0/0.1 (up): ip 10.12.3.2 dlci 301(0x12D,0x48D0), static,
              broadcast,
              CISCO, status defined, active
Serial0/1.1 (up): ip 10.35.6.5 dlci 305(0x131,0x4C10), static,
              broadcast,
              CISCO, status defined, active
Serial0/1.1 (up): ip 10.35.6.6 dlci 306(0x132,0x4C20), static,
              broadcast,
              CISCO, status defined, active





So, lets try that ping again from R4 to R5 & R6
R4# ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/143/252 ms


R4#ping 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/129/320 ms



This goes to show and demostrate the network types and the problems/issues that can arise with NBMA



Next Lab ...