Tuesday, November 20, 2018

OSPF multi-area link configuration

What is OSPF Multi-area feature?

basically as the name indicates, it will make one interface work and form multiple OSPF adjacencies
over a single link

for example, consider the below topology:




























as you can see, we need to make the link between R4-R3 to work in backbone area and another two area's ( Area 101, Area 999)

ok, how to configure this?
well, simply by going to interface level and use the command #ip ospf multi-area xx

where X is the new Area number.
ok lets configure it:

R3:
interface Ethernet0/0
 ip address 43.0.0.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf multi-area 999
 ip ospf multi-area 101
 ip ospf 1 area 0
 ip ospf cost 1
end
R4:
 interface Ethernet0/0
 ip address 43.0.0.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf multi-area 999
 ip ospf multi-area 101
 ip ospf 1 area 0
end

Note: IP OSPF NETWORK POINT-TO-POINT is a must.

ok, how to verify this is working or not?
well, the multi-area command should create a new virtual link that can be seen using:

R3#show ip ospf inter br
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0               1     0               3.3.3.3/32         1     LOOP  0/0
Et0/0             1     0               43.0.0.3/24        1     P2P   1/1
MA1             1     101             Unnumbered Et0/0   1     P2P   1/1
Et0/1             1     101             73.0.0.3/24        1     P2P   1/1
MA2             1     999             Unnumbered Et0/0   1     P2P   1/1

also in OSPF neighbor command:

R3#show ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
4.4.4.4           0   FULL/  -        00:00:39    43.0.0.4        Ethernet0/0
4.4.4.4           0   FULL/  -        00:00:39    43.0.0.4        OSPF_MA1
7.7.7.7           0   FULL/  -        00:00:32    73.0.0.7        Ethernet0/1
4.4.4.4           0   FULL/  -        00:00:38    43.0.0.4        OSPF_MA2



 and in here:
#show ip ospf

OSPF_MA2 is up, line protocol is up
  Interface is unnumbered. Using address of Ethernet0/0 (43.0.0.3), Area 999, Attached via Multi-area
  Process ID 1, Router ID 3.3.3.3, Network Type POINT_TO_POINT, Cost: 1

OK, So now why we need to use this feature?

OK, one of the reasons is that, OSPF prefer routes learned internally over the routes learned from other area, for example: R2 will prefer the routes coming from R4 over the routes coming from R6 via R3 border router, even if the metric is much better, OSPF will use the routes learned from (O over O IA.)

So what to do in this case?
well, we can configure the OSPF Multi-area command on R4-R3 link to make it work in Area 101,
in this case R2 will compare the metric and choose the best one to reach R5 loopback

lets check the routing table:
 R2#show ip route 5.5.5.5
Routing entry for 5.5.5.5/32
  Known via "ospf 1", distance 110, metric 20
  Tag 111111, type extern 2, forward metric 4
  Last update from 26.0.0.6 on Ethernet0/2, 00:19:39 ago
  Routing Descriptor Blocks:
  * 26.0.0.6, from 4.4.4.4, 00:19:39 ago, via Ethernet0/2
      Route metric is 20, traffic share count is 1
      Route tag 111111
R2#



a trace route from R1:
R1#traceroute 5.5.5.5 num
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 12.0.0.2 0 msec 0 msec 1 msec
  2 26.0.0.6 1 msec 0 msec 0 msec  (R6)
  3 67.0.0.7 1 msec 1 msec 1 msec (R7)
  4 73.0.0.3 1 msec 1 msec 1 msec (R3)
  5 43.0.0.4 2 msec 1 msec 1 msec (R4)
  6 192.168.1.5 2 msec *  2 msec (R5)
R1#


 I hope this was useful!


Samer R. Saleem



Wednesday, November 14, 2018

OSPF MTU ignore feature

In this article we are going to check how MTU can affect OSPF adjacency establishment

first let us write what are the conditions for two neighbor routers to become OSPF adjacent routers

1. subnet mask ( they have to be on same network)
2.same area
3.authentication
4.MTU
5.hello time
6.stub flags (one router in area x which is stub and its neighbor in same area must be also configured to be stub)

ok, so we have the MTU that has to match on both routers, I'm going to configure two routers with different MTU's
simple lab here:

I'm going to configure one router to be using the default MTU (1500), and change the other router to 1400 MTU

R2 Configs:
!
router osp 1
router-id 200.200.200.200
interface Ethernet0/0
 ip address 192.168.1.2 255.255.255.0
 ip mtu 1400
 ip ospf 1 area 0
end

R1 Configs:
!
router ospf 1
router-id 100.100.100.100
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1500
ip ospf 1 area 0
end

========================================


Ok, first thing you will notice that you will not get log for OSPF status changing to FULL
and if you use the command
#show ip ospf neighbor

you will see the process is stuck at Exchange
R2#
R2#show ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
100.100.100.100   1   EXSTART/BDR     00:00:36    192.168.1.1     Ethernet0/0
R2#

Ok, so now let's see some debug on R1

#debug ip ospf adj
R1>
*Nov 14 06:04:37.604: OSPF-1 HELLO Et0/0: Send hello to 224.0.0.5 area 0 from 192.168.1.1
*Nov 14 06:04:38.184: OSPF-1 ADJ   Et0/0: Rcv DBD from 200.200.200.200 seq 0x2A2 opt 0x52 flag 0x7 len 32  mtu 1400 state EXCHANGE
*Nov 14 06:04:38.184: OSPF-1 ADJ   Et0/0: Nbr 200.200.200.200 has smaller interface MTU
*Nov 14 06:04:38.184: OSPF-1 ADJ   Et0/0: Send DBD to 200.200.200.200 seq 0x2A2 opt 0x52 flag 0x2 len 52
R1>

the output is very clear, we have smaller MTU coming from R2
ok, so what is our options to solve this?
1. make both values equal (set both to 1500 or 1400)
2. ignore this value, ok how?

Note: this must be done on both routers and under interface level

#ip ospf mtu-ignore

now let us see the logs change on R1
R1(config-if)#

*Nov 14 06:07:05.456: OSPF-1 ADJ   Et0/0: Rcv DBD from 200.200.200.200 seq 0x1E02 opt 0x52 flag 0x1 len 52  mtu 1400 state EXCHANGE
*Nov 14 06:07:05.456: OSPF-1 ADJ   Et0/0: Exchange Done with 200.200.200.200
*Nov 14 06:07:05.456: OSPF-1 ADJ   Et0/0: Send LS REQ to 200.200.200.200 length 36 LSA count 1
*Nov 14 06:07:05.456: OSPF-1 ADJ   Et0/0: Send DBD to 200.200.200.200 seq 0x1E02 opt 0x52 flag 0x0 len 32
*Nov 14 06:07:05.457: OSPF-1 ADJ   Et0/0: Rcv LS UPD from 200.200.200.200 length 76 LSA count 1
*Nov 14 06:07:05.457: OSPF-1 ADJ   Et0/0: Synchronized with 200.200.200.200, state FULL
*Nov 14 06:07:05.457: %OSPF-5-ADJCHG: Process 1, Nbr 200.200.200.200 on Ethernet0/0 from LOADING to FULL, Loading Done




R1#show ip os nei

Neighbor ID         Pri   State                 Dead Time   Address         Interface
200.200.200.200   1   FULL/DR         00:00:38    192.168.1.2     Ethernet0/0
R1#


I hope this was helpful

















Tuesday, November 13, 2018

Redistribution and Optimal path selection

Hi,

So, today I'm going to create lab showing how redistribution may effect the optimal path selection, first lets understand what does optimal path means?
Optimal means the one best route from A to B

Ok, so I'm using the following topology:

here you can see  ip address used and X is the router number

R5,R7,R4 are in EIGRP domain, and R3,R1,R2,R7,R4(interfaces) in OSPF domain.

 on R7,R4 we will do mutual redistribution in order to get the routes to R5
after doing the above this is what routing table of R5 looks like:



R5 routing table has two paths to all destinations in OSPF domain, coming from both gateways (75.0.0.7 and 45.0.0.4)

ok, so what to do in order to reach R3 loopback (3.3.3.3) using only one best route (optimal path)?

Ok, I will create a route map on both R4 and R7 that matches OSPF metric cost and if it is equal to (21) I will redistribute it with bandwidth (10000) else it will be redistribute with bandwidth (1000)

Ok lets configure it:

R7,R4

#route-map METRIC permit 10
#match metric 10 +- 11
# set metric 10000 10 255 10 1500
#route-map METRIC permit 20
#set metric 1000 10 255 10 1500

#router eigrp 100
#redistribute OSPF 1 route-map METRIC

Now checking R5 routing table to R3 loopback:

R5#show ip route 3.3.3.3
Routing entry for 3.3.3.3/32
  Known via "eigrp 100", distance 170, metric 284160, type external
  Redistributing via eigrp 100
  Last update from 45.0.0.4 on Ethernet0/1, 00:00:43 ago
  Routing Descriptor Blocks:
  * 45.0.0.4, from 45.0.0.4, 00:00:43 ago, via Ethernet0/1
      Route metric is 284160, traffic share count is 1
      Total delay is 1100 microseconds, minimum bandwidth is 10000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 10/255, Hops 1
R5#

R5 now is using the best route which is via R4 as its only 21 cost to R3 loopback!

Thanks, I hope this was useful!

Good Luck!










Securing Small Businesses: A Roadmap to Continuity and Confidence

  In an ever-expanding world of cyberspace, the prevalence of cyber-attacks grows daily. Allocating budgetary resources to network and cyber...