automaty do gry

Social Icons

Wednesday, August 7, 2013

CCNP ROUTE: 1.OSPF Neighborships over LANs

The following list details the items seen in OSPF Hello messages:
■ OSPF Router ID
■ Stub area flag
■ Plus the following interface-specific settings:
■ Hello interval
■ Dead Interval
■ Subnet mask
■ List of neighbors reachable on the interface
■ Area ID
■ Router priority
■ Designated Router (DR) IP address
■ Backup DR (BDR) IP address
■ Authentication digest

Items that two routers will compare when deciding whether they can become OSPF neighbors:
■ Interfaces’ primary IP addresses must be in same subnet.
■ Must not be passive on the connected interface.
■ Must be in same area.
■ Hello interval and Dead timer must match. (Example A)
■ Router IDs (RIDs) must be unique. (Example B)
■ IP MTU must match. (Example C)
■ Must pass neighbor authentication, if configured.  (Example D)

Example A:
-The Hello interval defines how often the router sends a Hello on the interface.
-The Dead interval defines how long a router should wait, without hearing any Hello messages from that neighbor, before deciding that the neighbor failed.
-With a default LAN interface setting of Hello of 10, and Dead of 40, the local router sends Hello messages every 10 seconds.
-By default: (Dead interval) = 4*(Hello interval)

Consider R1's neighbors:

R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
9.9.9.9           0   FULL/  -        00:00:31    192.168.0.22    Serial0/0
5.5.5.5           0   FULL/  -        00:00:36    192.168.0.18    Serial0/2
4.4.4.4           0   FULL/  -        00:00:30    192.168.0.14    Serial0/1
2.2.2.2           1   FULL/BDR        00:00:32    192.168.0.2     FastEthernet0/0
3.3.3.3           1   FULL/DR         00:00:35    192.168.0.3     FastEthernet0/0

Consider R1's neighborship with R9 (through Serial0/0):

R1#show ip ospf interface serial 0/0
Serial0/0 is up, line protocol is up
  Internet Address 192.168.0.21/30, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
...
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 9.9.9.9
  Suppress hello for 0 neighbor(s)

Modifying R1's Serial0/0 interfaces' Hello interval, the neighborship should fail due to timer mismatch:

R1(config)#interface serial 0/0
R1(config-if)#ip ospf hello-interval 15 
R1#show ip ospf interface serial 0/0
Serial0/0 is up, line protocol is up
  Internet Address 192.168.0.21/30, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 15, Dead 60, Wait 60, Retransmit 5
*Mar  1 01:09:20.331: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

Changing back to the same Hello interval as on R9:
R1(config-if)#ip ospf hello-interval 10
R1(config-if)#
*Mar  1 01:10:40.099: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from LOADING to FULL, Loading Done

The same happens when modifying the Dead interval:
R1(config-if)#ip ospf dead-interval 100
R1(config-if)#
*Mar  1 01:13:30.011: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

Also, we can set the Dead interval to a minimum of 1 second and the Hello multiplier with a preferred value:
R1(config-if)#ip ospf dead-interval minimal hello-multiplier 10 (this sets Dead = 1 second, with Hellos occurring 10 times per second)
*Mar  1 01:21:30.047: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired


Example B:
By design, all OSPF RIDs in a domain should be unique; to avoid such issues, OSPF prevents neighborships between routers with duplicate RIDs.

R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
9.9.9.9           0   FULL/  -        00:00:36    192.168.0.22    Serial0/0
5.5.5.5           0   FULL/  -        00:00:30    192.168.0.18    Serial0/2
4.4.4.4           0   FULL/  -        00:00:35    192.168.0.14    Serial0/1
2.2.2.2           1   FULL/BDR        00:00:37    192.168.0.2     FastEthernet0/0
3.3.3.3           1   FULL/DR         00:00:39    192.168.0.3     FastEthernet0/0
R1#show ip protocols 
Routing Protocol is "ospf 1"
  ...
  Router ID 1.1.1.1
R1(config-router)#router-id 9.9.9.9
Reload or use "clear ip ospf process" command, for this to take effect
R1#clear ip ospf process 
Reset ALL OSPF processes? [no]: y
*Mar  1 01:29:41.199: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
R1#
*Mar  1 01:29:43.703: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate router-id 9.9.9.9 from 192.168.0.22 on interface Serial0/0
R1#
*Mar  1 01:30:50.051: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate router-id 9.9.9.9 from 192.168.0.22 on interface Serial0/0
R1#
*Mar  1 01:32:00.035: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate router-id 9.9.9.9 from 192.168.0.22 on interface Serial0/0
R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
5.5.5.5           0   FULL/  -        00:00:33    192.168.0.18    Serial0/2
4.4.4.4           0   FULL/  -        00:00:37    192.168.0.14    Serial0/1
2.2.2.2           1   FULL/BDR        00:00:39    192.168.0.2     FastEthernet0/0
3.3.3.3           1   FULL/DR         00:00:32    192.168.0.3     FastEthernet0/0


Example C:
-The maximum transmission unit (MTU) of an interface tells IOS the largest IP packet that can be forwarded out the interface.
-This setting protects the packet from being discarded on data links whose Layer 2 features will not pass a frame over a certain size.
-For example, routers typically default to an IP MTU of 1500 bytes to accommodate Ethernet’s rules about frames not exceeding 1526 bytes.

-When an MTU mismatch occurs between two OSPF neighbors, one router will attempt to become neighbors with the other router whose MTU differs.
-The other router will be listed in the list of neighbors (show ip ospf neighbor). However, the two routers will not exchange topology information,
and the two routers will not calculate routes that use this neighbor as the next-hop router.

R1#show ip route
...
     192.168.13.0/32 is subnetted, 1 subnets
O       192.168.13.13 [110/11] via 192.168.0.3, 00:00:05, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/128] via 192.168.0.22, 00:00:05, Serial0/0
O IA    10.0.1.2 [110/128] via 192.168.0.22, 00:00:05, Serial0/0
O IA    10.0.11.11 [110/129] via 192.168.0.22, 00:00:05, Serial0/0
O IA    10.0.10.10 [110/129] via 192.168.0.22, 00:00:05, Serial0/0
O IA    10.0.1.1 [110/64] via 192.168.0.22, 00:00:05, Serial0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
C       192.168.0.12/30 is directly connected, Serial0/1
C       192.168.0.0/29 is directly connected, FastEthernet0/0
C       192.168.0.16/30 is directly connected, Serial0/2
C       192.168.0.20/30 is directly connected, Serial0/0
     192.168.168.0/30 is subnetted, 1 subnets
O IA    192.168.168.0 [110/20] via 192.168.0.2, 00:00:11, FastEthernet0/0
C    192.168.100.0/24 is directly connected, Loopback0
     192.168.169.0/32 is subnetted, 1 subnets
O IA    192.168.169.170 [110/21] via 192.168.0.2, 00:00:11, FastEthernet0/0
     192.168.3.0/30 is subnetted, 1 subnets
O IA    192.168.3.0 [110/74] via 192.168.0.22, 00:00:11, Serial0/0
     192.168.33.0/32 is subnetted, 1 subnets
O IA    192.168.33.33 [110/75] via 192.168.0.22, 00:00:11, Serial0/0

R1(config)#interface serial 0/0
R1(config-if)#ip mtu 1498 
R1#show ip interface serial 0/0
Serial0/0 is up, line protocol is up
...
  MTU is 1498 bytes
R9#show ip int s0/0
Serial0/0 is up, line protocol is up
...
  MTU is 1500 bytes

R1#clear ip ospf process 
Reset ALL OSPF processes? [no]: y
R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
9.9.9.9           0   EXSTART/  -     00:00:38    192.168.0.22    Serial0/0
5.5.5.5           0   FULL/  -        00:00:33    192.168.0.18    Serial0/2
4.4.4.4           0   FULL/  -        00:00:37    192.168.0.14    Serial0/1
2.2.2.2           1   FULL/BDR        00:00:39    192.168.0.2     FastEthernet0/0
3.3.3.3           1   FULL/DR         00:00:32    192.168.0.3     FastEthernet0/0
R1#
*Mar  1 01:48:22.831: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
9.9.9.9           0   DOWN/  -           -        192.168.0.22    Serial0/0
5.5.5.5           0   FULL/  -        00:00:31    192.168.0.18    Serial0/2
4.4.4.4           0   FULL/  -        00:00:35    192.168.0.14    Serial0/1
2.2.2.2           1   FULL/BDR        00:00:37    192.168.0.2     FastEthernet0/0
3.3.3.3           1   FULL/DR         00:00:30    192.168.0.3     FastEthernet0/0

-When the mismatch occurs, a pair of routers tries to become neighbors, and they list each other in the output of show ip ospf neighbors.
-However, the neighbor state (listed before the /, under heading “State”) moves to EXSTART (which means the database exchange process is starting).
-Then, the state changes to DOWN, and later one router tries again, moving to INIT (initializing) state.
-So, the neighbor is listed in the output of show ip ospf neighbors command, but never succeeds at exchanging the topology data.


Example D:
-OSPF authentication causes routers to authenticate every OSPF message.
-To do so, the routers use the same preshared key value, generating an MD5 digest for each OSPF message and sending that digest as part of each OSPF message.
-OSPF authentication uses one of three types: type 0 (no authentication), type 1 (clear text - Simple password authentication), and type 2 (MD5).

Consider the same R1-R9 neighborship:

R1(config)#interface serial 0/0 
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 secret
*Mar  1 02:08:00.071: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R1#debug ip ospf adj 
*Mar  1 02:08:30.039: OSPF: Rcv pkt from 192.168.0.22, Serial0/0 : Mismatch Authentication type. Input packet specified type 0, we use type 2
*Mar  1 02:08:32.803: OSPF: Send with youngest Key 1

Now the neighborship is down. On R9, we should also configure md5 authentication, using the same key:
R9(config)#interface serial 0/0
R9(config-if)#ip ospf authentication message-digest

Enabling authentication on R9's interface, but not specifying the authentication key, leads to a failed neighborship and the following messages on R1:
R1#
*Mar  1 02:13:22.803: OSPF: Send with youngest Key 1
*Mar  1 02:13:30.051: OSPF: Rcv pkt from 192.168.0.22, Serial0/0 : Mismatch Authentication Key - No message digest key 0 on interface
This time, the mismatch refers to the authentication key, not the authentication type, as earlier.

Now, setting the authentication key on R9 also:
R9(config-if)#ip ospf message-digest-key 1 md5 secret
*Mar  1 02:13:50.983: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL, Loading Done

R1#
*Mar  1 02:14:00.095: OSPF: Send with youngest Key 1
*Mar  1 02:14:00.123: OSPF: 2 Way Communication to 9.9.9.9 on Serial0/0, state 2WAY
*Mar  1 02:14:00.123: OSPF: Send DBD to 9.9.9.9 on Serial0/0 seq 0x1562 opt 0x52 flag 0x7 len 32
*Mar  1 02:14:00.127: OSPF: Send with youngest Key 1
*Mar  1 02:14:00.131: OSPF: Rcv DBD from 9.9.9.9 on Serial0/0 seq 0x2325 opt 0x52 flag 0x7 len 32  mtu 1500 state EXSTART
*Mar  1 02:14:00.135: OSPF: NBR Negotiation Done. We are the SLAVE
...
*Mar  1 02:14:00.151: OSPF: Synchronized with 9.9.9.9 on Serial0/0, state FULL
*Mar  1 02:14:00.151: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Serial0/0 from LOADING to FULL, Loading Done

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)