Chapter 10: OSPF Tuning and Troubleshooting
Scaling Networks
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Chapter 10 – Sections & Objectives
§ 10.1 Advanced Single-Area OSPF Configurations • Configure OSPF to improve network performance.
§ 10.2 Troubleshooting Single-Area OSPF Implementations
• Troubleshoot common OSPF configuration issues in a small to medium-
sized business network.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
10.1 Advanced Single- Area OSPF Configurations
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Secure OSPF
Secure Routing Updates
§ When neighbor authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives.
§ An authenticating key that is known to both the sending and the receiving route is exchanged.
§ OSPF supports three types of authentication:
• Null – no authentication.
• Simple password authentication – the password in the update is sent in plaintext over the network (outdated method).
• MD5 authentication – Most secure and recommended method of authentication. Password is calculated using the MD5 algorithm.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Secure OSPF
MD5 Authentication
• •
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Secure OSPF
Configuring OSPF MD5 Authentication
§ MD5 authentication can be enabled globally for all interfaces or on a per-interface basis.
§ To enable OSPF MD5 authentication globally, configure: • ip ospf message-digest-key key
md5 password (interface configuration command)
• area area-id authentication message-digest (router
configuration command)
§ To enable MD5 authentication on a per-interface basis, configure:
• ip ospf message-digest-key key md5password(interface configurationcommand)
• ip ospf authentication message-digest (interface configuration command)
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Secure OSPF
OSPF MD5 Authentication Example
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
continued
Secure OSPF
OSPF MD5 Authentication Example (cont.)
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Secure OSPF
Verifying OSPF MD5 Authentication
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Secure OSPF
Verifying OSPF MD5 Authentication (cont.)
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Advanced Single-Area OSPF Configurations OSPF in Multiaccess Networks
§ OSPF Network Types
• Point-to-point
• Broadcast multiaccess
• Nonbroadcast multiaccess (NBMA) • Point-to-multipoint
• Virtual links
§ OSPF challenges for OSPF • Creation of multiple adjacencies • Extensive flooding of LSAs
§ OSPF Designated Router
• OSPF elects a DR to be the collection and distribution point for LSAs
sent and received.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Advanced Single-Area OSPF Configurations
OSPF in Multiaccess Networks (Cont.)
§ Verifying DR/BDR Roles
• To verify the roles of the OSPFv2 router, use the show ip ospf interface
command.
• For the equivalent OSPFv3 command, simply substitute ip with ipv6.
§ Verifying DR/BDR Adjacencies
• To verify the OSPFv2 adjacencies, use the show ip ospf neighbor command.
• The normal state for an OSPF router is usually FULL.
§ Default DR/BDR Election Process
• The routers in the network elect the router with the highest interface priority as
the DR.
• The router with the second highest interface priority is elected as the BDR.
§ The OSPF Priority
• To configure the OSPF priority, use the ip ospf priority value interface
command. For the equivalent OSPFv3 command, simply substitute ip with ipv6.
• With the OSPF priority of 0, the router does not become a DR or BDR.
• For values 1 – 255, the higher the value, the more likely the router becomes the DR or BDR on the interface.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Advanced Single-Area OSPF Configurations Default Route Propagation
§ Propagating a Default Static Route in OSPFv2
• To propagate a default route, the edge router must be configured with:
o A default static route using the ip route 0.0.0.0 0.0.0.0 {ip- address | exit-intf} command.
o The default-information originate router configuration mode command.
§ Verifying the Propagated IPv4 Default Route
• Verify the default route settings on using the show ip route command
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential 13
Advanced Single-Area OSPF Configurations
Default Route Propagation (Cont.)
§ Propagating a Default Static Route in OSPFv3
• The process of propagating a default static route in OSPFv3 is almost
identical to OSPFv2
• To propagate a default route, the edge router must be configured with:
o A default static route using the ipv6 route ::/0 {ipv6-address | exit- intf} command
o The default-information originate router configuration mode command.
§ Verifying the Propagated IPv6 Default Route
• Verify the default static route setting on R2 using the show ipv6 route static command
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential 14
Advanced Single-Area OSPF Configurations Fine-tuning OSPF Interfaces
§ OSPF Hello and Dead Intervals
• The OSPF Hello and Dead intervals are configurable on a per-interface
basis.
• The OSPF intervals must match or a neighbor adjacency does not occur.
§ Modifying OSPFv2 Intervals
• OSPFv2 Hello and Dead intervals can be modified manually:
o ip ospf hello-interval seconds
o ip ospf dead-interval seconds
• Use the no ip ospf hello- interval and no ip ospf dead-interval commands to reset the intervals to their default.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential 15
Advanced Single-Area OSPF Configurations Fine-tuning OSPF Interfaces (Cont.)
§ Modifying OSPFv3 Intervals
• OSPFv2 Hello and Dead intervals can be modified manually:
o ipv6 ospf hello-interval seconds
o ipv6 ospf dead-interval seconds
• Use the no ipv6 ospf hello-interval and no ipv6 ospf dead-
interval commands to reset the intervals to their default.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
10.2 Troubleshooting Single-Area OSPF Implementations
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Troubleshooting Single-Area OSPF Implementations
Components of Troubleshooting Single-Area
OSPF
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Troubleshooting Single-Area OSPF Implementations
Components of Troubleshooting Single-Area
OSPF (Cont.)
§ OSPF States
• When troubleshooting OSPF neighbors, be aware that the FULL or
2WAY states are normal.
• All other states are transitory.
§ OSPF Troubleshooting Commands • show ip protocols
• show ip ospf neighbor
• show ip ospf interface
• show ip ospf
• show ip route ospf
• clear ip ospf [process-id] process
• For the equivalent OSPFv3 command, simply substitute ip with ipv6.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Troubleshooting Single-Area OSPF Implementations
Components of Troubleshooting Single-Area
OSPF (Cont.)
§ Components of Troubleshooting OSPF • Neighbor table is not correct
o Are the interfaces operational? Are the interfaces enabled for OSPF? Does the OSPF area match? Is there an interface that is configured as passive?
• Routing table is not correct
o Are the networks being advertised? Is there an ACL that is blocking advertisements? Is there another routing protocol with a lower AD being used as well? Are all areas connected to Area 0?
• Traffic does not take the desired path
o Verify the OSPF cost on an interface. Verify the OSPF reference bandwidth.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Troubleshooting Single-Area OSPF Implementations
Troubleshoot Single-Area OSPFv2 Routing
Issues
§ Troubleshooting Neighbor Issues
• For an interface to be enabled for OSPFv2, a matching network
command must be configured under the OSPFv2 routing process.
• If connected interfaces on two routers are not enabled for OSPF, the neighbors will not form an adjacency
• Recall that the passive-interface command stops both outgoing and incoming routing updates because the effect of the command causes the router to stop sending and receiving Hello packets over an interface.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Troubleshooting Single-Area OSPF Implementations
Troubleshoot Single-Area OSPFv2 Routing
Issues (Cont.)
§ Troubleshooting OSPFv2 Routing Table Issues
• For an interface to be enabled for OSPFv2, a matching network
command must be configured under the OSPFv2 routing process.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Troubleshooting Single-Area OSPF Implementations
Troubleshoot Single-Area OSPFv3 Routing
Issues
§ OSPFv3 Troubleshooting Commands • show ipv6 protocols
• show ipv6 ospf neighbor
• show ipv6 ospf interface
• show ipv6 ospf
• show ipv6 route ospf
• clear ip ospfv6 [process-id] process
§ Troubleshooting OSPFv3
• Unlike OSPFv2, OSPFV3 does not use the network command. Instead
OSPFv3 is enabled directly on the interface.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Troubleshooting Single-Area OSPF Implementations
Troubleshoot Multiarea OSPFv2 and OSPFv3
§ Multiarea OSPF Troubleshooting Skills
• Before you can begin to diagnose and resolve problems related to a
multiarea OSPF implementation, you must be able to do the following:
o Understand the processes OSPF uses to distribute, store, and select routing information.
o Understand how OSPF information flows within and between areas.
o Use Cisco IOS commands to gather and interpret the information necessary
to troubleshoot OSPF operation.
§ Multiarea OSPF Troubleshooting Data Structures
• OSPF stores routing information in four main data structures: o Interface table
o Neighbor table
o Link-state database (LSDB) o Routing table
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
10.3 Chapter Summary
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Chapter Summary Summary
§ OSPF defines five network types: point-to-point, broadcast multiaccess, nonbroadcast multiaccess, point-to-multipoint, and virtual links.
§ Multiaccess networks can create two challenges for OSPF regarding the flooding of LSAs: creation of multiple adjacencies and extensive flooding of LSAs. The solution to managing the number of adjacencies and the flooding of LSAs on a multiaccess network is the DR and BDR. If the DR stops producing Hellos, the BDR promotes itself and assumes the role of DR.
§ The routers in the network elect the router with the highest interface priority as DR. The router with the second highest interface priority is elected the BDR. The higher the priority, the likelier the router will be selected as the DR. If set to 0, the router is not capable of becoming the DR. The default priority of multiaccess broadcast interfaces is 1. Therefore, unless otherwise configured, all routers have an equal priority value and must rely on another tie breaking method during the DR/BDR election. If the interface priorities are equal, then the router with the highest router ID is elected the DR. The router with the second highest router ID is the BDR. The addition of a new router does not initiate a new election process.
§ To propagate a default route in OSPF, the router must be configured with a default static route and the default-information originate command must be added to the configuration. Verify routes with the show ip route or show ipv6 route command.
§ To assist OSPF in making the correct path determination, the reference bandwidth must be changed to a higher value to accommodate networks with links faster than 100 Mb/s. To adjust the reference bandwidth, use the auto-cost reference-bandwidth Mbps router configuration mode command. To adjust the interface bandwidth, use the bandwidth kilobits interface configuration mode command. The cost can be manually configured on an interface using the ip ospf cost value interface configuration mode command.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Chapter Summary Summary (Cont.)
§ The OSPF Hello and Dead intervals must match or a neighbor adjacency does not occur. To modify these intervals, use the following interface commands:
ip ospf hello-interval seconds ip ospf dead-interval seconds ipv6 ospf hello-interval seconds ipv6 ospf dead-interval seconds
§ When troubleshooting OSPF neighbors, be aware that the FULL or 2WAY states are normal. The following commands summarize OSPFv2 troubleshooting:
show ip protocols
show ip ospf neighbor
show ip ospf interface
show ip ospf
show ip route ospf
clear ip ospf [process-id] process
§ Troubleshooting OSPFv3 is similar to OSPFv2. The following commands are the equivalent commands used with OSPFv3: show ipv6 protocols, show ipv6 ospf neighbor, show ipv6 ospf interface, show ipv6 ospf, show ipv6 route ospf, and clear ipv6 ospf [process-id] process.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27