Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sat Aug 19, 2017 2:43 am


Author Message
mandrei99
Post  Post subject: OSPF areas: Analysing an apprently redundant design - Cisco way  |  Posted: Tue Nov 18, 2014 11:14 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

OSPF areas: Analysing an apprently redundant design - Cisco way

OSPF areas: Analysing an apprently redundant design - Cisco way
Attachment:
File comment: OSPF area design cisco non redundant
ospf-area-design-cisco.png [43 KiB]
Downloaded 304 times

Ok. So we know a little bit about OSPF from previous articles. Here is a recap:

- All internal destinations within an area are advertised througy Type 1 LSA (Router LSA) in OSPF.
- These internal destinations reach the ABR (Area Border Router) and they are injected as type 3 LSA (Summary LSA) into area 0 (backbone area) from any non backbone area or in a non-backbone area only if origin area is backbone area (from any area into area 0 and from area 0 in any area). This is Cisco default. Juniper behaves a little differently. This behavior is described in RFC3509 and it is followed by Cisco and not by Juniper. Not a big problem imho because loops are still avoided.

Note: Why loops are still avoided ? What kind of loops are we talking about here ? Answer to q2: LSA loops. Answer to Q1 is complex: Although Cisco does not inject a destination from Area 10 (in Router LSA) into area 20 as summary LSA (workaround exists) and Juniper does it (Junos behaves as ABR if it has interfaces in two non-backbone areas), NEITHER cISCO NOR JUNIPER INJECT TYPE 3 SUMMARY LSA FROM A NON-BACKBONE AREA TO ANOTHER NON-BACKBONE AREA. THIS IS WHERE THE LOOP STOPS. The second part of the answer is that both Cisco and Juniper ignore type 3 Summary LSA received on non-backbone area when they have an adjacency in area 0. To my understanding at least.

In the newbie diagram, I have an apparently redundant OSPF area design.

From R6 (loopback 6.6.6.6) traceroute to R5 (loopback 5.5.5.5) goes via R2:
Code:
R6#traceroute 5.5.5.5 source 6.6.6.6

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 172.16.2.1 36 msec 60 msec 60 msec
  2 172.16.9.2 64 msec 72 msec 80 msec


Why does R6 chose path via R2 in the above diagram ? The answer is not quite simple & obvious. Let's analyse:
R5 injects a type 1 router LSA into area 20:
Code:
R5#sh ip ospf database router self-originate

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Router Link States (Area 20)

  LS age: 931
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 5.5.5.5
  Advertising Router: 5.5.5.5
  LS Seq Number: 80000003
  Checksum: 0x4C6C
  Length: 60
  Number of Links: 3

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.9.1
     (Link Data) Router Interface address: 172.16.9.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.8.1
     (Link Data) Router Interface address: 172.16.8.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 5.5.5.5
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metrics: 1



R5's loopback is seen as a stub (last link ID).

In area 0 this destination is injected only by R2 (the only ABR of area 2 according to RFC3509). R3 not being tangent to area 0, will not inject a summary LSA into area 10 and even if it did, R1 would ignore the summary from R3 because it has adjacency with R6 oer area 0.
Code:
                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
3.3.3.3         1.1.1.1         1372        0x80000034 0x008E69
4.4.4.4         1.1.1.1         1372        0x80000034 0x006093
5.5.5.5         2.2.2.2         1189        0x80000002 0x0078A5
172.16.3.0      1.1.1.1         1372        0x800000A6 0x00834F
172.16.4.0      2.2.2.2         1450        0x800000A3 0x006070
172.16.5.0      1.1.1.1         1375        0x80000034 0x005CE5
172.16.7.0      1.1.1.1         1375        0x800000A6 0x005777
172.16.8.0      2.2.2.2         1191        0x80000034 0x001D1E
172.16.9.0      2.2.2.2         1452        0x800000A3 0x0029A2


Type 3 LSA with ID 5.5.5.5 was injected by R2 only (advertising router 2.2.2.2).

What happens if link between R6 and R2 goes down ?
Of course, traffic will go outside the AS (assuming there's a default route to the internet) or dropped (assuming there is a null route aggregating organization assigned prefix space).

Ways to fix this ? Only few.
- Redundant ABRs for each area.
- Adding an area 0 link between R1 and R2. This of course doesn't offer resiliency should R2 router fail completely.
- A virtual link between R1 and R3.
- And possibly more.

Let's look at 3rd option:
Code:
R3(config-if)#router ospf 1
R3(config-router)#area 10 vir
R3(config-router)#area 10 virtual-link 1.1.1.1

R1(config-router)#area 10 vir
R1(config-router)#area 10 virtual-link 3.3.3.3
*Nov 18 16:08:15.761: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on OSPF_VL0 from LOADING to FULL, Loading Done

R6#traceroute 5.5.5.5 source 6.6.6.6

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 172.16.1.1 16 msec *  24 msec
  2 172.16.3.2 92 msec 60 msec 64 msec
  3 172.16.8.2 116 msec 128 msec 104 msec
R6#



What has changed ? Since R3 now has a virtual link to R1, it becomes an ABR. It will take the type 1 LSA from R5 and for all Link IDs, it will inject a Summary LSA in unicast (?) form to R1. R1 will forward this LSA to R6.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "OSPF areas: Analysing an apprently redundant design - Cisco way"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. OSPF areas - how to achieve optimal routing - Cisco way

mandrei99

1

834

Tue Nov 25, 2014 8:46 pm

Exsosus View the latest post

There are no new unread posts for this topic. OSPF Multi area scenario with isolated areas cisco & Juniper - part 1.

mandrei99

0

1202

Thu Nov 13, 2014 9:51 am

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) OSPF: Dangers of non-standard area design - Juniper way

mandrei99

0

879

Thu Nov 13, 2014 12:29 pm

mandrei99 View the latest post

There are no new unread posts for this topic. OSPF neighbors stuck in ExStart - case 1 - interface type mismatch

mandrei99

0

3845

Wed Dec 10, 2014 5:42 am

mandrei99 View the latest post

There are no new unread posts for this topic. Understanding the OSPF External NSSA LSA Metric Type 1 with JunOS examples

mandrei99

0

1464

Sun Mar 15, 2015 1:51 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Injecting a default route in an OSPF NSSA area from a Juniper device

mandrei99

0

2982

Sun Mar 15, 2015 5:24 pm

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO