Eigrp

Chapter 2

auto-summay On by default Metric = Distance Lower is better

ip default-network Redistributes Autonomous Must be the same

default route System number on all EIGRP
routers in the
domain.

ip summary-address Interface Internal = 90 Default

eigrp command used External = 170 Administrative
for summarization Distance

bandwith Must be set on EIGRP Multicast Uses a mix of

EIGRP interfaces address 224.0.0.10 multicast and
for correct k-value unicast packages.

● Successor is the next-hop router being used (or offered to routing table) to
reach a destination. If there are are multiple successors with the same metric
they will all be offered to the routing table so that the router can load balance.
● Feasible successor is the backup router ready to be used if there is a problem with
the original successor.
○ FS is only shown in the topology table, but if it gets elevated to successor
it will be offered to the routing table. Because of this EIGRP is prepared
for changes in the networks and immediately knows what to do, OSPF
takes longer to converge because it does this on the fly when needed.
○ For a path to be selected as the FS it must fulfill the feasibility condition:
it must have an AD less then the FD of the current successor or there is a
possibility that the FS routes trough the local router creating a routing loop.
● Eigrp uses the DUAL algorithm to calculate metrics/distance and select routes/
successors.
○ The metric is comprised of up to five K-values, Bandwidth and Delay are the
only ones used by default:
■ Bandwidth: the slowest link (the bottleneck) between the
source and destination. This defaults to a faulty value and needs
to be set manually with the interface command bandwidth.
■ Delay Value: the cumulative delay for all links between the source
and destination. The delay is a static value for every interface,
depending on the electrical properties of the kind of interface being
used.
■ Reliability value: is derived from the least reliable link between the
source and destination and is based on the success of keepalive-
messages.
■ Loading value: is a dynamic measurement of the most congested link
on the route.
 ■ Maximum Transmission Unit: the smallest “MTU” allowed on the
route.
○ Dual then uses these K-values in an algorithm to calculate the metric/
distance.
○ Advertised Distance: is the distance between the next-hop router and the
destination.
○ Feasible Distance: is Advertised Distance + the distance between me and
the next-hop router advertising the route.
○ The EIGRP metrics are easily made compatible with IGRP by dividing them
with 256.
● Uses “protocol dependent modules” (PDMs) to support several layer 3 protocols
(IPv4, IPv6, appletalk).
● Uses its own reliable transport protocol (RTP) for all routing-protocol communication.
RTP guarantees that the data is delivered, much like TCP. However all layer
3 protocols that EIGRP supports doesn't use TCP, hence the need for RTP.
● Timers:
○ Hello packets are sent every 5 or 60 seconds, depending on the speed of
the link. Hello timers can be changed and does not have to be the same on
neighbouring routers.
○ Hold timers: is how long a EIGRP router will wait for a Hello packet before
considering a neighbour down. Default is 3xHello timer. Newer IOSes
consider any packet received from a neighbour as a Hello packet as well
hence the Hold Timer is reset.
● Tables:
○ Neigbhour Table: contains all the neighbours the EIGRP knows about and
their associated IPs, what interfaces they can be reached on and information
RTP needs (sequence numbers, transmission list and round-trip timer).
○ Topology Table: once a neighbour is put in the neighbour table the routers
start exchanging route-information, and all of this is put in the Topology
Table complete with AD and FD metrics. The table gets updated every time
a directly connected route changes or when the router receives an update.
The table is sorted after destination networks, and every reachable network
has at least a successor and maybe a FS. The destinations is normally in the
passive state, but if the successor is lost and there is no FS, it switches state
to Active and DUAL starts to look for a new one. If there is a FS it is elevated
to successor, if not DUAL starts computing new possibilities and sends out
Query packets asking for a new route.
○ Routing table: once DUAL finishes its calculations it offers the route to the
routing table, if there isnt already a route in there with a lower Administrative
Distance or the same Administrative Distance but a lower metric, it will be
accepted, and not until then the route can be used.
● EIGRP Packets:
○ Hello: is used to discover new neighbours and sent regularly to make sure
connections to already established neighbours are still working. Multicasted to
224.0.0.10, not ACKed.
○ Ack: are unicasted to acknowledge that a packet has been received.
○ Update: are used to advertise reachability of destinations. When a new
neighbor is discovered, update packets are sent so the neighbor can build up
its topology table. In this case, update packets are unicast. In other cases,
 such as a link cost change, updates are multicast. Updates are always
ACKed.
○ Query: once a destination in the Topology Table enters active state the router
will send out query-packets asking its neighbours for a new route.Usually
multicasted but can be resent as a unicast. Always ACKed (even if the
neighbour doesn't have a successor).
○ Reply: unicasted to the originator of the Query, even if the receiving
neighbour doesn't have an answer to the query.
● RTP: is Ciscos own protocol for delivering EIGRP routing-protocol data, so if you
are unsure of the correct answer on any RTP related question remember that Cisco
thinks RTP is the best thing to happend since sliced bread.
○ This is the process that RTP goes through for every sent packet:
● A sequence number associated with the packet is generated
● RTP makes a note of the packet and its sequence number in a
retransmission list.
● RTP waits for an ACK specific for that sequence number
confirming that the packet has been received. If one is not
received when the RTO times expiers RTP will retransmist the
packet up to 16 times.

● EIGRP Initialisation:

● The new router A starts sending out Hello packets on all its
EIGRP enabled interfaces.
● Router B receives the Hello packet and responds by first
sending a Hello packet back to establish the neighbour
relationship and then an update package containing Router
Bs routing table except the routes learn trough the interfaces
facing router A (split horizon).
● Router A ACKs the the update
● Router A inserts Router Bs routing table in to its topology table
(and starts the DUAL calculations)
● Router A returns the favour and sends its Routing table to
 Router B in a Update package.
● Router B ACKs the update and puts the new information in its
topology table and starts the DUAL calculations.

● EIGRP & Default rotes: EIGRP uses the ip default-network network subnet to
create and redistribute a default route. The subnet is not mandatory. The network
specified must be reachable by the router that the command is run on and on all the
routers that want to use the default route default-information originate does not
work on
EIGRP.
● EIGRP &

summarization:
○ auto-summary is on by default turn it off!
○ EIGRP uses the interface command ip summary-adress eigrp as-number
network subnet admin-distance to perform manual summarization .
○ The network command must be issued for the networks that are to be
summarized.
○ When a summarization route is specified when using EIGRP, a route is
put in the routing table with the summarization network, subnet and a next
hop of null0. Because the summarization subnetmask will always be less
specific then the routes being summarized, nothing will be forwarded to the
null0 interface unless the summarization statement covers routes that the
router doesn't have routes for. So the null0 nexthop is put there to collect any
packets that the router doesn't have any routes for, this is done so that the
packet isn't wrongly forwarded to a gateway of last resort for example, this
could create routing loops.

● EIGRP & Frame-Relay: is just as complicated and confusing as it sounds. I´m not
gonna go trough how frame-relay is configured in any greater detail but will focus on
how you get EIGRP to run on a working frame-relay network.
 ○ On physical frame-relay interfaces split-horizon is disabled by default. This
because many routers can usually be reached by one frame-relay interface,
and it´s desirable to be able to exchange routes between them. If split-horizon
was enabled Routes R1 learned from R2 would not be sent to R3 and vice
versa.
○ Subinterfaces:
■ Subinterfaces are created as such: interface type number.sub-
number point-to-point | point-to-multipoint.
■ When using subinterfaces the physical interfaces need to be
configured with encapsulation frame-relay to make the subinterfaces
run frame-relay.
■ On multi-point subinterfaces split-horizon is enabled by default and
needs to be disabled if routes are to traverse from on remote router to
an other.
■

○ Inverse ARP is on be default and will map the IP address of the router on the
other end of the PVC to the local DLCI number. So R1 will know that it can
reach R2 172.16.123.2 via DLCI 102 and R3 172.16.123.3 via DLCI 301. R2
will know about R1, and R3 will know about R1 but R3 and R2 will not know
about each other.
○ Inverse ARP is just about as predictable as auto-summary and should also be
t turned of. If for no other reason because it also mandates pseudo-broadcast
be enabled on the interface and this takes alot of CPU-power and bandwidth.

● EIGRP over MPLS:

● EIGRP Bandwidth over WAN:

○ EIGRP by default uses up to 50% of the bandwidth declared with

the bandwidth interface command. This can be altered using the ip
bandwidth-percent eigrp as-number percent interface command.
○ Point-to-mulitpoint divides the available bandwidth equally between the
neighbours on the interface. So if there are 4 neighbours on a 100kb/s WAN
link, each will be allocated 25kb/s.

● EIGRP Authentication: is used so that evil-haxxor cant inject faulty routing-

information into EIGRP and disrupt. EIGRP Authentication does not encrypt the
routing information.
○ Authentication can be done in one of two ways:
■ Using Plaintext: sends the password in plain-text and is easily
sniffed.

■ MD5: created a hashed message and appends it to the update. If the

packet is altered or contains a faulty message it will be rejected.

● Supports the use of key-chains containing multiple keys

 that are switched between after a defined time-schedule.
● If multiple active keys are used the packet will be checked
against them all until one works. This makes it possible to
have two keys overlap for sometime when they are switched.
■ MD5 Configuration:
1. Enter configuration for interface that is to use MD5.
2. ip authentication mode eigrp as-number md5
3. In global conf mode create the key-chain key-chain name
4. Define a key ID using key id. ID being a number.
5. Define the key password key-string password.
6. Optionally specify the time the key will be accepted on
incoming packets accept-lifetime start-time {infinite | end-
time | duration seconds}
7. Optionally specify the time the key will be used on outgoing
packets send-lifetime start-time {infinite | end-time | duration
seconds}.
8. Apply keychain on interface ip authentication eigrp key-
chain eigrp as-number name.
The key-string must be associated with the same key-id on both the
local and remote router.
● Potential EIGRP problems: believe it or not even tough Cisco them selves
developed EIGRP there can still be problems with it.
○ Stuck-in-Active state: because RTP demands a response from every
neighbour when it sends out a query there is a possibility it will hang waiting
for a response from a neighbour that for some reasons cant respond.
■ If a router receives a query for a route it doesn't know about it will
query all of it neighbours except the originating one (split horizon) for a
route and not until is has a response from all of those routers (who in
turn will ask their neighbours) it will respond to the originating router.
This opens up for a lot of problems and excessive EIGRP traffic.
■ The originating router will by default wait a maximum of 3 minutes
before entering stuck-in-active state (SIA).
■ Once in SIA the router will reset the neighbour relationships to the
routers that failed to respond and reinitiate the connection and route
 exchange.
■ Since IOS 12.1(5) Active Proccess Enhancement feature has been
supported. Routers supporting this feature will send a SIA-Query
after half the active-time to the neighbour that still hasn't responded,
and the neighbour will respond with a SIA-replay saying “I´m still
looking for a new route hold on dont reset neighbour relationship”.
Router B will send up to 3 queries to C before considering it dead and
sending a SIA-replay to A saying that the network cant be reached.
■ When EIGRP is used in a network with redundant links with widely
shifting bandwidths it opens up for huge storms of queries, responses
and routes flapping up and down, because there is by default no limit
to how for queries will be propagated.

■ Summarization can be used to limit the extent of route queries:

● Router B sends a summary route of 172.30.0.0/16 to
Router A.
● When network 172.30.1.0/24 goes down, Router B
sends a query to Router A asking for an alternative
path to 172.30.1.0/24.
● Because Router A only received a summarized
route 172.30.0.0/16, the network 172.30.1.0/24 is
nowhere to be found on Router A’s routing table.
Router A replies with a “network 172.30.1.0/24
unreachable” message.
● The message does not extend the query any further.

Route maps can be used to limit the extent of route queries.

Stub-router feature can be used:
● A network that uses stub-routers consists of hub and stub-
routers.
● The hub routers generally only send a default route to the
stub router and never uses the stub to forward data trough to
reach a network that is not in the stub.
● The stub router uses the default route for all of its
communications with nodes outside the stub.
 Useful EIGRP Commands

no auto-summary Use it!

show ip eigrp neighbors

show ip route eigrp Show all the entries in the routing table that are learned trough
EIGRP

show ip eigrp interfaces

show ip eigrp topology Shows all the Successors and FS DUAL has found. Add the
keyword all-links to show routes that are not eligible to be
Successors or FS. Shows the destinations DUAL state

show ip eigrp traffic Hello, update, ack.... statistics.

passive-interface {type Routing command that sets an interface to passive. The default
number} | default keyword sets all interfaces to passive, then use no passive-
interface to specify which interfaces shouldn't be affected.

ip summary-adress eigrp Used on interfaced to distribute summarized routes.

as-number network subnet
admin-distance

MD5 Authentication <---

OSPF
● Link-state routing protocols:
○ Respond quickly to network changes
■ When a OSPF router detects a change it uses the SPF algorithm and
calculates the best way from its own perspective how to react to the
change. Because Link-state routers are more independent, faulty
information from one router will have a smaller effect on the whole
network.
■ Distance-vector routing protocols leaves more of the decisions
up to the collective, (routing by rumor) making it more vulnerable.
○ Sends triggered updates when the network changes.
■ The OSPF router that detects a change in the network sends a
LSA containing the change to all of its neighbours in the area and
then update its own LSDB. The receiving neighbours do they same,
propagate the LSA and update their LSDB.
○ Periodic updates.
 ■ OSPF calls them link-state refresh, and by default sends them
every 30 min. They are used to verify that the LSAs are still current.
● OSPF Tables:
○ Neighbour Table: a list of all directly connected OSPF routers, with their
Priority, State, Dead Time, Address and the interface they can be reached
trough.
○ Link-State Database: a list of all routers in that area and their attached
networks. LSDB can grow very large and will need the router to have a lot of
RAM available. Based on received LSAs, looks the same on all routers in an
area.
○ Routing table: once SPF finishes its calculations it offers the best route
to the routing table, if there isnt already a route in there with a lower
Administrative Distance or the same Administrative Distance but a lower
metric, it will be accepted, and not until then the route can be used.

● OSPF Areas:
○ Problems with OSPF: when OSPF networks gets big it brings with it a lot of
potential problems:
■ Frequent SPF calculations: for every LSA update generated in a
network SPF will have to run, eating up a lot off CPU time.
■ Large routing table: OSPF doesn't perform summarization by
default, resulting in large routing tables.
■ Large LSDB: because the LSDB covers all networks and OSPF
routers in an network they can become really large.

To combat these problems OSPF supports dividing the network in to areas,

which gives these benefits:

● Less SPF calculations: LSA are not propagated from on area to an

other (in a well configured network), resulting in less and smaller SPF
calculations.
● Smaller routing tables: because OSPF support summarization on
border routers the routing tables can be severely reduced
● Smaller LSDB: because routers in one area know very little (or
basically nothing) about routers and networks in other areas the LSDB
will be a lot smaller.

Separating the network into areas makes it harder for problems to

propagate from on area to an other, if one route is flapping up
and down in area 1 a well configured network will not let this propagate
to area 0 (or other areas). Areas are recommended to not be bigger
then 50 routers, and no one router should be in more then three areas.

● The different Area types: there are two fundamentally different area types

○ Backbone Area: this is the area that all data is supposed to

transition over (in a well configured network) to reach other areas
or the Internet. The backbone area is always area 0, and is used to
interconnect all other areas, and rarely has users directly connected to
 it.
○ Regular Areas: primary function is to interconnect the users to the
backbone area. By default regular areas do not allow data to transit it
to reach an other area then area 0.
Regular areas have several subtypes:
■ Standard Area:
■ Stub Area:
■ Totally Stubby Area:
■ Not-so-stubby area:
■ Totally stubby NSSA:

● The different area router types:

○ Internal router: has all interfaces in one area, the router LSDB is the
same as all other internal routers in that area.
○ Backbone router: has at least one interface belonging to area 0.
○ Area Border Router: routers that have interfaces in two or more
areas, and is the only way for regular areas to communicate with any
other area. ABRs distributes routing updates from the standard area to
backbone area and vice versa. ABRs and ASBRs are the only places
where OSPF allows summarization. ABRs keep one LSDB for every
area it is connected to. ABR stops LSAs from one area to propagate
into an other.
○ Autonomous System Boundary Router: used to connect a OSPF
area with an other routing protocol, the Internet or an other OSPF
domain.

A router can be more then one router type, an ABR can for example also be
an ASBR.

● OSPF Adjacency's: for OSPF to work it needs to find its local neighbours and
establish adjacency.
1. The routers starts sending hello packets (typically to a multicast address) and
listening for hello packets.
2. When a Hello packet is received the router looks in that packet to make sure
the sending router uses the same hello interval and is in the same area and
subnet.
3. If everything looks good adjacency will be established and the routers will
start synchronizing their LSDBs by sending and confirming reciving LSAs.
When this is finished the routers are considered to be in full adjacency state
with each other.

Two OSPF routers on a P2P will form Full state adjacency with each other once
the routers see their own Router-ID in the other routers Hello message, however
it gets a little more complicated on a broadcast/multiaccess network. Instead of
having all routers form Full adjacency's with each other (using a lot of bandwidth and
CPU time every time there is a bandwidth) a Designated router (DR) and a backup
designated router (BDR) will be elected, the routers that are not elected are referred
to as DROTHER. If the DROTHER or BDR has an update it will send an LSA to
the DR, the DR will then propagate this to all other routes on that LAN (and to the
 DR of other LANs that it is connected to). DRs main function is to keep the LSDBs
synchronized in the LAN, the BDR just listens to all the LSAs designated for the DR
so that it is up to date if the DR should go down, Then the BDR gets elevated to DR.

The DROTHERs all form a full state adjacency's with the both the DR and BDR, but
they only form a 2-way adjacency with each other.

Note that the DR, BDR and DROTHER roles are only locally significant to the LAN,
this mean that a router can be DR in one LAN and a DROTHER in a different LAN
that it´s also directly connected to.

● OSPF Metric: OSPF is simple in the way that it bases it metric on only one thing
bandwidth. Every link is assigned a cost/metric based on calculated in this simple
way 100/mbit-bandwidth-of-the-link.

● OSPF Packets:
○ General:
■ OSPF uses five different packets to do all of its communications.
■ Doesn't use TCP or UDP, it defines it´s own reliable protocol with
ACKs.
■ LSU and LSAck packages are sent to the OSPF multicast address,
except when the packets are retransmitted, send across virtual links or
over a nonbroadcast network.
■ All other OSPF packets are unicasted.

● Database Description (DBD): contains headers of all the routers LSA

entries from the LSDB. The entries can be about links or networks, containing
information like link-state type, the advertising routers IP/Router-ID, link
cost and sequence number. The sequence number is used to determine
the “newness” of the link-state information. DBDs are used to verify the LSDB
synchronization between OSPF routers.
● Link-state Request (LSR): if a router receives a DBD and sees that it is
missing links it sends a LSR to the routers associated with that links in the
DBD requesting the full information about it.
● Link-state Update (LSU): When the router receives a LSR requesting
detailed information about a link, it responds with a LSU with LSAs in it
specifying all information needed about the links.
● LSAck: used to ACK reliable OSPF packages.
● Hello: used to discover neighbours and establish adjacency's between them.

● OSPF Hello Protocol: main task is to establish and maintain neighbour relationships
by ensuring there is two-way communication between neighbours. Not until a
router sees it´s own Router-ID listed in a neighbours Hello packet will the two-way
communication be considered up and running.
○ The Hello Packet contains:
■ Router-ID: A unique ID that identifies the router, eighter assigned by
the admin or taken from the highest ip address of the routers loopback
interfaces or physical interface (in that order). Loopback interfaces are
preferred over physical because they never go down, so a loopback
 interface with a lower IP address then a physical will always win. The
Router-ID is used to identify what router sends what LSU, and also
used in the DR/BDR election.
■ Hello and Dead interval/timers: OSPF Hello timer is by default
10s (on multicast networks) and the Dead timer is 4 times that. The
Hello and Dead timer must be same on two routers for them to form
adjacency.
■ Neighbours: Lists the routers that the sending router has initiated
two-way communication with.
■ Area-ID: The area that the sending router is in (or that the sending
interface is in).
■ Router Priority: An 8-bit number declaring the sending routers priority
in DR/BDR elections.
■ DR and BDR IP: if known, the IP address for the DR and BDR of the
LAN that the Hello-packet is sent in to.
■ Authentication password: used if authentication is enabled in
routers.
■ Stub Area Flag: set if the sending router is in a stub area.

To establish adjacency between two routers the following must match:

■ Hello and Dead interval
■ Area ID
■ Authentication Password
■ Stub Area Flag
■ The IP-network, subnetmask and MTU must also match.

Establishing adjacency:

Before routers can exchange routes the routers must go trough the following
adjacency process.
 1. Router A brings up interface E0 and enables OSPF on it with a network
command. Router A starts sending Hello packets addressed to the multicast
address 224.0.0.5.
2. All directly connected routers that are running OSPF receives the Hello,
and if this all checks out then Router B will add Router A to its neighbour list
and all outgoing Hello packets. The routers are now in neighbour init state.
3. Router B now sends a unicast Hello to Router A with all of the neighbours B
knows about (including A).
4. Router A receives the Hello from B, sees that it is now considered a
neighbour by B, the routers are now in a Two-Way state. Router A
adds all the other Router IDs from Router B in its neighbour table.

● Electing Dr and BDR:

If the
OSPF
router-
interfaces
are on a

multiaccess network a DR and BDR are elected to minimize bandwidth and CPU cycles
used for routing updates. Who gets to be DR, BDR and DROTHER gets chosen in this
order:

1. The router with the highest priority (default 1).

2. The highest Router-ID, by default decided in this order:
1. Highest loopback interface address.
2. Highest physical interface address

Both priority and Router-ID can be specified by the admin. The priority is set on the interface
and can be set to 0 if that interface should never be elected as DR or BDR.
Once the election is finished, any added routers there after will not affect what router is DR/
BDR for that segment until the DR or BDR goes down, then the election process will be
rerun and the new routers will be candidates. All the routers that are not elected DR or BDR
will be DROTHERS.

● DROTHER will form full state communication with DR and BDR (after routes
have been exchanged) but only two-way with other DROTHER routers.
● DR and BDR will form full state communication with each other and all the
DROTHERS on that LAN segment after all routes have been exchanged.

●
Exchanging Routes: once neighbour adjacency's have been formed and after DR
and BDR has been elected (if on a multiaccess network) routers will have to start
exchanging route information, they are now considered to be in exstart state.

The DR will send one or more Database-Description packages (DBD) to BDR/

DROTHER containing a summary of all of the routes it knows about, and the BDR/
DROTHER will return the favor and do the same. During this time the routers are
considered to be in the exchange state.

Once the DBDs

have been
exchanged and
ACKed the routers
will start
comparing the
information it has in
it´s LSDB. If there
is any newer
information in the
DBD (or
information missing
in the LSDB)
the router will send an LSR requesting more information. The routers are now
considered to be in Loading state.

The remote router responds with a LSU containing the requested information (the
LSU is then ACKed). Once all the LSR have been satisfied the routers are finished
and enters the Full State. Not until routers reach full state with each and other (or
two-way with DROTHER and Full with DR/BDR on multiaccess LANs) will they start
routing packets. Once all LSRs have been satisfied all routers in the area should
have the same LSDB.

● Brief Summary of OSPF Neighbour states:

○ Down: No active neighbours detected. (Sending Hello messages)

 ○ Init: Found Neighbour. (Received Hello message)
○ Two-way: Router sees it´s own Router-ID in a neighbours Hello
message.
○ ExStart: DR/BDR elections in process.
○ Exchange: DBDs sent.
○ Loading: populating the LSDB by sending and receiving LSRs and
LSUs.
○ Full: all LSRs have been answered so the LSDBes are syncronized .

○ Maintaining LSDBs

For OSPF it’s vital for all routers to always have an up to date LSDB, luckily this is a
fairly simple and straightforward process.

1. Router A discovers that one of it’s directly connected interfaces goes down, and
sends a triggered LSU to 224.0.0.6. The LSU contains an updated LSA for that
link with an incremented sequence number indicating that its new information.
2. The DR receives the LSU and sees that the LSA contained in it has a higher
sequence number then the one currently in the LSDB. So the DR processes and
updates the LSDB and floods out a new LSU to 224.0.0.5. The receiving routers then
ACK each LSA contained in the LSU with unicast LSAcks.
3. Any receiving router that is also connected to another network (in the same area) will
flood the update to that network, and this whole process starts over in that network.
4. The receiving router sees that the LSU contains an LSA with an incremented
sequence number, puts the new LSA in the LSDB and runs SPF to figure out how to
deal with the changes.

The routers that originates a LSA in to a network has a timer associated with that
specific LSA that determines when it needs to send a refresh to it´s neighbouring
routers. The receiving routers has a maxage timer for that LSA, which means that if a
refresh is not received with in 60 minutes (default) that LSA will be removed from the
LSDB. DBDs are sent every 30 minutes (default) to ensure that nothing for what ever
reason is missing in a any routers LSDB.

The SPF algorithm will be run every time any of these conditions are true:

○ The LSAs option field has changed

○ The LSA maxage is reached or set to max
○ The LSA header length field is changed
○ The content of the LSA has changed.

If a route that already exists in the routing table gets updated via a LSA that route will
still be considered valid until the SPF is done, but if a LSA advertises a new route it
will only be used after SPF is finished.

● OSPF Timers & Sequence numbers: timers and sequence numbers are vital for
OSPF operations and used to determine the age and newness of LSAs.
 A LSA is considered to be newer if any of the following conditions are true:

○ The LSA has a higher sequence number

○ The LSAs checksum number is higher (even though the sequence number is
the same)
○ The LSAs age = the maxage (it has been poisoned)
○ The LSA has a significantly younger age.

The link-state sequence number is a 32-bit HEX number located in the LSA header,
the first (lowest) sequence number used is 0x80000001. As time goes by this number
gets incremented and eventually it reaches the maximum 0x7FFFFFFF, the next
sequence number used after that will be 0x80000001 again. But When this happens
the existing LSAs age will be set to maxage (60min default) so it will be flushed and
resent.

Every time a LSA gets updated or refreshed (every 30 min) the sequence number
will get incremented, indicating it´s newer then the one that it´s currently in the areas
LSDB.

● Configuring OSPF:

I'm not gonna spend a lot of time on how to do basic OSPF configuration or
strategies on how to do it, start reading from page 209 for that.

○ Planning OSPF implementation:

■ Use a IP addressing scheme that allows and simplifies summarization.
■ Plan a topology with redundancy and document how the traffic should
flow if routes go down.
■ Plan where and how to designate areas, and what routers should be
ABR and ASBRs.

○ Basic OSPF configuration

■ Router OSPF process-id used to start a OSPF routing process,
process-id is only locally significant and does not need to match other
routers.
■ network ip-address wildcard area-id enables OSPF on an interface an
tells OSPF what networks to advertise and what areas to belong to.
○ Router ID: used to identify a OSPF router, a 32-bit number usually unique
fore the whole OSPF domain. More Info on how it is assigned can be found
here.

● OSPF on different network types:

○ Brief Summary: OSPF defines three different network types based on the
physical link type:

■ Point-to-Point: A network that directly joins only two OSPF routers.

■ Broadcast: A multiaccess broadcast network, such as Ethernet.
 ■ Nonbroadcast Multiaccess (NBMA): a network that supports
multiple OSPF routers but has no broadcast och multicast capabilities.
Examples of this is ATM, Frame-relay and X.25.

OSPF operates differently on all of these network types, especially when it

comes to DR/BDR elecitons, adjacency and multicasting.

● OSPF over Point-to-Point links: P2P-links joins two routers together over
for example a serial link running HDLC or PPP.

○ Neighbours are dynamically detected with Hello packets addressed to

224.0.0.5
○ DR/BDRs are not elected since there can only be two routers on the
link.
○ The routers form Full state adjacency's with each other.
○ Default hello and hold timers are 10 and 40 seconds respectively.

● OSPF on broadcast networks:

○ Neighbours are dynamically detected with Hello packets addressed to

224.0.0.5
○ DR/BDR elections are held.
○ DR/BDR form full state adjacency’s with each other and the
DROTHRs
○ The DROTHERs form full state adjacency’s with the DR/BDR but only
two-way with each other.

● OSPF over layer 2 MPLS VPN: is a Ethernet VPN usually provided by

the ISP that is totally transparent to the routers sending information over
it. This means that from OSPFs point of view this will work like any other
normal broadcast ethernet network and will look like two routers are directly
connected.

● OSPF over layer 3 MPLS VPN: uses layer 3 between the customer and
provider router, then all hops between that and the exiting provider router is
transparent to the customer routers. From the point of view of OSPF is sees
the providers edge routers like any other company network.

● OSPF over NBMA networks: as NBMA allows several routers on one

interface that doesn't natively support broadcast or multicast this creates
problems for OSPF adjacency's. Cisco routers running OSPF supports five
different NBMA modes all with their own way of coping with this problem.

○ Default Hello and Hold timers are 30 vs 120 seconds.

○ On default NBMA networks adjacencys are not formed dynamically.
○ Once adjacencys are formed DR/BDR will form but because all
routers usually doesn't have direct layer 2 connectivity this becomes
problematic.
Cisco routers running OSPF supports five different NBMA modes all
with their own way of coping with the problems of NBMA networks. Non-
broadcast and Point-to-multipoint are RFC standard modes, Point-to-
multipoint nonbroadcast, broadcast and point-to-point are Cisco proprietary
network modes. The mode is set on the interface using the ip ospf network
command.

● OSPF NMBA Modes:

○ Broadcast:

■ Cisco Proprietary
■ Makes WAN interface behave and look like a LAN.
■ One IP subnet
■ Multicast and Broadcast are emulated and work.
■ Adjacencys establish dynamically
■ DR/BDRs are elected.
■ Used in Full and partial mesh networks.

Emulates Broadcast and multicast functionality at the price of

higher CPU and bandwidth usage. If implemented on a partial
mesh network make sure DR/BDR has full connectivity with all
neighbour routers.

○ Non-broadcast:

■ RFC standard mode.

■ One IP subnet
■ Neighbours must be manually configured.
■ DR/BDR are elected.
■ DR/BDR must have full layer 2 connectivity with all
other routers in the network.
■ Used in Full and partial mesh networks.

If implemented on a partial mesh network make sure DR/BDR

has full connectivity with all neighbour routers and set priority
for DROTHERS to 0. For flooding to work all the packets
must be replicated for all the neighbours separately, taking up
bandwidth and CPU power.

● Point-to-multipoint:

■ RFC standard mode.

■ One IP subnet
■ Uses multicast to establish adjacencys dynamically
■ DR/BDRs are not elected, the router sends additional
LSAs with more information about neighbouring
routers.
■ Used in partial-mesh or star topology.
 ■ Must have broadcast enabled on the VCs.
■ Emulated Multicast and Broadcast.
■ Does not require full mesh netoworks.

Treats the nonbroadcast network as a series of p2p links,

makes configuration easier but has more overhead then non-
broadcast mode.

● Point-to-multipoint nonbroadcast:

○ Cisco Proprietary
○ Neighbours must be manually configured
○ DR/BDRs are not elected
○ Multicast and Broadcast is not allowed

Used when broadcast can’t be enabled on the VC.

● Point-to-Point:

○ Cisco Proprietary
○ Different IP subnet on every subinterface
○ No DR/BDR
○ Interfaces can be either LAN or WAN.

● OSPF LSAs: LSA are what OSPF uses to build up its LSDB and propagate network
changes trough out the domain, there are 11 different LSA, 8 are used 5 are
discussed in detail in the book.
All LSAs have a field in it´s header called link-state ID that contains different
information depending on what kind of LSA it is. The link-id can be seen when you
issue a show ip ospf database.

○ LSA type 1 (Router LSA): generated by every router for every area it is in.

■ Flooded with in the area.

■ Describes all the routers all directly connected interfaces to that area.
■ Link-state id = The originating routers Route-ID

The directly connected interfaces are described with a Link type number and
a Link-ID field:

1. = Point-to-point connection to another router

○ LSA type 2 (Network LSA): generated by DR of the multiaccess network,

containing information about the routers attached to that multiaccess network
and the subnetmask used.

■ Flooded in the area that the network belongs to.

 ■ Link-state ID = The DRs IP interface.

○ LSA type 3 (Summary LSA): generated by ABR, describes the route to the
area that the router is ABR for and what networks are in that area..

■ Flooded throughout the backbone and to other ABRs.

■ Not flooded in to totally stubby or totally stubby NSSA areas.
■ By default contains all networks from the ABRs Area unsummarized.
■ Link-state ID = The closest network to the backbone area that the
ABR is in.

When the ABR receives LSA type 1 from with in one area they are recent
in to the other area in a LSA type 3. Because OSPF does not automatically
summarize there can be several and huge LSA type 3 circulating in between
areas, making manual summarization an important task for the admin to
perform.

○ LSA type 4 (Route to ASBR LSA): generated when a ABR receives a LSA
type 1 from an ASBR with the external bit set to 1 (indicating its and ASBR).
Contains a route to and information about the ASBR.
 ■ Not flooded in to any kind of stub area.
■ Propagated by other ABRs.
■ Only ABRs that have a ASBR in one of it areas will generate a LSA
type 4.
■ Link-state ID = the router-id of the ASBR.

○ LSA type 5 (AS external LSA): generated by ASBR, describes routes

received from networks external to the current AS.

■ Not flooded to any stuby area.

■ Link-state ID = The external networks network number.

Because OSPF does not automatically summarize there can be several and
huge LSA type 5 circulating in between areas, making manual summarization
an important task for the admin to perform.

○ LSA Type 6 (Multicast LSA): used for multicasting.

○ LSA type 7 (LSA for NSSAs): used to propegate external routes through
NSSAs.

■ The link-state ID is the external networks network number.

○ LSA type 8 (External LSA for BGP): used to internetwork BGP and OSPF.

○ LSA type 9-11 (Opaque LSAs): designed for future use. You dont need to
know shit about these.

● External Routes: are routes pointing out of the OSPF domain (in to a EIGPR
network for example). These come in two different types, E1 and E2 depending on
how the cost gets treated.
 ● E1: routes get treated the same way normal internal OSPF routes
do in the sense that it´s cost get elevated for every link it traverses.
● E2: route costs stay the same throughout the domain, how ever many links it
traverses.

E1 should be used if there are more then one ASBR advertising routes to the same
destination to stop suboptimal routing for those destinations.

● OSPF LSDB Overload Protection: can be configured to act when to many (not self
generated) LSAs are kept in the LSDB.

max-lsa maximum-number [threshold-percentage] [warning-only] [ignore-time

minutes] [ignore-count number] [reset-time minutes].

○ maximum-number: Max non self generated LSAs that are allowed to be kept
in the LSDB.
○ threshold-percentage: (optional) at which percentage the warning message
will be generated. 75% is default.
○ warning-only: max-lsa will not act when the maximum is reach, instead it will
only send a warning.
○ ignore-time: if the maximum is surpassed for longer then one minute the
router will enter the ignore state in will remain in it for as long as ignore-time
specifies.
○ ignore-count: if the ignore state is entered into more then ignore-count
specifies the OSPF router will remain in the ignore state until admin manually
intervenes.
○ reset-time: if the ignore-count hasn't been incremented during the time
specified by reset-time the count will be reset.

Configuring Advanced OSPF Features

● OSPF Passive-interface: disables sending and processing received Hello packets

on a interface, but if the interface ip is cover with a network it will still be advertised
out other interfaces. OSPF sees a passive-interface as a stub-network.

Configured using the following router command:

○ passive-interface type number [default]

■ The default keyword sets all interfaces to passive by default,

interfaces that are not supposed to be passive will then have to be
 specified with a “no passive-interface” command.

● OSPF Default Route: is propagated using the default-information originate router

command.

It generates a LSA type 5 in to the OSPF domain, saying that all data for missing routes should be se

router which has this command issued will have static default route with a
nexthop address pointing to the ISPs router configured on it.
○ default-information originate [always] [metric value] [metric-typ typ]
[route-map name]

■ always: the router will always advertise a default route even if it does
not have one.
■ metric: the metric with which the route will be advertised, 10 by
default.
■ metric-type: External route type 1 or 2, 2 is default.
■ route-map: the default route is generated if the route-map is satisfied.

● OSPF Summarization: summarization is a vital part of any working large OSPF

network, it minimizes the size and amount of LSAs flooded trough the domain and
greatly reduces other areas getting effected when a route flaps in one area.

○ For summarization to be practical IP addresses must be assigned

continuously and in a planed order.

○ For OSPF if to work all routers in an area must have the same LSDB,
because of this no router that is only internal to one area can perform
summarization. It can only be performed on ABRs and ASBRs.

○ Interarea summarization: effects routes from one area going in to an other

area. Only performed by ABRs.

○ External route summarization: effects routes entering in to a OSPF domain

from an external domain. Generally only performed by ASBRs.
○ Just like anytime summarization is used it can create problems (suboptimal
routing) if not configured correctly.

● OSPF Interarea summarization is performed using the following router

command:

● area area-id range address mask [advertise | not-advertise] [cost

cost]

○ area-id: the area that original unsummarized routes belong to.

○ address: the network address for the summarization address.
○ mask: the subnetmask for the summarization address.
○ advertise: sets the address range status to advertise and
generate a type 3 summary LSA.
○ not-advertise: suppresses the type 3 LSA, making
the component notworks hidden from other networks.
○ cost: the cost the summarization route will be advertised with.

For this command to work the ABR must know of at least one network
which falls within the address mask span and is in the area specified.

● When a summarization route is specified when using OSPF, a route is

put in the routing table with the summarization network, subnet and a
next hop of null0. Because the summarization subnetmask will always
be less specific then the routes being summarized, nothing will be
forwarded to the null0 interface unless the summarization statement
covers routes that the router doesn't have routes for. So the null0
nexthop is put there to collect any packets that the router doesn't have
any routes for, this is done so that the packet isn't wrongly forwarded
to a gateway of last resort for example, this could create routing loops.

● OSPF external route summarization is performed using the following router

command:

● Summary-address ip-address mask [not-advertise] [tag tag]

○ address: the network address for the summarization address.

○ mask: the subnetmask for the summarization address.
○ not- advertise: Used to suppress routes that match the
address/mask pair
○ Tag: A tag value that can be used as a “match” value to control
redistribution via route maps.

■ Just like with interarea summarization external route summarization

generates a null0 static route.
● OSPF Virtual Links:

○ Normally area 0 has to be one continues area not separated by any other
area however if there are problems in the network causing area 0 to be split it
can be advantageous to be able to have area 0 traverse over a standard area
temporarily. Virtual links enables this.

● Virtual links can also be used to connect areas that for some reason have
become separated from area 0 (remember all areas must connect to area 0).
A configuration like till will make the OSPF process think Area 20 and 0 are
directly connected.

○ One virtual-link can only span over one area, multiple virtual-links must
be created to enable area 0 to connect over many standard areas.
○ The transit area the virtual link goes over can not be a stub area

○ Virtual links are configured using the following router command:

■ area area-id virtual-link router-id [authentication [message-digest

| null]] [hello-interval seconds] [retransmit-interval seconds]
[transmit-delay seconds] [dead-interval seconds] [[authentication-
 key key] | [message-digest-key key-id md5 key]]

● area-id: the area that the virtual link is to traverse.

● router-id: the router-id of the neighbouring virtual-link router.
● authentication: specifies that authentication is being used.
● message-digest: specifies that md5 is used.
● null: overrides the authentication if used on the transit area.
● hello-interval: default 10 seconds
● retransmit-interval: Specifies the time (in seconds) between
the hello packets that the Cisco IOS Software sends on an
interface. Default 10 seconds.
● transmit-delay: Specifies the estimated time to send an LSU
packet on the interface. LSAs in the update packet have their
age incremented by this amount before transmission. The
default value is 1 second
● dead-interval: Specifies the time that must pass without hello
packets being seen before a neighboring router declares the
router down. Default 40 seconds
● authentication-key: Specifies the password used by
neighboring routers for simple password authentication.
● message-digest-key: Identifies the key ID and key (password)
used between this router and neighboring routers for MD5
authentication.

○ Verifying Virtual-link operations: can be done using the command show ip

ospf virtual-links.

● Configuring OSPF Metrics: remember that the OSPF cost for a link is calculated
by dividing the reference-bandwidth (100mbit default) with the bandwidth for the
interface. So a 10mbit link would have a cost of 100/10=10.

○ If links faster then 100mbit is being used in the OSPF domain the reference
bandwidth should be changed using the following router command:

■ auto-cost reference-bandwidth ref-bw.

● OSPF uses the bandwidth configured on the interface for this calculation,
because this often defaults to a faulty value you should always configure it
manually with the following interface command:

○ bandwidth kb-bandwidth.

○ If you want to set the cost manually for a link this can be done using the
following interface command:

■ ip ospf cost cost-value.

● OSPF Area Types: remember that each OSPF area has it´s own LSDB, a ABR
(that belongs to more then one area) has one LSDB for every area it is in. We
have already talked about the difference between the backbone area type and the
standard area type. But we have not talked about the stub area types. As you soon
will see some of them were named by five stoned and dyslexic elves:

○ The main point of any stub area is to minimize LSDBs in an area by injecting
default routes into the area replacing more specific (but numerous routes),
because of this the area doesn't need (or get) any LSAs about links external
to the AS flooded in to it.

○ Note: Stub areas only affect how routes are injected in to the area, routes
within the area still work like normal. (With the exception of ASBRs)

○ A stub area will have less LSAs to process with the SPF algorithm.

○ There are two RFC-standard kind of stub areas, called stub and not so stubby
(NSSA) areas.

○ Cisco has designed their own proprietary stub-area variants (with different
features and capabilities) called Totally stubby and Totally Stubby NSSA.

Before we go to deep describing the different areas memorize these keywords and
what they mean and everything will be much simpler:

● Stub: means an area that only has default routes as the way to any network
external to the AS, because of this ASBRs are not allowed with in that area.
● Totally: means no routes for any network external to that area (or AS) is
allowed, only default routes.
● Not-so: means ASBRs are allowed

These keywords can then be combined to form the following combinations, giving the
area the specified combination of features:

● Stub Area: only has default routes to routes external to the AS, no ASBR
may exist in the area.
● Totally Stuby area: only has default route to anything outside of the area. No
ASBR may exist in this area.
● Not-so-stubby Area: only has default routes to routes external to the AS but
an ASBR may exist in that area.
● Totally-stubby NSSA: only has a default routes to anything external to that
area but ASBRs may exist in this area.

For an area to qualify as a any kind of stub area there are a few conditions that must
be fulfilled.

● Preferably only one ABR connects the the stub to the backbone.
● If multiple ABRs exists suboptimal routing will occur. However routing loops
should not occur.
 ● A stub area may not be a transit area for virtual links.
● All routers in the area must be configured as a stub, setting the stub area flag
to 1 in the Hello packet.
● A stub area may not be area 0.

LSAs
containing
routes for
external AS
gets
stopped by
the stub ABR.
Packets from
within the stub
destined for
the
external AS
will be
routed using
the default route.

All stub areas

generate the
default- route
needed to communicate with the other areas and ASes except for NSSA.
● Configuring OSPF Stub Areas:

○ Stuby Area: injects default-route for all routes external to the AS

1. Configure OSPF like normal

2. Add the following router command to all routers in the area
(including the ABR) to set the area to stuby.

● area area-id stub

○ area-id: the area id of the stubby area

○ stub: sets the stub flag in the hello packet
to 1, and stops the flooding of external LSAs
(external to the domain).

3. To set the metric of the injected default route use this router
command on the ABR. (Optional)

● area area-id default-cost cost

○ area-id: the area id of the stubby area

○ cost: the cost for the default route.
 Stubby areas can have the following OSPF routes in its routing table:

● Intra-area routes, marked with an O

● Inter-area routes, marked with O IA
● Default routes to networks external to the AS, marked with O*IA
● NO O E1 or O E2 routes for external networks.

○ Totally Stuby Area: injects default-route for all routes external to that Area.

1. Configure OSPF like normal

2. Add the following router command to all routers in the area

(except the ABR) to set the area to stuby.

● area area-id stub

○ area-id: the area id of the stubby area

○ stub: sets the stub flag in the hello packet
to 1, and stops the flooding of external LSAs
(external to the domain).

3. Add the following router command to the ABR only:

● area area-id stub no-summary

○ area-id: the area id of the stubby area.

○ no-summary: stops the flooding of summary
LSAs external to the area.

4. To set the metric of the injected default route use this router
command on the ABR. (Optional)

● area area-id default-cost cost

○ area-id: the area id of the stubby area

○ cost: the cost for the default route.

Totally stubby areas can have the following OSPF routes in its routing table:

● Intra-area routes, marked with an O

● Default routes to networks external to the area, marked
with O*IA
● NO Inter-area routes, marked with O IA
● NO O E1 or O E2 routes for external networks.

○ NSSA: enable having an ASBR with in a stuby area while still keeping all
other functions of a stuby area. It´s a non proprietary stub mode, that has
default routes as the way to any network external to the AS but has routes for
networks in other areas.
 The ASBR in the NSSA generates a special NSSA LSA type 7 containing
information about the external routes/networks. When the LSA type 7 reaches
the ABR for the NSSA it gets translated in to a LSA type 5 which gets
propagated in to area 0 like any normal LSA type 5. The type 7 LSA will
show up in the LSDB for the NSSA area marked O N2 or O N1.
■ N = Nssa.
■ 1 = External route type 1 (the cost is elevated for every link it transits)
■ 2 = External route type 2 (the cost is always the same, this is default)

1. Configure OSPF like normal

2. Define the area as a NSSA by issuing the following router
command on all routers in the NSSA:

● area area-id nssa [no-redistribution] [default-

information-originate] [metric metric-value] [metric-
type type-value] [no-summary]

○ area-id: the area-id of the NSSA.

○ no-redistribution: Used when the router is
an NSSA ABR and you want the redistribute
command to import routes only into the
standard areas, but not into the NSSA area.
○ default-information-originate: Used only on
the ABR to generate a default-route to other
ASes.
○ metric-value: the metric for the default route.
○ type-value: what kind of the injected default-
route will be external 1 or 2.
○ no-summary: used on totally stubby NSSA.

● Totally NSSA: enables having an ASBR in a totally stubby area (area that
only uses default routes to reach other areas or other AS)

1. Configure OSPF like normal

2. Define the area as a NSSA by issuing the following router
command on all routers in the NSSA except the ABR:

● area area-id nssa [no-redistribution] [default-

information-originate] [metric metric-value] [metric-
 type type-value] [no-summary]

○ area-id: the area-id of the NSSA.

○ no-redistribution: Used when the router is
an NSSA ABR and you want the redistribute
command to import routes only into the
standard areas, but not into the NSSA area.
○ default-information-originate: Used to
generate a type 7 default LSA into the NSSA
area.
○ metric-value: the metric for the default route.
○ type-value: what kind of the injected default-
route will be external 1 or 2.
○ no-summary: used on the ABR on totally
stubby NSSA.

3. On the ABR only at the no-summary from the previous step.

So to quickly recap:

● Stuby areas:
○ area area-id stub, on all routers in the stuby area.

● Totally stuby areas:

○ area area-id stub no-summary on the ABR.
○ area area-id stub, on all other routers in the totally stuby area.

● NSSA:
○ area area-id nssa default-information-originate on the ABR.
○ area area-id nssa, on all other routers in the NSSA.

● Totally NSSA:
○ area area-id nssa no-summary on the ABR.
○ area area-id nssa, on all other routers.

● OSPF Authentication: is used to verified that the LSAs are coming from a trusted
router and hasn't been altered, NOT to keep the LSAs confidential.

○ Simple password configuration: use the following interface command

■ ip ospf authentication, enables simple password authentication.

■ ip ospf authentication-key key, sets the key (password) to use.

○ MD5 configuration: uses the following interface commands

■ ip ospf authentication message-digest, enables MD5

authentication.
■ ip ospf message-digest-key key-id md5 key, sets the password
 (key) and identifies it with a number (key-id)

default-information originate
show ip ospf
show ip ospf interfacE [brief]
show ip osif neigbour
ip ospf priority priority (interface command)

Link-state data structures page 196

http://cisco.ccxx.net/cisco/tech/protocol/2004/0912/1723.html
Hello 10s on multicast, dead time = hello x 4
Default priority 1
priority = 0 (wont get elected)
DR/BDR election proccess
224.0.0.5 = all OSPF routers on the link
2240.0.6 = DR and BDR on the link
LSrefresh every 30min
maxage 60min
no auto-summarization of any kind, only manual.

Which two statements are correct about OSPF route summarization?

The metric of the summary route is equal to the lowest cost network within the summary
address range.