OSPF

toc =**OSPF Router ID**=

All OSPF instances are required to have a unique router id. This is selected in the following order:
 * 1) Router ID configured with the **router-id** subcommand under **router ospf**
 * 2) Highest IP address on "up-up" loopback interface
 * 3) Highest IP address on "up-up" non-loopback interface

Notes regarding the Router ID:
 * It does not need to be routable
 * The RID is reevaluated when the process is restarted or when configured manually
 * A new SPF calculation is done when the RID is changed.

OSPFv3 uses the link local interface IP

=OSPF Messages=

OSPF Contains 5 types of messages


 * Hello** - Used to establish and maintain neighbor relationships
 * Database Descriptor** - A brief summary of each LSA sent on the initial exchange
 * Link State Request** - A request for the full details of a LSA
 * Link State Update** - The full LSA, sent in response to LSR
 * Link State Acknowledgement** - Acknowledges an LSU



=Neighbor Adjacency=

During initial setup, Hello messages are broadcast to **224.0.0.5** and sourced from primary IP address on the interface.

The following parameters must be met to establish full adjacency:


 * Pass authentication if required
 * Must be in same subnet and have identical subnet masks
 * Must be in the same OSPF area
 * Must have the same area type
 * Must have unique RID
 * Hello and Dead timers must be equal

=Designated Router=

How it works
The designated router is the focal point of LSA communication between OSPF routers. All routers will be fully adjacent only with the DR/BDR. During the initial exchange. DD packets are sent to multicast address **224.0.0.6** for DR routers only. Once ACKd the DR resends the DD to **224.0.0.5** for all other OSPF routers. It is possible for a topology to NOT have a DR, in which case all DD and LSA packets are sent to 224.0.0.5.

DR Election
During the initial setup, routers will exchange hello messages which specify a DD. The DD field in a packet is 0.0.0.0 it means that the sending router does not have DR associated. In this case, the routers involved will wait a specific amount of time before performing a DR election. This is referred to as the **OSPF wait time**. If the router receives a hello which lists a DR already, as is the case when a single device does offline, no new election is done.


 * Only routers with a priority of 1-255 can claim DR
 * Order of preference is **highest** **priority** followed by **highest** **RID**
 * Second router becomes BDR
 * Routers with better priorities cannot preempt the DR
 * If the DR fails, the BDR becomes the DR and a new BDR is elected.

=OSPF Network Types=

Network types determine the whether the following are required:
 * A DR elected on the interface
 * Static neighbors configured using the //**neighbor**// command
 * Two neighbor allowed on same subnet

Network types are configured using //**(config-if)#ip ospf network [type]**//

Default network type is **broadcast** on LAN interfaces Default network type is **point-to-point** on HDLC and PPP links NBMA on serial frame relay?

Network types do not need to match to form full adj, they only need to both use LSA type 2.

The following network types exist:


 * ~ InterfaceType_ ||~ DR_Elected ||~ Default_Hello ||~ Static_Neighbors ||~ >2hosts/subnet ||
 * = Broadcast ||= Y ||= 10 ||= N ||= Y ||
 * = point-to-point ||= N ||= 10 ||= N ||= N ||
 * = NBMA ||= Y ||= 30 ||= Y ||= Y ||
 * = point-to-multipoint ||= N ||= 30 ||= N ||= Y ||
 * = p-to-m NB ||= N ||= 30 ||= Y ||= Y ||
 * = Loopback ||= N ||= - ||= - ||= N ||

With the variation in network types comes issues with OSPF over frame relay links. The following are common issues:

= = =Steady State Operation=
 * Hello/Dead timer mismatches
 * One router expects a DR election and the other doesnt. This can result in neighbors becoming adjacent but not communicating properly
 * DR/BDR should have contact with all other routers via PVC to ensure all routes are distributed
 * While usually one router will require static neighbors and the other wont, the neighbor command should be used on both for clarity.

When the OSPF topology has stabilized, the following standards operations occur:
 * Routers sent hellos based on per-interface hello intervals
 * Hellos are required within each dead interval, configurable per interface. Adj failures occur if this does not happen
 * Each router refloods each LSA it originated every 30 min by default (LSRefresh)
 * LSA refresh must occur within the Max Age timer (Default 60 min)

=LSA Types=


 * ~ LSA_TYPE ||~ Common_Name_ ||~ Description_Of___LSA___ ||
 * 1 || **Router** || 1 per router, lists RID and interface IP addresses. ||
 * 2 || **Network** || Created by DR, Represents subnet and router interfaces connected to subnet ||
 * 3 || **Net Summary** || Created by ABR. Summarizes type 1 & 2 LSAs into another area. Includes links origin area and cost to subnet ||
 * 4 || **ASBR Summary** || Same as type 3 but advertises a host route used to reach the ASBR ||
 * 5 || **AS External** || Created by ASBRs to advertise routes external to OSPF ||
 * 6 || Group Membership || Not supported by Cisco. Defined for MOSPF ||
 * 7 || **NSSA External** || Created by ASBRs in a NSSA area. Replaces type 5 LSA ||
 * 8 || External Attributes || No supported by Cisco ||
 * 9-11 ||  || Reserved for future expansion of OSPF ||
 * Type 2 LSAs are not generated if no DR exists on that subnet'


 * Type 1 describes how to route to node
 * If a link contains another OSPF router, described as transit in type 1 LSA, a type 2 LSA is generated for that link.
 * Not flooded outside local area
 * Describes directly connected links
 * Who are my neighbors?
 * What are my link costs?
 * Type 2
 * Not flooded outside the area its originated in
 * Describes who is adjacent to the DR
 * What is my link cost to the DR?
 * Implies link cost to all others adjacent to the DR
 * Used to reduce redundant information in the DB
 * Type 3
 * Describes ABRs reachability to links in other areas
 * Includes cost, hides ABR's actual path to dst
 * SPF not run for ABR advertised routes
 * Type 4
 * Describes ABR reachability to ASBRs in other areas
 * Type 5
 * Describes routes ASBR is redistributing
 * Metric
 * MEtric type
 * Forward address
 * Who is the gateway for the link
 * Route tag

Generally 3 types of routes:
 * 1) Intra-Area routes (O)
 * 2) LSA types 1 & 2
 * 3) Inter-Area routes (O IA)
 * 4) LSA types 3 & 4
 * 5) External routes
 * 6) E1/E2
 * 7) N1/N2

LSA Types 4 and 5
Both external LSAs separated into type 1 and type 2
 * External type 1 - External and internal metrics added to compute. Both LSA 4 and LSA 5 created. Can be forwarded by ABR into another area. Cost to reach router plus the metric listed used in calculation.
 * External type 2 - Only external metric is considered in SPF calculation. Type 5 LSA is created and flooded by ASBR

The following commands are used to examine the specific LSA types:


 * **//#sh ip ospf database//**
 * //**#sh ip ospf database network [IP]**// (Type 2 LSA)
 * //**#sh ip ospf database router [RID]**// (Type 1 LSA)
 * //**#sh ip ospf database router [RID] self-originate**// (Shows cost to each neighbor)
 * //**#sh ip ospf database summary [SUBNET]**// (Type 3 LSA)
 * //**#sh ip ospf database external [SUBNET]**// (Type 5 LSA)
 * //**#sh ip ospf database nssa-external [SUBNET]**// (Type 7 LSA)
 * //**#sh ip ospf database asbr-summary**// (Type 4 LSA)

=OSPF Areas=

Areas add scalability to OSPF. All devices in the area agree on the topo, and changes inside the area require LSA flooding and full SPF.
 * Inter-area routing is similar to distance vector
 * Changes outside the area dont always require LSA flooding or SPF
 * Backbone area is 0
 * Used to summarize the topo information between other areas
 * Traffic from one area to another must pass through 0
 * Must be contiguous

Stub Areas
Four types of stub areas. All stub areas prevent the injection of type 5 LSAs. Totally means type 3 LSAs are stopped. NSSA's allowed external routes to be sent outside the sub area.



Each area is created using the following commands:


 * NSSA - //**(config-router)#area [area-id] nssa**//
 * Totally NSSA- //**(config-router)#area [area-id] nssa no-summary**//
 * Stub- //**(config-router)#area [area-id] stub**//
 * Totally Stubby- //**(config-router)#area [area-id] stub no-summary**//

=**OSPF Cost Calculcation**=

The OSPF cost values can be modified per the following methods:


 * 1) Set the cost per neighbor: //**(config-router)#neighbor [neighbor IP] cost [value**] (ONLY: P-M and P-M NB net types)//
 * 2) Set the cost per interface: **//(config-if)#ip ospf cost [value]//**
 * 3) Allow the default based on interface bandwidth: **OSPF Reference Bandwidth/Interface Bandwidth**
 * 4) Allow the default based on int bandwidth, change the reference bandwidth: **//(config-router)#ospf auto-cost reference-bandwidth//**

OSPF cost calculation for a segment is based on the bandwidth of the outgoing interface
 * Note that the there is a slight unit difference between interface bandwidth (kbps) and reference bandwidth (Mbps). 1544 kbps = 1.544 Mbps.**

The path selection to an interface can also be altered by preventing a router from using a non-backbone area as a transit to another area. The following command forces a router to route through area 0 for inter-area routes:


 * //(config-router)#no capability transit//**

Note that this only applies when a device has a virtual link, and chooses to not use that virtual link. The command is configured on the device that you want to route through the virtual link.

=OSPF Route Filtering=

The main challenge with OSPF filtering is that routers exchange topology information as opposed to actual routes. Filtering these could cause the routers to have different LSDBs which would resulting in routing irregularities. Regardless, OSPF supports 3 types of filtering:


 * 1) Filtering routes using //**distribute-list in**//. This filters the routes the SPF process is attempting to use.
 * 2) ABR type 3 filtering: Preventing the ABR from sending specific type 3 LSAs
 * 3) ABR type 3 filtering v2: Uses the //**area range no-advertise**// command

distribute-list
This command, also used for RIP and EIGRP, can be used to filter both incoming and outgoing routes. distribute-list references ACLs or Prefix lists. The following caveats exist:


 * Distribute lists should only be used for inbound filtering, as outbound would result in filtering LSAs
 * Inbound logics filters the routes that SPF chooses to add to the routing table
 * If an incoming interface parameter is added, it is checked as through it were the outgoing interface for the route

The following is an example of filtering the route 10.4.8.0/24

//**ip prefix-list EXAMPLE seq 5 deny 10.4.8.0/24**// //**ip prefix-list EXAMPLE seq 10 permit 0.0.0.0/0 le 32**//

//**Router ospf 1**// //**distribute-list prefix EXAMPLE in Serial0.2**//

Configuration of a distribute list with a route-map as opposed to a prefix-lits allows much finer granularity.

ABR LSA Type 3 filtering
This filters the Type 3 LSAs at the ABR which would normally create them. Configuration is done via the following command:

//**area [num] filter-list prefix [name] in|out**//

IN - filters prefixes going into to configured area OUT - filters prefixes coming out of the configured area

The following is an example of filtering the route 10.3.2.0/23

//**ip prefix-list EXAMPLE seq 5 deny 10.3.2.0/23**// //**ip prefix-list EXAMPLE seq 10 permit 0.0.0.0/0 le 32**//

//**router ospf 1**// //**area 3 filter-list prefix EXAMPLE out**//

//**-**//

Filtering with area range
The area range command performs route summarization and creates a single Type 3 LSA for all encompassing routes. The not-advertise keyword prevents the smaller subnets and the summarized route from being advertised as a Type 3 LSA. This has the same effect as an //**area filter-list out**//

An example filtering the 10.3.2.0/23 prefix from the last heading is shown:

//**area 3 range 10.3.2.0 255.255.254.0 not-advertise**//

=OSPF Virtual Links=

Virtual links are used to connect remote areas to area 0 or to link non-contiguous intra-area devices. This is done by tunneling OSPF packets inside of IP packets. Virtual links are configured with the following command:

//**(config-router)#area [NUM] virtual-link [RID]**//

And can be examined with: //**sh ip ospf virtual-links**//

This command must be configured on each side of the link
 * Area number is that of the transit area**

=OSPF Authentication=

Authentication in OSPF differs significantly from EIGRP and RIP. The following are key points:


 * There are 3 types
 * 1) Type 0 (None) (//**ip ospf authentication null**//)
 * 2) Type 1 (clear text) (//**ip ospf authentication**//)
 * 3) Type 2 (MD5) (//**ip ospf authentication message-digest**//)
 * Authentication is enabled per interface with (//**config-if)#ip ospf authentication**//
 * Default type is 0
 * Global default can be set using //**(config-router)#area [num] authentication [message-digest]**//
 * Keys are configured as interface subcommands
 * //**(config-if)#ip ospf message-digest-key [key-number] md5 [key-value]**//
 * //**(config-if)#ip ospf authentication-key [key-value]**//
 * Multiple keys are allowed
 * One message sent for each key configured

**Authentication on Virtual Links**
Authentication on virtual links is configured with the following commands:
 * 1) //**area [num] virtual-link [RID] authentication null**//
 * 2) //**area [num] virtual-link [RID] authentication authentication-key [key-value]**//
 * 3) //**area [num] virtual-link [RID] authentication message-digest message-digest-key [key-num] md5 [key-value]**//

=**OSPF Stub Routers**=

OSPF Stub routers only forward routes locally within their subnet. A common use case for this would be to prevent an ASBR from advertising OSPF routes before BGP converges in the case of a reload. It is configured either of the following ways. The first allows a specific time and and the second waits until BGP signals that it has converged with a 10 minute max wait.


 * 1) //**(config-router)#max-metric router-lsa on-startup [announce-time]**//
 * 2) //**(config-router)#max-metric router-lsa on-startup wait-for-bgp**//

=**Configuring OSPF**=

Prerequisites

 * IP routing must be enabled
 * Must be an "up/up" interface running IP

Enabling OSPF

 * Enable global process
 * //**router ospf [process-id]**//
 * process id is locally significant unless using MPLS L3VPN
 * Enable OSPF interface process
 * Process level
 * //**network [address] [wildcard] area [area-id]**//
 * If you issue a /8, doesn't mean it advertises that. Uses mask of interface
 * Wildcard good for enabling on multiple interfaces
 * Can overlap, most specific matching statement determines the area for that interface
 * Interface level
 * //**ip ospf [process-id] area [area-id]**//
 * Will enable on both primary and secondary interface IPs
 * OSPF stays enabled if IP address changes

OSPF Verification

 * Verify OSPF is enabled
 * //**show ip ospf**//
 * //**show ip ospf interface [brief]**//
 * Verify OSPF adjacency
 * //**show ip ospf neighbor**//
 * //**debug ip ospf adj**//
 * Verify OSPF database
 * //**show ip ospf database [router|network|summary|...]**//

=Troubleshooting OSPF=


 * Two main types of problems that can arise**
 * 1) Transport problems
 * This happens if you cant get to 2-way
 * 1) Attribute negotiation problems

**Useful commands**

 * //**show ip ospf neighbor**//
 * //**show ip ospf database**//
 * Will show if advertising router is unreachable
 * //**debug ip ospf adj**//
 * //**debug ip ospf packet**//

**Strategies**

 * Consider looking at the state of the database for a single area
 * Are me missing router IDs in the router LSAs?
 * Flood war
 * This means one router is adv a route, another is withdrawing
 * Happens often with duplicate router IDs
 * Network type mismatch
 * Can cause both routers to show full adj
 * Routes can be in the OSPF database, but wont get installed into RIB