OSPF in Juniper

8/20/2019 OSPF in Juniper

1/54

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

4-1

OSPF


2/54

© 2008 Juniper Networks, Inc. All rights reserved. 2

OSPF Review

Link-state protocol•Neighbors use hello packets to form adjacencies•Routers flood LSAs within their area

•LSAs are placed into a link-state database

OSPF packet types•Hello—Type 1•Database description—Type 2•Link-state request—Type 3

•Link-state update—Type 4•Link-state acknowledgement—Type 5

Hierarchical design uses areas connected to abackbone Routers on a broadcast segment elect a DR


3/54


Hierarchical Design

Backbone

(Area 0 or 0.0.0.0)

Area 1

Area 2

Area 3


4/54


Link-State Update Packets

Carry one or more link-state advertisements

Packets consist of:

•(24-byte) OSPF header

•(4-byte) Number of advertisements

•(Variable) Link-state advertisements

of LSAs

LSA Header

LSA Data

LSA Header

LSA Data

Field length,

in bytes 1 1 2 4 4 2 2 8 Variable

Datauthentication

Authent-

ication

type

Check-

sum

rea IDouter ID

acket

length

ype

ersion

number

4 20 Variable0 Variable


5/54


6/54


LSA Header

20 bytes of information that identify the LSA uniquelyand consist of:

•(2-byte) LS age

•(1-byte) Options

•(1-byte) LS type•(4-byte) Link-state ID

•(4-byte) Advertising router

•(4-byte) LS sequence number

•(2-byte) LS checksum

•(2-byte) Length


7/54© 2008 Juniper Networks, Inc. All rights reserved. 7

Router LSA (Type 1)

Originated by each router in an area•Has area scope

•Describes the state and cost of the router’s interfaces

•Consists of the standard LSA header plus:• (1-byte) Five 0 bits followed by the V, E, and B bits

• (1-byte) Reserved (set to 0)• (2-byte) Number of links

• (4-byte) Link ID

• (4-byte) Link data

• (1-byte) Link type

• (1-byte) Number of ToS metrics

• (2-byte) Metric

• (4-byte) Additional ToS data



Link ID and Link Data Fields

Interpretation depends on value of the link type field

Link Type Link ID Link Data

Point-to-point(Type 1) Neighbor’srouter ID Local router’sinterface IP address

Transit

(Type 2)

DR’s

interface IP address

Local router’s


Stub

(Type 3) Network number Subnet mask

Virtual link

(Type 4)

Neighbor’s

router ID

Local router’s




user@host> show ospf database router extensive

OSPF link state database, area 0.0.0.0Type ID Adv Rtr Seq Age Opt Cksum Len

Router *192.168.16.1 192.168.16.1 0x80000004 947 0x2 0xd45b 60

bits 0x3, link count 3

id 192.168.24.1, data 10.222.28.1, type PointToPoint (1)

TOS count 0, TOS 0 metric 1

id 10.222.28.0, data 255.255.255.0, type Stub (3)TOS count 0, TOS 0 metric 1

id 192.168.16.1, data 255.255.255.255, type Stub (3)

TOS count 0, TOS 0 metric 0Gen timer 00:30:56

Aging timer 00:44:13

Installed 00:15:47 ago, expires in 00:44:13, sent 00:15:47 agoOurs

Router 192.168.36.1 192.168.36.1 0x80000003 173 0x2 0xfa6 60

bits 0x3, link count 3

id 192.168.24.1, data 10.222.4.2, type PointToPoint (1)

TOS count 0, TOS 0 metric 1id 10.222.4.0, data 255.255.255.0, type Stub (3)


id 192.168.36.1, data 255.255.255.255, type Stub (3)TOS count 0, TOS 0 metric 0


Installed 00:02:47 ago, expires in 00:57:07, sent 19:55:19 ago

Router LSA Example



Build a Network — Type 1 LSA

192.168.16.1

192.168.24.1

Area 0

192.168.36.1

10.222.28.0/24 10.222.4.0/24.1

.2



Network LSA (Type 2)

Originated by designated routers (DR)•Has area scope

•Describes all routers attached to a network segment

•Consists of the standard LSA header plus:

• (4-byte) Network mask

• (4-byte) Attached router


12/54


Network LSA Example

user@host> show ospf database network extensive

OSPF link state database, area 0.0.0.1

Type ID Adv Rtr Seq Age Opt Cksum Len

Network 10.222.1.1 192.168.20.1 0x80000002 813 0x2 0x6876 32

mask 255.255.255.0

attached router 192.168.20.1

attached router 192.168.40.1Aging timer 00:46:27

Installed 00:13:32 ago, expires in 00:46:27, sent 1w5d 01:07:09 ago


13/54


Build a Network — Type 2 LSA

Area 1

192.168.16.1

192.168.24.1

Area 0

192.168.36.1

192.168.20.1 192.168.40.1

10.222.28.0/24 10.222.4.0/24

10.222.1.0/24

.1 .2

.1


14/54


15/54


Summary LSA Example

user@host> show ospf database netsummary extensive



Summary 10.222.44.0 192.168.36.1 0x80000004 1011 0x2 0x8530 28

mask 255.255.255.0

TOS 0x0, metric 1



Summary 192.168.32.1 192.168.36.1 0x80000001 1355 0x2 0x49f9 28

mask 255.255.255.255

TOS 0x0, metric 1



Summary *192.168.40.1 192.168.16.1 0x80000001 1527 0x2 0x87c6 28

mask 255.255.255.255

TOS 0x0, metric 2Gen timer 00:14:18



Ours

...


16/54


17/54


ASBR Summary LSA (Type 4)

Originated by ABRs

•Has area scope

•Describes ASBRs external to the area


• (4-byte) Network Mask

• (1-byte) Reserved (set to 0)

• (3-byte) Metric

• (1-byte) ToS

• (3-byte) ToS Metric


18/54


ASBR Summary LSA Example

user@host> show ospf database asbrsummary extensive



ASBRSum 192.168.32.1 192.168.36.1 0x80000001 1477 0x2 0x3b07 28

mask 0.0.0.0

TOS 0x0, metric 1



ASBRSum *192.168.40.1 192.168.16.1 0x80000001 1649 0x2 0x79d3 28

mask 0.0.0.0

TOS 0x0, metric 2

Gen timer 00:14:36



Ours


19/54


Build a Network — Type 4

Area 1

Area ?

192.168.16.1

192.168.24.1

Area 0

192.168.36.1

192.168.20.1 192.168.40.1

192.168.32.1

10.222.28.0/24 10.222.4.0/24

10.222.44.0/24

10.222.1.0/24

.1 .2

.1


20/54


AS External LSA (Type 5)

Originated by ASBRs

•Has domain scope

•Describes networks external to the OSPF domain


• (4-byte) Network mask

• (1-byte) E-bit followed by seven 0 bits

• (3-byte) Metric

• (4-byte) Forwarding address

• (4-byte) External route tag

• (4-byte) Optional ToS fields


21/54


AS External LSA Example

user@host> show ospf database extern extensive

OSPF external link state databaseType ID Adv Rtr Seq Age Opt Cksum LenExtern *192.168.17.0 192.168.16.1 0x80000001 1919 0x2 0x3812 36mask 255.255.255.0Type 1, TOS 0x0, metric 20, fwd addr 0.0.0.0, tag 0.0.0.0Gen timer 00:00:32Aging timer 00:28:01Installed 00:31:59 ago, expires in 00:28:01, sent 00:31:58 ago

OursExtern 192.168.33.0 192.168.32.1 0x80000001 1878 0x2 0x1713 36mask 255.255.255.0Type 1, TOS 0x0, metric 20, fwd addr 0.0.0.0, tag 0.0.0.0Aging timer 00:28:42Installed 00:31:15 ago, expires in 00:28:42, sent 00:31:15 ago

Extern 192.168.37.0 192.168.36.1 0x80000002 1287 0x2 0xcc54 36mask 255.255.255.0Type 1, TOS 0x0, metric 20, fwd addr 0.0.0.0, tag 0.0.0.0

Aging timer 00:38:33Installed 00:21:25 ago, expires in 00:38:33, sent 00:21:25 ago

Extern 192.168.41.0 192.168.40.1 0x80000001 1708 0x2 0x8693 36mask 255.255.255.0Type 1, TOS 0x0, metric 20, fwd addr 0.0.0.0, tag 0.0.0.0Aging timer 00:31:34Installed 00:28:25 ago, expires in 00:31:32, sent 00:28:25 ago


22/54



Area 1

Area ?

192.168.16.1

192.168.24.1

Area 0

192.168.36.1

192.168.20.1 192.168.40.1

192.168.32.1

192.168.41.0/24

192.168.33.0/24

192.168.37.0/24

192.168.17.0/2410.222.28.0/24 10.222.4.0/24

10.222.44.0/24

10.222.1.0/24

.1 .2

.1


23/54


NSSA External LSA (Type 7)

Originated by ASBR within the NSSA

•Has same format as an AS external LSA (Type 5)

•Has area scope

•Describes networks external to the OSPF domain

Translated into an AS external LSA (Type 5) by the ABR

at the NSSA border

•NSSA/Propagate bit in the options field indicates whether

translation should take place

• A value of 1 means translate and propagate

• A value of 0 means do not translate

•When multiple ABRs exist, the ABR with the highest RID

performs the translation


24/54


NSSA LSA Example

user@host> show ospf database nssa extensive



NSSA 192.168.33.0 192.168.32.1 0x80000003 1639 0x8 0x7c19 36

mask 255.255.255.0

Type 1, TOS 0x0, metric 20, fwd addr 192.168.32.1, tag 0.0.0.0




25/54



Area 1

Area 2

NSSA

192.168.16.1

192.168.24.1

Area 0

192.168.36.1

192.168.20.1 192.168.40.1

192.168.32.1

192.168.41.0/24

192.168.33.0/24

192.168.37.0/24

192.168.17.0/2410.222.28.0/24 10.222.4.0/24

10.222.44.0/24

10.222.1.0/24

.1 .2

.1


26/54


Opaque LSA (Types 9–11)

Allows for the future extensibility of OSPF

•JUNOS software uses Type 9 for graceful restart capability

•JUNOS software uses Type 10 for MPLS traffic engineering

•Type 11 is currently not supported

The difference is in flooding scope

•Type 9 has link-local scope

•Type 10 has area scope

•Type 11 has domain scope

Consist of a standard LSA header followed byapplication-specific information

•OSPF or other applications can use information field directly


27/54


LSA Flooding Scopes

Backbone

(0.0.0.0)

Area 1

Area 2 Area 3

External

Routes

Injected

rea 0

LSA 1

Area 1

LSA 3

Area 0

LSA 5

Area 0

LSA 2

Area 1

LSA 1

Area 1

LSA 2

Area 2

LSA 1

Area 2

LSA 2

Area 3

LSA 1

Area 3

LSA 2

Area 2

LSA 3

Area 3

LSA 3

Area 0

LSA 3

Area 2

LSA 3

Area 3

LSA 3

Area 0

LSA 3

Area 1

LSA 3

Area 3

LSA 3

Area 0

LSA 3

Area 1

LSA 3

Area 2

LSA 3

Area 3

LSA 4

Area 3

LSA 4

Area 3

LSA 4

Area 0

LSA 4

Area 0

LSA 4

Area 0

LSA 4

Area 0

LSA 5

Area 0

LSA 5

Area 0

LSA 5

Area 3

LSA 5

Area 3

LSA 5

Area 3

LSA 5

Area 3

LSA 5

External

Routes

Injected


28/54


Sample OSPF Database

user@host> show ospf database

OSPF link state database, area 0.0.0.0Type ID Adv Rtr Seq Age Opt Cksum LenRouter *192.168.16.1 192.168.16.1 0x80000004 177 0x2 0xd45b 60Router 192.168.36.1 192.168.36.1 0x80000005 305 0x2 0xda47 60Summary *10.222.1.0 192.168.16.1 0x80000002 412 0x2 0xfafa 28Summary *10.222.29.0 192.168.16.1 0x80000002 631 0x2 0xbb1f 28Summary *192.168.20.1 192.168.16.1 0x80000001 412 0x2 0x87c6 28ASBRSum 192.168.32.1 192.168.36.1 0x80000001 240 0x2 0x3b07 28

OSPF link state database, area 0.0.0.1Type ID Adv Rtr Seq Age Opt Cksum LenRouter *192.168.16.1 192.168.16.1 0x80000007 39 0x2 0xcc62 60Router 192.168.20.1 192.168.20.1 0x80000002 415 0x2 0xd7d9 48Network 10.222.1.1 192.168.20.1 0x80000001 418 0x2 0x6a75 32Summary *192.168.32.1 192.168.16.1 0x80000001 238 0x2 0xe96b 28Summary *192.168.36.1 192.168.16.1 0x80000002 631 0x2 0xb19f 28ASBRSum *192.168.32.1 192.168.16.1 0x80000001 238 0x2 0xdb78 28

ASBRSum *192.168.36.1 192.168.16.1 0x80000001 574 0x2 0xa5ab 28OSPF external link state databaseType ID Adv Rtr Seq Age Opt Cksum LenExtern *192.168.17.0 192.168.16.1 0x80000001 631 0x2 0x3812 36Extern 192.168.21.0 192.168.20.1 0x80000001 420 0x2 0x8693 36Extern 192.168.33.0 192.168.32.1 0x80000001 590 0x2 0x1713 36Extern 192.168.37.0 192.168.36.1 0x80000001 576 0x2 0xce53 36


29/54


Shortest-Path-First Algorithm

Based on the Dijkstra algorithm

•Link-state database

•Candidate database

•Tree database

Run on a per-area basis on each router• Independent calculation of the topology

Result is passed to the JUNOS software routing table

•Decision as to whether or not the route is marked active is

made there


30/54


31/54


SPF Example (2 of 6)

Tree

(A, A, 0) - 0

Link-state

(A, A, 0)

(A, B, 1)

(A, C, 2)

(B, A, 3)

(B, D, 3)

(C, A, 4)

(C, D, 4)

(D, C, 2)

(D, B, 1)

LS Entry Cost to Root

Candidate

(A, A, 0) 0

RTR-A


32/54



Tree

(A, A, 0) - 0

(A, B, 1) - 1

Link-state

(A, A, 0)

(A, B, 1)

(A, C, 2)

(B, A, 3)

(B, D, 3)

(C, A, 4)

(C, D, 4)

(D, C, 2)

(D, B, 1)


Candidate

(A, A, 0) 0

(A, B, 1) 1

(A, C, 2) 2

RTR-A

RTR-B

1


33/54



Tree

(A, A, 0) - 0

(A, B, 1) - 1

(A, C, 2) - 2

Link-state

(A, A, 0)

(A, B, 1)

(A, C, 2)

(B, A, 3)

(B, D, 3)

(C, A, 4)

(C, D, 4)

(D, C, 2)

(D, B, 1)


Candidate

(A, A, 0) 0

(A, B, 1) 1

(A, C, 2) 2

(B, A, 3) 4

(B, D, 3) 4

RTR-A

RTR-B

RTR-C

1

2


34/54



Tree

(A, A, 0) - 0

(A, B, 1) - 1

(A, C, 2) - 2

(B, D, 3) - 4

Link-state

(A, A, 0)

(A, B, 1)

(A, C, 2)

(B, A, 3)

(B, D, 3)

(C, A, 4)

(C, D, 4)

(D, C, 2)

(D, B, 1)


Candidate

(A, A, 0) 0

(A, B, 1) 1

(A, C, 2) 2

(B, A, 3) 4

(B, D, 3) 4

(C, A, 4) 6

(C, D, 4) 6

RTR-A

RTR-B

RTR-C

RTR-D

1

2

3


35/54



Tree

(A, A, 0) - 0

(A, B, 1) - 1

(A, C, 2) - 2

(B, D, 3) - 4

Link-state

(A, A, 0)

(A, B, 1)

(A, C, 2)

(B, A, 3)

(B, D, 3)

(C, A, 4)

(C, D, 4)

(D, C, 2)

(D, B, 1)


Candidate

(A, A, 0) 0

(A, B, 1) 1

(A, C, 2) 2

(B, A, 3) 4

(B, D, 3) 4

(C, A, 4) 6

(C, D, 4) 6

(D, B, 1) 5

(D, C, 2) 6

RTR-A

RTR-B

RTR-C

RTR-D

1

2

3


36/54


Controlling SPF Calculations

Three consecutive SPF runs can occur before a

mandatory hold-down occurs

•Keeps the network stable during change

•5-second timer is not configurable

A 200-millisecond delay is preconfigured between theback-to-back SPFs

•Altered with the spf-delay knob

•Possible values range from 50 to 1000 ms

[edit protocols ospf]

user@host# set spf-delay 100


37/54


OSPF Router ID

Each OSPF router selects a 32-bit value to use as its

router ID•Populated within the LSAs sent out by each router•Uniquely identifies the router within the network•Used by the link-state database to run SPF

When rpd initiates, the primary interface of the routeris chosen as the source of the router ID•Normally the loopback interface when a non-Martian route

IPv4 address is configured

You can set the RID explicitly within [editrouting-options]•Stub route to RID is no longer advertised by default

[edit routing-options]

user@host# set router-id 192.168.1.1


38/54


Advertising Your Loopback

Your loopback address is likely equal to your router ID

•Occurs when a non-127/8 address is configured

JUNOS software automatically advertises the loopback

address into the link-state database

•When interface lo0 is not configured within OSPF, it isadvertised within all router LSAs

•When interface lo0 is configured in a specific area, it is

only advertised in the router LSA of that area

•Stops when you set the RID with the router-id command


39/54


Graceful Restart (1 of 2)

A restarting router can ask its neighbors to not alter

their database

•Restarting router must continue to forward packets

•The network topology must be stable

•The neighbors must support this functionality

Three modes of operation:

•Restart candidate router

•Possible helper router

•Helper router


40/54


Enabled globally within [edit routing-options]

•Four options to further control graceful restart operation

Grace LSA used for communications

•Link-local opaque LSA format (Type 9)

Graceful Restart (2 of 2)

routing-options {

graceful-restart;

}

lab@host> show ospf database link-local extensive

OSPF Link-Local link state database, interface at-0/2/0.0

Type ID Adv Rtr Seq Age Opt Cksum LenOpaqLoc 3.0.0.0 192.168.20.1 0x80000001 29 0x22 0xdc4 36Grace 210

Reason 1

Aging timer 00:59:31Installed 00:00:26 ago, expires in 00:59:31

Change count: 0


41/54


[edit protocols ospf area 0.0.0.0]user@host# showinterface all {

bfd-liveness-detection {

minimum-interval 100;}

}interface fxp0.0 {

disable;}

A protocol that provides millisecond-level failure

detection of a neighboring router’s forwarding plane•Support for OSPF, IS-IS, and static routing

•Support for RSVP-TE and LDP-signaled LSPs

•Defined in draft-katz-ward-bfd, draft-katz-ward-bfd-v4v6-1hop,

and draft-ietf-bfd-mpls Enabled on a per-interface basis:

Bidirectional Forwarding Detection


42/54



user@host# show

area 0.0.0.0 {

interface so-0/0/0.0 {

metric 12;

}

interface at-1/0/1.100 {

metric 73;

}

}

Cost, or metric, of an interface indicates the overhead

required to send packets out a particular interface Default OSPF cost for all links is 108 /bandwidth (bps)

•Links with a bandwidth 100 Mbps have a cost of 1

•Cost calculation results in a value


43/54


44/54


Effects of Altering Metrics

Metric values are advertised in Type 1 or Type 2 LSAs

and populate link-state database As each router runs the SPF algorithm, each LSA is

examined individually for the cost of the outgoinginterface•The final metric calculation uses that cost

Routers can disagree about the cost on a network link•Can result in asynchronous routing in the network•Hong Kong sees a cost of 45 to reach the Amsterdam router•Amsterdam sees a cost of 60 to reach the Hong Kong router

Hong Kong

San Jose Montreal

Amsterdam

5

10

15

20 25

30


45/54


46/54



lab@Sydney# show

area 0.0.0.20 {

authentication-type md5;

interface fe-0/0/2.0 {authentication {

md5 30 key "$9$wc24ZzF/O1h"; ## SECRET-DATA

}

}

}

MD5 Per-Area Authentication

Includes an encrypted checksum with all packets

•Provides better security than type simple Each interface requires an authentication key

•Multiple interfaces can use the same key•Keys are always encrypted in the configuration

Each key requires a key ID value ranging from 0 to 255


47/54


Interface Level Authentication

Different authentication types can be configured on a

per-interface basis•Omit authentication-type from the area hierarchy•Configure the authentication hierarchy under the

interface•Type simple uses the simple-password command

•MD5 authentication allows for multiple key ID values• Highest value used by default• For easy transition, assign each key ID a start time

[edit protocols ospf area 0.0.0.1]

lab@Sydney# show

interface fe-0/0/0.0 {authentication {

md5 1 key "$9$fQF/SyK7-w"; ## SECRET-DATA

md5 2 key "$9$fQz69CuBRS" start-time 2006-7-4.17:07:06; ## SECRET-DATA

}

}

interface fe-0/0/1.0 {

authentication {

simple-password "$9$ChkJpORreW-VYhSVYgojiAp0"; ## SECRET-DATA

}}


48/54


user@host> show ospf interface detail

Interface State Area DR ID BDR ID Nbrsfe-0/0/2.0 DR 0.0.0.0 192.168.36.1 192.168.24.1 1

Type LAN, address 10.222.4.2, mask 255.255.255.0, MTU 1500, cost 1

DR addr 10.222.4.2, BDR addr 10.222.4.1, adj count 1, priority 128

Hello 10, Dead 40, ReXmit 5, Not Stub

Auth type MD5, Active key id 4, Start time 2003 Apr 14 11:05:00 UTC

fe-0/0/3.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0

Type LAN, address 1.1.1.2, mask 255.255.255.0, MTU 1500, cost 1

adj count 0, priority 128

Hello 10, Dead 40, ReXmit 5, Not Stub

Auth type Password

Verifying Authentication

Authentication information available with the show

ospf interface detail command•Type of authentication is displayed•Key ID values shown if appropriate


49/54


Virtual Links

Virtual links can connect remote OSPF areas together

•Used for an area not physically connected to the backbone•Used for a discontiguous backbone

Configuration always occurs within area 0.0.0.0•Creates a virtual ABR out of the remote router•Tunnels OSPF protocol packets through a transit area

•Both ends must configure the link towards each other• Route summarization should not be performed over virtual links

Area 1

Area 2

rea 0

Virtual Link


50/54



user@host# show

area 0.0.0.1 {

interface fe-0/2/2.0;

}

area 0.0.0.0 {

virtual-link neighbor-id 192.168.0.1 transit-area 0.0.0.1;

}


user@host# run show ospf interface

Interface State Area DR ID BDR ID Nbrs

vl-192.168.0.1 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1

Virtual Link Configuration

Configuration requires two values

•The transit-area is the area to be tunneled through•The neighbor ID is the 32-bit router ID of the router at the far

end of the link

Virtual link appears as an operational OSPF interface


51/54


[edit protocols ospf]user@host# show

overload;

area 0.0.0.0 {

interface so-0/0/0.0;interface ge-0/1/0.0;

}user@host> show ospf database router extensive



Router 192.168.56.1 192.168.56.1 0x80000005 71 0x2 0x540b 60id 192.168.48.1, data 10.222.61.1, type PointToPoint (1)


Overload Settings

Used for transit traffic only if no other path is available

•Sets metric to 65,535 in router LSA on all transit links•Flooding of changed LSA causes SPF calculations in network

Can be set permanently or with a timeout value

•Timer is between 60 and 1800 seconds

•Timer only runs after RPD starts


52/54


[edit protocols ospf]user@host# showprefix-export-limit 500;area 0.0.0.0 {

interface so-0/0/0.0;interface ge-0/1/0.0;

}

Prefix Limits for External Routes

JUNOS software built to handle large numbers of

external routes (Type 5 LSAs)• You normally do not want Internet routes in OSPF

• Usually occurs due to configuration mistake

• Can leave a portion of your network unusable

Limit can be placed on the number of routes allowed

using a routing policy•Type 5 LSAs purged when the limit is reached

•Overload state initiated when the limit is reached

•Requires manual action to correct the problem


53/54


Multiarea OSPF Configuration

Configured at the [edit protocols ospf]

hierarchy level Each area is listed along with the interfaces

associated with that area:

protocols {

ospf {area area-id {

interface interface-name;interface interface-name;

interface interface-name;

}

area area-id {

interface interface-name;}

area area-id {

interface interface-name;}

}

}


54/54

Documents

OSPF in Juniper