The Bryant Advantage CCNP ROUTE Study Guide

Chris Bryant, CCIE #12933 - www.thebryantadvantage.com

Back To Index

Multi-Area OSPF And Route Summarization

Overview OSPF Design Guidelines Stub And Total Stub Configuration Changing Default Route Costs OSPF Route Types OSPF Router Types OSPF LSA Types Route Summarization Propagating Default Routes In OSPF

OSPF Design Guidelines Just about every OSPF configuration you work with in the real world is going to be a multi-area setup, for reasons we touched on in the previous section and that we'll add to here. Cisco exam success lies in knowing the details, and that applies especially to OSPF, because there are a lot of details to learn with multiarea OSPF. As with all things Cisco, learning it "piece by piece" instead of looking at this section as a whole will help you master those details for your exam and your career. Those of you with an eye on the CCIE will truly have to master the details of OSPF! Before we begin to build our multi-area OSPF configuration, there are some design rules that Cisco would like you to keep in mind. Design rules are generally subjective, but these OSPF design rules are particularly important since they are designed to keep the demand on the router's CPU and memory resources to a reasonable level. (The term "reasonable level" is subjective as well - generally, your more powerful routers will be at the core of your network while the lesser routers will be at the outskirts.)

No router should be in more than three areas. No area should contain more than 50 routers. No router should have more than 60 neighbors. A router can be a DR or BDR for more than one network segment, but be careful that the router is not overworked by doing so. Do not run more than one OSPF process on an Area Border Router. Of all the OSPF design rules, it's my experience that you really have to watch the one regarding having too many routers in a single area. This ends up causing more LSA traffic than you really need, which in turn means you've got more routers having to recalculate their routing tables more and more often, which in turn puts an unnecessary load on the CPU of the routers. Why Build Multiple Areas? Using a hierarchical, multi-area approach to OSPF delivers these benefits: Route summarization is made possible (and simpler) through a layered approach to address allocation. In turn, route summarization helps keep routing tables concise yet complete, which lessens the load on a router's CPU during the routing process. Smaller routing tables are better than larger routing tables, but they still have to be complete! Using multiple OSPF areas helps us accomplish that. By creating multiple areas, LSA flooding upon a change in the network is localized. For example, LSA Types 1 and 2 don't leave the local area. This results in fewer Link State Updates traveling across the OSPF network as a whole. (If you're rusty on LSA types, don't worry, we'll go over those in this section!) As a result, fewer Shortest Path First (SPF) recalculations are needed. Let's look at how the creation of OSPF stub and total stub areas help to deliver these benefits. Stub And Total Stub Areas Area 0 is the backbone area of an OSPF configuration. When creating a multi-area OSPF network, every non-backbone area must contain a router that has a physical or logical connection (virtual link) to Area 0. Traffic going from one non-backbone area to another non-backbone area must cross Area 0. For that reason, Area 0 is generally going to be found at the center, or core, of the network. The network we will build in this section will have Area 0 at the very center.

We'll start by placing the serial0 interface on R1, R2, and R3 into Area 0. The network 172.12.123.0 /24 is running over the frame, with each router using its router number as the 4th octet. The loopback of each router will be placed into an area numbered using the router number; that is, R1's loopback, 1.1.1.1, will be placed into Area 1, and so forth. This is a hub-and-spoke network, so the special considerations you learned for this topology in the "LS Protocols And Single-Area OSPF" sections must be put into action: The hub will need neighbor statements The hub must become the DR The spokes must not take part in the DR/BDR election If you're running this lab, be sure to check your connectivity across the frame network before applying the OSPF config - that can save you a lot of unnecessary troubleshooting.

R1(config)#router ospf 1 R1(config-router)#network 172.12.123.0 0.0.0.255 area 0 R1(config-router)#network 1.1.1.1 0.0.0.0 area 1 R1(config-router)#neighbor 172.12.123.2 R1(config-router)#neighbor 172.12.123.3 R2(config)#interface serial0 R2(config-if)#ip ospf priority 0

R2(config-if)#router ospf 1 R2(config-router)#network 172.12.123.0 0.0.0.255 area 0 R2(config-router)#network 2.2.2.2 0.0.0.0 area 2 R3(config)#interface serial0 R3(config-if)#ip ospf priority 0

R3(config-if)#router ospf 1 R3(config-router)#network 172.12.123.0 0.0.0.255 area 0 R3(config-router)#network 3.3.3.3 0.0.0.0 area 3

Verify with show ip ospf neighbor.

R1#show ip ospf neighbor Neighbor ID 3.3.3.3 2.2.2.2 Pri 0 0 State FULL/DROTHER FULL/DROTHER Dead Time 00:01:46 00:01:42 Address 172.12.123.3 172.12.123.2 Interface Serial0 Serial0

R2#show ip ospf neighbor Neighbor ID 1.1.1.1 Pri 1 State FULL/DR Dead Time 00:01:32 Address 172.12.123.1 Interface Serial0

R3#show ip ospf neigh Neighbor ID 1.1.1.1 Pri 1 State FULL/DR Dead Time 00:01:56 Address 172.12.123.1 Interface Serial0

Both R2 and R3 see R1 as the DR, and R1 sees both R2 and R3 as "DROTHER", indicating that those two routers are neither DR nor BDR. Also note that the neighbor IDs are the neighbor's RIDs, and as we would expect at this point, the RID for each router is the router's single loopback address. Since our three non-backbone areas all have a router that is physically connected to Area 0, the configuration is valid and each router has a route to both remote loopback addresses.
R1#show ip route ospf 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/65] via 172.12.123.2, 00:00:00, Serial0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 172.12.123.3, 00:00:00, Serial0 R2#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/65] via 172.12.123.1, 00:00:23, Serial0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 172.12.123.3, 00:00:23, Serial0 R3#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/65] via 172.12.123.1, 00:01:59, Serial0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/65] via 172.12.123.2, 00:00:07, Serial0

The routes to the remote loopback are all marked "O IA". The "O" refers to OSPF, and the "IA" refers to an inter-area route - a route to a destination located in another OSPF area. Since each router borders Area 0 and connects another area to Area 0, each router in the current network is an ABR - an Area Border Router. This is confirmed in this abbreviated output of show ip ospf :
R1#show ip ospf Routing Process "ospf 1" with ID 1.1.1.1

Supports only single TOS(TOS0) routes Supports opaque LSA It is an area border router R2#show ip ospf Routing Process "ospf 1" with ID 2.2.2.2 Supports only single TOS(TOS0) routes Supports opaque LSA It is an area border router R3#show ip ospf Routing Process "ospf 1" with ID 3.3.3.3 Supports only single TOS(TOS0) routes Supports opaque LSA It is an area border router

Now we'll bring in another router and another area. R4 is connected to R3 via the segment 172.34.34.0 /24, and both will have their Ethernet interfaces placed into Area 34.

R3(config)#router ospf 1 R3(config-router)#network 172.34.34.0 0.0.0.255 area 34 R4(config)#router ospf 1 R4(config-router)#network 172.34.34.0 0.0.0.255 area 34

Always verify new adjacencies!

R3#show ip ospf nei

Neighbor ID 1.1.1.1 4.4.4.4

Pri 1 1

State FULL/DR FULL/DR

Dead Time 00:01:58 00:00:38

Address 172.12.123.1 172.34.34.4

Interface Serial0 Ethernet0

R4#show ip ospf nei Neighbor ID 3.3.3.3 Pri 1 State FULL/BDR Dead Time 00:00:33 Address 172.34.34.3 Interface Ethernet0

R4 now has an adjacency with R3. Let's take a look at R4's OSPF routing table:
R4#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/75] via 172.34.34.3, 00:01:03, Ethernet0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/75] via 172.34.34.3, 00:01:03, Ethernet0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/11] via 172.34.34.3, 00:01:03, Ethernet0 172.12.0.0/24 is subnetted, 1 subnets O IA 172.12.123.0 [110/74] via 172.34.34.3, 00:01:03, Ethernet0

All the OSPF routes on R4 are OSPF inter-area routes, as indicated by O IA. We can also see that the next-hop IP address is the same for all four routes. It would have to be, since there's only one exit point for any data R4 sends to any of these destinations. It seems like a bit of a waste of time to have all of these specific routes in the routing table when they've all got the same next-hop IP address, doesn't it? Let's keep that in mind. We're also going to bring some more routes into this OSPF configuration via route redistribution. Route redistribution is the process of taking routes known by another method -- whether that be another routing protocol, another instance of the same protocol, or a connected / static route - and placing them into another protocol. Routes that are being redistributed into another protocol are sometimes referred to as being injected into that domain. R5 will now be added to our network. R5 and R1 are both on the 15.0.0.0 /8 network, and are both running RIP version 2. R5 has three loopback addresses - 5.1.1.1 /8, 6.1.1.1 /8, and 7.1.1.1. /8. R5 will advertise all its loopback addresses via RIPv2. R1 will run RIP only on the 15.0.0.0/8 network.

R5(config)#router rip R5(config-router)#version 2 R5(config-router)#no auto-summary R5(config-router)#network 5.0.0.0 R5(config-router)#network 6.0.0.0 R5(config-router)#network 7.0.0.0 R5(config-router)#network 15.0.0.0 R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto R1(config-router)#network 15.0.0.0

R1 will see all of R5's loopbacks in its RIP routing table. R1 also has a route to R2's loopback, R3's loopback, and the 172.34.34.0 /24 network in its OSPF table.

R1#show ip route rip R 5.0.0.0/8 [120/1] via 15.1.1.5, 00:00:03, Serial1 R 6.0.0.0/8 [120/1] via 15.1.1.5, 00:00:03, Serial1 R 7.0.0.0/8 [120/1] via 15.1.1.5, 00:00:03, Serial1 R1#show ip route ospf 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/65] via 172.12.123.2, 00:04:17, Serial0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 172.12.123.3, 00:04:17, Serial0 172.34.0.0/24 is subnetted, 1 subnets O IA 172.34.34.0 [110/74] via 172.12.123.3, 00:04:17, Serial0

On R1, the RIP routes and 15.0.0.0/8 (a directly connected network) will be redistributed into OSPF, and the OSPF routes along with 172.12.123.0 /24 (a directly connected network) will be redistributed into RIP. The directly connected routes have to be redistributed along with the dynamically learned routes, or hosts in the RIP domain could not ping host addresses in the OSPF domain. Forgetting to redistribute the connected networks is a common error in route redistribution. The remote protocol's routes will be seen, but pings won't go through.
R1(config)#router ospf 1 R1(config-router)#redistribute connected % Only classful networks will be redistributed R1(config-router)#redistribute connected subnets R1(config-router)#redistribute rip subnets R1(config-router)#router rip R1(config-router)#redistribute connected metric 1 R1(config-router)#redistribute ospf 1 metric 1

Note that when the connected networks and RIP routes were redistributed into OSPF, the subnets option had to be used to allow subnet redistribution. Also, when redistributing connected networks and OSPF routes into RIP, a seed metric had to be supplied. The seed metric is a "starting metric" for the paths being redistributed and is required for routes being redistributed into RIP and EIGRP. OSPF uses a default seed metric of 20, so no metric has to be set for the connected and RIP subnets redistributed into OSPF. The OSPF router that redistributes routes into the OSPF domain is the Autonomous System Border Router (ASBR). If a router is an ABR or ASBR, you'll see that in the output of show ip ospf. You'll also see which routes are being redistributed. Note that a router can be both an ABR and ASBR, as R1 is here.
R1#show ip ospf Routing Process "ospf 1" with ID 1.1.1.1 Supports only single TOS(TOS0) routes Supports opaque LSA It is an area border and autonomous system boundary router Redistributing External Routes from, connected, includes subnets in redistribution rip, includes subnets in redistribution

To see all the ABRs and ASBRs, run show ip ospf border-routers. Running this command on R3 verifies that R2 is an ABR and R1 is an ABR/ASBR:

R3#show ip ospf border-routers OSPF Process 1 internal Routing Table Codes: i - Intra-area route, I - Inter-area route i 1.1.1.1 [64] via 172.12.123.1, Serial0, ABR/ASBR, Area 0, SPF 38 i 2.2.2.2 [64] via 172.12.123.2, Serial0, ABR, Area 0, SPF 38

At this point, R5 should have all the OSPF routes in its routing table, and should be able to ping any address in the OSPF configuration. Here is R5's RIP routing table, followed by pings of all remote loopback interfaces and R4's Ethernet0 interface.
R5#show ip route rip 1.0.0.0/32 is subnetted, 1 subnets R 1.1.1.1 [120/1] via 15.1.1.1, 00:00:20, Ethernet0 2.0.0.0/32 is subnetted, 1 subnets R 2.2.2.2 [120/1] via 15.1.1.1, 00:00:20, Ethernet0 3.0.0.0/32 is subnetted, 1 subnets R 3.3.3.3 [120/1] via 15.1.1.1, 00:00:20, Ethernet0 172.34.0.0/24 is subnetted, 1 subnets R 172.34.34.0 [120/1] via 15.1.1.1, 00:00:20, Ethernet0 172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks R 172.12.123.0/24 [120/1] via 15.1.1.1, 00:00:20, Ethernet0

R5# ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

R5#ping 2.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms

R5#ping 3.3.3.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms R5#ping 172.34.34.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.34.34.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 96/100/108 ms

R5 can indeed see the OSPF routes and can ping all three remote loopbacks. Notice that there's no special code next to a RIP route that was originally learned via redistribution - the only RIP route code is "R". Let's take a look at R4's OSPF routing table, and see if R4 can ping R5's loopbacks.
R4#show ip route ospf

O IA O IA O IA O E2 O E2 O IA O E2 O E2

1.0.0.0/32 is subnetted, 1 subnets 1.1.1.1 [110/75] via 172.34.34.3, 00:33:33, Ethernet0 2.0.0.0/32 is subnetted, 1 subnets 2.2.2.2 [110/75] via 172.34.34.3, 00:33:33, Ethernet0 3.0.0.0/32 is subnetted, 1 subnets 3.3.3.3 [110/11] via 172.34.34.3, 00:33:33, Ethernet0 5.0.0.0/32 is subnetted, 1 subnets 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 6.0.0.0/32 is subnetted, 1 subnets 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks 172.12.123.0/24 [110/74] via 172.34.34.3, 00:33:33, Ethernet0 7.0.0.0/32 is subnetted, 1 subnets 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 15.0.0.0/24 is subnetted, 1 subnets 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0

R4#ping 5.1.1.1 Type escape sequence to abort.

(Ever notice the router doesn't tell you the ping escape sequence?) (It's <ctrl-shift-6> TWICE, in rapid succession.)
Sending 5, 100-byte ICMP Echos to 5.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms

R4#ping 6.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/76 ms

R4#ping 7.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/76 ms

In addition to the O IA routes, we now see some O E2 routes as well. O E2 routes are OSPF External Type 2 routes, and these are routes that were originally learned via redistribution. (Don't worry, we're going to cover each type of OSPF route you can see in a routing table, along with all the codes.) For right now, let's concentrate on the size of this routing table, what impact that could have, and how we can possibly shrink this table a bit without sacrificing connectivity. Examining R4's OSPF routing table, we see that every single one of the External routes has one thing in common -- the next-hop IP address.
5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 6.0.0.0/32 is subnetted, 1 subnets O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 15.0.0.0/24 is subnetted, 1 subnets O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0 O E2

It's a waste of time and resources for R4 to look through all these routes for packets with a destination external to OSPF, because the next hop is

going to be the same -- 172.34.34.3. OSPF allows us to substitute a single default route for all external destinations by making Area 34 a stub area. Configuring an area as stub prevents LSA Type 5s from flooding the stub area. It's not enough to configure Area 34 as a stub on R4 or R3. Every router in the area must agree that this is a stub area, or adjacencies will drop. Configuring an area as stub is referred to as "setting the stub flag" or "setting the stub bit". Watch what happens when an area is configured as stub on R3, but not R4:
R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#router ospf 1 R3(config-router)#area 34 stub 4d06h: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0 from FULL to DOWN, Neighbor Down: Dead timer expired

Configuring the area as stub on R4 will bring the adjacency back up:
R4#conf t Enter configuration commands, one per line. R4(config)#router ospf 1 R4(config-router)#area 34 stub End with CNTL/Z.

R4#show ip ospf nei Neighbor ID 3.3.3.3 Pri 1 State FULL/BDR Dead Time 00:00:37 Address 172.34.34.3 Interface Ethernet0

Area 34 is now a stub area. Look at R4's OSPF routing table:

R4#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/75] via 172.34.34.3, 00:01:07, Ethernet0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/75] via 172.34.34.3, 00:01:07, Ethernet0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/11] via 172.34.34.3, 00:01:07, Ethernet0 172.12.0.0/24 is subnetted, 1 subnets O IA 172.12.123.0 [110/74] via 172.34.34.3, 00:01:07, Ethernet0 O*IA 0.0.0.0/0 [110/11] via 172.34.34.3, 00:01:07, Ethernet0

With that simple config, the size of the routing table has been cut in half. The E2 routes have been replaced with a single default route, as indicated by the asterisk. R5's loopback addresses can still be pinged:
R4#ping 5.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/71/80 ms

R4#ping 6.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms

R4#ping 7.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms

The cost for the default route can be adjusted with the default-cost command. On R3, we'll change the OSPF metric for the default route to 20, which should give it a total cost of 30 on R4:
R3(config)#router ospf 1 R3(config-router)#area 34 default-cost 20 R4#show ip route ospf O*IA 0.0.0.0/0 [110/30] via 30.1.1.3, 00:00:09, Ethernet0

The routing table is half its previous size while still allowing full connectivity. We can take this one step further, since the four nondefault inter-area routes all have the same next-hop IP address as well. OSPF allows the configuration of a total stub area, where all external and inter-area routes are replaced with a single default route. One single addition to R3 will do this. The no-summary option added to the ABR of the stub area will make this a total stub area. Making an area a total stub area prevents LSA types 3, 4, and 5 from flooding into the area. The ABR is the only router that needs the no-summary option enabled. no-summary doesn't have to be added to the other routers in the area, but they still have to be configured as stub.
R3(config)#router ospf 1 R3(config-router)#area 34 stub no-summary

A little "theory vs. real-world" discussion is merited here. In the real world, you'll often see OSPF total stub areas that have every router in the total stub configured with no-summary. That doesn't hurt anything, but technically only the ABR should have that option enabled. Personally, on the exam and in real life, I would only configure nosummary on the ABR. Where R4 had nine OSPF inter-area and external routes, it now has a single default route for all those destinations:
R4#show ip route ospf O*IA 0.0.0.0/0 [110/30] via 172.34.34.3, 00:07:26, Ethernet0

Now we've seen that with an OSPF stub area, you can have routes to other destinations in the area (O), inter-area routes (O IA), and a default inter-area route to reach the external destinations (O *IA). With a total stub area, you'll see only routes to other networks in the total stub area (O) and a single default route used to reach all other destinations (O *IA). If we add a loopback to R3 in this configuration

and place it in Area 34, R4 will see it as an intra-area route and it will have a specific entry in the OSPF table.
R3(config)#int loopback33 R3(config-if)#ip address 33.33.33.33 255.255.255.255 R3(config-if)#router ospf 1 R3(config-router)#network 33.33.33.33 0.0.0.0 area 34 R4#show ip route ospf 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/11] via 172.34.34.3, 00:00:03, Ethernet0 O*IA 0.0.0.0/0 [110/30] via 172.34.34.3, 00:00:03, Ethernet0

You can take a good idea too far, though. If stub areas are so great, let's make Area 0 a stub! After all, R2 and R3 only have one possible next hop to the external destinations, and that's through R1. So let's try that...
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#router ospf 1 R1(config-router)#area 0 stub OSPF: Backbone can not be configured as stub area

One of the things I like most about Cisco equipment is that nine out of ten times, the router or switch is going to stop you from doing something you really shouldn't do. Or at the very least, you'll be warned! Here, the router won't let you make Area 0 a stub area, because Area 0 is prohibited from being a stub or total stub. The exam probably won't be so kind as to tell you that, so remember that! "Not So Stubby Stub Areas" The final OSPF area type is an NSSA, short for "not-so-stubby stub area". An NSSA is a stub area that contains a limited number of external routes. An NSSA is the only area that will use a Type 7 LSA, which you'll read more about in the LSA review later in this section. This is a highly specialized OSPF area type, and it's not common, but they are out there. Let's take a look at the commands to configure a stub NSSA and total stub NSSA. We'll now add another loopback to R3 and inject it into the OSPF domain with the redistribute connected subnets command.
R3(config)#int loopback14 R3(config-if)#ip address 14.14.14.14 255.255.255.255 R3(config)#router ospf 1 R3(config-router)#redistribute connected subnets

R1 will see the route as an E2 route...

R1#show ip route ospf 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/65] via 172.12.123.2, 00:03:11, Serial0 33.0.0.0/32 is subnetted, 1 subnets O IA 33.33.33.33 [110/65] via 172.12.123.3, 00:03:11, Serial0 3.0.0.0/32 is subnetted, 1 subnets

O IA

3.3.3.3 [110/65] via 172.12.123.3, 00:03:11, Serial0 172.34.0.0/24 is subnetted, 1 subnets O IA 172.34.34.0 [110/74] via 172.12.123.3, 00:03:12, Serial0 14.0.0.0/32 is subnetted, 1 subnets O E2 14.14.14.14 [110/20] via 172.12.123.3, 00:01:48, Serial0

...but R4 will not, since R4 is in a total stub area.

R4#show ip route ospf 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/11] via 172.34.34.3, 01:02:10, Ethernet0 O*IA 0.0.0.0/0 [110/30] via 172.34.34.3, 01:02:10, Ethernet0

We'll remove the total stub statement from R3 and the stub statement from R4, and replace both statements with area 34 nssa, which will make Area 34 a not-so-stubby stub area. Note that the adjacencies reset during this process.
R3(config-router)#no area 34 stub no-summary 01:40:26: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset R3(config-router)#area 34 nssa R4(config)#router ospf 1 R4(config-router)#no area 34 stub R4(config-router)#area 34 nssa 01:41:20: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0 from LOADING to FULL, Loading Done

R4 now sees the route as N2, which is an NSSA External route.

R4#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/75] via 172.34.34.3, 00:00:14, Ethernet0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/75] via 172.34.34.3, 00:00:14, Ethernet0 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/11] via 172.34.34.3, 00:00:14, Ethernet0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/11] via 172.34.34.3, 00:00:14, Ethernet0 172.12.0.0/24 is subnetted, 1 subnets O IA 172.12.123.0 [110/74] via 172.34.34.3, 00:00:14, Ethernet0 14.0.0.0/32 is subnetted, 1 subnets O N2 14.14.14.14 [110/20] via 172.34.34.3, 00:00:14, Ethernet0

We can configure Area 34 as a "not-so-stubby total stub" area by adding the no-summary command to R3's NSSA statement. Note that the adjacency again goes down.
R3(config)#router ospf 1 R3(config-router)#area 34 nssa ? default-information-originate Originate Type 7 default into NSSA area no-redistribution No redistribution into this NSSA area no-summary Do not send summary LSA into NSSA <cr> R3(config-router)#area 34 nssa no-summary 01:43:51: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

01:43:53: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0 from LOADING to FULL, Loading Done

R4 now has a default route in addition to the N2 route.

R4#show ip route ospf 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/11] via 172.34.34.3, 00:00:25, Ethernet0 14.0.0.0/32 is subnetted, 1 subnets O N2 14.14.14.14 [110/20] via 172.34.34.3, 00:00:25, Ethernet0 O*IA 0.0.0.0/0 [110/30] via 172.34.34.3, 00:00:25, Ethernet0

OSPF Route Types You saw several different OSPF route types in the previous section. Taking a look at the following partial output of show ip route, let's go over the meaning of each type.
R1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

O - A route to a destination in the same area. A loopback with IP address 33.33.33.33 has been added to Area 34, and R4 sees it as an "O" route.
R4#show ip route ospf 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/11] via 172.34.34.3, 00:00:03, Ethernet0

O IA - A route to a destination in another OSPF area. Before making Area 34 a total stub area, R4 had a few of these:
R4#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/75] via 172.34.34.3, 00:01:03, Ethernet0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/75] via 172.34.34.3, 00:01:03, Ethernet0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/11] via 172.34.34.3, 00:01:03, Ethernet0 172.12.0.0/24 is subnetted, 1 subnets O IA 172.12.123.0 [110/74] via 172.34.34.3, 00:01:03, Ethernet0

O E2 AND O E1: Both codes indicate external routes. OSPF external routes are routes learned via redistribution. Before making Area 34 a stub area, R4 had these E2 routes:
O E2 O E2 O E2 O E2 O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 6.0.0.0/32 is subnetted, 1 subnets 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, Ethernet0 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 15.0.0.0/24 is subnetted, 1 subnets 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0

The difference between E2 and E1 routes is that the metric of an E2 route only reflects the cost of the path between the ASBR and the final destination. The cost between R4 and the ASBR (R1) is not considered

in the metric. The metric of an E1 route reflects the OSPF cost of the entire path from the local router to the final destination. To see the difference, we'll look at two of the original external routes in R4's routing table. E2 is the default:
O E2 O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0

The metric is 20. This is the cost from the ASBR to the destination. The cost of the path from R4 to the ASBR, R1, is not included in this metric. To redistribute routes into OSPF as E1 routes, use the metric-type option:
R1(config)#router ospf 1 R1(config-router)#redistribute rip subnets metric-type ? 1 Set OSPF External Type 1 metrics 2 Set OSPF External Type 2 metrics R1(config-router)#redistribute rip subnets metric-type 1

Look at the same two routes in R4's routing table, which are now displayed as E1 routes:
O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:04:13, Ethernet0 6.0.0.0/32 is subnetted, 1 subnets O E1 6.1.1.1 [110/94] via 172.34.34.3, 00:04:14, Ethernet0

The routes now show a larger metric - 94. That's because this is the OSPF cost for the entire path from R4 to each of the destination networks. There are two other route types in that OSPF table that merit discussion: N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 These route types will obviously be found only in NSSAs. It can be a little confusing to keep up with the different route types that can be found in stub, total stub, and not-so-stubby areas, so here's a summary: Stub areas can contain O, O IA, and O* IA routes. Total stub areas can contain O and O* IA routes only. NSSAs can contain O, O IA, O N2, O* N2, O N1, and O* N1 routes.

OSPF Router Types We've mentioned the ABR and ASBR, but there are several other OSPF router types you must know and be able to identify by sight. Commands such as show ip ospf help us identify ABRs and ASBRs on a working network, but since you can't carry a router into the CCNP ROUTE exam room, we better know these router types by sight.

You must be able to look at a network diagram and determine the OSPF router type(s) - and notice the (s). An OSPF router can fill more than one role. Using our current OSPF network, let's take a look at each OSPF router type.

Internal Routers and Backbone Routers These two definitions are simple, but similar. An OSPF internal router is a router that has all its interfaces in a single area. That area does not have to be Area 0. In this network, R4 is an internal router. If we configure a loopback on R4 and place it in Area 4, it would no longer be an internal router. Backbone routers have at least one interface in Area 0. That's the only requirement. Our OSPF network contains three backbone routers; R1, R2, and R3.

Again, it's important to remember that routers can fill both of these roles. Here is an example of a network where both routers are internal routers and backbone routers:

Both routers have all their interfaces in a single area, so they're both internal routers. They also have at least one interface in Area 0, so they're both backbone routers. Area Border Routers An ABR is a router that has one interface in Area 0 and another in a nonbackbone area. In our OSPF network, R1, R2, and R3 are all ABRs. All ABRs are backbones, but not all backbones are ABRs. Be careful when identifying OSPF router types! Autonomous System Border Routers An ASBR is an OSPF router that takes routes learned via another protocol and places those routes into the OSPF domain. In our OSPF network, R1 is an ASBR. Any route redistribution involving OSPF must be configured manually. Just because R1 is running both RIP and OSPF does not mean that RIP routes are known automatically by the OSPF routers, and the RIP router doesn't automatically get the OSPF routes that R3 knows about. You can see the ABRs and ASBRs of any given OSPF area by running show ip ospf border-routers.

OSPF LSA Types With all the different OSPF configurations and area types, we've looked at, it won't surprise you to find that there are different LSA types being sent around an OSPF network. The contents of a router's OSPF database are displayed with show ip ospf database and are sorted by area and LSA type.
R3#show ip ospf database OSPF LSA Type 1: OSPF Router with ID (3.3.3.3) (Process ID 1)

Router Link States (Area 0) Link ID 1.1.1.1 2.2.2.2 3.3.3.3 ADV Router Age 1.1.1.1 1148 2.2.2.2 1334 3.3.3.3 1459 Seq# Checksum 0x8000005A 0x0032F2 0x8000005D 0x00E733 0x80000059 0x00B164 Link Count 1 1 1

These router link advertisements are generated by each router for every area that it belongs to. These are flooded to a single area only. The name is the recipe - LSA Type 1s contain the "router link states" for this particular router.
OSPF LSA Type 2: Net Link States (Area 0) Link ID 172.12.123.1 ADV Router 1.1.1.1 Age 900 Seq# 0x8000005B Checksum 0x007416

Type 2 LSAs are sent out by the DR only. You can see that the only Type 2 R3 has is from Advertising Router 1.1.1.1, which is the OSPF RID of R1. Since LSA types 1 and 2 are confined to a single area, this is another way in which multiple-area OSPF helps to reduce the load on router resources. If you have one large OSPF area, every router in the area would receive every single Type 1 and Type 2 LSA.
OSPF LSA Type 3: Summary Net Link States (Area 0) Link ID ADV Router 1.1.1.1 1.1.1.1 2.2.2.2 2.2.2.2 3.3.3.3 3.3.3.3 33.33.33.33 3.3.3.3 172.34.34.0 3.3.3.3 Age 1900 1824 1460 1460 241 Seq# Checksum 0x80000058 0x009844 0x80000058 0x004C88 0x8000005A 0x00FBCE 0x80000053 0x00A0B8 0x8000006C 0x00E6E3

These summary link advertisements are generated by ABRs and describe inter-area routes (notice that none of these links are in Area 0). They summarize the networks from one area to another. Type 3 LSAs are not flooded into a total stub area.
OSPF LSA Type 4: Summary ASB Link States (Area 3) Link ID 1.1.1.1 ADV Router 3.3.3.3 Age 1461 Seq# 0x80000056 Checksum 0x00CACB

Type 4 LSAs are generated by ABRs only and describe the path to the ASBR. Type 4 LSAs are not flooded into a total stub area.
OSPF LSA Type 5: Type-5 AS External Link States Link ID 5.1.1.1 6.1.1.1 7.1.1.1 ADV Router Age 1.1.1.1 1151 1.1.1.1 1151 1.1.1.1 1151 Seq# 0x80000057 0x80000057 0x80000057 Checksum 0x003787 0x002A93 0x001D9F Tag 0 0 0

15.1.1.0

1.1.1.1

1151

0x80000056

0x0044F1

Type 5 LSAs describe links external to the OSPF domain. Notice that these four links are the links in the RIP domain and the advertising router is the ASBR, R1. A Type 5 LSA is generated by an ASBR and is flooded to all areas except stub and total stub areas. If we look at the entire OSPF database of R4, which is in a total stub area, there are no Type 5 LSAs:
R4#show ip ospf database OSPF Router with ID (4.4.4.4) (Process ID 1) Router Link States (Area 34) Link ID 3.3.3.3 4.4.4.4 ADV Router Age Seq# Checksum Link count 3.3.3.3 954 0x80000064 0x53DD 2 4.4.4.4 954 0x80000065 0xD0EC 1 Net Link States (Area 34) Link ID ADV Router 172.34.34.4 4.4.4.4 Age 949 Seq# 0x8000005B Checksum 0xB10F

Summary Net Link States (Area 34) Link ID 0.0.0.0 ADV Router Age Seq# 3.3.3.3 958 0x80000001 Summary ASB Link States (Area 34) Link ID 1.1.1.1 ADV Router Age 3.3.3.3 2162 Seq# 0x80000053 Checksum 0xD0C8 Checksum 0x57DA

This is really a small OSPF database, but it still allows R4 to reach every destination in our OSPF network. Not only does configuring Area 34 as a total stub make the OSPF routing table smaller, it also keeps the database smaller. That's another way multi-area OSPF lessens the load on a router's memory and CPU. There are two other kinds of LSAs you need to know about. LSA Type 6s are a "specialty" kind of LSA that are generated only by routers using Multicast Extensions To OSPF (MOSPF). MOSPF isn't in widespread use, but it doesn't hurt to know about LSA Type 6 while we're learning all the other ones! Type 7 LSAs are generated only by an ASBR into a not-so-stubby area. NSSAs act as stub areas, but have some of the more-specific routes rather than just a default route. These Type 7 LSAs are flooded throughout the NSSA, but don't leave that area; they are actually converted into Type 5 LSAs and are then sent out of the NSSA. Here's a summary of what router types send the different LSA types: LSA LSA LSA LSA LSA Type Type Type Type Type 1: All routers 2: All DRs 3, 4: All ABRs 5, 7: ASBRs only 6: Reserved for MOSPF

OSPF Route Summarization

It's a great idea to keep your routing table complete and concise. OSPF stub and total stub areas help us do that by replacing external and interarea routes with default routes, but it's not always possible to configure stub and total stub areas. Area 0 can never be a stub or total stub, and if an area is serving as a transit area for a virtual link, it cannot be made a stub or total stub either. The routing table can still be made smaller via route summarization. In your CCNA studies, you learned how to summarize routes in RIP and EIGRP with the interface-level summary-address command. There are actually two ways to summarize routes in OSPF, but the method you choose is dependent on the type of router you're configuring the summarization on. (OSPF does not perform auto-summarization when routes are sent across classful network boundaries, as RIPv2 and EIGRP do.) We'll now configure route summarization with the area range command. This is configured on an ABR only. We'll use the following network:

Four loopback address have been added to R1; they have all been placed into Area 1.
interface Loopback8 ip address 8.1.1.1 255.0.0.0 ! interface Loopback9 ip address 9.1.1.1 255.0.0.0 ! interface Loopback10 ip address 10.1.1.1 255.0.0.0 ! interface Loopback11 ip address 11.1.1.1 255.0.0.0 R1(config)#router ospf 1 R1(config-router)#network R1(config-router)#network R1(config-router)#network R1(config-router)#network

8.0.0.0 0.255.255.255 area 1 9.0.0.0 0.255.255.255 area 1 10.0.0.0 0.255.255.255 area 1 11.0.0.0 0.255.255.255 area 1

All four of the new routes appear on R2 and R3, as shown here on R2:
R2#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/65] via 172.12.123.1, 2d01h, Serial0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 172.12.123.3, 2d01h, Serial0 8.0.0.0/32 is subnetted, 1 subnets O IA 8.1.1.1 [110/65] via 172.12.123.1, 00:02:44, Serial0 9.0.0.0/32 is subnetted, 1 subnets O IA 9.1.1.1 [110/65] via 172.12.123.1, 00:02:34, Serial0 10.0.0.0/32 is subnetted, 1 subnets O IA 10.1.1.1 [110/65] via 172.12.123.1, 00:02:34, Serial0 11.0.0.0/32 is subnetted, 1 subnets O IA 11.1.1.1 [110/65] via 172.12.123.1, 00:02:24, Serial0

R2 and R3 are both adjacent with R1 through Area 0, so using a stub or total stub to condense this routing table is out of the question. Route summarization will allow us to replace those four routes with a single route. First, we have to convert those four subnets to binary strings and for a CCNA and future CCNP, that is no problem. 8.0.0.0 9.0.0.0 10.0.0.0 11.0.0.0 00001000 00000000 00000000 00000000 00001001 00000000 00000000 00000000 00001010 00000000 00000000 00000000 00001011 00000000 00000000 00000000

To come up with the summary, work from left to right and draw a line where the four addresses no longer have a bit in common. Here, that is between the 6th and 7th bit in the first octet. (The common bits are highlighted in the above example.) Then just determine the value of the bits to the left of that line, with all bits to the right of the line set to 0: 00001000 00000000 00000000 00000000 Converted back to decimal, that is 8.0.0.0. Since the first six bits were the same in all four addresses, those bits will be set to "1" in the accompanying subnet mask, with all other bits set to "0": 11111100 00000000 00000000 The mask is 252.0.0.0. Now we can apply this summary address on R1. Using IOS Help, we see this command can only be used on area border routers. I would not depend on the CCNP ROUTE exam telling you that.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#router ospf 1 R1(config-router)#area 1 ? authentication Enable authentication default-cost Set the summary default-cost of a NSSA/stub area nssa Specify a NSSA area range Summarize routes matching address/mask (border routers only) stub Specify a stub area

00000000

virtual-link

Define a virtual link and its parameters

R1(config-router)#area 1 range ? A.B.C.D IP address to match R1(config-router)#area 1 range 8.0.0.0 252.0.0.0

R2 now has a single summary route in place of the four individual entries in its routing table, and R2 can still ping all four of the loopbacks by using that summary route.
R2#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/65] via 172.12.123.1, 2d02h, Serial0 33.0.0.0/32 is subnetted, 1 subnets O IA 33.33.33.33 [110/65] via 172.12.123.3, 2d01h, Serial0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 172.12.123.3, 2d02h, Serial0 O IA 8.0.0.0/6 [110/65] via 172.12.123.1, 00:00:15, Serial0

R2#ping 8.1.1.1 Sending 5, 100-byte ICMP Echos to 8.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms R2#ping 9.1.1.1 Sending 5, 100-byte ICMP Echos to 9.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms

R2#ping 10.1.1.1 Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms R2#ping 11.1.1.1

Sending 5, 100-byte ICMP Echos to 11.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms

Note that the number between area and range is the number of the area containing the routes to be summarized, not the area to which the summary is being sent. The other type of OSPF route summarization is performed by an ASBR to summarize routes as they're redistributed into OSPF. In the following network, R5 has four loopbacks it is advertising via RIP: 4.1.1.1, 5.1.1.1, 6.1.1.1, and 7.1.1.1, all with a 32-bit mask. Those routes are being redistributed into the OSPF domain by the ASBR, R1.

R2 and R3 will see these external routes as four separate routes. These routes are being redistributed into OSPF as E1 routes; remember that the default is E2. The metric-type 1 option has been configured with the redistribute rip command to inject these routes into the OSPF domain as E1 routes. R1:
router ospf 1 log-adjacency-changes area 1 range 8.0.0.0 252.0.0.0 redistribute connected subnets redistribute rip metric-type 1 subnets network 1.1.1.1 0.0.0.0 area 1 network 8.0.0.0 0.255.255.255 area 1 network 9.0.0.0 0.255.255.255 area 1 network 10.0.0.0 0.255.255.255 area 1 network 11.0.0.0 0.255.255.255 area 1 network 172.12.123.0 0.0.0.255 area 0 neighbor 172.12.123.2 neighbor 172.12.123.3 R2#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/65] via 172.12.123.1, 2d02h, Serial0

33.0.0.0/32 is subnetted, 1 subnets 33.33.33.33 [110/65] via 172.12.123.3, 2d01h, Serial0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 172.12.123.3, 2d02h, Serial0 4.0.0.0/32 is subnetted, 1 subnets O E1 4.1.1.1 [110/84] via 172.12.123.1, 00:06:31, Serial0 5.0.0.0/32 is subnetted, 1 subnets O E1 5.1.1.1 [110/84] via 172.12.123.1, 00:08:33, Serial0 6.0.0.0/32 is subnetted, 1 subnets O E1 6.1.1.1 [110/84] via 172.12.123.1, 00:08:33, Serial0 7.0.0.0/32 is subnetted, 1 subnets O E1 7.1.1.1 [110/84] via 172.12.123.1, 00:08:33, Serial0 15.0.0.0/24 is subnetted, 1 subnets O E2 15.1.1.0 [110/20] via 172.12.123.1, 00:08:33, Serial0 (The segment connecting R1 and R5. We left the connected routes at the default of E2.) O IA 8.0.0.0/6 [110/65] via 172.12.123.1, 00:16:48, Serial0 O IA

Again, the addresses to summarize will be broken down into binary strings: 4.0.0.0 5.0.0.0 6.0.0.0 7.0.0.0 00000100 00000101 00000110 00000111 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Working from left to right, draw a line where the four addresses no longer have a bit in common. In this example, this occurs between the sixth and seventh bits, where the top two addresses have a "0" and the bottom two have a "1". Then determine the value of the resulting string, setting all bits to the right of the line to "0": 00000100 00000000 00000000 00000000

This binary string converts to the dotted decimal value 4.0.0.0. Since the first six bits were the same in all four addresses, those bits will be set to "1" in the accompanying subnet mask, with all other bits set to "0": 11111100 00000000 00000000 00000000 The resulting summary mask is 252.0.0.0. Now we've got the summary address and mask; these values are applied to the ASBR with the summary-address command.
R1(config)#router ospf 1 R1(config-router)#summary-address 4.0.0.0 252.0.0.0

R2 and R3 will now have this summary in their routing table, rather than the four individual routes. As we see on R2, R2 can ping all four of the loopbacks on R5.
R2#show ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O IA 1.1.1.1 [110/65] via 172.12.123.1, 2d03h, Serial0 33.0.0.0/32 is subnetted, 1 subnets O IA 33.33.33.33 [110/65] via 172.12.123.3, 2d01h, Serial0 3.0.0.0/32 is subnetted, 1 subnets

O IA

3.3.3.3 [110/65] via 172.12.123.3, 2d03h, Serial0 15.0.0.0/24 is subnetted, 1 subnets O E2 15.1.1.0 [110/20] via 172.12.123.1, 00:16:07, Serial0 O E1 4.0.0.0/6 [110/84] via 172.12.123.1, 00:00:07, Serial0 O IA 8.0.0.0/6 [110/65] via 172.12.123.1, 00:24:22, Serial0 R2#ping 4.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.1.1.1, timeout is 2 seconds:!!!!! R2#ping 5.1.1.1 Sending 5, 100-byte ICMP Echos to 5.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms R2#ping 6.1.1.1 Sending 5, 100-byte ICMP Echos to 6.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms

R2#ping 7.1.1.1 Sending 5, 100-byte ICMP Echos to 7.1.1.1, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/72 ms

When summarizing OSPF, the router will help you out by not allowing you to misuse the summary-address and area range commands. The exam's questions won't be that kind, so make sure you know when these commands can and should be used. summary-address: Use on ASBR to summarize routes being redistributed into OSPF. area range: Use on ABR to summarize routes advertised from one area to another. Area number used in the command is the area the routes are being advertised from. And Don't Forget... You've got a lot of new and more-detailed commands to learn with OSPF, but don't forget our old friend show ip protocols. Here is the command output on R1:
R1#show ip protocols Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 1.1.1.1 It is an area border and autonomous system boundary router Redistributing External Routes from, connected, includes subnets in redistribution rip, includes subnets in redistribution Number of areas in this router is 2. 2 normal 0 stub 0 nssa Address Summarization: Maximum path: 4 Routing for Networks: 1.1.1.1 0.0.0.0 area 1 8.0.0.0 0.255.255.255 area 1 9.0.0.0 0.255.255.255 area 1 10.0.0.0 0.255.255.255 area 1 11.0.0.0 0.255.255.255 area 1 172.12.123.0 0.0.0.255 area 0

Routing Information Sources: Gateway Distance (this router) 110 3.3.3.3 110 2.2.2.2 110 Distance: (default is 110)

Last Update 01:08:12 00:05:21 00:05:21

Information regarding the ACLs configured on this router, the OSPF RID, whether the router is an ABR and/or ASBR, redistribution information, the number of areas, the current maximum-paths setting for equal-cost load balancing, the networks being routed and their areas, and the sources of routing information are all found here. Be very familiar with this command for the exam and for your job.

Configuring OSPF Neighbor Authentication OSPF adjacencies can be authenticated using either clear-text ("simple") or MD5 (Message-Digest 5). I personally never use clear-text anything unless an exam makes me do so, but it's a great idea to be familiar with the commands for both neighbor authentication methods and to know how to troubleshoot both authentication types. Clear-text password protection for OSPF adjacencies is configured with the ip ospf authentication-key and ip ospf authentication commands. These two commands are very similar, so it's a good idea to know exactly how they're used. We'll use them both to authenticate an adjacency between R1, R2, and R3 in Area 0. R1 is the hub router of an OSPF NBMA network running over a frame relay cloud. R1 has an adjacency with both R2 and R3, the spoke routers of this configuration. The command ip ospf authentication-key defines the actual password. Obviously, this has to be the same on all routers involved. There's a classic "gotcha" with this command that you should be familiar with. I'll configure a password of ccnptestexam on the serial interface and then look at the router's configuration to make sure I typed it correctly.
R1(config-if)#ip ospf authentication-key ? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE The OSPF password (key) R1(config-if)#ip ospf authentication-key ccnptestexam R1#show config interface Serial0 ip address 172.12.123.1 255.255.255.0 encapsulation frame-relay ip ospf authentication-key ccnptest

The password was cut off after eight characters. That's because this command has a limit of eight characters, and for some reason the IOS doesn't tell us that when we enter a longer one! This behavior changed with IOS 12.4 (the router now gives a warning regarding password length), but since there are a lot of routers out there not running 12.4 or later, you should be prepared to see a password in the config that may be shorter than the one you typed in!

Once the password is defined, clear-text authentication must be enabled. As always, we can use IOS Help to see our options... but there's no listing for clear-text authentication.
R1(config)#int serial0 R1(config-if)#ip ospf authentication ? message-digest Use message-digest authentication null Use no authentication <cr>

For clear-text authentication, use the basic command with no options.

R1(config-if)#ip ospf authentication

We'll now configure the same commands on R2 and R3, because we have to in order to get the adjacencies to form again! Here are the messages I received on R1 shortly after configuring that router for neighbor authentication:
R1# 00:25:38: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.2 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expired R1# 00:25:58: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.3 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expired R1#

If you remember the dead time for OSPF NBMA networks, you know about how long that took! When OSPF neighbor authentication is configured on an interface, it must be configured on all neighbors reached through that interface or the adjacencies will drop when the dead timer expires.
R2(config)#interface serial0 R2(config-if)#ip ospf authentication-key ccnptest R2(config-if)#ip ospf authentication R3(config)#interface serial0 R3(config-if)#ip ospf authentication-key ccnptest R3(config-if)#ip ospf authentication

We go back to R1 to check the adjacencies just in time to get a message that the adjacency to R3 is back up. show ip ospf neighbor verifies that both adjacencies are back.
00:31:58: %OSPF-5-ADJCHG: Process LOADING to FULL, Loading Done 1, Nbr 172.12.123.3 on Serial0 from

R1#show ip ospf neighbor Neighbor ID 172.12.123.3 172.12.123.2 Pri 0 0 State FULL/DROTHER FULL/DROTHER Dead Time 00:01:58 00:01:37 Address 172.12.123.3 172.12.123.2 Interface Serial0 Serial0

MD5 neighbor authentication is configured with the ip ospf messagedigest-key and ip ospf authentication message-digest commands. Again, the commands sound a great deal alike, and we need to know exactly what each command does. To demonstrate, we'll configure MD5 neighbor authentication over the ethernet segment connecting R2 and R3.

A good first step is to verify the adjacency exists before trying to configure neighbor authentication!
R2#show ip ospf neighbor Neighbor ID 172.12.123.3 172.12.123.1 Pri 1 1 State FULL/DR FULL/DR Dead Time 00:00:34 00:01:44 Address 172.12.23.3 172.12.123.1 Interface Ethernet0 Serial0

The adjacency to R3 via Ethernet0 is present. We'll authenticate that adjacency with the password CCIE. The ip ospf message-digest-key command is rather long, so we'll use IOS Help to see the options as we go along.
R2(config)#int e0 R2(config-if)#ip ospf authentication message-digest R2(config-if)#ip ospf message-digest-key ? <1-255> Key ID R2(config-if)#ip ospf message-digest-key 1 ? md5 Use MD5 algorithm R2(config-if)#ip ospf message-digest-key 1 md5 ? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE The OSPF password (key) R2(config-if)#ip ospf message-digest-key 1 md5 CCIE

Note that you do have to specify a key number, MD5 authentication, and then finally, the password itself! Since the default dead time of this link is only 40 seconds, the adjacency should come down pretty quickly. By the time I saved this config and got over to R3, the adjacency was already gone.
R3#show ip ospf neighbor Neighbor ID 172.12.123.1 Pri 1 State FULL/DR Dead Time 00:01:53 Address 172.12.123.1 Interface Serial0

The adjacency will come back quickly after configuring authentication on R3's ethernet0 interface.
R3(config)#int e0 R3(config-if)#ip ospf authentication message-digest R3(config-if)#ip ospf message-digest-key 1 MD5 CCIE 00:24:09: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.2 on Ethernet0 from LOADING to FULL, Loading Done

And there it is! Troubleshooting OSPF Neighbor Authentication The two main reasons OSPF authentication fails: Authentication is configured on only one neighbor Password is misspelled Luckily, these problems are both easy to spot with debug ip ospf adj. "adj" is obviously short for "adjacency", but if I had a nickel for every time I entered "adjacency" with this command... I'd have a lot of

nickels. You have to use "adj", because the full word doesn't work with this debug!
R3#debug ip ospf adjacency ^ % Invalid input detected at '^' marker. R3#debug ip ospf adj OSPF adjacency events debugging is on

For the first debug example, I've removed message-digest authentication from R3's ethernet interface and replaced it with cleartext authentication. As expected, the adjacency goes down quickly.
R3(config)#int e0 R3(config-if)#ip ospf authentication R3(config-if)# 00:52:44: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.23.2 on Ethernet0 from FULL to DOWN, Neighbor Down: Dead timer expired

But if you didn't know the reason, how would you find the reason for the downed adjacency? By running debug ip ospf adj.
R3#debug ip ospf adj OSPF adjacency events debugging is on R3# 00:54:04: OSPF: Rcv pkt from 172.12.23.2, Ethernet0 : Mismatch Authentication type. Input packet specified type 2, we use type 1 R3#undebug all All possible debugging has been turned off

The debug pays off right away, as we get a message that there's a mismatch in the authentication type. The incoming Hello is using "type 2" authentication (MD5). Since R3's ethernet0 interface is running "type 1" (clear-text), we've got a mismatch problem. By changing R3's type back to MD5, the adjacency will form again. And once you see what the problem is, always turn your debugs off with undebug all!
R3(config)#interface e0 R3(config-if)#ip ospf authentication message-digest R3(config-if)#^Z R3# 00:56:50: %SYS-5-CONFIG_I: Configured from console by console R3# 00:56:54: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.23.2 on Ethernet0 from LOADING to FULL, Loading Done

If the authentication type matches but the password does not, the debug will give a different result. I'll remove the initial key from R3's E0 interface and replace it with a different password.
R3(config)#int e0 R3(config-if)#no ip ospf message-digest-key 1 MD5 CCIE R3(config-if)#ip ospf message-digest-key 1 MD5 CCIEE

00:27:59: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.23.2 on Ethernet0 from FULL to DOWN, Neighbor Down: Dead timer expired

What does a debug reveal?

R3# 00:28:49: OSPF: Rcv pkt from 172.12.23.2, Ethernet0 : Mismatch

Authentication Key - Message Digest Key 1

That's about as self-explanatory as a debug gets! Knowing your debugs truly means the difference between just "trying something" and knowing what to do. With OSPF, debug ip ospf adj is the king of debugs and the first command to use to diagnose most OSPF issues. Default-Information Originate (Always?) This section will be repeated in the Route Redistribution section, since we're redistributing a default route here - I want you to see it now as well since it so closely to the topics in this section. You know that default routes are generated in OSPF when stub and total stub areas are involved. You also know that you can't make Area 0 a stub area. What we can do is run the OSPF command default-information originate with the always option to send a default route to all other OSPF routers - and that includes routers in Area 0. The always option allows the router to propagate a default route without actually having one in its routing table. Without that option, the router must have a default route in its table in order to advertise one. If there is no default route to advertise, neighbors will not receive a default route! Here, both R2 and R3 will have the same next-hop address for every remote destination - R1's serial0 interface, 172.12.123.1.

That fact would simply scream at us to configure this as a stub or total stub area, but there's just one problem ...
R1(config)#router ospf 1 R1(config-router)#area 0 stub OSPF: Backbone can not be configured as stub area R1(config-router)#area 0 stub ? no-summary Do not send summary LSA into stub area

<cr> R1(config-router)#area 0 stub no-summary OSPF: Backbone can not be configured as stub area

.... all three routers are in Area 0, and we can't config A0 as any kind of stub. We can use the default-information originate command to send a default route from R1 to the spoke routers. Assuming R1 does not have a default route in its own table, we'll need to use the always option. Here's what happens if we don't do so:
R1(config-router)#default-information ? originate Distribute a default route R1(config-router)#default-information originate ? always Always advertise default route metric OSPF default metric metric-type OSPF metric type for default routes route-map Route-map reference <cr> R1(config-router)#default-information originate R2#show ip route ospf R2#

Nothing on R2 or R3. We'll go back to R1, remove the first version of the command, and replace it with the same command and the always option.
R1(config-router)#no default-information originate R1(config-router)#default-information originate always

And now to R2 and R3 ....

R2#show ip route ospf O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:00:10, Serial0 R3#show ip route ospf O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:00:15, Serial0

Both routers have the route, marked as both a candidate default route and an E2 route.

Copyright 2011 by The Bryant Advantage. All Rights Reserved.