You are on page 1of 54

Classful and Classless Classful Routing Protocols Classful routing protocols do not send subnet mask information in routing

updates. The first routing protocols such as RIP, were classful. This was at a time when network addresses were allocated based on classes, class A, B, or C. A routing protocol did not need to include the subnet mask in the routing update because the network mask could be determined based on the first octet of the network address. Classful routing protocols can still be used in some of today's networks, but because they do not include the subnet mask they cannot be used in all situations. Classful routing protocols cannot be used when a network is subnetted using more than one subnet mask, in other words classful routing protocols do not support variable length subnet masks (VLSM). There are other limitations to classful routing protocols including their inability to support discontiguous networks. Classful routing protocols, discontiguous networks and VLSM will all be discussed in later chapters. Classful routing protocols include RIPv1 and IGRP. Classless Routing Protocols Classless routing protocols include the subnet mask with the network address in routing updates. Today's networks are no longer allocated based on classes and the subnet mask cannot be determined by the value of the first octet. Classless routing protocols are required in most networks today because of their support for VLSM, discontiguous networks and other features which will be discussed in later chapters. In the figure, notice that the classless version of the network is using both /30 and /27 subnet masks in the same topology. Also notice that this topology is using a discontiguous design.. Classless routing protocols are RIPv2, EIGRP, OSPF, IS-IS, BGP.

Fault Tolerant Network Architecture
, Posted in Tutorials , 0 Comments

The Internet, in its early inception, was the result of research funded by the United States Department of Defense (DoD). Its primary goal was to have a communications medium that could withstand the destruction of numerous sites and transmission facilities without disruption of service. It only follows that fault tolerance was the focus of the effort of the initial internetwork design work. Early network researchers looked at the existing communication networks, which were primarily for the transmission of voice traffic, to determine what could be done to improve the fault tolerance level.

Circuit Switched Connection-oriented Networks To understand the challenge that the DoD researchers were faced with, it is necessary to look at how early telephone systems work. When a person makes a call using a traditional telephone set, the call first goes through a setup process, where all of the telephone switching locations between the person and the phone set that they are calling are identified. A temporary path, or circuit, is created through the various switching locations to use for the duration of the telephone call. If any link or device participating in the circuit fails, the call is dropped. To reconnect, a new call must be made, and a new circuit created between the source telephone set and the destination. This type of connection-oriented network is called a circuit-switched network. Early circuit switched networks did not dynamically recreate dropped circuits. In order to recover from failure, new calls had to be initiated and new circuits built end-to-end. Many circuit switched networks give priority to maintaining existing circuit connections, at the expense of new circuit requests. In this type of connection-oriented network, once a circuit is established, even if no communication is occurring between the persons on either end of the call, the circuit remains connected and resources reserved until one of the parties disconnects the call. Since there is a finite capacity to create new circuits, it is possible to occasionally get a message that all circuits are busy and a call cannot be placed. The cost to create many alternate paths with enough capacity to support a large number of simultaneous circuits, and the technologies necessary to dynamically recreate dropped circuits in the event of a failure, led the DoD to consider other types of networks. Packet Switched Connectionless Networks In the search for a network that could withstand the loss of a significant amount of its transmission and switching facilities, the early Internet designers reevaluated early research regarding packet switched networks. The premise for this type of networks is that a single message can be broken into multiple message blocks. Individual blocks containing addressing information indicates both their origination point and their final destination. Using this embedded information, these message blocks, called packets, can be sent through the network along various paths, and can be reassembled into the original message upon reaching their destination. Utilizing Packets The devices within the network itself are unaware of the content of the individual packets, only visible is the address of the final destination and the next device in the path to that destination. No reserved circuit is built between sender and receiver. Each packet is sent independently from one switching location to another. At each location, a routing decision is made as to which path to use to forward the packet towards its final destination. If a previously used path is no longer available, the routing function can dynamically choose the next best available path. Because the messages are sent in pieces, rather than as a single complete message, the few packets that may be lost in the advent of a failure can be retransmitted to the destination along a different path. In many cases, the destination device is unaware that any failure or rerouting has occurred. Packet-switched Connectionless Networks The DoD researchers realized that a packet switched connectionless network had the features necessary to support a resilient, fault tolerant network architecture. The need for a single, reserved circuit from end-to-end does not exist in a packet switched network. Any piece of a message can be sent through the network using any available path. Packets containing pieces of messages from different sources can travel the network at the same

time. The problem of underutilized or idle circuits is eliminated -- all available resources can be used at any time to deliver packets to their final destination. By providing a method to dynamically use redundant paths, without intervention by the user, the Internet has become a fault tolerant, scalable method of communications. Connection-oriented Networks Although packet-switched connectionless networks met the needs of the DoD, and continue to be the primary infrastructure for today's Internet, there are some benefits to a connection-oriented system like the circuitswitched telephone system. Because resources at the various switching locations are dedicated to providing a finite number of circuits, the quality and consistency of messages transmitted across a connection-oriented network can be guaranteed. Another benefit is that the provider of the service can charge the users of the network for the period of time that the connection is active. The ability to charge users for active connections through the network is a fundamental premise of the telecommunication service industry.

====================================================================================

Cisco OSPF and JunOS Basic OSPF connectivity
, Posted in CiscoIOS vs Juniper , Tutorials , 0 Comments

Let’s set up a basic OSPF adjacency between JunOS and IOS. I’ve got the following simple topology:

The good thing here is that the configs shown will show the difference between JunOS and IOS as theactualconfigurationgoalisthe same for both. The Cisco config is as follows:

Router>conf t

#int fa0 #ip address 192.168.1.2 255.255.255.0 #int lo100 #ip address 172.16.10.1 255.255.255.0

#router ospf 1 #network 192.168.1.0 0.0.0.255 area 0 #network 172.16.10.0 0.0.0.255 area 0 #exit

Now

onto

JunOS:

root@Olive>configure # set interfaces em1 unit 0 family inet address 192.168.1.2/24 # set interfaces lo0 unit 100 family inet address 172.16.20.1/24

# edit protocols ospf area 0 # set interface 192.168.1.1 # set interface 172.16.20.1

Let’s

see

what

we

see

on

the

Cisco:

Router#sh ip ospf neighbor

0/16 is variably subnetted.1.0.16.Neighbor ID Interface 172.168.1. metric 2 > to 192.10. 2 masks O O C C 172. Loopback100 192.16.16.1.168. FastEthernet0 172.10.20.16.1 1 36 root@Olive>show route 172.1. 00:00:25.1.168.16.1 FastEthernet0 Pri State Dead Time Address 128 FULL/BDR 00:00:34 192.20.168.2 Interface State ID Pri em1. FastEthernet0 172.0 .0/24 is directly connected.20.1/32 *[OSPF/10] 00:09:05. 3 subnets.2 via em1. FastEthernet0 What about the Olive? root@Olive> show ospf neighbor Address Dead 192.1.168.1/32 [110/1] via 192.0/24 is directly connected.1 Router#sh ip route 172.1.0/24 [110/1] via 192.1. 00:00:25.0 FULL 172.168.16.10.16.

168.2 to 192.1 .0/24 subnet.1.168. We’ve been tasked with configuring DHCP to give out addresses in the 192.0/24 #network 192.100. Posted in CiscoIOS vs Juniper . The lease time should only be 1 hour.1. Tutorials .255.1 This is how we do it on the IOS we know and love: >conf t #ip dhcp pool 192.168.1.1.168.168.1.1.1. and the default gateway should be 192.168. both routers can ping both loopbacks :) Quick DHCP server Setup on IOS and JUNIPER OS JUNOS . 0 Comments Let’s say we need to setup a quick DHCP server on IOS and JunOS.50 as this has been hardcoded in the local fileserver.0 255.255.And yes.1. We’ve also been asked to not give out 192.0 #default-router 192. but only from 192.168.168.

168.100 # set pool 192.101 192.0/24 exclude-address 192. and so DHCP requests won’t get through (as they are broadcasted).1 #ip dhcp excluded-address 192.1. This server is on another subnet.168.1.1.168. but I wanted a quick and dirty comparison between the 2. Consider the following topology: .168.1.168. like domain name and so on.2 high 192.1.168.168.#lease 0 1 #exit #ip dhcp excluded-address 192.1.0/24 address-range low 192. Let’s now say that we do have a DHCP server.168. Remember that you will need an interface in the scope on either router in order for DHCP to actually work.1.1.1 # set pool 192.168.50 Now on JunOS: > configure # edit system service dhcp # set default-lease-time 3600 # set router 192.50 There are extra things you can add to both.1.1.255 #ip dhcp excluded-address 192.168.

1. > configure # set forwarding-options helpers bootp interface em1 . This is how it’s done. All you need to do is put the following command on the interface receiving the broadcast. rather you specify which interface will be receiving the broadcast. On IOS it’s extremely simple.1.Both IOS and JunOS allows you to configure the router as a DHCP relay agent. The configuration is not put on a particular interface. In this topology it’ll be the interface connected to the switch and workstation the user is on >conf t # int fa0 # ip helper-address 10.1 On JunOS it’s just as simple.

and the area-id should be set to 0. link-state routing protocol. ATM). network types and subnet masks must match. The current version of OSPF for IPv4 is OSPFv2 introduced in RFC 1247 and updated in RFC 2328 by John Moy. The OSPF router ID is used to uniquely identify each router in the OSPF routing domain.1.1 OSPF . 0 Comments OSPF (Open Shortest Path First) is a classless. OSPF Hello packets are sent every 10 seconds on multiaccess and point-to-point segments and every 30 seconds on non-broadcast multiaccess (NBMA) segments (Frame Relay. The OSPF Hello packet is used by OSPF to establish neighbor adjacencies. The Dead interval is four times the Hello interval.25. Posted in OSPF . which means that it does not have to match other OSPF routers in order to establish adjacencies with those neighbors. Dead interval. For multiaccess and point-to-point segments. The network command used with OSPF has the same function as when used with other IGP routing protocols. X. their Hello interval. OSPF is enabled with the router ospf process-id global configuration command.# set forwarding-options helpers bootp server 10. In 1999. this period is 40 seconds. OSPFv3 for IPv6 was published in RFC 2740. OSPF has a default administrative distance of 110.1. as OSPF packets are sent directly over IP. OSPF does not use a transport layer protocol. and is denoted in the routing table with a route source code of O. Cisco routers derive the router ID based on three criteria and with the following precedence: . The Dead interval is the period of time an OSPF router will wait before terminating adjacency with a neighbor. The show ip ospf neighbors command can be used to verify OSPF adjacencies. For routers to become adjacent. but with slightly different syntax. the Dead interval is 120 seconds. For NBMA networks. Router(config-router)#network network-address wildcard-mask area area-id The wildcard-mask is the inverse of the subnet mask. By default. by default. The process-id is locally significant.

Specifically. The OSPF router mode command. the router chooses highest IP address of any of its loopback interfaces. including the creation of multiple adjacencies . If no loopback interfaces are configured. This can be superseded by the ip ospf priority command on that interface. Use the IP address configured with the OSPF router-id command. 2. All routers send their LSAs to the DR. faster convergence generally means less stable and scalable network and vice versa. Tuning OSPF Performance . the router ID and the networks the router is advertising. and next-highest the BDR. In general. which then floods the LSA to all other routers in the multiaccess network. The show ip protocols command is used to verify important OSPF configuration information. A priority value of "0" means the router is ineligible to become the DR or BDR. the ip ospf priority is "1" on all multiaccess interfaces. If the router-id is not configured. All other routers are known as DROthers. LSA group pacing. and LSA generation/SPF throttling. A default route is propagated in OSPF similar to that of RIP. Tutorials .e. . which in turn makes it less stable. the router chooses highest active IP address of any of its physical interfaces. and scalability as the property of the routing protocol to remain stable and well-behaving as the network grows. 0 Comments In this blog post we are going to discuss some OSPF features related to convergence and scalability. the router with the highest priority value is the DR. these two properties are reciprocal.one adjacency for every pair of routers. The router with the highest router ID is the DR. let’s define convergence as the process of restoring the stable view of network after a change. A BDR (Backup Designated Router) is elected to take over the role of the DR should the DR fail.defaultinformation originate is used to propagate a static default route. i. we are going to discuss Incremental SPF (iSPF). Multiaccess networks can create two challenges for OSPF regarding the flooding of LSAs. and the router with the second highest router ID is the BDR. OSPF elects a DR (Designated Router) to act as collection and distribution point for LSAs sent and received in the multiaccess network. Cisco IOS uses the cumulative bandwidths of the outgoing interfaces from the router to the destination network as the cost value. Posted in OSPF . including the OSPF process ID. 3.1. RFC 2328 does not specify which values should be used to determine the cost. and extensive flooding of LSAs (Link-State Advertisements). The reason for that is that faster convergence means that the routing protocol is “more sensitive” to oscillating or “noisy” processes. Before we begin. By default. If a router is configured with a new priority value.

but the main idea of iSPF is keeping the SPT structure after the first SPF calculation and using it for further computation optimizations. Look at the sample topology (taken from [JDOYLE]) and the SPT for router R1 below: If R1 would retain the SPT after SPF calculations (at the expense of extra memory) the following three properties could be used for SPF calculation optimization: Property 1 If a node added or removed to or from the topology appears to be a leaf node to the saved SPT. the existing tree is . but it is said to be proportional to N*log(N) in a non-densely connected topology. there needs to be a very simple computation performed to add new routes. As you remember. Modern routers take an order of tens. The computation complexity used to be a limiting factor for old. which has been developed quite some time ago see [ARPOPT] (notice the year 1980 on the paper and the name of the main author – it’s no other than Eric Rosen!). where N is the number of nodes in the area. the goal of SPF is building an SPT (shortest-path tree) on the network topology graph. The implementation might look a bit sophisticated. The runtime could be further reduced using the SPF algorithm optimization know as incremental SPF.Incremental SPF The classic Dijkstra SPF algorithm complexity (or roughly saying. rooted at the node that runs the computations. where a single SPF run could hog the CPU dramatically. see [RFC1245]. slow routers of the 90’s. Essentially. max hundreds of milliseconds for single full SPF runs even for the largest topologies. the process run-time) depends on the particular network topology.

and the link is NOT part of the saved SPT. This link is not part of the saved SPT. there is no need to perform any SPF calculation at all! . and therefore. consider the link between R4 and R5 fails. Property 2 There is a link failure.simply “extended” by one node and distance-vector like computations can be performed: The same optimization property might be utilized when a stub link is added or removed to or from any node in the network. For example.

this property would not work and the new tree should be built. not ever bothering with other nodes. might affect the others. However. Besides. it’s hard to predict how many link failures would cause such effect. if there is a link failure between R1 and R5. then the router would have to recalculate the paths to R5.Even though there is great benefit in not making any SPF calculations.e. i. different routers would have different SPTs and a link failure that does not affect one SPT. . R6 and R7 – the nodes on the downstream tree under the failed link. based on our existing SPT. Assume there is a transit link failure in the topology and it affects a part of the saved SPT. Notice that in the case of transit link addition or link cost change. imagine there is a link fault between R2 and R4. Still. Property 3: The last property is more generic. in the case when graph “connectivity” increases. which means properties (1) and (2) do not apply. we only need to re-calculate the paths for the nodes downstream of the failure. For example. So the router would initiate SPT calculations from R1 to R4 only.

Different TLVs are used for IS-node reachability information and network prefixes associated with the node. Only a change in the transit link status would trigger . by adding the new prefix in the routing table with the cost of reaching the originating router. Even though remote link failures take more time to propagate to the local node via LSA flooding. This property puts OSPF on par with the Partial Route Computation (PRC) feature found in IS-IS. it performs partial SPF recalculation. they result in shorter iSPF run-time. the same failure may have different effects on iSPF efficiency for different routers. resulting in the same performance as classic SPF. thanks to LSP’s TLV-based structure. as ISIS propagates network reachability information separately from topological information. Once again. Another important fact is that this feature performs better in sparsely connected networks. property (1) is probably the most important and effective in practice. as the amount of downstream affected nodes is smaller. iSPF and PRC Among all the iSPF properties. The PRC feature made ISIS very effective in situations when new stub links were added. based on distance-vector logic. a single transit-link failure would cause re-running the SPF for all nodes. similar to property (1). In the asymptotic case of a fully-meshed topology. When an ISIS router receives an LSP that only lists network prefix change. the less computations potentially have to be done. since different routers have different SPTs for the topology.One effect is that the father away from the root node the failure is.

plus type-5 LSAs have the largest size among other LSA types. A short period scheduler would scan the database and decrement every LSA’s age individually. This is a good example of a “synchronization” problem. which resulted in type-5 LSAs being flooded. By default. This might be viewed as a “fragmentation” problem. the maximum LSA age is one hour. the tradeoff was that type-5 LSA’s flooding scope was the whole routing domain. . Only type-3 and type-5 LSAs would have triggered PRC in OSPFv2. In the past. The age field is needed to guarantee wiping of the outdated information and the checksum is needed to maintain the information integrity. This due to the fact that a spanning tree for N nodes has exactly N-1 edges. and the originating router is supposed to re-flood the LSAs every 30 minutes. so now both protocols are equally effective for SPF computations. this process would result in many quick floods during the 30-minutes interval. the router needs to run periodic check-summing on all LSAs. every 10 minutes a router would run periodic check-summing and an aging procedure. no matter how old it was. By enabling iSPF you will make OSPF use slightly more memory than by default. Only LSAs that were close to their “half-life” of 30 minutes would be re-flooded. LSA Group Pacing As you remember. and flush any aged non-self-originated or corrupted LSAs. In order to alleviate the 30-minute refreshing problem.full SPF computation in ISIS. The pacing interval is normally shorter than the 30 minute “grand interval” and defaults to 240 seconds. propotional to the 2*N where N is the number of nodes in the area. This is the opposite of doing a “complete” refresh every 30 minutes. we should mention that iSPF was also added to ISIS. In addition to this refreshing. OSPF LSAs have two important attributes – age and checksum. The “balanced” solution is known as “group pacing”. not to mention slightly added configuration complexity. as a result of independent aging. Instead of refreshing an LSA instantly as soon as it reaches its half-life age. OSPFv2 had to perform complete SPF calculation as this was reflected using the same event that would report a network prefix or metric. iSPF is disabled and could be enabled using the command ispf under the routing process configuration mode. Cisco IOS implemented an independent aging procedure for every LSA in the LSDB. a router would attempt to group LSAs with similar lifetime and refresh them simultaneously. the PRC feature made ISIS more scalable for a single area design when compared to OSPF. The introduction of iSPF made OSPF as effective as ISIS as far as SPF computation goes. the router would wait a “pacing interval” amount of time to group various LSAs with similar age. Every router in the routing domain in turn would have to receive and process a large amount of LSA information. However. Thus. To be fair though. Whether there was a transit link failure or simply a stub link going up or down. By default. The way Cisco routers originally did that was by running a refresh procedure every 30 minutes and refreshing every self-originated LSA in the database. However. This would result in sudden CPU spikes every 30 minutes in case of large databases in addition to bursty LSA flooding. The problem with OSPF was that topological information and network reachability information for router links were conveyed in a single type-1 LSA. There was a trick to make better use of PRC with OSPFv2 – advertise all connected interfaces via redistribution. In addition to that.

we would get the same fragmentary “CPU-spiking” patterns. and aim at check-summing and aging every 10 minutes.Look at the diagram above for the illustration of the concept. The same pacing concept could be applied to check-summing and aging. if we run individual timers for ever LSA. The IOS commands to control the various group pacing intervals are: timers pacing ? . The individual aging would result in fragmentary re-flooding. Specifically. so a small batch of LSAs that are close to being aged out or check-summed are processed together. the smaller are the “bursts”. grouping based on the same group pacing interval could be used for the purpose of check-summing and aging. The group pacing feature would introduce controlled bursting – the shorter the interval. Instead of running the process individually for every LSA. Original refreshing procedure would produce large bursts of LSA flooding every 30 minutes.

you may want to suppress the links state information flooding until it becomes stable (either stable down or up). by generating an LSA or running SPF. The “retransmission” keyword is a bit more interesting. it might wait some time to group it with other un-acknowledged LSAs.flood lsa-group retransmission OSPF flood pacing timer OSPF LSA group pacing timer OSPF retransmission pacing timer The LSA group interval is used for the refreshing/aging/checksumming grouping discussion above. which could be found as follows: Rack1R5#show ip ospf | inc transmission|pacing LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs For very large LSDBs. This ensures less “surges” when flooding large LSA batches. or more LSAs arriving. The general idea is to reduce resource wastage in unstable situations and wait till the situations calm down. e. which contains the LSAs that have been generated or received and are destined to be flooded out of this interface. Of course. waiting for the link to go back up. the “retransmission” grouping interval is much shorten than LSA grouping and measured in milliseconds. but does not affect convergence speed. the resolution for this timer is set in milliseconds. you generally want to set the LSA group pacing timer to be inversely proportional to the size of database. though they differ a little bit – dampening would suppress events while throttling simply increases the response times. For every interface the OSPF process keeps the “flood list”. hoping to accumulate more similar events. e. This could potentially save a lot of resources. When an event occurs. Instead of flooding every LSA as soon as it hits the list. but wait some time.g. Keep in mind that tuning LSA group pacing improves OSPF performance and thus protocol scalability. This process optimizes bandwidth and CPU usage on both sides of the adjacency. So what are the optimal group pacing timer values? Probably the defaults. the OSPF process would wait the “pacing interval” for more potential LSAs and pack them in a single update packet. The “flood” keyword serves a similar purpose. If you have a link that flaps up and down frequently. Every time the router needs to retransmit an unacknowledged LSA over an adjacency. This is the same grouping principle.g. SPF and LSA Generation Throttling Throttling is the general process of slowing down responses to the frequently oscillating events such as link flaps. but controls the interface LSA flood list. do not respond to it immediately. e. which allows for better packing of LSA information in IP packets. hoping that oscillations would stop or at least the responses do not follow the same oscillating pattern but filter the high-frequency noisy events. due to the real-time nature of the process. The general idea is as follows. Of course.g. The . a link goes down or new LSA arrives. This procedure is also very similar to event dampening. by reducing the number of SPF runs or amount of LSAs flooded. Throttling is critical for ensuring network stability and thus protocol scalability.

e. but the next hold-time would be doubled. The router delays SPF computations for the start amount if milliseconds and sets the next hold-time to increment milliseconds. The exponential back-off is defined using three parameters – start interval.question is – how long should we hold or throttle the responses? Ideally. . Cisco implements an exponential back-off timer to implement this idea. Since there is an event during the second hold interval. and this sets the forth window to 4xincrement. Next.e. Effectly. the hold-time window is reset back to thestart value. if an event occursafter the start wait window expired. increment. it would be nice to adapt this interval according to the network conditions – i. keep in mind that improving response time automatically results in less stable routing protocol behavior. the processing is delayed until the current hold-time expires and the next hold-time interval is doubled. in our case this exceeds the max_wait value. the fifth interval is set tomax_wait milliseconds. every event received during current hold-time window would result in the next interval being equal to the constantmax_wait. assuming the network returned to stable condition. the next interval is set to increment milliseconds. the hold-time is reset to start milliseconds again. Since there are no events during the firth and sixth intervals. and thus the forth hold-time interval equals max_wait milliseconds. every time an event occurs during the current hold-time window. If there are no events for the duration of 2*max_wait milliseconds.Suppose the network was stable for a relatively long time. After this. Although SPF response to LSA arrivals has been used in the above examples. make it longer when the network is unstable and shorter under stable conditions. This ensures that exponential growth is limited by a ceiling value. the same idea applies to new LSA generation as response to local link events. There is another event during the third window. There are more events during the forth interval. Look at the figure below. and then an event such as LSA arrival has occurred. At the same time. set to 2*increment. but since the maximum holdtime value has been reached. The hold-time grows exponentially until it reaches the max_wait value. i. the third hold interval is set to 2xincrement. This could be controlled using the LSA generation throttling command timers throttle lsa start increment max_wait. The first event schedules SPF run in start milliseconds. However. Both SPF and LSA generation throttling are on by default and you may probably want to reduce their values only if you really need to speed up your network convergence. the event would be held for processing until the incrementmilliseconds window expire. However. andmax_wait time specified using the command timers throttle spf start increment max_wait. Here is how it works.

if you haven’t done so yet. Here is an example: In this scenario. LSA group pacing and event throttling. the more general design features such as area partitioning. R1 does not perform redistribution.123. J. containing the IP address of R3: 155. This is a special field used on OSPF type 5 and 7 LSAs to convey the information of the “external route source”. This requires the external link to be advertised into OSPF by some means. R2 and R3. J. while the last one allows for better scalability and dynamic adaptation to unstable network topologies. Per normal OSPF rules. Now an important thing here – the FA address must be accessible via the normal routing tables of R1 and R4. Tutorials . At the same time. Even though these and other OSPFv2 enhancements significantly increase its scalability. 0 Comments This post is dedicated to one “esoteric” OSPF external route filtering method based on hiding OSPF Forwarding Address. The first two features improve OSPF performance. Recall the meaning of OSPF FA. Posted in OSPF . OSPF may insert a non-zero FA field into type-5 LSAs. I would strongly suggest you to read the following publications: [RFC1245] “OSPF Protocol Analysis”. as there are some restrictions.g. Here is a complete list of the requirements for enabling the OSPF FA in type 5 LSAs: .1. instead of going across R2. In order to avoid this suboptimal routing. Rose et al OSPF Prefix Filtering using Forwarding Address . e. This will instruct R1 and R4 to route to R3 directly. R2 is the ASBR redistributing RIP into OSPF. network summarization and event dampening should not be neglected. Redistribution cannot be used for this purpose. the external prefixes appear “attached” to R2 and thus both R1 and R4 should route across R2 to get to the networks behind R3.3. Lastly. The purpose of FA is to optimize forwarding in situations where the external route source is connected to a shared segment.Summary and Further Reading We briefly discussed three extensions to OSPFv2 protocol: iSPF. Doyle [LSAP] ”OSPF LSA Group Pacing” [THROT] “OSPF Shortest Path First Throttling” [ARPOPT] “ARPANET Routing Algorithm Improvements” E. by enabling OSPF on the external link between R1. Moy [JDOYLE] “OSPF and IS-IS: Choosing an IGP for Large-Scale Networks”.

we may devise a filtering scheme for external routing information. The FA prefix is filtered at the ASBR. You may use any of the methods described in the post OSPF Route Filtering Demystified to prevent type-3 LSA generation. this will stop all routers that lost this information from using the external prefixes. Application to Filtering Based on the requirement that FA needs to be reachable for the respective external routes to be considered. if there is a way to filter out the prefix corresponding to the FA.  OSPF is enabled on the ASBR’s next hop interface AND ASBR’s next hop interface is non-passive under OSPF AND  ASBR’s next hop interface is not point-to-point AND  ASBR’s next hop interface is not point-to-multipoint AND  ASBR’s next hop interface address falls under the network range specified in the router ospf command. e. Below is a diagram of a single-area OSPF implementation. Notice the requirement for having the network type of “broadcast” or “non-broadcast” – this makes sense if you think that in real life you need to have a shared link with multiple “exit points”. you may forcefully configure a physically point-to-point link for the mentioned OSPF network types to enforce the effect of FA assignment. 1. R1 redistributes RIP routes into OSPF. Since OSPF must be enabled on the external link. (You may find more information by reading the article on Cisco’s website named Common Routing Problems with OSPF Forwarding Address. use the inter-area route filtering. Let’s see how this could be done in a practical scenario. The FA prefix is filtered at the ABR(s) of the area containing the ASBR. More specifically. However. . There are two cases here. the only option left is configuring a different area on the external link and using the inter-area route filter (area x filter-list) to block the prefix from propagating further. 2.g.

1. DC) LS Type: AS External Link Link State ID: 148.0.0.We enable OSPF area 0 on R1’s Frame-Relay interface (which uses the default non-broadcast OSPF network type) and apply inter-area route filtering: R1: router ospf 1 area 168 filter-list prefix TO_AREA168 in redistribute rip subnets network 148.0.0.1 LS Seq Number: 8000005B .1.1 0.8) (Process ID 1) Type-5 AS External Link States LS age: 505 Options: (No TOS-capability.0.0 (External Network Number ) Advertising Router: 150.18.0/24 ip prefix-list TO_AREA168 seq 10 permit 0.0.1.1.0.1.1.8.1.0.1.0 area 0 network 148.1 0.0/0 le 32 Now look at the OSPF database in SW2: Rack1SW2#sh ip ospf database external OSPF Router with ID (150.0 area 168 ! ip prefix-list TO_AREA168 seq 5 deny 148.

1. Rack1R1(config-router)#no area 168 filter-list prefix TO_AREA168 in Rack1SW2#sh ip route 148.1. which combines many features of distance-vector protocols with link-state behavior.3 Routing entry for 148.1.1.0.1. type extern 2.8. metric 20. Brought together.1. You may always use FA-based prefix filtering with the external information conveyed in type-5 LSAs translated from type-7 LSAs.8) (Process ID 1) Now.1. from 150.1.0. .0.0 Routing entry for 148.0 % Subnet not in table Rack1SW2#sh ip route 148.0/24 Known via "ospf 1".18. type inter area Last update from 148.1.1.3 % Subnet not in table Rack1SW2#show ip ospf database summary 148.1.1 on Vlan18. not possible normally with pure link-state behavior. remove the inter-are route filter in R1 and check SW2’s routing table once again.3 External Route Tag: 0 Now check if this route is present in the routing table.1 on Vlan18. Summary OSPF is a complicated protocol. a few words on type-7 LSAs. 00:00:16 ago.1. the use of FA is mandatory with these LSAs.1. Using FA filtering is a good example of this phenomenon. Also make sure the FA address is not in the routing table too: Rack1SW2#sh ip route 148.1. 00:00:16 ago. traffic share count is 1 Finally.1. via Vlan18 Route metric is 20.1.1.18.1. Per the NSSA area RFC. from 150. via Vlan18 Route metric is 65.1. 00:00:16 ago Routing Descriptor Blocks: * 148. some of the features allow for sophisticated filtering techniques.1. distance 110. This makes the use of the special conditions mentioned previously unnecessary.1.1.0/24 Known via "ospf 1".1. distance 110. forward metric 65 Last update from 148. traffic share count is 1 Rack1SW2#sh ip route 148.0 OSPF Router with ID (150.1.18. The reason is that there is only one 7-to-5 translating ABR and this might result in suboptimal routing without the use of FA.0. 00:00:16 ago Routing Descriptor Blocks: * 148.Checksum: 0xC8B4 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 148. metric 65.0.18.

0/24 is to go over the FR cloud to R3 and then to R1. We are going to give an in-depth look at this feature now. Per the OSPF definition. The fastest way for R4 to reach the subnet 163. but it demonstrates core OSPF behavior: combining link-state and distance-vector behaviors. The main idea of OSPF inter-area routing is that all areas should be communicating across the backbone.Understanding OSPF Transit Capability . requiring the star-topology to avoid routing loops. the router is only considered an ABR if it has an interface in Area 0 and ignores summary LSAs delivered across the non-backbone areas. An example is when you have to connect two previously disconnected backbone areas. 2) Using a non-backbone area to reach destinations in other areas. Thus. where you have an area not directly connected to the backbone area. it’s just an alternate definition of a transit area. However. There are two main situations when you may want to do this: 1) Due to design considerations. The command capability transit was introduced in IOS 12. The backbone area is used to exchange the routing information in a distance-vector manner. of course. Tutorials .3T and is on by default. a transit area is the area that has a virtual-link connecting two or more ABRs attached to this area. 0 Comments The feature we are going to talk about today may look a bit convoluted. and R2 and R5. What is Transit Capability? In short. Posted in OSPF . Per the RFC. The purpose. In fact. area 0. So the first thing we want to find out is what kind of mechanism is a virtual-link? What are Virtual-links? The idea of a virtual link is to extend area 0 across non-backbone areas.X.12. . having a virtual-link provisioned across the area is the necessary thing to make the area transit. This ensures the simple loop free star topology. is allowing two OSPF topologies to exchange routing information dynamically. this is a special property of a non-backbone area that allows this area to transport traffic for other areas (either zero or non-zero). the description is rather confusing and does not explain the underlying mechanics. are “slow” and OSPF metrics reflect this. This could be a result of two networks merging together. Here the paths between R4 and R5. Look at the diagram below.

X. virtual-links are only used to flood specific LSAs: the router. When you configure the virtual link you specify the transit area and the endpoint router-ids. belonging to area 0. it needs to traverse across the “slow” Serial link to R5 as this is where Area 0 is located. Here is the reason why. Based on the router-ids and the intraarea shortest-path tree. Even though Area 1 provides a shorter path.3. After this.12. Type 1. R3 will never advertise it as it does not have an interface in area zero. As you know.2. and summary LSAs found in area 0.0/24. or both of these links. in reality. Thus. . and R5′s summary sent into area 1 will be ignored in favor of the summary received via area 0! The way to avoid this is by providing a virtual link between R4 and R5. Type 5 LSAs are not flooded across the virtual links. This adjacency is treated at P2P like we mentioned above and used to exchange OSPF LSAs. How Virtual-links Work Virtual links are seen as point-to-point links in the topology graph. or R4 and R3. However. if you have a virtual link connecting two ABRs.However. OSPF follows the regular adjacency establishment process. the path for the virtual link is calculated and the hello packets (unicast!) are exchanged. Let’s see how this allows for lifting the restriction of ignoring the inter-area routes received via non-backbone area. in order for R4 to reach the subnet 163. and 4 LSAs have the flooding scope of a single area. network.

but then R4 will choose to reach the 163. Retransmit 5 Hello due in 00:00:06 Adjacency State FULL (Hello suppressed) Index 2/5. they could be used to run SPF and populate the routing table. This value should be resolved to something physical.you cannot flood LSAs across the transit area. Wait 40. Here is an example: R3. This is precisely what OSPFv1 did and what Cisco IOS was doing prior to supporting “transit capability” documented in OSPFv2 standard.3 is up Run as demand circuit DoNotAge LSA allowed. via interface Serial0/0/0.12.0/24 into Area 1 as an ABR. What if we want to use the PVC R4-R3 that has more bandwidth compared to the PVC used to reach R5? You will have to provision a virtual-link R4 to R3 then. in the case of OSPFv1 (or OSPFv2 + no capability transit) deployed in the topology documented on the diagram above. R4. Here is where it becomes a little trickier. Transit area 1. it makes sense to avoid SPF calculations and simply put the prefixes in the routing table using the metric X+Y. since this area is different from Area 0. number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0. R4 will prefer the path across R5. Wait 40. Timer intervals configured. Dead 40. State POINT_TO_POINT. Could you use a daisy-chained virtual-link as follows: R4-R5-R3? You could.4 is up Run as demand circuit DoNotAge LSA allowed. However. Therefore. There is a daisy chain of virtual links R4->R5->R3 configured on these routers.4. and thus they are flooded across the area anyways (unless it’s stub). Dead 40.0/24 subnet across R5. Retransmit 5 Hello due in 00:00:01 Adjacency State FULL (Hello suppressed) Index 3/6. via interface Serial0/0/0. R4 will learn this prefix via the virtuallink to R5 and use the path via this ABR.3. retransmission queue length 0. where X is the cost of reaching the other ABR. Timer intervals configured. maximum is 0 Last retransmission scan time is 0 msec. Cost of using 64 Transmit Delay is 1 sec. external LSAs have the flooding scope of OSPF autonomous system. Cost of using 64 Transmit Delay is 1 sec. and R5 are configured for OSPFv2 but all have “capability transit” disabled. a stub area cannot be transit due to this reason. Initially.1. R4 will be able to reach the prefixes across Area 1 following the same path that the virtual link takes.X.1. maximum is 0 msec Virtual Link OSPF_VL0 to router 150. all prefixes learned across a virtual link are assigned the next hop value of “virtual-link”. even though the shortest path would be across R3. if you provision a virtual-link between R4 and R5. State POINT_TO_POINT. so there is no need to duplicate information across the virtual link. Hello 10.12. retransmission queue length 0.X. number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0. Obviously. and R3 advertises the corresponding summary into Area 1! Virtual links are provisioned between R3-R5 and R4-R5: R5#show ip ospf virtual-links Virtual Link OSPF_VL1 to router 150. Transit area 1. maximum is 0 Last retransmission scan time is 0 msec. across the virtual link and Y is the cost the other ABR advertises for this prefix. as it has to follow the virtual-link path! Even though R3 will inject a summary LSA for 163. Hello 10. As the LSAs have been received over a P2P link connecting two ABRs. maximum is 0 msec . After LSAs have been loaded across the virtual link.

and the intra-area routes found in Area 0 itself. we will quickly outline how OSPFv2 detects if an area has the “Transit Capability”. 05:27:57. 00:00:46.12.1. 7 subnets.0.0 (summary Network Number) Advertising Router: 150.1.3. we can see that R3 advertises the same summary with a better cost! R4#sh ip ospf database summary 163. Serial0/0/0 O IA 163.1. However.0 OSPF Router with ID (150. Specifically.1.5. if those inter-area prefixes provide a better cost than the virtual-link path (X+Y as in the previous description) they could be used in place of the same prefixes learned via the virtual-link! However.The preferred path is across R5: R4#show ip route . DC.0..1. Serial0/0/0 . 163.4.1.0/24 is directly connected.5/32 [110/64] via 163. In the above output..1. 05:27:57.3/32 [110/64] via 163.0/24 is directly connected.0.3.0/24 is seen as an inter-area route via R5.12. Thus. 2 masks C 163.1.5. it relies on the fact that the inter-area routes flooded into the transit area are “congruent” to the virtual-link and thus may not result in a routing loop – they are advertised following the loopless “tree” topology.X.3 LS Seq Number: 80000001 Checksum: 0xBBF1 Length: 28 Network Mask: /24 TOS: 0 Metric: 65 But R4 ignores it due to the fact that it’s not received via Area 0! So how does OSPFv2 improve upon this described behavior? It uses the inter-area routes received via the non-backbone area as a source of better information! How Does OSPFv2 Perform Transit Path Calculations OSPFv2 implements some improvements over the simple procedure of next-hop resolution for virtual-link connection.4) (Process ID 1) Summary Net Link States (Area 1) Routing Bit Set on this LSA LS age: 2 (DoNotAge) Options: (No TOS-capability..0.0.1. If an ABR detects that it has a fully adjacent virtual link coming from Area A.12. Upward) LS Type: Summary Links(Network) Link State ID: 163.1.1.0. Serial0/0/0 C 163. All routers in Area A will see that .0/16 is variably subnetted. it floods all of its router LSAs into this area with the special “V” bit set.1.0/24 [110/193] via 163.12.. Prior to that. We are going to review the case of the inter-area routes first. this is optimization hold true only for inter-area prefixes injected from non-backbone areas. Serial0/1/0 O 163.45. Serial0/0/0 O 163. This is done in a pretty straighforward manner. 163.1.0.

.1.0/24 is now reachable via R3.12.. it simply uses that route over the one received across the virtual link! Look at the routing table of R4 when all the routers (R3.0. 05:44:22.1. R4. R4 will receive the summary LSAs for the SAME prefixes over the virtual link from R5.1.3. Next.0/24 [110/129] via 163.12. Upward) LS Type: Summary Links(Network) Link State ID: 163.12.1.1.1. 2 masks O 163.1. Upward) LS Type: Summary Links(Network) Link State ID: 163. even though the virtual link from R4 links us to R5! R4#show ip route ospf 163. 05:44:22. even though R4 has the same prefix received via Area 0. Serial0/0/0 O 163. Effectively.0. These summaries are flooded across Area 1 and R4 learns them.3.0..0 (summary Network Number) Advertising Router: 150.3 LS Seq Number: 80000001 Checksum: 0xBBF1 Length: 28 Network Mask: /24 TOS: 0 Metric: 65 .0/16 is variably subnetted. Serial0/0/0 .1.1. Check the summary LSA advertised by R3: R4#show ip ospf database summary 163.0 . and generates summary LSAs for the prefixes learned from Area 2.1.1.3/32 [110/64] via 163. Based on this.X. it attempts to find a BETTER path for the prefixes found in the summary-LSAs learned over the virtual link by looking at the inter-area routes received from Area 1.0.0. DC.. it takes into account the fact that Area 1 is transit. and learn that the area is effectively supporting the transit feature (“V” stands for virtual-link).bit set.5/32 [110/64] via 163.1. If there is a virtual-link terminating on R3. it now prefers path via R3 due to the transit capability feature. 00:00:02. OSPF Transit Capability for Inter-area Routes Back to our diagram above.12.5.12. Serial0/0/0 O IA 163. LS age: 1115 Options: (No TOS-capability.0 (summary Network Number) Advertising Router: 150. this router is an ABR (per the RFC). DC. If it finds a match with a better metric.3.5.5 LS Seq Number: 80000001 Checksum: 0x8EE5 Length: 28 Network Mask: /24 TOS: 0 Metric: 10063 Summary Net Link States (Area 1) LS age: 1122 Options: (No TOS-capability. and R5) have the capability transit enabled: The prefix 163. 7 subnets.0. When the OSPF process in R4 computes the best routes.

0/16 is variably subnetted.1. . 3 masks O 163.0. and not for any other intra-area routes. but we will see that you cannot summarize prefixes from backbone area into a transit area.3/32 [110/64] via 163. R4 will be receiving the information about 163.0. and OSPF cannot use them for path optimization. Serial0/0/0 O IA 163.LS age: 1127 Options: (No TOS-capability. this procedure will NOT work if you summarize the prefixes from Area 2 into Area 1 on R3.1. Serial0/0/0 O IA 163.X.3. 00:00:05. DC.255.5. Serial0/0/0 However take notice that you CAN summarize the inter-area prefixes in this case.0/24 [110/10127] via 163.12. R3: router ospf 1 area 2 range 163. even though it is undesirable for optimization.0. It is possible to summarize prefixes from non-backbone area into a transit area.1.0.0 R4#show ip route ospf 163. Upward) LS Type: Summary Links(Network) Link State ID: 163.1. 8 subnets. Here is what it looks like in a live scenario.0.12. What If the Area on the Other Side is Area 0? Now.0. which is the same as the previous one. R4 will look for a better path to reach the prefixes learned in router-LSAs via the inter-area LSAs in the transit area! The procedure only works for Area 0 intra-area prefixes. Serial0/0/0 O 163.0.1.0 (summary Network Number) Advertising Router: 150.1.0 255. what if instead of Area 2 we have Area 0? That’s an interesting scenario.1.1. because in this case.0/20 [110/65] via 163.3. 00:00:00.0/24 via type-1 LSAs from R5 and should prefer intra-area routes over inter-area at all times. However.0.12.0. the above described transit-area optimization works in this case as well! That is.1.240.5. 05:48:51.5/32 [110/64] via 163. just having Area 2 changed to Area 0. All ABRs have the capability transit turned on.1. Consider the diagram below.1.5.5 LS Seq Number: 80000002 Checksum: 0x8CE6 Length: 28 Network Mask: /24 TOS: 0 Metric: 10063 However. This is because there are no longer an exact match between prefixes. 05:48:51.1.

0/16 is variably subnetted. 2 masks O 163. Serial0/0/0 O 163.3/32 [110/64] via 163. 00:00:50.0/24 that should appear in R4′s routing table as an inter-area route.5/32 [110/64] via 163.1.1.1.0.1. 05:55:13. 00:00:07.3.13.1.1.1.0. 05:55:13.X.5. Serial0/0/0 If we check the summary LSAs advertised by R3. Serial0/0/0 O 163.0. 7 subnets.4) (Process ID 1) Summary Net Link States (Area 1) LS age: 137 .1.12. we will find the same prefix for 163.Look at R4′s routing table and notice that it has an intra-area route (via area 0) with the next hop pointing to R3: R4#show ip route ospf 163.0/24 [110/129] via 163.12.0.0.1. 00:00:30.3. Serial0/0/0 O 163.0/24 [110/65] via 163.12.1.0.0/24 [110/10063] via 163.25.4.0 OSPF Router with ID (150.1.1.1.3.5.0.0. Serial0/0/0 O 163. but INSTEAD is used as an “corrector” for the inter-area path learned via Area 0! R4#sh ip ospf database summary 163.

However.3. summarization will not work! R3 will IGNORE the range statements if they cover to the prefixes in area 0 and there is an activevirtual-link across any area. What if we disable the transit capability? In that case. and the prefixes learned via it could be used to reach the other inter-area routes. Thus.0 (summary Network Number) Advertising Router: 150.1.12.0.4.12. but the summarization works! . DC.4. while injecting it in a transit area.3 LS Seq Number: 80000001 Checksum: 0xBBF1 Length: 28 Network Mask: /24 TOS: 0 Metric: 65 What’s really interesting.3 LS Seq Number: 80000001 Checksum: 0xBBF1 Length: 28 Network Mask: /24 TOS: 0 Metric: 65 This is the side-effect of the virtual-link configuration with area 0 ranges.1.3.1.1. as the same information will flow unsummarized down the chain of virtual links.1. What’s the problem with that? The reason is that area 0 is the core transit area.0 OSPF Router with ID (150.0 OSPF Router with ID (150. You may validate this by configuring area range statements: R3: router ospf 1 area 0 range 163.12.0 (summary Network Number) Advertising Router: 150.1.1. optimization breaks down. Upward) LS Type: Summary Links(Network) Link State ID: 163.4) (Process ID 1) Summary Net Link States (Area 1) LS age: 766 Options: (No TOS-capability. Upward) LS Type: Summary Links(Network) Link State ID: 163.12. in the case of source Area 0. DC.1.1.240.255.Options: (No TOS-capability.0 255. OSPF will never summarize backbone-area prefixes when injecting them into a TRANSIT area. is that an intra-area route actually takes the INTER-area path! The transit capability essentially allows the use of non-backbone inter-area routes to optimize inter-area paths and area 0 intra-area paths IF the area in question is transit! Virtual Links and Summarization We remember that this optimization could be broken by using summarization (area ranges) at the ABRs (R3 in our case). might result in routing loops in reaching those prefixes.0 ! R4#sh ip ospf database summary 163.4) (Process ID 1) R4#sh ip ospf database summary 163. Summarizing area 0 information.

0. DC.4) (Process ID 1) Summary Net Link States (Area 1) LS age: 29 Options: (No TOS-capability. 7 subnets.1.3. I really loved the oxymoron.1.0. 2 masks O 163.4.0/24 [110/193] via 163. 06:10:26.3 LS Seq Number: 80000001 Checksum: 0x7296 Length: 28 Network Mask: /20 TOS: 0 Metric: 1 R4#sh ip route ospf 163. and a look at the existing routing table on R3: . with thedefaultinformation-originate command used on the Area Border Router (ABR) in order to ensure a default route existed in the area. which was transiting across the virtual-link paths. Serial0/0/0 O 163. Amherst. Serial0/0/0 Summary We outlined the idea of the Transit Capability found in OSPFv2 and not present in OSPFv1.0.1.1.5.0. Posted in OSPF .0/16 is variably subnetted.0.1. Here is the topology.5/32 [110/64] via 163. 2) This procedure blocks Area 0 prefix summarization to prevent routing loops.0 (summary Network Number) Advertising Router: 150.R3. Not-So-Stubby area! When we last left our Area 11 in Part 4 of this blog series.3. OSPF Areas. Serial0/0/0 O 163. it was a Not-So-Stubby Area.0.1. R4.1. 06:10:26. You remember those…”sharply dull” or “cruel kindness”. 00:01:21. The key idea is that the inter-area routes found in a transit area could be used to optimize the routing paths instead of simply following the paths carved by the virtual links (OSPFv1). 0 Comments As a former English Major at the University of Massachusetts.5. Tutorials . the Totally Not-So-Stubby Area . We found that: 1) This procedure optimizes the paths for inter-area routes and backbone intra-area routes. Part 5.0.1.1.1. Well.1. 3) This behavior is different from the one used in OSPFv1. the OSPF protocol has one whopper of an oxymoron in its special areas – The Totally.0 OSPF Router with ID (150.12. Upward) LS Type: Summary Links(Network) Link State ID: 163.3/32 [110/64] via 163.0. R5: router ospf 1 no capability transit R4#sh ip ospf database summary 163.

Loopback44 O*N2 0. with that accomplished.16.2.0.10.168. If we want to eliminate them.0. FastEthernet0/0 R3# Notice I have highlighted some Type 3 LSAs that exist on this router.3.1.0/24 is subnetted. are Inter-Area routes that are permitted into the Not-So-Stubby area.3) (Process ID 1) Router Link States (Area 11) Link ID count 2. 00:00:14.0 [110/20] via 192.0.168.0 is directly connected.2 3.0.3.44. FastEthernet0/0 C 192. 00:00:09.16.0/24 is subnetted.3 ADV Router 2. let us examine the OSPF database and the routing table on R3: R3#show ip ospf database OSPF Router with ID (3. we need to make the area Totally Not-So-Stubby. Loopback33 172.0.0.2 3.0 33.0/24 is subnetted. Now. 1 subnets O IA 172.0.0.0/0 [110/1] via 192.2.3.3.2. 00:00:14.1.3 Age 6 181 Seq# Checksum Link 0x80000003 0x00A194 1 0x80000003 0x0060CD 1 Net Link States (Area 11) Link ID ADV Router Age Seq# Checksum . Let me go to the Area Border Router (R2) and remove the command area 11 nssa default-informationoriginate and replace it with the command area 11 nssa no-summary. 1 subnets O IA 10.168.10.0/24 is subnetted.2.0 [110/21] via 192. FastEthernet0/0 10.0.0.44.1.3.33.2. FastEthernet0/0 44.1.168. 1 subnets C 33.R3#show ip route Gateway of last resort is 192.3. 1 subnets C 44.2.0/24 is directly connected.0.0 is directly connected.168.2 to network 0.2. of course.10. These.1.33.

start by recalling that OSPF deals with the following data structures: .0. Loopback33 C 192. Loopback44 O*IA 0. 0 Comments Intro There was a lot of blogging related to OSPF topics recently. FastEthernet0/0 R3# Notice that the Type 3 LSAs do indeed disappear from the area.0.3.44.2 6 0x80000002 0x001199 Summary Net Link States (Area 11) Link ID 0.168.2 2.1.33. FastEthernet0/0 44.2 to network 0. I have seen so many folks wrongfully understanding the underlying behavior so it’s about time to make the things clear.168. avoid using the term “LSA filtering” with OSPF.0.0 33.0/0 [110/11] via 192.2.2 Age 12 Seq# Checksum 0x80000001 0x00FC31 Type-7 AS External Link States (Area 11) Link ID 33. Of course the Type 7 LSAs still exist in the area as a method to transport the redistributed routes in to the Area Border Router for the Type 5 LSA conversion process.3 3.0/24 is directly connected. Keep following the blog of course…I want to do a post soon for one of our awesome CCIE 2.3 Age 180 180 Seq# Checksum Tag 0x80000001 0x00F06E 0 0x80000001 0x0063DA 0 R3#show ip route Gateway of last resort is 192. As always.3.168.0.168. 1 subnets C 33.1.0. To understand this in depth.0 is directly connected.2. I would like to clarify some common misunderstandings that many people have about OSPF route filtering.0.3. OSPF Route Filtering Demystified . Terry wants me to take on the powerful VLAN Access Control Lists (VACLs) feature of Catalayst switches. 00:00:17.0/24 is subnetted.0.3. In this post. Terry Vinson.2.0/24 is subnetted. You cannot really filter LSAs – with the exception of one special case – you filter the network reachability information.33.2.0 customers.0 ADV Router 2.44.0.0. It happens “automagically” once again like in a Totally Stubby area.0 44. I sincerely hope you enjoyed this blog series on OSPF areas.192.1.0. OSPF Data Structures To begin with. 1 subnets C 44.33. Tutorials .2.0 is directly connected.33.44.1.0 ADV Router 3. thanks for choosing INE to assist you in your Cisco certification needs. notice that we do not need to instruct the Area Border Router to send the default route any more. Also.44. Posted in OSPF .

inter-area routes are computed based on type-3/4 LSAs contents for other area information summarization. by adding the router path cost to the respective prefix advertised by this router. This structure is unique to OSPF.e. This structure is used when OSPF generates new summary or external LSAs as we see later. This is what OSPF LSAs are about – they contain information about attached links. but as an “attribute”. OSPF route calculation overview 1) Routers establish adjacencies to flood topological information. This is the special case I’ve been talking about previously. As mentioned. The only thing that limits LSA propagation is the flooding domain associated with the particular LSA type. unlike BGP.1) Topological information. without the need for SPF computations. The purpose of this feature is to compensate for the absence of “mesh-groups” and limit the . So keep this in mind – first LSA flooding. Outlines the connections in the graph describing the routers and the links in the network. all routers within an area build the consistent graph of the network connections. Routing information does NOT describe any connectivity. This process uses a quick and simple distance-vector computation algorithm. Good point. back to the case of LSA filtering. Think of LSAs as the objects that correspond to the “edges” of the graph. You may display the contents of this data structure by using the command show ip ospf border-routers. Some may recall the commands ip ospf database-filter all out or neighbor <IP> database-filter all out. This is where the “secondary”. the RIB. The router’s routing table is used extensively during this process. which it is essential to the OSPF algorithm. This could be done only if you’re sure that the LSAs will be flooded to all routers in the area by some other means. 4) Routers routing table. 3) After the intra-area paths have been calculated. 2) After all routers have a consistent topology view. since this is the database for topological objects. The leaves are attached to the paths and the routing table entries are calculated. just the prefix associated with the link. However. Contains the actual IP subnets. then SPF computations. No real “routes” are stored in the LSDB. This is the router’s RIB. This information is contained in the LSAs. but what it does is prevent the OSPF process from sending any LSAs out of the particular adjacencies. 3) Main routing table. and is used to populate the routing table – i. as OSPF does not have a RIB of its own. 2) Network Reachability information. they may calculate intra-area paths using the SPF algorithm and finally associate the network reachability information with the paths. This information is “associated” with the network graph “edges” and you may think of it as “leaves” connected to the edges. Using the topological information learned. When you can REALLY filter LSAs Now. then LSDB population. leaf-level information comes in play. routing or network reachability information is attached to the LSAs. and ensures the LSAs are delivered to all routers in a single area. LSAs are stored in the LSBD – link state database. and finally the RIB population. It is used when calculating the respective inter-area routes. and contains the IP addresses to reach the “border” routers – ASBRs and ABRs. The flooding process in OSPF is pretty complicated. topological information is carried in the form of LSAs and cannot be filtered.

amount of flooding on NBMA subnets shared by many routers. not the LSDB. Describes an attached circuit. This LSA does not carry any real “network reachability” information with the exception of the netmask and the list of routers on the segment. each specific to a particular LSA type. because areas never know anything about another area’s topology – this information is lost when crossing the area boundaries. this will result in 11 LSAs total. we need to recall all the basic LSA types and their flooding scopes. In our example. The flooding domain is one area as flooding stops at ABRs. How OSPF generates different LSA types LSA type 1. just remove the link LSA type 2. This is the fundamental building block of the topology graph. Pay attention to the following important things: . You may apply route filtering to OSPF using the following two general methods: 1) Preventing optimal paths generated by OSPF from entering the RIB. Overview of OSPF route-filtering All right. The sources of information for LSA type-1 are the directly connected links. Every route in the table has additional OSPF information associated with it. How are Type 3 LSAs generated? First of all. every router would need to generate an LSA describing its connection to all other 9 routers.3 and in full accordance with distance-vector protocol behavior. and so on. Imagine that you have 10 routers on a shared Ethernet segment. different link types. This would result in 90 LSAs. and the DR will generate a Type 2 LSA describing all routers on the segment (the “bunch”). so if you cannot really filter LSAs. From a topological perspective. It is used along with information from type 1 LSAs to describe the shared network. This LSA is flooded within the single area and never gets past the ABRs. keep in mind that OSPF generates those by walking the main routing table. external) next hop. This is what you can do by applying the command distribute-list in under the OSPF process. to fully describe the topology. the router “pretends” like all the “foreign” networks are attached to it. Generated only on the “shared” networks (BROADCAST/NON-BROADCAST network types) to minimize the amount of topological information generated. I like to think of it as a “glue” LSA. how do you perform “route filtering” with OSPF? Using the term “route filtering” is the correct way of saying “LSA filtering”. this is true.4. such as area number. 2) Affecting the LSA generation process. To understand this completely. This affects routes installed in the RIB. Using LSA type-2 and the Designated Router concept. by changing the “source” information used to generate the LSAs. Essentially. Normally. every router needs to declare a connection to the DR. This results in Type-3 LSAs being generated and advertised into all other areas. This is per RFC 2328 clause 12. It is generated by an ABR to tell the routers in one area about the network in another area. Now this type is a bit tricky and brings in a lot of confusion. route-type (intra-area. There is one special extension of this method to filtering the FA (forwarding address) to block external OSPF routes. 1) The ABR goes over the network reachability information in the RIB associated with intra-are routes for the particular area X and summarizes them honoring the area X range command settings. LSA type 3. If you want to remove the network reachability information. There is a bunch of ways to do this. inter-area.

The ultimate goal is making summarization the highest priority task. To ensure better routing stability. almost forgot – LSA type-3 flooding scope is one area. This is the well-know loop prevention mechanism built into OSPF.1. This will stop routing information propagation into the attached non-backbone areas.1. Thus. Thus. if you filter some of the inter-area routes from entering the RIB. This is a short description of how an ABR processes type-3 LSAs: 2.1. keep in mind that an ABR ONLY accepts and processes type-3 LSAs received from the backbone area. and summaries generated as a result of the area X range command. Those will generate new type-3 LSAs in the ABR and will propagated them into non-backbone areas unmodified. but rather on the routes contained in the RIB. for dealing with the inter-area routes learned by the ARB.255. first of all. You cannot summarize inter-ara routes installed by processing type-3 LSAs learned from Area 0. since OSPF behaves as a distance-vector protocol when dealing with inter-area routing information. This quickly summarizes the type-3 LSA generation process.1) Ignore the type-3 LSA if it is NOT from the backbone area (prevents routing loops).2) The intra-area routes are summarized PRIOR to applying the distribute-list filter and blocking the routes from entering the RIB. 2) Now. All information is being learned from the router’s RIB. in order to increase network stability.1) Only intra-area routes are summarized. 2. here is a summary of inter-area router filtering commands (applicable only at an ABR): Method 1: Filter the inter-area routes generated at ABR router ospf 1 area 10 filter-list prefix in NAME Method 2: Filter out intra-area routes router ospf 1 area 10 range 1. it does so BEFORE applying the filter.3) The OSPF metric for the summarized route is taken as the minimal among all intra-area routes. consider an important aspect of this process. Notice that filtering the routing information is not based on some “LSA” filtering procedure. Good news here – this command applies after all summarization has been done and filters the routing information from being used for type-3 LSA generation. the respective new summary LSAs will NOT get generated. 1. This is needed to allow for generation of a summary route. Thus.255.2) Walk over the inter-area routes learned via Area 0 in the RIB and generate respective type-3 LSAs which are flooded into the attached non-backbone areas. even if you don’t want the specific prefixes in the local RIB and calculate the correct metric if needed. some people may recall the command area X filter-list prefix {in|out}. Next. LSAs are effectively being re-generated based on the RIB contents. it is usually recommended setting the metric manually. to prevent LSA re-flooding in case some component route flaps and affects the summary metric. inter-area routes.0 no-advertise Method 3: Filter inter-area routes learned by ABR from Area 0 router ospf 1 distribute-list 1 in . Oh. 1. it never crosses ABR boundaries – it just gets regenerated when needed! Now.0 255. At this moment. The re-generated summary LSAs are generated AFTER applying the OSPF filter associated with the routing-process via thedistribute-list in command. even though OSPF walks over the RIB to gather the intra-area prefixes for summarization. It applies to all three type of prefixes: intra-area routes.

255. However.0. You cannot really filter the contents of this LSA. but it seems IOS satisfies with any route) before installing the actual prefix into the RIB. the ABR populates this table with “host” routing entries for every ABR and ASBR detected with the respective metrics. Here is the list of the conditions: . as they are taken from the router routing table. We will discuss this type of filtering a bit later. You may filter the redistributed routes by using the command distribute-list out configured under the protocol. If the LSA contains non-zero “FA” (forwarding address) field. You cannot limit the way this LSA is generated except to controlling the routes redistributed into OSPF. This command is the essense of the distance-vector OSPF behavior. During the inter-area path calculations. If the FA is not accessible. OSPF process will check for this address to be accessible via RIB (RFC specifies that only OSPF routes should be considered. which is the source of redistribution or simply applying filtering with your redistribution. This LSA describes the metric that the ABR uses to reach the respective ASBR. the corresponding external prefix is not installed into the global routing table. outlined in the following document Common Routing Problem with OSPF Forwarding Address.1. keep in mind that FA is non mandatory for type-5 LSA and is only assigned to a type-5 LSA under special conditions. The information from this LSA is used to populate the non-ABR routers “special” router routing table.0 access-list 1 permit any Method 2: router ospf redistribute rip route-map RIP_TO_OSPF ! route-map RIP_TO_OSPF match ip address 1 Method 3: router ospf summary-address 10. when we’ll be looking into type-7 LSAs. it uses the RIB contents and honors the summary-address commands in the ABR. This LSA contains the router-ID of the ASBR and the metric to reach it. ABRs generate type-4 LSAs based on the special “router routing” table which is visible when you issue the command show ip ospf border-routers. Method 1: router ospf 1 distribute-list 10 out rip ! access-list 1 deny 1. The flooding domain is one area as it stops at the ABR. This table is never transferred to the main router routing table. the metrics in this table are used as metric offsets for the paths learned from ABRs and ASBRs.0. but rather used for inter-area path computations and type-4 LSA generation. LSA type 5 This LSA is originated by an ASBR (router redistributing external routes) and flooded through the whole OSPF autonomous system.25.LSA type 4 This type has always been confusing to many people. When a type-5 LSA is being generated.0 no advertise There is yet one more way to filter the routing information found in type-5 LSAs.0 255. Effectively. The ABR generates type-4 summary LSAs into every normal attached area.1. to make sure the routers in there can reach the prefixes from the ASBR.

1.10. less obvious way to do things: When an ABR generates type-5 LSAs. as opposed to the whole domain for type-5 LSAs.1.7 LS Seq Number: 80000001 Checksum: 0xDEB5 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 150.0 (External Network Number ) Advertising Router: 162.7. Type 7 LSA These only exist at NSSA areas and have the flooding scope of a single area.7 External Route Tag: 0 Routing Bit Set on this LSA LS age: 11 Options: (No TOS-capability.1. There is only one more type of OSPF LSAs to discuss. This is important – since the ABR becomes an ASBR and re-originates the routes.7 . and it may lie on the sub-optimal path to the ASBR. DC) LS Type: AS External Link Link State ID: 162.7.0 (External Network Number ) Advertising Router: 162. you may use the commandsummary-address ADDR MASK no-advertise to block the type-5 LSA generation.  OSPF is enabled on the ASBR’s next hop interface AND ASBR’s next hop interface is non-passive under OSPF AND  ASBR’s next hop interface is not point-to-point AND  ASBR’s next hop interface is not point-to-multipoint AND  ASBR’s next hop interface address falls under the network range specified in the router ospf command. since there is just one translator. where R2 is an ABR for NSSA area 27: Rack1R2#show ip ospf database nssa-external OSPF Router with ID (150.1. The use of forwarding-address with the type-7 LSAs is mandatory per the RFC. Thus all routers in the OSPF autonomous system are supposed to rely on the FA for optimal routing to the translated prefixes. Type 7/5 translation. This information is originally inserted by the ASBR to help in optimal exit point selection.7. There is another. originated now by the ABR. using the command distribute-list in the type-5 LSA will not be generated!. it adds the forwarding-address (FA) based on the information learned in the type-7 LSA.2) (Process ID 1) Type-7 AS External Link States (Area 27) Routing Bit Set on this LSA LS age: 11 Options: (No TOS-capability.1. Type 7/5 translation.7. DC) LS Type: AS External Link Link State ID: 162.1. Please refer to the URL provided for more epxplanations. Look at the following output. The type-7 LSAs reaching ABRs are used to populate the local routing table and re-generate the new type-5 LSAs. And here is the trick: if you filter the forward-address IP from the routing table in the ABR.2.

1.7.7 External Route Tag: 0 LS age: 26 Options: (No TOS-capability.1.7 access-list 1 permit any ! router ospf 1 distribute-list 1 in And apply our verification once again: .7.7”.1. DC) LS Type: AS External Link Link State ID: 162.7 External Route Tag: 0 As you can see. R2 generates type-5 LSA with the same forwarding address found in type-7 LSA – “150.2) (Process ID 1) Type-5 AS External Link States ..1.2.1.1. DC) LS Type: AS External Link Link State ID: 162.7.7.1.10.2..1.7.2 LS Seq Number: 80000001 Checksum: 0xFFB1 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 150.1.7 External Route Tag: 0 Rack1R2#show ip ospf database external OSPF Router with ID (150.0 (External Network Number ) Advertising Router: 150.2 LS Seq Number: 80000001 Checksum: 0x2193 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 150.1. LS age: 26 Options: (No TOS-capability.0 (External Network Number ) Advertising Router: 150.2. Now we filter this IP address from entering R2′s routing table: R2: access-list 1 deny 150.7.LS Seq Number: 80000001 Checksum: 0xBDD3 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 150.

1.1.1. as the forwarding address is no longer reachable in the RIB.7.7 LS Seq Number: 80000001 Checksum: 0xDEB5 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 150.0 (External Network Number ) Advertising Router: 162.7. not the routers routing table of OSPF.7 External Route Tag: 0 LS age: 222 Options: (No TOS-capability.2.0 (External Network Number ) Advertising Router: 162.7 External Route Tag: 0 Rack1R2#show ip ospf database external OSPF Router with ID (150.7.7. Type 7/5 translation.1.Rack1R2#show ip ospf database nssa-external OSPF Router with ID (150. Now what if you have to following topology: .1.2) (Process ID 1) Type-7 AS External Link States (Area 27) LS age: 222 Options: (No TOS-capability. DC) LS Type: AS External Link Link State ID: 162. Notice that forwarding address should be accessible via the main RIB. This special behavior is unique to the routes learned by processing the type-7 LSAs.2.1.7 LS Seq Number: 80000001 Checksum: 0xBDD3 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 150.1.7. DC) LS Type: AS External Link Link State ID: 162. Type 7/5 translation.1.10.2) (Process ID 1) Type-5 AS External Link States And we can see that Type-7 to Type-5 translation is not working anymore.

3) External AS routes can only be filtered at the ASBR. RIB filters are applied prior to type-3 LSA generation (inter-area routes are not summarizable). 4) NSSA routes can be filtered at an ASBR and the ABR performing the translation. R3 will have the route to the redistributed prefixes installed (it sees the FA!). 2. 2) The above routing information is taken from local router’s RIB directly. 2. the points where OSPF behaves as a distance-vector protocol with respect to inter-area routing information. In this situation. Futher Reading 1) RFC 2328. The key thing you should remember is that non-local route filtering for OSPF is only available at ABRs and ASBRs. 5) If the FA for an external prefix is NOT reachable. Dont skip this if you are serious about understanding OSPF 2) OSPF Design Guide by Sam Halabi.2) In the case of inter-area routes. Here is the list of points you need to remember: 1) You cannot filter LSAs directly. One way to overcome this issue is by using the command area X nssa suppress-fa to instruct R3 on setting the FA to itself. . RIB filters are applied after the type-3 LSAs are generated (intra-area routes are summarizable). Excellent introductory reading on OSPF. so that R1 has no FA IP in its RIB.1) In the case of intra-area routes. but all other routers in the domain with the exception of the NSSA area internal routers will not. you can only manipulate the routing information used to generate LSAs. Summary of the post We went over almost all of the important route-filtering scenarios for OSPF. the router will NOT install it into the route table nor will it translate type-7 LSAs to type-5.And R3 is filtering the forwarding address for the type-5 LSAs originated at R4 using say area X range noadvertise or area X filer-list prefix {in|out} commands. they will not be able to process them and use the information for routing – the forwarding address will be unreachable. Even though they will receive the type-5 LSA.

so we should also see an LSA Type 3. These addresses do not exist on the devices. confirming our Level 1 knowledge at the command line as we progress.1.1. We have also configured OSPF per the diagram.1 2.1) (Process ID 1) Router Link States (Area 0) Link ID count 1.1.1. Note the OSPF router IDs were set using the OSPF routermode router-id command.2. we have configured all of the underlying layer 2 and 3 connectivity. Area 11.1 2. and obviously. and we have another area. Nish is still struggling a bit with the different OSPF area types and how exactly they impact Link State Advertisements (LSAs).3) Cisco IP Routing by Alex Zinin. or with three pretty basic Cisco routers capable of OSPF version 2.2. So let us examine the first device. Tutorials .1. Part 1. Posted in OSPF .2.2 ADV Router 1. Here is the actual OSPF database on the device: R1#show ip ospf database OSPF Router with ID (1. This is an internal. they are not reachable. What do we expect to see in the OSPF database? Well. Notice this simple network can be constructed easily in Dynamips. Here is the network we will use in this first post. In this series. backbone router. since there is broadcast media at work in that area. I expect to see an LSA Type 2. for his request of this series of INE blog posts. To prepare for this blog post. 0 Comments Thanks to one of our brilliant CCIE R/S Written students. we will tackle each of the different OSPF areas in great detail.2 Age 99 95 Seq# Checksum Link 0x80000002 0x001FEB 2 0x80000002 0x007761 1 Net Link States (Area 0) . Nish. OSPF Areas. R1. and therefore they are not advertised in the protocol. A must read to anyone who wants in-depth understanding of IP Routing internals.2.1. The Backbone Area .

Link ID 10.3.2) (Process ID 1) Router Link States (Area 0) Link ID count 1. OK.1.2.2 Age 902 Seq# Checksum 0x80000001 0x00F4CB Router Link States (Area 11) Link ID count 2.1. Predicting show command output based on our Core Knowledge (Level 1).3 ADV Router 2. Now.1. very interesting.1 Age 905 Seq# Checksum 0x80000001 0x009476 Summary Net Link States (Area 0) Link ID 192. close your eyes and think about the show command output for the OSPF database we will see in R2. This is an Area Border Router (ABR).3.2.10.1.3.2 3.1 ADV Router 1.2.2. I guess this is how we can use these Router IDs when we create a virtual link.2.2 3.1.1. RID: 1. and that is indeed true. These Router IDs are tracked and shared by the OSPF speakers.1 2.168.1). we have our LSA Type 3 (Summary Net Link State) that we expected from Area 11.2. The advertising router is the local router (R1.1.1. we have LSA 1 types (Router Link States) for the Router IDs of R1 and R2 in that area.1 Age 99 Seq# Checksum 0x80000001 0x009476 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.2.2 ADV Router 1.2. Wow.1.168.2.2. backbone router.2.10.1 2. This poor router has to maintain two databases: R2#show ip ospf database OSPF Router with ID (2.10.2 Age 859 Seq# Checksum 0x80000001 0x006D44 .3 Age 856 858 Seq# Checksum Link 0x80000002 0x00F747 1 0x80000002 0x00B680 1 Net Link States (Area 11) Link ID 192.2.1. This is a fun and rewarding exercise. Awesome.2 Age 905 899 Seq# Checksum Link 0x80000002 0x001FEB 2 0x80000002 0x007761 1 Net Link States (Area 0) Link ID 10. as an internal.2.2 ADV Router 2.1.3. the first thing I notice is the fact that we only have one link state database here – it is for Area 0 of course. these are not even valid (reachable) IP addresses in the scenario. and also a backbone router.2. We must be the Designated Router (DR). We immediately realize we should see LSA entries for Area 0 and Area 11.2 98 0x80000001 0x00F4CB R1# Interesting.0 2.2.10.168. OK. The next entry is the LSA Type 2 (Net Link State) we expected.2.1.0 ADV Router 2.1 ADV Router 1. Finally.1.

FastEthernet0/0 192.connected. E2 . Correlate the entries to those you see in the OSPF Database: R2#show ip route Codes: C .2 904 0x80000001 0x0048C4 172.0.0 [110/11] via 10. R2. R .11.1.mobile.BGP D .RIP.per-user static route o .2 894 0x80000001 0x00C79B R2# Examine the above output line for line.168.2.16. Recall our topology: We have gone to R1 and created a prefix (11.OSPF. Normal and Stub Areas . Part 2.2.0/24 is subnetted. 1 subnets 10.periodic downloaded static route Gateway of last resort is not set O C C R2# 172. su . N2 . P .2.IS-IS inter area. IA . 1 subnets 172.IS-IS level-2 ia . Click here for Part 1 of the series.16.10.candidate default.10. We run RIP version 2 on .0/24 is subnetted. Here is a look at the IP Routing table on this device.0 is directly connected.OSPF NSSA external type 2 E1 . 0 Comments Welcome back to our series on OSPF areas. and it should all fall right into place from your Core Knowledge about OSPF LSA Types now. It is time to focus on normal areas and stub areas in this post. FastEthernet0/1 OSPF Areas.10. * .10.IS-IS level-1.static. U .0 2. B .11.10.ODR.0.2.OSPF external type 1.OSPF external type 2 i .IS-IS summary. FastEthernet0/0 10.10.10.0 2. There should be no surprises.10.0/24 is directly connected. L1 .OSPF inter area N1 . 00:17:59. Tutorials . S .1.16.IS-IS. L2 .0/24) using a loopback interface. EX . M .OSPF NSSA external type 1. O . Posted in OSPF .Summary Net Link States (Area 11) Link ID ADV Router Age Seq# Checksum 10.EIGRP external.0.EIGRP.

3. 1 subnets 172. 00:11:53. And we cannot forget about the LSA Type 4 (Summary ASB Link State).1.1. 00:24:41.2.10.10.10.168.2.168.2.10.3.168.0.2. Remember.16.2.2 3. FastEthernet0/0 C 192.3.1 ADV Router 2.2.10.3.11.11.0/24 is subnetted.3) (Process ID 1) Router Link States (Area 11) Link ID count 2. the LSA Type 4. 1 subnets O IA 10. This is reminiscent of the EIGRP topology table. What should this create on R3 in Area 11 (a normal OSPF area)? That’s right – a Type 5 LSA for an External prefix.3 ADV Router 2.0/24 is subnetted. there is the Type 5 prefix in the normal area.0. That protocol sure tries to act link state as well! OK.2. I am sure you have been noticing how some of the LSAs in the database do not translate directly into routing table entries.3 Age 1215 Seq# Checksum 0x80000001 0x003577 Summary Net Link States (Area 11) Link ID 10. this is a simple configuration.16.10. Let us examine the OSPF database on R3 now and the accompanying IP routing table: R3#show ip ospf database OSPF Router with ID (3.0/24 is subnetted.1 Age 456 Seq# Checksum Tag 0x80000001 0x0075AB 0 R3#show ip route Gateway of last resort is not set 172.0.0/24 is directly connected.3 Age 1216 1215 Seq# Checksum Link 0x80000002 0x00023C 1 0x80000002 0x00C075 1 Net Link States (Area 11) Link ID 192.2. well let us see what happens when we convert Area 11 into a STUB AREA. 00:24:41.1.this interface and redistribute this into OSPF Area 0.0 [110/21] via 192. and issue the O IA .2.11. FastEthernet0/0 10. FastEthernet0/0 R3# Sure enough. 1 subnets O E2 11.0 172.0.1.2.0 ADV Router 2.3.16.168.1.2 Age 1281 1241 Seq# Checksum 0x80000001 0x0048C4 0x80000001 0x00C79B Summary ASB Link States (Area 11) Link ID 1.0 [110/20000] via 192. This informs the OSPF domain of the location of the Autonomous System Boundary Router (ASBR).1.3. For example.2.0.11.2.3.1.1.1.3.3 ADV Router 3.0 R3# ADV Router 1.0 [110/20] via 192. All we need to do is go to ALL of the routers in the stub area (there can be many).168.2 Age 449 Seq# Checksum 0x80000001 0x0075B0 Type-5 AS External Link States Link ID 11. FastEthernet0/0 11.2 3.2.2 2.

3 Age 6 Seq# Checksum 0x80000004 0x004D5E Summary Net Link States (Area 11) Link ID 0.0/24 is subnetted.2 2. 1 subnets O IA 10. let us examine the databases on R3.2 Age 33 33 33 Seq# 0x80000001 0x80000003 0x80000003 Checksum 0x0075C0 0x0062AA 0x00E181 R3#show ip route Gateway of last resort is 192. FastEthernet0/0 10. .3.10.10. the Totally Stubby Area.2. our Area 11 is going to undergo a major flashback! The area is going to be reintroduced to an early 1980′s American stereotype called Valley Girls and their Valspeak.3. It is special because it is an automatically generated default route by the Area Border Router (ABR).0/24 is directly connected. FastEthernet0/0 C 192.168.router configuration command area 11 stub.2. .0/0 [110/11] via 192. 1 subnets 172.2.168.10.2.0 R3# ADV Router 2.2.0.2.0. Notice the Stub Area effect worked just as advertised in our Core Knowledge studies.0 [110/20] via 192.0/24 is subnetted.3.3.2 to network 0.168.10.0. The Type 4 and 5 LSAs were removed from the OSPF database! They were replaced with a “special” LSA Type 3.0.10.3 ADV Router 3.like Totally Stubby! Lets review how we left Area 11 and how things looked when it was just a Stub area: .1.0.3.3.1.2. 00:01:23. Now that we have done that.0 172.2.2. The area is no longer going to be Stubby.168.3 ADV Router 2. Click here for Part 2. 00:01:23. Posted in OSPF . FastEthernet0/0 R3# Wow.168.3 Age 7 6 Seq# Checksum Link 0x80000005 0x001A23 1 0x80000005 0x00D85C 1 Net Link States (Area 11) Link ID 192.0 172.0 10.10. the Totally Stubby Area .2.0.3.16.1.2 2. but it is going to be like. FastEthernet0/0 O*IA 0.3) (Process ID 1) Router Link States (Area 11) Link ID count 2. Join us in the next part of this blog series where we examine the next OSPF area type.0.2. Part 3. 0 Comments Click here for Part 1.16.1.1.2 3.0.168.2 3.16. Tutorials . 00:01:23.0 [110/21] via 192. In this part of our blog series on OSPF area types.1.3.2. R3#show ip ospf database OSPF Router with ID (3. O IA OSPF Areas.0. things really changed here.2.

0. All we need to do is go to the Area Border Router (ABR.R3#show ip ospf database OSPF Router with ID (3.10.0/24 is directly connected.2.2.2 to network 0.0.1.2.3. man! OK. FastEthernet0/0 C 192.2 3. FastEthernet0/0 10.3.3. 1 subnets O IA 10. 00:01:23. Now lets make that Area 11 Totally Stubby and see what happens.168.2 3.0.2.3.3 Age 7 6 Seq# Checksum Link 0x80000005 0x001A23 1 0x80000005 0x00D85C 1 Net Link States (Area 11) Link ID 192.3) (Process ID 1) Router Link States (Area 11) Link ID count 2.3 Age 6 Seq# Checksum 0x80000004 0x004D5E Summary Net Link States (Area 11) Link ID 0.2 2.168.2. 00:01:23.0/24 is subnetted.0.0.1.0/0 [110/11] via 192.16.1. Like way cool.1.168.0 [110/21] via 192. 00:01:23.0 R3# ADV Router 2.2. R2).3. and add the no-summary keyword to the previous area 11 stubcommand.1.0/24 is subnetted. now I sound like Scott Morris.16.2 Age 33 33 33 Seq# 0x80000001 0x80000003 0x80000003 Checksum 0x0075C0 0x0062AA 0x00E181 R3#show ip route Gateway of last resort is 192.10.0 172.2.10.2.0. FastEthernet0/0 O*IA 0.3 ADV Router 2.3 ADV Router 3.2.2 2.10. Notice this O IA .1.0 10.168.0 [110/20] via 192.168. 1 subnets 172.0.2.2.2.16.10.3.0.168.10.2. FastEthernet0/0 R3# The Stub area configuration wiped out any Type 4 and Type 5 LSAs in Area 11 and gave us the default route to the Area Border Router (ABR) in order to reach those prefixes.3.0.0 172.3.

0.2 Age 24 Seq# Checksum 0x80000002 0x0073C1 R3#show ip route Gateway of last resort is 192.3.2. cleverly-named.3 Age 215 Seq# Checksum 0x80000001 0x00535B Summary Net Link States (Area 11) Link ID 0.keyword only needs to be on the ABR.2. lets examine the OSPF Database and IP Routing table on R3: R3#show ip ospf database OSPF Router with ID (3.2. but here it is again: . Now it is time for us to examine yet another OSPF special area type – the Not-So-Stubby Area.2 3. Part 4.2. the only LSA Type 3 we have left is the special.0/24 is directly connected.3. Not-So-Stubby Area.2 3. It is the only hope of this router reaching any prefixes outside of the area. default route generated by the ABR. OSPF Areas.1.3.2 to network 0. Seinfeld.0 ADV Router 2. In fact. Please join us in the next part of this series where we examine the equally.3 ADV Router 3.1.0.0/0 [110/11] via 192. Those were the Summary LSAs about prefixes within our OSPF domain.2.3.0.168. Boy is that route important now.3.2.0.3) (Process ID 1) Router Link States (Area 11) Link ID count 2.3.1. We have major shrinkage! Notice the Totally Stubby configuration has gone a step further than the Stub Area config.3 Age 216 215 Seq# Checksum Link 0x80000002 0x002020 1 0x80000002 0x00DE59 1 Net Link States (Area 11) Link ID 192.3. FastEthernet0/0 R3# Now I am reminded of a famous episode of the American television hit. Now that we have made the Totally Stubby configuration. OK. While you could add it to each and every area stub command in Area 11.1. Posted in OSPF . it would have no effect and the proctor would question your abilities. It not only wiped out the LSA Type 4s and 5s. Tutorials . but in other areas. the Not-So-Stubby Area .168.168.168.2. FastEthernet0/0 O*IA 0. I am sure you recall out topology from the previous parts.0. but it also removed the LSA Type 3s.3. 0 Comments Click here for Part 1 of the series or click here for Part 3 of the series. 00:11:07.3 ADV Router 2.0.0 C 192.

FastEthernet0/0 .0 [110/21] via 192.16.3 Age 28 Seq# Checksum 0x80000001 0x00DACB Summary Net Link States (Area 11) Link ID 10.3 ADV Router 3.3) (Process ID 1) Router Link States (Area 11) Link ID count 2. 00:00:33. let us take a look at the OSPF database and routing table on R3: R3#show ip ospf database OSPF Router with ID (3.168. with the exception of the special default route (Type 3) generated by the Area Border Router.2 3. and are then converted on the ABR to Type 5.2.10.3 ADV Router 2.When we left Area 11 in the last post. At least that is what we read in the RFCs. 1 subnets 172.10.3.2.1.1.3.0. it was a Totally Stubby Area.3. The Not-So-Stubby Area (NSSA) allows us to bring in some redistributed routes into the stub area! Wow. I guess the area really isn’t that stubby at all.3 Age 29 28 Seq# Checksum Link 0x80000005 0x00A78B 1 0x80000004 0x0062CB 1 Net Link States (Area 11) Link ID 192.168. 4.16.2.0 172. After doing this.2.3.2 3.3.10. These redistributed routes propagate through the NSSA as Type 7.0/24 is subnetted.16.0 ADV Router 2.2 Age 58 58 Seq# Checksum 0x80000003 0x00E91B 0x80000003 0x0069F1 R3#show ip route Gateway of last resort is not set O IA 172.10.2.3.3.2 2.2.2. Let us see it in action at the command line! I have removed the previous Totally Stubby configuration and I have placed the following command on all routers in Area 11 – area 11 nssa. This prevented LSA Types 3.2.3. and 5 from entering the area.2.

3.1.2) (Process ID 1) Router Link States (Area 0) Link ID count 1.1 2.10.3.3 ADV Router 2.1. FastEthernet0/0 C 192.1.3.0 [110/20] via 192.0/24 is subnetted.10. and redistribute them into OSPF.1 Age 1120 Seq# Checksum 0x80000001 0x009476 Summary Net Link States (Area 0) .2.1.2.3. 00:00:33.10.0 3.it looks just like a stub area.2. I will configure some loopbacks on R3.2 Age 794 794 Seq# Checksum 0x80000003 0x00E91B 0x80000003 0x0069F1 Type-7 AS External Link States (Area 11) Link ID ADV Router Age Seq# Checksum Tag 33.2.2.3 Age 764 Seq# Checksum 0x80000001 0x00DACB Summary Net Link States (Area 11) Link ID 10.3 Age 765 10 Seq# Checksum Link 0x80000005 0x00A78B 1 0x80000005 0x0066C4 1 Net Link States (Area 11) Link ID 192.2. Let us examine the OSPF database on R3 now: R3#show ip ospf database OSPF Router with ID (3.0 3.0.2.3.3.2 2.2.44.3) (Process ID 1) Router Link States (Area 11) Link ID count 2.168.16. FastEthernet0/0 R3# Notice how at this point.1. run RIP on them.1.3 11 0x80000001 0x0063DA 0 R3# I guess the RFC did not lie to us! There they are – the Type 7 LSAs! Let us examine the OSPF database and IP routing table on R2 (the ABR): R2#show ip ospf database OSPF Router with ID (2.0.1. Type 4 and 5 LSAs have been filtered.10.10.168.33.2 Age 1120 1023 Seq# Checksum Link 0x80000002 0x0025E3 2 0x80000003 0x007B5A 1 Net Link States (Area 0) Link ID 10.0 ADV Router 2.2.1 ADV Router 1.10.2 ADV Router 1.33. 1 subnets O IA 10. Now.3 9 0x80000001 0x00F06E 0 44.1 2.2.1.44.1.2.2.3.3.0/24 is directly connected.10.2.3.3.3.2.10.0 172.168.3 ADV Router 3.2 3.2.2 3.3.

1 subnets O 172.0.2 2.0 44.Link ID 192.44.0 ADV Router 3. 1 subnets C 10.2 Age 1119 Seq# Checksum 0x80000001 0x00F4CB Router Link States (Area 11) Link ID count 2.168.0/24 is subnetted.3. 00:04:12. 1 subnets 33.1.3.33.3 Age 242 242 Seq# Checksum Tag 0x80000001 0x00F06E 0 0x80000001 0x0063DA 0 Type-5 AS External Link States Link ID 11.3.2 3.2.0.33.3.3 ADV Router 2. Notice the N2 designations for NSSA area prefixes.0 ADV Router 2. 1 subnets O N2 44.3.10.3.1.0 172.0 [110/20000] via 192.11.2 3.0/24 is subnetted. 00:04:12.0 [110/20000] via 10. FastEthernet0/0 10.0.0.2.2.1 2.3 3.44.1.0 ADV Router 1.16.3.44.3.11.2.2.44.2 2.2.0/24 is directly connected.2.0 33.16.2.11.168.16.2.0 [110/11] via 10.10.3.168.3.33.3.0.1) (Process ID 1) . Now let us examine R1 – an internal backbone router: O N2 R1#show ip ospf database OSPF Router with ID (1.2.0 [110/20000] via 192.44.11.1.2 Age 1025 1025 Seq# Checksum 0x80000003 0x00E91B 0x80000003 0x0069F1 Type-7 AS External Link States (Area 11) Link ID 33. FastEthernet0/1 R2# Holy LSAs Batman! This router has indeed converted the Type 7s to Type 5s and installed them in the routing table.3 Age 994 241 Seq# Checksum Link 0x80000005 0x00A78B 1 0x80000005 0x0066C4 1 Net Link States (Area 11) Link ID 192.33. 00:04:12.0 44.0/24 is subnetted.1. FastEthernet0/1 44.0/24 is subnetted.1.10. 00:17:16.2.2.33.2.0.0.10.1.0.2.3.0 ADV Router 2.10.0 is directly connected.0.168.0/24 is subnetted.44.1.168.10. FastEthernet0/0 C 192.10.10.1. 1 subnets O E2 11.1.3 Age 996 Seq# Checksum 0x80000001 0x00DACB Summary Net Link States (Area 11) Link ID 10. FastEthernet0/0 11.3 ADV Router 3.10.10. FastEthernet0/1 172.33.1.2 Age 1171 235 239 Seq# 0x80000001 0x80000001 0x80000001 Checksum 0x0075AB 0x00A3C9 0x001636 Tag 0 0 0 R2#show ip route Gateway of last resort is not set 33.

Router Link States (Area 0) Link ID count 1.0.0 33.2.0. 1 subnets C 172.0.1.0 is directly connected.2.0 [110/20000] via 10. 1 subnets 33. FastEthernet0/0 R1# This is what we would expect as well! This device just sees these prefixes as good.11.1 2.10.0 ADV Router 2.1.16.2.44.16.1 2.33.33. 1 subnets O IA 10.2 2.1.0/24 is subnetted. Loopback44 R3# C .1 Age 1704 Seq# Checksum 0x80000001 0x009476 Summary Net Link States (Area 0) Link ID 192.0. FastEthernet0/0 44.2.1.2.0.16. FastEthernet0/0 C 192.10.168.1 2. 00:13:45.2.10.1.10.0.11. 00:13:45.0 is directly connected.11.10.0. Let us examine the routing table on R3: O E2 R3#show ip route Gateway of last resort is not set 33.0/24 is subnetted.0.2.10.33.44.0/24 is subnetted.10. Loopback33 172.44.10. Loopback1 10.2. 00:26:50. 1 subnets C 10.0 is directly connected.10. Type 5 LSAs.1.2.0/24 is subnetted. 1 subnets O E2 44.11.0.1.33. FastEthernet0/0 10.0/24 is subnetted.168.0 44.2.0/24 is subnetted.0.1.1.0 [110/20000] via 10.2 Age 1705 Seq# Checksum 0x80000001 0x00F4CB Type-5 AS External Link States Link ID 11.1.0/24 is subnetted.2 ADV Router 1. 00:18:43.33.1.10. old-fashioned. FastEthernet0/0 11.0.16.0/24 is directly connected.1.2. Loopback11 O IA 192. FastEthernet0/0 44. FastEthernet0/0 172.2.2.0/24 is subnetted.0 is directly connected. 1 subnets C 44.0.0 [110/21] via 192.168.0. 00:18:43.44.0/24 is subnetted. 1 subnets O IA 172.44.2 Age 1704 1609 Seq# Checksum Link 0x80000002 0x0025E3 2 0x80000003 0x007B5A 1 Net Link States (Area 0) Link ID 10. I think we have an issue now in this OSPF domain.168.2.0 [110/20] via 192.0.10.33.0.0/24 [110/20] via 10.2.44.0 ADV Router 1. 1 subnets 33. But wait. 1 subnets C 11.1 ADV Router 1.1.2 Age 1755 819 820 Seq# 0x80000001 0x80000001 0x80000001 Checksum 0x0075AB 0x00A3C9 0x001636 Tag 0 0 0 R1#show ip route Gateway of last resort is not set 33.10.0 is directly connected.0.10.168.10.

FastEthernet0/0 44.168.168.10.0. 00:21:51.0.16.168.0.We are not getting the Type 5 being generated on R1 as expected. 1 subnets C 44. 1 subnets O IA 172.0. But we are also not getting a default route from the ABR anymore.44.0/24 is subnetted.0 [110/20] via 192.168.0 is directly connected.44. Now everyone is happy.1.10.0. 1 subnets O IA 10. Loopback44 O*N2 0. 1 subnets 33. FastEthernet0/0 10.2.33.1.2.1.0.0.2.0/24 is subnetted.0/24 is directly connected.0.33. FastEthernet0/0 R3# I hope you will join me for the next part of this blog series where we examine the Jumbo Shrimp of OSPF areas. 00:21:51.0 [110/21] via 192.1. All we need to do is modify the area 11 nssa command on R2 to area 11 nssa default-information-originate. the Totally Not-So-Stubby area! C .2 to network 0.1.16.0.0 33.0 is directly connected.0/0 [110/1] via 192. Loopback33 172.0.0/24 is subnetted.0/24 is subnetted.168.0. 00:00:12.10. happy. The default route is not automatic with the NSSA. Check out the routing table now on R3: R3#show ip route Gateway of last resort is 192. FastEthernet0/0 C 192.