Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

OSPF Multi area scenario with isolated areas cisco & Juniper - part 1.

OSPF Multi area scenario with isolated areas cisco & Juniper - part 1.


Before I start this is a list of very good references on this subject, imho:
http://blog.ine.com/wp-content/uploads/2011/01/Loop-Prevention-in-OSPF.pdf
http://blog.ipexpert.com/what-makes-a-router-an-ospf-abr-cisco-and-juniper-comparison/
https://tools.ietf.org/html/rfc3509#ref-Ref1
http://www.research.att.com/techdocs/TD_100766.pptx


Lately I've went through a hand full of articles describing OSPF loop avoidance architecture and about it being a link state protocol. Hoewever it's hard to find a good read that answers questions like "what if ?".

OSPF is both a link state protocol with a distance vector behavior when it comes to inter-area routes.

First thing I want to mention is that, inside one area, all routers have the same link state database. Based on this they build a loop-free shortest path tree to every destination inside the area.

Routers with one link in one area a second link in another area are called AreaBorderRouters - they identify themselves by setting the B bit (last bit 0x1) in Type 1 LSAs - OSPF Router LSAs. Another thing that you can read everywhere is that all ABRs have to have at least one link in area 0 - the OSPF backbone area. Why is that ? What if it doesn't ? And so on... I hope I can answer this question later in this series.

The way OSPF areas ideally work is that they need to be designed in a star / hub-and-spoke like topology, Area 0 - backbone - being the center, HUB and all other areas, the spokes.

In this way, OSPF is desgined to route all inter-area traffic (let's say from area 10 to area 20) via area 0. This way loops are avoided and suboptimal routing is introduced in some cases when spoke areas are adjacent - I hope I can explain this later how this statement differs from Cisco to Juniper and how it can be changed (only on Cisco to my knowledge).

An ABR has one separate database for each area it resides in. It calculates a separate shortest path three for all destinations in each area. It then uses type 3 LSAs - OSPF Summary and Router LSAs - OSPF Ttype 1 LSA and information from routing table and "translates" them to the other area changing the "Advertising Router" field to it's own ID. This way routers in the second area know that traffic for destinations in first area or an area behind the first one have to go through the ABR. This is the distance-vector behavior in OSPF.


Example on Junos output:


vlan.4/192.168.4.0/24 - R1>---Area 1---<R2>---Area 0---<R3>---Area 3---<R4>

R1 ID: 172.16.2.6
R2 ID: 172.16.2.1
R3 ID: 172.16.2.2

R1 uses a passive interface vlan.4 within network 192.168.4.0 and adds it to OSPF area 1 as a stub network under it's router LSA.



Then we look at R2 output, first ABR from area 1 to area 0:


R2/ABR uses the STUB destination network from R1's Type 1 LSA and advertises it in backbone as a summary (all OSPF domain destinations from one area are advertised into other areas as type 3 - summary LSA).

The other ABR R3 uses the summary received from R2 and floods another type 3 LSA into area 3 with same ID, but it's own ID as advertising router:


So traffic from an Area 3 router to an Area 1 router travels area 3, area 0 and area 1.

Saved by the bell. There will be multiple parts on this story.