OSPF

​Concept Recap:

● Protocol Number = 89, TTL=1, DES IP = 224.0.0.5 & 6

● Network Types:
○ PTP:
■ No DR, BDR and ospf packets are sent to MC address.
○ Broadcast: (ethernet, token ring, FDDI)
■ DR, BDR election occurs and communicates using .5 and .6
address.
■ DR and BDR listen to .5 and .6 addresses.
○ NBMA network: (Frame relay, ATM)
■ Manual configuration of neighbors and DR/BDR.
■ All communication via unicast
○ Point to multipoint:
■ No DR and BDR. Neighbor statement not necessary.
■ Unicast
○ Virtual link:
■ Packets are unicast.
● OSPF packet types:
○ Hello – type 1
○ Database description – type 2
○ LS request – type 3
○ LS update – type 4
○ LS ACK – type 5
● To bring neighborship up, following fields should be matched:
○ Hello interval, Dead interval, area ID, network mask, option fields and
authentication, if any
● Neighborship will not form via secondary address. Other words, router will not
generate hello packet with SRC IP = secondary IP.
● DR/BDR election:
○ Highest Priority
○ Tie, highest router ID
○ Tie, highest interface address.
○ No preempt. So, first come will elect as DR, BDR, DRother. So, always
start the router which has to be DR and then BDR and then other routers.
 ○ Priority=0 means ineligible to become DR/BDR.
○ When interface comes up, it sets DR,BDR to 0.0.0.0 and wait for ‘wait
timer’= router dead interval. Within that period, if it receives hello with
DR/BDR filled, accept those. Else if the time period elapse, move to BDR
and then to DR.
● Timers:
○ Default H=10 sec and D= 40 sec
○ InfTransDelay = 1 sec. change by “ip ospf transmit-delay’
○ RxmtInterval = 5 sec. Change by “ip ospf retramit-delay’
● Neighbor state machine:
○ Down: at initial
○ Attempt: Only in NBMA
○ Init: Hello packet received. But couldn’t see our ID in its active neighbor
list.
○ 2-way:Could see our ID in neighbor list
○ Exstart: Start electing master/slave to exchange DBD packets. Highest
router ID becomes master.
○ Exchange: exchange the LSA headers using DBD packets.
○ Loading: Syn the LSD using LS request and LS update. In real scenario,
both Exchange and loading occurs parallel.
○ Full: Database was sync-ed.
● DBD packet:
○ Have Interface MTU settings.
○ Initial(I) bit, More (M) bit and Master/Slave (MS) bit
■ First DBD packet sent with I/M/MS = 1/1/1 with seq =x
■ Neighbor sends DBD with I/M/MS = 1/1/1 with seq = y
■ After master selection, slave send DBD with I/M/MS = 0/1/0 with
seq = master seq + 1.
● Retransmission packets are always unicast.
● Use stub concept and summarization to reduce memory and CPU utilization.
● Sequence number, checksum and age uniquely defines as LSA:
○ Seq #:
■ From 0x80000001 to 0x7fffffff
■ If the seq# reaches 0x7ffffff, router flushes those LSA with age =
MAXage.
○ Checksum:
■ Calculated entire LSA except age field.
■ Checksum is verified every 5 mins as it resides in LSD.
○ Age:
 ■ 0 to 3600 (1 Hr-MaxAge)
■ Age increments when it resides in LSA and also incremented by
‘Infdelay’ value as it transits an interface.
● Virtual Links:
○ Must be configured between 2 ABRs alone.
○ Transit area must have full routing information.
○ Transit area cannot be stub.
○ Usually it is the worst design and needs to be changed.
○ Can temporarily deploy to avoid partitioned area.
● LSA types:
○ Router LSA:
■ Type-1. Generated by all routers with all active networks which has
ospf configured.
■ Show ip ospf database router
■ LSAs are flooded within an area only.
■ Above command should have same output in all routers in an area.
Seq #,checksum etc should be same.
○ Network LSA:
■ Type-2: Generated by the DR with network ID of the BC network.
■ Show ip ospf database network
■ No metric field as in router LSA.
■ LSAs are flooded within an area only.
○ N/w summary LSA:
■ Type-3: Generated by ABR to advertise the networks in another
area.
■ If there are multiple routes to a destination, ABR advertise only the
lowest cost route to its area along with cost metric.
■ Means, intra area routers use distance-vector protocol to know
about inter-area routes.
■ Show ip ospf database summary
○ ASBR summary LSA:
■ Type-4; Same as summary LSA except the destination advertised
by ABR is ASBR.
■ Show ip ospf database asbr-summary
○ AS external LSA:
■ Type-5; Advertise routes external to OSPF domain.
■ Typically redistribution of RIP, ISIS etc
■ Show ip ospf database external
■ Not associated with any area.
 ○ Group-Membership LSA:
■ Type-6; Used in MOSPF- multicast ospf
○ NSSA external LSA:
■ Type-7; originated by ASBR within NSSA
■ Show ip ospf database nssa-external
■ Flooded within NSSA region only.
■ ASBR can set/reset “P-bit” under “options field” of every LSA.
■ Only if NSSA-ABR receives type-7 LSA with P-bit set, it will
translate into type-5 LSA and flood to other areas.
○ External Attribute LSA:
■ Type-8. Can be used as alternative to iBGP
■ Not deployed yet.
○ Opaque LSA:
■ Type- 9,10,11
■ Extension to OSPF. Used for TE in MPLS.
● Areas:
○ Backbone area:
■ Area-0. Need for inter-area communication.
■ If there is only one area, no need for area-0
■ All types of LSAs except type-7 can be seen.
○ Stub area:
■ Single exist point for inter-area communication. But still can have
more than one ABR.
■ Have info about OSPF domain areas. Both intra and inter-area
routes.
■ No info about external (other domain) routes. Hence, ABR sends a
default route.
■ Type-1,2 and 3 LSAs can be seen.
■ All the routers should have “E-bit” set to 0 in their hello packets to
form adjacency.
■ Command: “area x stub”
○ Totally stubby area:
■ Router has info about its area alone. No info about inter-area
routes.
■ Can see type-1, type-2 LSAs and single default route type-3 LSA
by ABR.
■ Command: ‘area x stub no-summary’
○ NSSA:
 ■ Same property as stub area (not totally-stub area) with exception of
allowing other domain routes as Lype-7 LSA.
■ No default route from ABR. (unless ‘default-info originate’ CLI
configured where N2 default route (or) ‘area x nssa no-summary’
configured. In later, IA routes will not be available and default route
has IA tag)
■ when there are more than one ABR for NSSA, which one would
translate T7 to T5 LSA? The one with the highest router ID
■ Can see Type-1,2,3,4 and type-7 LSAs.
■ Command: ‘area x nssa’.
● Path types:
○ Intra-area paths
○ Inter-area paths. Denoted by “IA” in show ip route.
○ E1:
■ Cost = advertised by ASBR + cost to ASBR
○ E2:
■ Cost = advertised by ASBR. Enabled by default.
■ If there is only one ASBR in OSPF, there is no necessity of adding
cost to ASBR. Hence E2 is default.
■ If there are more than on ASBR, enable E1.
● Authentication:
○ No authentication: Type-0
○ Simple password: Type-1
○ MD5 password: Type-2
● Few points:
○ Router LSA of ABR will have “B-bit” set in router-lsa packet
○ Router LSA of ASBR will have “E-bit” set in router-lsa packet
○ When NSSA ABR, translates type-7 LSA to type-5 LSA, it advertise with
“Advertising Router” field set to its own router ID and it changes to ASBR.
It could be confirmed by seeing “E” bit set in router LSA packet.
○ “Options field” in OSPF hello, DBD and every LSA: From MSB
■ DN – used in MPLS VPN. To detect loop.
■ O- Set to indicate routers’ opaque LSA support.
■ DC- OSPF over Demand circuit.
■ EA – external attribute support
■ N/P bit
■ N bit in hello: Set to indicate support for NSSA external
LSAs. Mismatch will not bring adjacency
 ■ P-bit in NSSA external LSA header: to inform ABR to
translate T-7 to T-5 LSAs.
■ MC – set to indicate multicast ospf capability
■ E – E bit=0 to indicate stub area.
■ MT – set to indicate Multi-topology OSPF support. Under
development.
● Troubleshooting point of view: few
○ Neighborship not coming UP:
■ Check for Hello packet parameter match
■ Network ID in correct area??
■ Access-list blocking OSPF packets??
■ Packet dropped on the way to CP incase if interface multicast count
is incrementing??
■ Check Stub-area configuration?? Virtual link via stub area??
○ Neighborship UP but no advertised routes in database:
■ Enable debug and check for LSupdate packets.
○ Routes in OSPF database but not in routing table:
■ Routes via another protocol which has AD less than OSPFs??
■ One end of router has “ip ospf network PTP’ whereas other end
router has default BC network type.
■ In case of external routes not installed in routing table, check
whether the forwarding address is reachable. If not, configure
‘suppress-fa’ option at the NSSA ABR.
○ If an LSA has less age or high sequence number among others, we need
to look for why this network was keep flapping and flooding updates. Might
be reason for high CPU utilization.
● Observations:
○ ABR with area-1 and area-2 only.
■ Routes from area-1 are not leaked into area-2 using type-3 network
summary LSA.
○ Authentication:
■ Configure ‘ip ospf authentication’ to change to type-1. No
user-defined password possible.
○ For loopback IP to become router-id either remove and reapply the ospf
configuration or configure ‘router-id’ command.
○ DBD packet can have multiple LSA headers each can be of different
type.(T1/T2)
 ○ When we change the network type to ‘point-point’, the interface will send a
hello with DR,BDR =0 and no neighbor IDs in active neighbor field. This
makes other end router to move to init.
○ In BC network: DBD, LS request and LS updates are exchanged via
unicast. LS update (repeat) and LS ACK are sent to 224.0.0.5
○ In PTP, all communications via 224.0.0.5
○ Changing hello packet parameters (hello interval, dead interval etc) on
one end makes the other end router to ignore those hello packets which
has modified parameters.
○ Both side of router configured with priority =0 with default n/w type, they
will stuck in 2way/DRother.
○ In an already existing stub network, if we change to totally stub, border
router send an update with IA routes’ age= 3600 for flushing from
database. Same as in ‘clear ip ospf process’
○ Redistributing RIP to ospf in a router which is inside a stub network:
■ “%OSPF-4-ASBR_WITHOUT_VALID_AREA: Router is currently an
ASBR while having only one area which is a stub area”
○ Summarization has no effect of external routes (E1/E2).

OSPF Troubleshooting/Best practices

Problem :OSPF full neigborship is not coming up between routers
Cause :
1. Hello and Dead timer or Area ID, Authentication password/type/key or Area type are mismatch
between router.
2. Trying to build OSPF neigborship on secondary address.
4. OSPF not enabled on correct interface or network command is wrong.
5. Network type is NBMA and no neigbor map configured with broadcast option.
6. High CPU or OSPF packet is dropped by interface due to queuing or high rate or hardware issue from
interface to CPU path.
7. Mismatch Subnet mask is configured.
8. "passive interface <> " is configured under "router ospf"for the interface.
9. Mismatch Network type is configured.
10. Router is configured with ip ospf priority 0 on router.
11. Neighborship is getting built over virtual link on sutb area.

OSPF stuck in INIT (one way hello)

​ ulticast is broken or layer 2 problem.
M
Access-list is blocking ospf multicast address.
OSPF hello packet getting NAT translated.
Layer 2 is broken.
OSPF stuck in 2-WAY
​Normal on ethernet broadcast.
Layer 2 is broken.
All routers are configured with priority 0 so there will not be any election.

OSPF stuck in EXSTART/EXCHANGE

​ TU mismatch between neighbor
M
Duplicate router-ID between routers.
Packet loss can also cause to stuck.
Access-list is blocking unicast communication between router.

OSPF stuck in LOADING

​Neigbor is sending bad packet or corrupt packet due to memory.
LS request packet is not accepting by neighbor and ignoring.

Debug command :
debug ip ospf adj

Solution:
a) Make sure hello-dead/ area id, area type,authentication type/password are correct and same.
b) Make sure MTU is same on both router.
c) Make sure neigbor command is configured on remote router with broadcast.
d) Make sure OSPF neigborship build on primary address.
e) Access-list /control plane is not dropping the packet and allowing OSPF multicast and interface ip
address communication.
f) Subnet mask should be same on the router.
g) Make sure no corrupted OSPF packet received.
h) Make sure passive interface is not configured under "router ospf".
i) Make sure Virtual -link is not configured over stub area.

Problem : Route is flapping across the network in OSPF.

Cause : Link flapping on the router.
Solution:
a) Use summarization on the router to reduce the impact of flapping route.
b) Use" ip event dampening " on the interface.

Problem : OSPF Route is not learnt in OSPF database.

Cause:
1) Originating router not generating LSA.
2) Routes are redistributed in stub areas.
3) LSA filter-list is configured on ABR.
Solution:
a) Make sure OSPF adjacency is up.
b) Make sure redistribution is used with subnet keyword as well.
e) Do not redistribute external routes in stub area.
f) Make sure LSA are not filtered.

Problem : OSPF Route is not installed in routing table.

Cause :
1) Distribute list is configured.
3)Network type mismatch between router.
4) Adv-router not reachable msg.
5)One side is numbered and the other unnumbered (O, O IA, O E1,O E2).
6)ip addresses are flipped, dual serial (O, O IA, O E1, O E2).
7) Forwarding address is not known or is known via external/static (O E1, O E2) - route s sum
and redistribute conn?
8) Backbone area became discontigous (O, OIA, OE1, OE2)
9) OSPF is enabled on secondary but not on primary.

Solution:
a) Make sure distribute-list is configured correctly.
b) Make sure forwarding address is reachable for external route.
c) Make sure forwarding address is not even reachable but also should be learned via inter area and intra
area.
c) Make sure network type is correct on both sides.
d) Make sure there is no backbone partition.

Problem : SPF is running constantly on OSPF router and CPU HOG.

Cause:
1) LSA flapping due duplicate router ID/IP address.
2) Constantly Link flapping in an area.

3)All LSA refresh every 30 min (bad!)•4

4)Timers of each LSA get sync (worse!)
5)With group pacing only LSAs that reach max-age get refreshed periodically

Debug:​​debug ip ospf monitor

show ip ospf stati
show ip ospf database database-sum

Solution:
a) Use sumarization inter area or external routes on the router if too many.
b) Use" ip event dampening " on the interface.
c) Make sure no duplicate router id is on the network.
d) Make sure links are stable on the network. If links can not stay stable, use summarization.
c) Interval is configurable

Problem : OSPF Neighbor is flapping between router.

Cause:
1. Output and input queue drops/error/crc on the interface.
2. Interface is flapping .
3. High CPU on the router.
4. OSPF hello packet is dropping on the platform between interface and CPU.

Solution:
a) Make sure no high CPU.
b) Interface is stable and no packet drops on the interface due to error/crc/input error/input queue/output
drops.
c) No packet drops on the line card and platform.

Problem : NSSA ABR not translating Type 7 LSA

Cause:

Solution:
a) hard code the NSSA type 7 translator by using command "area 1 nssa translate type7 always"

Problem: GRE Tunnel OSPF adjacency is flapping

Cause:
1) Tunnel destination are learning over the Tunnel.

Solution :
a) Make sure tunnel destination is not learn over the OSPF adjacency.

Problem : Sequence number mismatch.

Cause :
1. LSA should one of 5 LSAs
2. If LSA is type 5 and the neighbor is associated with a stub area
3. If one of the options change
4. If the state of MS bit is inconsistent with master slave connection
5. If the I-bit is set
6. If the master receives a DBD packet after a dead interval
7. If the requested LSA is not found, then something has gone wrong with the database exchange.

debug ip ospf adjacency

Solution:

Problem: OSPF: Could not allocate router id

Cause:
1)Common new install problem.
2)If no interface up/up with valid ip address.
3)if no ip addresses assigned.
Solution:
1)Configure a loopback with an ip address.

Problem: OSPF unknown routing protocol

Cause:
1)OSPF is not supported on low end platform
2)For 1000 and 1600 routers download plus version
3)800 routes are not supported to run ospf

Problem:OSPF not sending hellos on async interface

Cause:
1)‘async default routing’ is not configured under the interface

Problem: OSPF not redistributing default static route

Cause:
1)Need default-information originate to propagate default

Problem: OSPF-4-ERRRCV msg on the console

Cause:
1)Mismatch area ID, BAD Checksum etc

Options
Normal area: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0xBC4 opt 0x2 flag 0x3 len 492
E bit is 1, Allow externals, option: 0x2(HEX) = 00000010(Bin)
Stub area: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x1866 opt 0x0 flag 0x3 len 372
E bit is 0, no external allowed, options: 0x0 = 00000000
MC not supported - ospf ignore lsa mospf command
NSSA: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x118 opt 0x8 flag 0x3 len 372
N/P bit is on, options: 0x8 = 00001000
EA not supported yet
Demand circuit : OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x1A1E opt 0x20 flag 0x3 len 392
DC bit is negotiated, options: 0x20 = 00100000

* * DC EA N/P MC E *
Flags
Useful in debugging, defines I, M and MS bits
OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0xBC4 opt 0x2 flag 0x3 len 492
Flag 0x7--> 111 means I(Initial) = 0, M = 1(More), MS = 1(Master)
Flag 0x6 --> 110 not possible
Flag 0x5 --> 101 not possible
Flag 0x4 --> 100 not possible
Flag 0x3 --> 011 means master has more data to send
Flag 0x2 --> 010 means slave has more data to send
Flag 0x1 --> 001 means master has no more data left to send
Flag 0x0 --> 000 means slave has no more data left to send
00 00 I MM

OSPF Facts
● Highest IP address ABR routes convert the type7 into type 5.
● Default route is not generated by default in area nssa unless "are nssa <> default originate "
configured.
● Totally stubby NSSA area generate the default route by default.
● DR/BDR does not support the preempt therefore if DR fails BDR will become DR new BDR will be
connected. DR does not become DR even when it is high priority.
● With "ip ospf priority 0" router does not participate in DR/BDR.
● OSPF behaves as distance vector protocol when multiple area in use.
● Highest priority/IP address becomes the DR/BDR.
● OSPF hellos are always send from primary interface.

OSPF Troubleshooting commands

Show ip ospf neighbor
show ip ospf neigbor detail
show ip ospf
show ip ospf database
show ip ospf interface
show ip ospf database database-summary
show ip ospf virtual-link
show ip ospf database self-originate.
show ip ospf database adv-router
show ip ospf statistics
show ip ospf request-list
show ip ospf bad
debug ip ospf adj
debug ip ospf monitor