ospf 5: OSPF tables

Hi mate! We’re back again and we’re getting more serious. We have to grasp more on OSPF operation and hopefully I will be able to explain it on the simplest manner. Title above focus on OSPF tables. There are just three tables that we have to remember on OSPF namely: neighbor table, ip routing table and lastly Link State Database LSDB table.

A.) Neighbor table

Verifying command: show ip ospf neighbor

Do you happen to remember this ?

14a

Yup, we have already encountered already the neighbor table. So we can conclude that the OSPF table includes the router-id of the neighbor routers, priority set on each neighbor which we will deal further as we go on, the OSPF stage which we will discuss as well  later and interface of the neighbor router where the local router is connected and the ip address itself. Too wordy right? Lemme discuss the OSPF neighbor content one by one.

1.) Neighbor router’s Router-id – the identifier of the neighbor router that also sends OSPF updates

2.) Neighbor router’s priority – this is used on the election of DR and BDR routers. We will go further on the classification of  ospf routers, it seems like there will be slave and master routers somewhat like that but I cannot provide more details about this without getting unto the basic of OSPF operation.

3.) OSPF stage – the word ” FULL” is the final stage on the OSPF stages on establishing neighbor adjacency. We will have a separate discussion about that

4.) The IP address of the neighbor router exiting interface. We just used the same network topology we used on the previous OSPF topic and as you can see below:

14b

The squared ones are those the interface of the neighbor routers of R2 and also covers the IP addresses 201.52.30.1 and 192.168.14.1

5. Interface of the neighbor routers- these are source of the OSPF updates

B.) IP routing table

Verifying commands: show ip route, show ip route ospf

I hope that I was able to help you to read routing table. It’s just very easy as there was a legend to follow what protocols appearing below. “O” on the ip routing table represents the OSPF protocol. Below is a  sample of routing table of R2 on the network topology.

14d.PNG

To show only OSPF on the routing table, use show ip route ospf

14e

C.) Link State Database (LSDB) table

First, let us define Link- State, link-state is just one of the routing protocol according to algorithm. Algorithms that I am telling you are those like distance vector, link state and hybrid protocols. The reference to define its metrics is the cost. Cost has computation equivalent to reference bandwidth over point to point bandwidth. The usual reference bandwidth is 100 kbps. So cost = 100 kbps / link bandwidth.

Anyway, we forgot our goal which is to define link state. Link refers to the interface and so link state refers to the status of the interface. Therefore we conclude that LSDB is a database of the status of the interfaces. However, that is just the layman’s term explanation to define LSDB.

Below is an image that shows the content of LSDB.

14f

Alright, another term rise that makes the study confusing but you don’t  have to worry about that.Lemme define them one by one.

LSDB – technically is a database of LSA’s or link state advertisement.

LSA – contains the information of the interface like network  address, metric, type of network address etc. These are the information advertised by the interface once the network command was activated.

14g

So let us discuss the content of LSA. I indicate on the the white image above that there is option A and B. Those  are actually categories of link state. Link state categories are A.) what’s with the interface — network address, metrics, type of network address and B.) is there router connected? –> ip address of neighbor router and router-id of neighbor router.

Let us try to check these LSAs by examining our original network topology.

14h

Let us check the LSA of R2

Category A for interface from R2 to R1 ( what’s with the interface)

Network address:201.52.30.0 /24

Metric:since we don’t know the metric, let us check the speed of the link, by running command ” sh interfaces se 1/0″ since it is interface se 1/0

14i

We can see that is 1544 kbps so definitely the cost or the metric is 100/1.544 = 64.766 and we can round it down to 64

Metric:64

Type of Network address:

There area two types of network address that we have to define;

a.Stub network- these are loopback address network, network of which interface has only one or no router connected on the other end

b. Transit network- network which interface has two or more routers connected

Since the interface that we are talking about is serial 1/0  and since it is only connected with one router which is connected to a  switch, we conclude that it is a stub network.

Type of Network address:Stub network

Let us try to verify the LSA on LSDB using this commands:

show ip ospf database

14a1

Highlighted on the above image is link id 2.2.2.2 because on area 0 on router 2, we got three LSA’s namely 1.1.1.1, 2.2.2.2 and 3.3.3.3. Since we would like to check the interface of router 2, we need to further check the content of LSA of link-id 2.2.2.2 by verifying command: show ip ospf database router 2.2.2.2

14a2

Honestly, there should be 7 links  but I only highlighted above the interface that we checked its LSA content. So let us try to check ” what’s with the interface?”

We got type of network as stub network, network address of 201.52.30.0 255.255.255.0 and metric of 64. There dyou go! we are able to check one of link state categories which asks what’s with the interface?

Let us try to check the 2nd link state category which asks ” is there a router connected?”

Yes, there is a router connected, and let us check the interface of router 1 that links to router 2 and it is the serial 1/0 of R1. So I just would like to clarify here that on a certain LSA of a router, we will see as well the state of the interface of neighbor router that provides OSPF update.

14a3

14a4.png

We need to define the IP address of local interface , local interface means the interface of the original router that we are working with, which is R2. so it must be 201.52.30.2

IP add of local interface: 201.52.30.2 

Also, we need to verify the router-id of the neighbor router, in our case, it must be R1. So,

Router-id of neighbor router:1.1.1.1

Let us try to verify:

14a5

Oh yeah! That’s all for now for the OSPF tables. Talk to you later!

 

Advertisements

ospf part 4: ospf authentication

Hi there mate! This will be the last discussion on OSPF configuration. The rest of the OSPF topics will discuss how OSPF works and the content of Hello packet. The last topic that we had was configuring passive interfaces for security reasons. This time, we will configure OSPF with authentication using encrypted passwords. The need for configuring authentication is very simple, it is to provide security to active interfaces.  I mean active interface are those interfaces that receives and sends hello or OSPF updates. They cannot be a passive interface so authentication will be the best process to secure those interfaces.

Just come to imagine the scenario below wherein12a1

Instead that the interface serial 1/0 of router 1 is connected to router2. It was connected to hacking router so it will lead to security breach.

So let us get back to our original topology.

12a2.PNG

Authentication SYNTAX:

en 
conf t
router ospf {process#} <— process # 
area {area#} authentication message digest < — we set authentication on the entire area on specific router
exit
int serial x/x
ip ospf message-digest-key 1 md5 {password} <— the authentication used is MD5 , you can further check on google how it works 

Note: 1.) We set password on each interface since the security breach may happen on each                     interface

2.) We can set multiple passwords on each interface: the syntax will follow:

 

int serial x/x
ip ospf message-digest-key 1 md5 {password}
ip ospf message-digest-key 2 md5 {password}

Very easy configuration right? So let us try to check the configuration on each router.
en
conf t
router ospf 100
area 0 authentication message-digest
exit
int se 1/0
ip ospf message-digest-key 1 md5 cisco

12a3

As we can see, opsf neighbor adjacency went down. It is for the reason that the neighbor router is not also configured with authentication and so they will not established neighbor relationship. Another way to verify: show ip ospf neighbor

12a4

So no neighbor relationship established. We can now continue with R2 authentication configuration:

@r2

en
conf t
router ospf 100
area 0 authentication message-digest
exit

12a5

As I go on, I can see that neighbor adjacency went down even without configuring the interfaces. It is for the reason that authentication was configured globally so it affects all the interfaces involved. We need to go by interfaces so that it would be more secured and to specify the password. How we will enter a locked door without a key? There should be a key. We need to specify the password / key-string. Below shows that no neighbor adjacency was established.

12a6

Let us continue the configuration:

int se 1/0
ip ospf message-digest-key 1 md5 cisco
int se 1/1
ip ospf message-digest-key 1 md5 cisco
exit

Below is what happened when I configured authentication on R2. We can see that serial 1/0 went up since it is connected to R1 and R1 has already md5 configuration. We can see on neighbor table that only R1 exists since R3 doesnt have md5 configuration.

12a7.png

Below is the neighbor table of R1, it shows that he can now see R2

12a8

Lastly, let us configure R3:
en
conf t
router ospf 100
area 0 authentication message-digest
exit
int se 1/1
ip ospf message-digest-key 1 md5 cisco
exit

12a9.png

Nothing much special with R3 configuration. We already discussed that serial 1/1 is possible to turn up since all routers has already md5 authentication and also router 2 appears on neighbor table. One thing that I can add to is that you alway see that term “from loading to FULL”. Those are stages of neighbor adjacency which we will discuss on the next topics.

I guess right now, you wonder how ospf works? We will discuss that on the next topic.

OSPF part 3: passive-interfaces

Hi mate! We are going to proceed with configuration of passive-interfaces. First, let me emphasize the need of passive-interfaces.  We configure passive-interfaces for security reasons. Imagine if an intruder tried to hack the network and the interface that it was connected is sending OSPF updates, so what will happen is the information that was advertised by neighbor routers will be shared to the hacking router. Let us check the scenario below:

12I

R1 is connected to a switch, when hacking router connects to a  switch, then OSPF updates will be provided by neighbor routers to hacking routers. There dyou go, the network may be manipulated by hacking router. To avoid this, let us disable the ospf advertisement on interfaces which are not needed.

SYNTAX:

en
conf t
router ospf {process#}
passive-interface default
no passive interface ( interface which should be active)
exit

configuration on each routers

@r1

en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/0
exit

@r2

en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/0
no passive-interface serial 1/1
exit

@r3
en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/1
exit

 

Verification:

You would see that the arrows are pointing on passive-interfaces

 

12k

In the event that the active interface became passive, it will not appear on  neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.

12L

We will check R2

12m

In the event that the active interface became passive, it will not appear on  neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.

12n

Let’s check R3

12o

In the event that the active interface became passive, it will not appear on  neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.

12p

Allright, that is just one way to establish security on OSPF network. Next topic is establishing network security on OSPF network using encrypted key but first lemme take my lunch mate!

OSPF part 2: Router-ID

Hi mate, good morning!  We will be dealing back with our network topology that we configured before.o7a

You wonder what is router-id right? Router-id is the identifier of router on the perception of another router. I am sorry if it is a little bit confusing. Here’s how it goes, R1 would identify R2 by R2’s router-id and R2 would identify R1 by R1’s router ID.

I hope that your GNS3 is now ready. Kindly input ” show ip protocols”

12a.PNG

Router-ID is an important concept in each routing protocols specially with OSPF and EIGRP. When R1 would like to connect to R2, of course R1 should introduce himself and R1 will introduce his router-id as his name. On the figure above, you would see ROUTING INFORMATION SOURCES and the ip address written on the gateway column is the router-id. So how would we know the router-id which should be listed? There are hierarchy to know the router-id and these are the following from the top priority to the least priority.

1.) Hard-coded router-id – this is the router-id that we manually configure.

2.) Highest loopback address- very self-explanatory, the loopback address which has highest numerical value

3.)Highest ip address-   very self-explanatory, the ip address which has highest numerical value

If ever you wonder why there are two router-ids on the “show ip protocols” command, it was because there are two neighbor routers.

12b

Before we proceed with manually configuring the IP address, let us try to remove the loopback addresses, to know if removing the loopback address would lead us that the highest IP address will be the last resort if there are no loopback address and no hard-coded router-id. Since it is very obvious on the figure above that highest loopback address was used instead of hard coded router-id and highest IP address.

Let us try to implement:

on R2

conf t

int lo 0
ip address 192.168.91.1 255.255.255.0
shut
int lo 1
ip address 192.168.92.1 255.255.255.0
shut
int lo 2
ip address 192.168.93.1 255.255.255.0
shut
exit
do sh ip int br

 

on R3

en
conf t

int lo 0
ip address 10.0.0.1 255.255.255.0
shut
int lo 1
ip address 20.0.0.1 255.255.255.0
shut
exit
do sh ip int br

 

As you observed, the router-ids are not changed. Why is it happening? because R1 already knows R2 as 192.168.93.1 and R1 already knows R3 as 20.0.0.1 and so in the event there are changes with R2 and R3, R1 would still identify R2 and R3 as their original router-ids unless R2 and R3 reintroduce themselves to R1.  In order that R2 and R3 will reintroduce themselves to R1, we need to restart the routers.

12c

 

Alright, the routers just got restarted, and let us check sh ip protocols command,

12d

You would see that 201.52.30.2 which is not a loopback nor hard-coded router-id on the routing information sources. Due to incorrect configuration, only one router-is is known by R1 and  R3’s router-id is not known by R1. Also, you will see above the the router-id of R1 still remain as 172.16.17.1 since we did not touch that.So let us retrieve the loopback addresses.

12e.PNG

***********************************************************************Configuration of Router-IDs

Mate, it is very clear that the reason why we consider hard-coded router-ids as top of the hierarchy is because it is something stable or meaning to say it will not vary. What I mean is that in the event that the interface with highest ip address went down or the loopback address was accidentally went to administratively down, it may cause misconfiguration which will lead to network disruption.So it is advisable in the industry, to configure router-id. So let us take note that router-id doesnt necessarily mean that it is an ip address though it looks like ip address.

Let us designate the router-ids of routers:

R1 1.1.1.1

R2 2.2.2.2

R3 3.3.3.3

SYNTAX:

en
conf t
router ospf  {process#}
router-id x.x.x.x
do clear ip ospf process  —> it will appear and it is your discretion whether to restart router or clear the router-ids, then type  YES
do wr
exit
do sh ip protocols

@R1

en
conf t
router ospf 100
router-id 1.1.1.1
do clear ip ospf process  ; type YES
do wr
exit
do sh ip protocols

 

@r2

en
conf t
router ospf 100
router-id 2.2.2.2
do clear ip ospf process; type YES
do wr
exit

 

@R3

en
conf t
router ospf 100
router-id 3.3.3.3
do clear ip ospf process; type YES
do wr
exit

 

And there you go, we will check the router-id of R1, please take note that old router-ids may take time to be removed on the sh ip protocols table

12f

Let’s check R2

12g

 

Let’s check R3

12h

And there dyou go! We are able to at least configure router id on OSPF protocol. Next ospf process that we will configure is passive inteface and security features of OSPF. After that, we will explain how OSPF works. Stay tuned!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OSPF PART 1: configuration

Hi there! Yup! No more dramas and long introduction this time as we have bunch of topics we need to cover for OSPF. This time, we will focus with configuration first. I have below the simple network diagram that we need to work with for the rest of OSPF CCNA topics.

 

o7a.PNG

The basic configuration are below if you don’t want to waste time with configuration:

 

@R1

enable
conf t
line console 0
password cisco
logging sync
exec-timeout 20 30
login
exit
line vty 0 15
password cisco
logging sync
exec-timeout 20 30
login
exit
hostname R1
enable secret class
service password-encryption
no ip domain-lookup
banner motd “AUTHORIZED ACCESS ONLY”
do wr
exit
en
conf t
int se 1/0
ip address 201.52.30.1 255.255.255.0
no shut
int lo 0
ip address 172.16.14.1 255.255.255.0
no shut
int lo 1
ip address 172.16.15.1 255.255.255.0
no shut
int lo 2
ip address 172.16.16.1 255.255.255.0
no shut
int lo 3
ip address 172.16.17.1 255.255.255.0
no shut
exit
do sh ip int br

@r2

enable
conf t
line console 0
password cisco
logging sync
exec-timeout 20 30
login
exit
line vty 0 15
password cisco
logging sync
exec-timeout 20 30
login
exit
hostname R2
enable secret class
service password-encryption
no ip domain-lookup
banner motd “AUTHORIZED ACCESS ONLY”
do wr
exit
en
conf t
int se 1/0
ip address 201.52.30.2 255.255.255.0
no shut
int se 1/1
ip address 192.168.14.2 255.255.255.0
no shut
int lo 0
ip address 192.168.91.1 2n55.255.255.0
no shut
int lo 1
ip address 192.168.92.1 255.255.255.0
no shut
int lo 2
ip address 192.168.93.1 255.255.255.0
no shut
exit
do sh ip int br
@ R3

enable
conf t
line console 0
password cisco
logging sync
exec-timeout 20 30
login
exit
line vty 0 15
password cisco
logging sync
exec-timeout 20 30
login
exit
hostname R3
enable secret class
service password-encryption
no ip domain-lookup
banner motd “AUTHORIZED ACCESS ONLY”
do wr
exit

en
conf t
int se 1/1
ip address 192.168.14.1 255.255.255.0
no shut
int lo 0
ip address 10.0.0.1 255.255.255.0
no shut
int lo 1
ip address 20.0.0.1 255.255.255.0
no shut
exit
do sh ip int br

 

OSPF CONFIGURATION SYNTAX

en
conf t
router ospf {process#}
network { directly connected networks when you use sh ip route} {wild card mask} {area#}

Please note:

Process# is not essential to be the same on all routers
Area# should be the same on all routers and we will discuss that later
Directly connected networks – networks which routers are those with a mark of “C” when you run sh ip route
Wild card mask– opposite of subnet mask of the directly connected networks

Let me walk you through on how to configure R1:

o7b

We conclude that we must have five networks and by using the configuration syntax, we must have the R1 configuration below:

en
conf t
router ospf {process#}
network { directly connected networks when you use sh ip route} {wild card mask} {area#}

en
conf t
router ospf 100
network 172.16.14.0 0.0.0.255 area 0
network 172.16.15.0 0.0.0.255 area 0
network 172.16.16.0 0.0.0.255 area 0
network 172.16.17.0 0.0.0.255 area 0
network 201.52.30.0 0.0.0.255 area 0
exit
do show ip protocols
en
conf t
router ospf 100
network 172.16.14.0 0.0.0.255 area 0
network 172.16.15.0 0.0.0.255 area 0
network 172.16.16.0 0.0.0.255 area 0
network 172.16.17.0 0.0.0.255 area 0
network 201.52.30.0 0.0.0.255 area 0
exit
do show ip protocols

do show ip protocols  – or show ip protocols on global configuration, is the show commands to know what protocol is running on the router and the networks configured, we will deal further about this when we reached ESTABLISHING NEIGHBOR ADJACENCY TOPIC
R1(config)#do show ip protocols
Routing Protocol is “ospf 100”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.16.17.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.14.0 0.0.0.255 area 0
172.16.15.0 0.0.0.255 area 0
172.16.16.0 0.0.0.255 area 0
172.16.17.0 0.0.0.255 area 0
201.52.30.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)

We can use command “sh ip route” but OSPF will not appear because only one router is configured.

 
R1(config)#do sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 4 subnets
C 172.16.16.0 is directly connected, Loopback2
C 172.16.17.0 is directly connected, Loopback3
C 172.16.14.0 is directly connected, Loopback0
C 172.16.15.0 is directly connected, Loopback1
C 201.52.30.0/24 is directly connected, Serial1/0

Let us configure R2:

o7c

en
conf t
router ospf 100
network 192.168.91.0 0.0.0.255 area 0
network 192.168.92.0 0.0.0.255 area 0
network 192.168.93.0 0.0.0.255 area 0
network 192.168.14.0 0.0.0.255 area 0
network 201.52.30.0 0.0.0.255 area 0
exit
do sh ip route

and we would see

o7d

You would see above

*Mar 7 18:20:18.803: %OSPF-5-ADJCHG: Process 100, Nbr 172.16.17.1 on Serial1/0 from LOADING to FULL, Loading Done

The word FULL is just one of the stages of establishing neighbor adjacency which we will discuss later as we go on.

And since two routers are already configured with OSPF , we would see that there are 4 OSPF networks appearing above.

We’ll proceed R3 configuration:

o7e

 

R3 configuration below:
en
conf t
router ospf 100
network 192.168.14.0 0.0.0.255 area 0
network 20.0.0.0 0.0.0.255 area 0
network 10.0.0.0 0.0.0.255 area 0
exit
do sh ip route

 

Let us try to check the routing table of R1, R2 and R3

R1o7f

R2

o7g.PNG

R3

o7h.PNG

Lastly, mate before we proceed let us try to check  R3 and analyze it.

o7a

From the figure above, we conclude that router 3 has three directly connected networks and 8 remote networks. Let us check if those 3 directly connected routers has a mark of “C”

We can use “sh ip route connected” to know only directly connected networks
R3#sh ip route connected
C 192.168.14.0/24 is directly connected, Serial1/1
20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Loopback0

We can use “sh ip route ospf” to show remote networks which has OSPF protocols

R3#sh ip route ospf
192.168.91.0/32 is subnetted, 1 subnets
O 192.168.91.1 [110/65] via 192.168.14.2, 00:09:37, Serial1/1
192.168.93.0/32 is subnetted, 1 subnets
O 192.168.93.1 [110/65] via 192.168.14.2, 00:09:37, Serial1/1
192.168.92.0/32 is subnetted, 1 subnets
O 192.168.92.1 [110/65] via 192.168.14.2, 00:09:37, Serial1/1
172.16.0.0/32 is subnetted, 4 subnets
O 172.16.17.1 [110/129] via 192.168.14.2, 00:09:37, Serial1/1
O 172.16.16.1 [110/129] via 192.168.14.2, 00:09:37, Serial1/1
O 172.16.15.1 [110/129] via 192.168.14.2, 00:09:37, Serial1/1
O 172.16.14.1 [110/129] via 192.168.14.2, 00:09:37, Serial1/1
O 201.52.30.0/24 [110/128] via 192.168.14.2, 00:09:37, Serial1/1

 

Yep, it is confirmed that we got 8 remote networks so it is confirmed that we can reach all those remote networks via ospf protocol.

Let us just analyze one route line:

O 192.168.92.1 [110/65] via 192.168.14.2, 00:09:37, Serial1/1
172.16.0.0/32 is subnetted, 4 subnets

On the line of routing table above which shows that  192.168.92.1 as directly connected networks wherein OSPF is running, we can see [110/65] , I hope that i explained it already to you that this is [administrative distance/ metric]. We will discuss that later as we go on. Also, we will see line  ” via 192.168.14.2″ and Serial1/1, it only means that we are able to connect with that remote network by the help of  serial 1/1 which has ip address of 192.168.14.2.

Yep, that’s all for now but no worries, I will post immediately the continuation of this OSPF series so that I could help you further to read routing tables.