OSPF areas: Analysing an apprently redundant design

OSPF areas: Analysing an apprently redundant design - Cisco way

Attachment:

File comment: OSPF area design cisco non redundant

ospf-area-design-cisco.png [43 KiB]
Downloaded 304 times

Ok. So we know a little bit about OSPF from previous articles. Here is a recap:

- All internal destinations within an area are advertised througy Type 1 LSA (Router LSA) in OSPF.
- These internal destinations reach the ABR (Area Border Router) and they are injected as type 3 LSA (Summary LSA) into area 0 (backbone area) from any non backbone area or in a non-backbone area only if origin area is backbone area (from any area into area 0 and from area 0 in any area). This is Cisco default. Juniper behaves a little differently. This behavior is described in RFC3509 and it is followed by Cisco and not by Juniper. Not a big problem imho because loops are still avoided.

Note: Why loops are still avoided ? What kind of loops are we talking about here ? Answer to q2: LSA loops. Answer to Q1 is complex: Although Cisco does not inject a destination from Area 10 (in Router LSA) into area 20 as summary LSA (workaround exists) and Juniper does it (Junos behaves as ABR if it has interfaces in two non-backbone areas), NEITHER cISCO NOR JUNIPER INJECT TYPE 3 SUMMARY LSA FROM A NON-BACKBONE AREA TO ANOTHER NON-BACKBONE AREA. THIS IS WHERE THE LOOP STOPS. The second part of the answer is that both Cisco and Juniper ignore type 3 Summary LSA received on non-backbone area when they have an adjacency in area 0. To my understanding at least.

In the newbie diagram, I have an apparently redundant OSPF area design.

From R6 (loopback 6.6.6.6) traceroute to R5 (loopback 5.5.5.5) goes via R2:

Code:

R6#traceroute 5.5.5.5 source 6.6.6.6

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 172.16.2.1 36 msec 60 msec 60 msec
  2 172.16.9.2 64 msec 72 msec 80 msec

Why does R6 chose path via R2 in the above diagram ? The answer is not quite simple & obvious. Let's analyse:
R5 injects a type 1 router LSA into area 20:

Code:

R5#sh ip ospf database router self-originate

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Router Link States (Area 20)

  LS age: 931
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 5.5.5.5
  Advertising Router: 5.5.5.5
  LS Seq Number: 80000003
  Checksum: 0x4C6C
  Length: 60
  Number of Links: 3

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.9.1
     (Link Data) Router Interface address: 172.16.9.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.8.1
     (Link Data) Router Interface address: 172.16.8.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 5.5.5.5
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

R5's loopback is seen as a stub (last link ID).

In area 0 this destination is injected only by R2 (the only ABR of area 2 according to RFC3509). R3 not being tangent to area 0, will not inject a summary LSA into area 10 and even if it did, R1 would ignore the summary from R3 because it has adjacency with R6 oer area 0.

Code:

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
3.3.3         1.1.1.1         1372        0x80000034 0x008E69
4.4.4         1.1.1.1         1372        0x80000034 0x006093
5.5.5         2.2.2.2         1189        0x80000002 0x0078A5
16.3.0      1.1.1.1         1372        0x800000A6 0x00834F
16.4.0      2.2.2.2         1450        0x800000A3 0x006070
16.5.0      1.1.1.1         1375        0x80000034 0x005CE5
16.7.0      1.1.1.1         1375        0x800000A6 0x005777
16.8.0      2.2.2.2         1191        0x80000034 0x001D1E
16.9.0      2.2.2.2         1452        0x800000A3 0x0029A2

Type 3 LSA with ID 5.5.5.5 was injected by R2 only (advertising router 2.2.2.2).

What happens if link between R6 and R2 goes down ?
Of course, traffic will go outside the AS (assuming there's a default route to the internet) or dropped (assuming there is a null route aggregating organization assigned prefix space).

Ways to fix this ? Only few.
- Redundant ABRs for each area.
- Adding an area 0 link between R1 and R2. This of course doesn't offer resiliency should R2 router fail completely.
- A virtual link between R1 and R3.
- And possibly more.

Let's look at 3rd option:

Code:

R3(config-if)#router ospf 1
R3(config-router)#area 10 vir
R3(config-router)#area 10 virtual-link 1.1.1.1

R1(config-router)#area 10 vir
R1(config-router)#area 10 virtual-link 3.3.3.3
*Nov 18 16:08:15.761: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on OSPF_VL0 from LOADING to FULL, Loading Done

R6#traceroute 5.5.5.5 source 6.6.6.6

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 172.16.1.1 16 msec *  24 msec
  2 172.16.3.2 92 msec 60 msec 64 msec
  3 172.16.8.2 116 msec 128 msec 104 msec
R6#

What has changed ? Since R3 now has a virtual link to R1, it becomes an ABR. It will take the type 1 LSA from R5 and for all Link IDs, it will inject a Summary LSA in unicast (?) form to R1. R1 will forward this LSA to R6.

Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

OSPF areas: Analysing an apprently redundant design - Cisco way

OSPF areas: Analysing an apprently redundant design - Cisco way