OSPF Layer 3

OSPF LSA Type-3 Filtering

• LSA Type-3 Filtering extends the ability of an ABR that is running the OSPF protocol to filter type-3 link state advertisement (LSAs) that are sent between different OSPF areas
• It allows only packets with specific prefixes to be sent from one area to another area and restricts all packets with other prefixes. 
• It can be applied in or out of a specific OSPF area

GOAL

• R1's loopback address 150.1.1.1 must not access from area 1' devices except ABR.
• R1's other ip addresses must access from area's devices

• Step- 1 Create prefix-list
• Step- 2 Apply prefix-list to " under ospf routing process"

CONFIGURATION
Router2 (config) # ip prefix-list TEST seq 15 deny 150.1.1.1/32
Router2 (config) # ip prefix-list TEST seq 16 permit 0.0.0.0/0 le 32
Router2 (config) # router ospf 1
Router2 (config-router) # area 1 filter-list prefix TEST in

 Configuration at R2

 

 Verification R6 and R4 (Tried to ping 150.1.1.1)

Reference
Cisco OSPF Type3 LSA Filtering
INE_OSPF_Type3 Filtering

OSPF Path Selection

OSPF Path Selection

1. OSPF Cost Calculation ( RFC 2328 - section 16)
1. Route LSAs include cost attribute for each link ( value 0 to 65535)
2.  Lowest end-to-end cost
3. Uses bandwidth based cost but per RFC ( arbitrary) 
• OSPF uses bandwidth based cost
• cost = Reference_BW/Interface_BW
• Cost can be changed by
• interface bandwidth ( under interface mode)
• interface ip ospf cost ( under interface mode)
• Process auto-cost ( under router ospf mode)
• Process neighbor x.x.x.x cost xx ( under router ospf mode)
4. Virtual links inherit their cost from SPT cost between the virtual link endpoints
1. may exceed maximum link cost
2. OSPF Path Selection Order
1. Intra Area Routes (O)
2. Inter Area Routes (OIA)
3. External Type 1 ( E1)
4. NSSA Type 1 ( N1)
5. External Type 2 (E2)
6. NSSA Type 2 ( N2) 
3. Traffic Engineering OSPF Path Selection

Reference
IETF-RFC 2328
INE-OSPF-Path Selection

OSPF DEMAND CIRCUIT

OSPF DEMAND CIRCUIT

• IOS software release 11.2 ( RFC 1793)
• This function maintain neighbor relationships and ensure that the link-state databases are accurate and use far less bandwidth 
• OSPF Hellos and refresh of OSPF routing routing are suppressed on demand circuits
• This feature allows low-speed internet services such as analog dial and ISDN, to run OSPF without the need of periodic hellos and LSA flooding
• When a demand circuit is established a unique option bit (the DC bit) is exchanged between neighboring routers. If two routers negotiate the DC bit successfully they make a note of it and set a specific bit in LSA Age called the DoNotAge(DN).
• This feature is enabled with the interface-level-command "ip ospf demand-circuit

How is OSPF Demand Circuit and Normal Circuit?

• Two features of OSPF over demand circuit makes different from a normal circuit
• Suppressed periodic hellos
• Suppressed periodic LSA refresh 
• In the demand circuit, the periodic LSA refresh occurs 
• if change in network topology
• if a router in the OSPF domain that can not understand demand circuits

 CONFIGURATION
Router (config) # interface xxx
Router (config-if) # ip ospf demand-circuit

Network Design

Configuration

Verification

Reference

Cisco OSPF Demand Circuit Configuration Guide
INE Lab Work Book - OSPF Demand Circuit

OSPF Path Selection With Non Backbone Transit Areas

OSPF Path Selection with Non-Backbone Transit Areas
Transit Capability

• OSPF area transit capability as the ability of the area to carry data traffic that neither originates nor terminates in the area itself.
• OSPF ABR to discover shorter path from the transit area then forward traffic along those paths prefer over other paths
• Usually routers always prefer the route transit through area 0 even though other shortest paths available without transiting through  area 0. By enabling transit capability which is default feature, it choose the shortest path through non backhone area.

Enable Transit Capability

CONFIGURATION
R1 (config) # router ospf 1
R1 (config-router) # area 1 virtual-link 150.1.6.6
R1 (config-router) # no capability transit

R6 (config) # router ospf 1
R6 (config-router) # area 1 virtual-link 150.1.1.1
R6 (config-router) # no capability transit


Disable Transit Capability 
After applying configuration, R6 choose R1,

  

Reference 

INE LAB OSPF PATH SELECTION 

 

OSPF Route Filtering

OSPF ROUTE FILTERING

OSPF is a Link State IGP

• Filter will apply very specific points within the OSPF topology
•  It should filter mostly at area border router
•  Some cases, can apply to routing table itself 

 Filter between Areas

• Filtering within Summarization
• When generating an area range, can set "do not advertise flag "
• LSA Type-3 Filtering
• Apply to ABR, taking Type 1 and 2 LSAs, summarizing the topology info 
• And then select permit or deny them... "area filter list"
• NSSA ABR External Prefix filtering
• Do not set to P-bit, so will not able to translate Type7 to 5 
• Multiple ABRs of the NSSA connecting to Area 0, need to check translator election
• Based on Router ID, or configure "translate always" manual set for election
• Transit prefix suppression
•  Especially for MPLS vpn core, can suppress the transit prefixes in type 1 LSAs

Filter with OSPF RIB

• Distribute-list with ACL
• Distribute-list with Route-Map
• Administrative Distance 

Useful Links

1. Filtering With Route Map and Distribute List
2. ABR Type 3 LSA Filtering 
3. Forwarding Address Suppression in Translated Type-5 LSAs 
4. Inbound Filtering Using Route Maps With A Distribute List 

 

OSPF Areas, LSA and Path Selection ( Note-1)

OSPF Areas, LSA and Path Selection 

Flooding domain

• All devices inside the area agree on the topology
• Changes need LSA flooding and Full SPF

Hides Topology Details

• Inter-area routing ( seems like distance vector)
• Changes outside the area ( no need LSA flooding)
• Limit ( impact on router resources)

Two Areas 

• Backbone (Area 0 ) and Non-backbone areas
• Non-backbone ( must have connection to back bone which is area 0)

Router Types

1. Backbone routers ( one link goes to backbone)
2. Internal routers ( All links are in non-backbone area)
3. Area Border Router ( summarize info between area 0 and non-area 0) (LSA Type3)
4.  Autonomous System Border Router  (LSA Type 5 or Type 7)
• one link at least ( OSPF domain)
• one link at least ( OUTSIDE OSPF domain)

LSA Types

1. Type 1 ( Router LSA)
2. Type 2 ( Network LSA) ( Generated by DR) ( broadcast or non-broadcast network types)
3. Type 3 (Network Summary LSA) ( Generated by ABR) 
4. Type 4 (ASBR Summary LSA) (Generated by ASBR)
5. Type 5 (External LSA) ( Generated by ASBR) ( flood to all except stub areas)
6. Type 7 (NSSA External LSA)

Route Types 

• Intra- Area Routes (O) ( LSA Type1 & 2)
• Inter-Area Routes (OIA) (LSA Type 3 & 4)
• External Routes ( E1/E2 - LSA Type 5) (N1/N2 0 LSA Type 7)

OSPF Network Type

OSPF Network Type 


Network Types

• Broadcast
• Non Broadcast
• P2P
• P2MP
• P2MP NB
• Loop back

Network types and forming adjacencies

•     OSPF Network Type does not need to match to form adjacency but they do need to be compatible

·         other attributes must still match

·               timers | stub flags

·         What makes the network type compatible

·               usage of type 2 LSA

•   OSPF type 2 LSA Review

·               LSA type 2 network LSA

·               generated by the DR

·               describe who is adjacent with DR

·               not flooded outside the area they originate in

•    Used to optimize OSPF operation on a shared segment

·               reduce number of ospf adjacencies

·               reduce LSA flooding replication

·               simply spf calculation

•  Network type compatibilities

·               Network Type that use type 2 LSA

·                     broadcast

·                     Non broadcast

•  Network type that do not use type 2 LSA

·               point to point

·               point to multipoint

·               point to multipoint non broadcast

•    Broadcast

·               Default on multi access broadcast medias

·                     ethernet

·                     token ring

·               sends hellos and updates as multicast

·                     224.0.0.5 all SPF routers

·                     224.0.0.6 all DR routers

•  DR/BDR OPERATION

• DR
• used on broadcast/non broadcast links

·        forms adjacency with all routers on the link

·         listens for LSUs on 224.0.0.6

·         minimizes adjacencies

·         minimizes LSA replication

·         receives hellos, then sends updates on 224.0.0.5

·         does not modify next hop value

• BDR

·         used for redundancy of DR

·         does not re flood LSUs

• DRBrothers

·         all other routers on the link

·         not the DR or BDR

·         Form full adjacencies with DR and BDR

·         Stop at 2 way adjacency with each other

• DR/BDR chosen through election process

·         DR/BDR election process

·                     election based on following priority

·         0-255

·         higher the better

·         0 = never

·     Router-id

·         higher loopback/interface IP

·         can be statically set

·         higher better

 

 

OSPF TroubleShooting Note 

Troubleshooting OSPF Adjacencies

SHOW COMMAND TO VERIFY

• show ip ospf neighbor
• show ip packet
• show ip ospf database
• show ip ospf database router
• show ip ospf  database router self-originate
• show ip protocol
• show run | section ospf
• show ip protocols summary 
• show ip ospf border routes

OSPF Adjacency State Machine
  Normal OSPF Adjacency State Machine Order

• Down/Attempt
• Init ( one way hello - multicast is broken/layer2 issue)
• 2Way ( stop her for DRothers)
• ExStart ( MTU mistmatch/Duplicate router-ID, Pakcet loss. Access-list )
• Exchange
• Loading ( Neighbor sends bad packets or corrupt/ LS request ignored
• Full

Problem Indicator

• Init ( transport Issue / hello is sent but neighbor responded
• 2Way ( stop here from DRothers) ( Multicast/OSPF could be blocked)
•  Exstart ( First step of actual adjacency)
• Exchange ( Stub flags and other options happen here)
• Loading ( link state request packets are sent )
• Full 

Problem 

• Duplicate router id ( flood war)
• Attribute issues ( Broadcast/NBMA will us DR/BDR)