Difference between revisions of "Cisco OSPF"

From HackerNet
Jump to: navigation, search
Line 22: Line 22:
 
* Kompatibla nätverkstyper, DR-election eller ej
 
* Kompatibla nätverkstyper, DR-election eller ej
 
Graceful shutdown, en OSPF router skickar ett HELLO utan grannar då tas grannskapet ner.
 
Graceful shutdown, en OSPF router skickar ett HELLO utan grannar då tas grannskapet ner.
 +
 +
'''Neighbor states'''
 +
 +
===LSA-typer===
  
 
===Rekommendationer===
 
===Rekommendationer===
Line 28: Line 32:
 
* Configure LSA warnings to alert of problems
 
* Configure LSA warnings to alert of problems
 
* Crash each type of box on your network in a lab environment so you know what it will do under stress.
 
* Crash each type of box on your network in a lab environment so you know what it will do under stress.
 
  
 
=Konfiguration=
 
=Konfiguration=
Line 41: Line 44:
 
  auto-cost reference-bandwidth 100000
 
  auto-cost reference-bandwidth 100000
 
  exit
 
  exit
 +
show ip ospf interface | i Cost
  
 
Enable routing on an IP network
 
Enable routing on an IP network
Line 50: Line 54:
 
  no passive-interface [interface]
 
  no passive-interface [interface]
  
Enable MD5 authentication in Area 0
+
'''Default route'''
area 0 authentication message-digest
 
 
 
Enable OSPF authentication on an interface
 
interface [interface]
 
ip ospf message-digest-key 10 md5 [password]
 
exit
 
 
 
Default route
 
 
  default-information originate
 
  default-information originate
 +
Eller om man inte har någon gateway of last resort
 +
default-information originate always
  
AD
+
'''AD'''
 
  router ospf 1
 
  router ospf 1
 
   distance 80
 
   distance 80
Line 72: Line 70:
 
Advertise a maximum metric so that other routers do not prefer the router as an intermediate hop
 
Advertise a maximum metric so that other routers do not prefer the router as an intermediate hop
 
  max-metric router-lsa on-startup 60
 
  max-metric router-lsa on-startup 60
 +
 +
===Authentication===
 +
Enable MD5 authentication in Area 0
 +
area 0 authentication message-digest
 +
 +
Enable OSPF authentication on an interface
 +
interface [interface]
 +
ip ospf 1 area 0
 +
ip ospf message-digest-key 10 md5 [password]
 +
exit
 +
 +
Key-chain
 +
key chain TEST
 +
key 1
 +
key-string SECRET
 +
cryptographic-algorithm hmac-sha-512
 +
 +
int gi2
 +
ip ospf authentication key-chain TEST
 +
 +
OSPFv3, IPsec
 +
int gi2
 +
ospfv3 encryption ipsec spi 2001 esp aes-cbc 256 0 ABC123... sha1 0 CBA321...
 +
ipv6 ospf encryption ipsec spi 2001 esp aes-cbc 256 0 ABC123... sha1 0 CBA321...
  
 
===Summarization===
 
===Summarization===
Line 90: Line 112:
 
  ip ospf transmit-delay ''seconds''
 
  ip ospf transmit-delay ''seconds''
  
===Stub===
+
Timers
 +
router ospf 1
 +
timers throttle spf 100 1000 10000
 +
timers pacing flood 50
 +
timers paciong retransmission 75
 +
timers throttle lsa all 10 4000 6000
 +
timers lsa arrival 2000
 +
 
 +
===Area types===
 +
'''Stub'''
 
No LSA type 5
 
No LSA type 5
 
  area 1 stub
 
  area 1 stub
 
''Stub bit is sent in hello packets''
 
''Stub bit is sent in hello packets''
  
===Totally Stubby===
+
'''Totally Stubby'''
 
No LSA type 3,4,5. Default route only.<br/>
 
No LSA type 3,4,5. Default route only.<br/>
 
ABR
 
ABR
Line 102: Line 133:
 
  area 1 stub
 
  area 1 stub
  
===NSSA===
+
'''NSSA'''
 
LSA type 7
 
LSA type 7
 
  area 1 nssa
 
  area 1 nssa
  
===NSSA Totally Stubby===
+
'''NSSA Totally Stubby'''
 
LSA type 7. No LSA type 3,4.
 
LSA type 7. No LSA type 3,4.
 
  area 1 nssa no-summary
 
  area 1 nssa no-summary
  
=Virtual Link=
+
===Filtering===
 +
router ospf 1
 +
area 1 filter-list prfix PFXLIST out
 +
 
 +
ip prefix-list PFXLIST seq 5 deny 10.10.0.0/24
 +
ip prefix-list PFXLIST seq 10 permit 0.0.0.0/0 le 32
 +
 
 +
===Virtual Link===
 
Virtual link är rekommenderat som backup- eller temporär anslutning.
 
Virtual link är rekommenderat som backup- eller temporär anslutning.
  
Line 128: Line 166:
 
'''Show'''
 
'''Show'''
 
  show ip ospf virtual-links
 
  show ip ospf virtual-links
 +
 +
===LFA===
 +
Loop-Free Alternate Fast Reroute
  
 
===Diverse===
 
===Diverse===
Line 136: Line 177:
 
'''MTU mismatch'''
 
'''MTU mismatch'''
 
  ip ospf mtu-ignore
 
  ip ospf mtu-ignore
 +
 +
'''Discard'''
 +
no discard-route external
  
 
=Redistribution=
 
=Redistribution=
Line 153: Line 197:
 
  show ip ospf events
 
  show ip ospf events
 
  show ip ospf border-routers
 
  show ip ospf border-routers
 +
show ip ospf topology-info
 +
show ip ospf database router
  
 
Reset database and neighbors
 
Reset database and neighbors

Revision as of 19:26, 3 March 2016

Open Shortest Path First kommunicerar med multicast som alltid har ttl satt till 1. OSPF använder IP protokoll #89. RFC 2328

Type: Link State

Algorithm: Dijkstra

AD: 110

Metric: Cost (Bandwidth)

Protocols: IP

Grannskap

Neighbors måste komma överens om:

  • Subnät/Mask
  • Area
  • Timers
  • Olika router-ID
  • Flaggor: Stub, NSSA
  • MTU
  • Authentication type
  • Kompatibla nätverkstyper, DR-election eller ej

Graceful shutdown, en OSPF router skickar ett HELLO utan grannar då tas grannskapet ner.

Neighbor states

LSA-typer

Rekommendationer

  • Set your maximum LSA settings to keep from killing weak boxes
  • Baseline your network so you know how many LSAs normally float around
  • Configure LSA warnings to alert of problems
  • Crash each type of box on your network in a lab environment so you know what it will do under stress.

Konfiguration

router ospf [process-id]

router-id for this OSPF process (in IPv4 address format)

router-id [OSPF router-id] 
log-adjacency-changes

Uppdatera reference bandwidth till 100G

router ospf 1
auto-cost reference-bandwidth 100000
exit
show ip ospf interface | i Cost

Enable routing on an IP network

network [network-number] [wildcard-mask] area [area-id]

Slå på routing för alla nät och styr grannskap/uppdateringar med passive-interface

passive-interface default
network 0.0.0.0 0.0.0.0 area 0
no passive-interface [interface]

Default route

default-information originate

Eller om man inte har någon gateway of last resort

default-information originate always

AD

router ospf 1
 distance 80

DR/BDR election, multiaccess network

interface [interface]
ip ospf priority [number]  #default 1
exit

Advertise a maximum metric so that other routers do not prefer the router as an intermediate hop

max-metric router-lsa on-startup 60

Authentication

Enable MD5 authentication in Area 0

area 0 authentication message-digest

Enable OSPF authentication on an interface

interface [interface]
ip ospf 1 area 0
ip ospf message-digest-key 10 md5 [password]
exit

Key-chain

key chain TEST
key 1
key-string SECRET
cryptographic-algorithm hmac-sha-512
int gi2
ip ospf authentication key-chain TEST

OSPFv3, IPsec

int gi2
ospfv3 encryption ipsec spi 2001 esp aes-cbc 256 0 ABC123... sha1 0 CBA321...
ipv6 ospf encryption ipsec spi 2001 esp aes-cbc 256 0 ABC123... sha1 0 CBA321...

Summarization

ABR

router ospf 1
area 10 range 10.10.0.0 255.255.252.0
exit

ASBR

router ospf 1
summary-address 10.10.0.0 255.255.252.0
exit

Tuning protocol parameters

ip ospf hello-interval seconds
ip ospf dead-interval seconds
ip ospf retransmission-interval seconds
ip ospf transmit-delay seconds

Timers

router ospf 1
timers throttle spf 100 1000 10000
timers pacing flood 50
timers paciong retransmission 75
timers throttle lsa all 10 4000 6000
timers lsa arrival 2000

Area types

Stub No LSA type 5

area 1 stub

Stub bit is sent in hello packets

Totally Stubby No LSA type 3,4,5. Default route only.
ABR

area 1 stub no-summary

Others

area 1 stub

NSSA LSA type 7

area 1 nssa

NSSA Totally Stubby LSA type 7. No LSA type 3,4.

area 1 nssa no-summary

Filtering

router ospf 1
area 1 filter-list prfix PFXLIST out
ip prefix-list PFXLIST seq 5 deny 10.10.0.0/24
ip prefix-list PFXLIST seq 10 permit 0.0.0.0/0 le 32

Virtual Link

Virtual link är rekommenderat som backup- eller temporär anslutning.

R1

router ospf 1
network 10.0.1.0 0.0.0.255 area 1
network 1.1.1.0 0.0.0.255 area 0
area 1 virtual-link 3.3.3.3  #Router-ID

R3

router ospf 1
network 10.0.1.0 0.0.0.255 area 1
network 10.0.2.0 0.0.0.255 area 2
network 3.3.3.0 0.0.0.255 area 2
area 1 virtual-link 1.1.1.1  #Router-ID

Show

show ip ospf virtual-links

LFA

Loop-Free Alternate Fast Reroute

Diverse

Loopback

ip ospf network point-to-point
exit

MTU mismatch

ip ospf mtu-ignore

Discard

no discard-route external

Redistribution

Default seed metric: 20 (except BGP)

Static

redistribute static

RIP

redistribute rip subnets

EIGRP

redistribute eigrp 1 subnets 

Troubleshoot

show ip ospf neighbor
ping 224.0.0.5
show ip ospf interface brief
show ip protocols
show ip ospf events
show ip ospf border-routers
show ip ospf topology-info
show ip ospf database router

Reset database and neighbors

clear ip ospf process