OSPF Routing Protocol

Transcription

1 OSPF Routing Protocol Contents Introduction Network Architecture Campus Design Architecture Building Block Design Server Farm Design Core Block Design WAN Design Architecture Protocol Design Campus Design Considerations Layer 2 versus Layer 3 Core Design WAN Design Considerations Design Recommendation Summary Planning and Implementation IP Addressing Summarization Scalability Migration Convergence Tuning Design Case Study Operating the Solution Operation Verification Troubleshooting Related Information Introduction Open Shortest Path First (OSPF) is an interior gateway protocol (IGP) link state protocol. Contrary to the distance vector protocol in which the actual Internet Protocol (IP) network is advertised periodically, in a link state protocol there is no IP route exchange. Every participant router creates a Link State Advertisement (LSA) describing its local interface (IP address, network mask, reachable neighbor, link type, and so on) and places it in its database. LSAs are distributed through reliable flooding during database synchronization, and the collection of all LSAs constitute a link-state database. (1 of 48) [10/11/2001 5:34:43 PM]

2 All routers within an area have the exact same link state database and run in parallel with the shortest path or Dijkstra algorithm. Each router constructs a tree of shortest path with itself as a root. The shortest path tree gives the route to all destinations within the autonomous system. Compared to distance vector protocols that have a flat architecture, OSPF uses a hierarchical architecture. By having a hierarchical design, routing control packets in the domain are decreased and limited to a given area. In addition, summarization between different hierarchical levels significantly increases the stability of the network and decreases the size of the routing table. OSPF allows a network to be segmented into multiple areas. An area is a collection of routers and networks. All areas are attached, physically or logically, to a common area called the backbone area (area 0). Routing between areas is achieved through area 0, and summarization occurs at Area Border Routers (ABRs) that are attached to the backbone area 0 and another non-backbone area. The three components in OSPF include: Neighbor discovery Database synchronization Shortest Path First (SPF) calculation Router Classifications There are four types of routing nodes in OSPF. Each routing node provides a specific function. Internal router A router that has all its interfaces in a given area ABR (Area Border Router) A router that has active interfaces in at least two areas, one being the backbone area 0 ASBR (Autonomous System Border Router) A router that injects external routes into the OSPF domain by redistributing any routing protocol or external route to the OSPF domain is known as an ASBR Backbone router A router that has an interface to the backbone area 0, this can be an ABR or backbone internal router Area Types There are four types of areas in OSPF. Each area provides a specific function. Area 0 The backbone area having the specific function of connecting all areas together and passing information between areas. Transit area Any area including area 0, having external routing capability. In other words, type 5 LSA will be flooded into such an area. A transit area can also exist to provide a virtual link between an area not physically connected to backbone area 0. Stub area An area that does not have external routing capability, hence type 5 LSAs are not flooded into this area. ASBR cannot be placed inside this area and a virtual link cannot be configured through this area. (2 of 48) [10/11/2001 5:34:43 PM]

3 Not So Stubby Area (NSSA) NSSA has the same capability as a stub area in that type 5 LSA are not flooded into this area and a virtual link cannot be configured through this area. However, an ASBR could be placed inside such an area and external routes could be imported into the NSSA area and flooded further into OSPF domain. Control Packets OSPF runs on top of IP and is assigned protocol 89. OSPF control packets have a 24-byte common header. To guarantee neighbor discovery and maintenance and database synchronization, the following packet types are defined within the Type field of an OSPF control packet. Packet Type 1 Hello Description 2 Database Description 3 Link State Request 4 Link State Update 5 Link State Acknowledgment Packet Type 1 Hello packets are used to establish and guarantee neighbor discovery and maintenance. Packet Type 2 Database Description packets are used in the initial database synchronization. In order to check what instance of their database needs to be exchanged, routers exchange a summary of their database (LSA header) and mark any missing LSA or a newer instance in order to request it through the Link State Request packet. Packet Type 3 During a database description exchange, the routers request their missing LSA. If they need a more recent instant of an LSA, they add these LSAs in the Link State Request list. Once the database description exchange is complete, the routers send Link State Request packets in order to request these LSAs. Packet Type 4 A router replies to the Link State Request packet by sending a Link State Update. Link State Update is also used when the routers are in Full state and there is a need to generate a new LSA due to any changes. Packet type 5 The flooding operation should be reliable in order to guarantee that no information was lost while synchronizing the database. Link State Acknowledgment is sent in reply to a Link State Update packet. (3 of 48) [10/11/2001 5:34:43 PM]

4 LSA Types and Definitions Link State Advertisement is the information generated by every router describing its local interface in an area. Depending on the LSA type, a router might generate additional information such as a reachable network outside an area or OSPF domain. The following table lists the 11 LSA types. LSA Type Description 1 Router LSA 2 Network LSA 3 Summary LSA 4 Summary LSA 5 External LSA 6 MOSPF LSA 7 NSSA LSA 8 External Attribute LSA 9 Opaque LSA 10 Opaque LSA 11 Opaque LSA LSA Type 1 LSA Type 1 is a router LSA that is generated by every router into a given area. Routers attached to multiple areas generate this LSA into each attached area. A Router LSA describes the router's interface for a given area. It contains information such as IP address, network mask, remote neighbor, link type, link cost, and so on. This LSA is flooded within each area. LSA Type 2 LSA Type 2 is a network LSA. In order to better understand the use of this LSA, you should first understand how OSPF considers multi-access networks. A network is said to be multi-access if it can have more than two routers attached to it. Depending on broadcast capability, this is further divided into two types of networks. Broadcast network Has the broadcast capability for example Ethernet Non Broadcast MultiAccess (NBMA) Does not have the broadcast capability for example Asynchronous Transfer Mode Permanent Virtual Circuit (ATM PVC) SPF needs to consider a network as a collection of nodes and point-to-point links. To satisfy the SPF requirement, consider the media itself as a node (Pseudonode) that is represented by one of the routers on this media called Designated Router (DR). Thus, the adjacency between routers attached to the multi-access is the adjacency between every attached router and the Pseudonode. (4 of 48) [10/11/2001 5:34:43 PM]

5 All attached routers advertise a link to the Pseudonode, represented by DR in their Router LSA. An advertisement is needed from Pseudonode to all attached routers: This is performed by LSA Type 2. LSA type 2 is generated by DR on behalf of the network and announces all routers attached to the multi-access network (also referred to as transit network). This LSA is flooded within an area. LSA Type 3 Summary type 3 announces the IP destination outside a given area in order to ensure that an ABR does the following: Summarize intra-area route to the backbone Summarize intra-area and inter-area route (learned through the backbone) into non-backbone area Note that routing between areas has a distance vector behavior. This means that the route learned from an area, and installed in the routing table, is summarized for other attached areas. It is not advertised back to the same area. A backbone router processes only the summary received from the backbone. The only time an ABR processes a summary received through a non-backbone area is: If the ABR loses its connection to the backbone (no neighbor) but still is an ABR and has an active interface in area 0 If there is a virtual link in the TransitArea and the TransitCapability of the area is set to true (see later) LSA Type 4 When a type 5 LSA is flooded within a domain, the location of the ASBR (advertising router) is only known within the area in which the type 5 LSA is flooded. It is the responsibility of the ABR attached to this area to summarize the reachability of the ASBR to other areas. The ASBR in normal operations is the exit point toward external destinations. Note that type 5 and type 4 LSAs are not flooded into Stub or NSSA areas and there is no need to announce ASBR reachability within Stub or NSSA areas. LSA Type 5 An External LSA is generated by an ASBR when some external destination is redistributed into OSPF. A router becomes ASBR as soon as it redistributes external routes learned by way of any protocol, static, or connected into OSPF. Type 5 LSAs are flooded domain-wide into all areas except Stub areas and NSSA areas. LSA Type 6 The group membership LSA (MOSPF) is not used by Cisco. This LSA is used in order to create a shortest path tree for every source or multicast destination. LSA Type 7 LSA type 7 is generated by an ASBR in an NSSA area. This allows external routes to be imported into an NSSA area as Type 7. Type 7 is flooded only within the NSSA area. In order to flood the external information further, an ABR could translate type 7 LSAs into type 5 LSAs and further flood into the OSPF domain. (5 of 48) [10/11/2001 5:34:43 PM]

6 LSA Type 8 This is an obsolete LSA. It was previously intended to carry external attributes between border routers through the OSPF domain. LSA Types 9, 10, and 11 Opaque LSA defines a range of LSAs that provide more flexibility to the OSPF LSA packet format by not having to define a new LSA type for every new application. There are three flooding scopes depending on the type: Type 9 is flooded locally (not beyond the local network) Type 10 is flooded area wide Type 11 is flooded domain wide Currently, type 10 is used for MPLS Traffic Engineering in order to announce more attributes for network links. Neighbor Discovery When OSPF is enabled on an interface, the router starts sending Hello packets periodically in order to discover the remote neighbor(s). The discovery could be dynamic, or a configuration might be needed in the case of a multi-access network that lacks broadcast capability. When a router receives a Hello from its neighbor, it includes the Router ID of this neighbor in its next Hello. This ensures that there is two-way connectivity between routers. A Hello packet is also used to elect DR/BDR on a multi-access network (broadcast and NBMA) and make sure that the neighbors agree on the area type based on the option fields in the Hello packet. Hello packets behave differently depending on the network type as described below. Point-to-point Network Neighbor discovery is dynamic Hello is sent to the multicast address AllSPFRouter ( ) No DR/BDR election Broadcast Network Neighbor discovery is dynamic Hello is sent to the multicast address AllSPFRouter ( ) DR/BDR election takes place NBMA Network A configuration is required in order to discover the neighbor (6 of 48) [10/11/2001 5:34:43 PM]

7 Hello is sent unicast to each remote neighbor's IP address DR/BDR election takes place Note that since DR/BDR takes place, you would need at least a connection from DR/BDR to all the neighbors in order to guarantee the proper operation in this mode. DR/BDR sends Hello to all routers A router is eligible to become DR/BDR (priority different than 0) and it sends Hello packets only to DR/BDR and those routers that are eligible to become DR/BDR A router not eligible to become DR/BDR (priority 0) sends Hello packets only to DR/BDR Point-to-Multipoint Network Point-to-multipoint is considered a collection of point-to-point networks. Depending on the configuration, neighbor discovery could be dynamic. ip ospf network point-to-point Neighbor discovery is dynamic Hello is sent to the multicast address AllSPFRouter ( ) No DR/BDR election In this case the Hello is sent to the multicast address AllSPFRouter and replicates the packet over each connection. It is important to note that the connection should be permanent (PVC) and not dynamic (SVC) as this would fail. ip ospf network point-to-multipoint non-broadcast A configuration is required in order to discover the neighbor Hello is unicast to each remote neighbor IP address No DR/ BDR election The RFC definition of point-to-multipoint requires configuration and that neighbor discovery is not dynamic. Cisco implements both methods. Database Synchronization It is very important that the database of all routers within an area are synchronized in order so they have the same view of the network. Synchronization is either the initial router synchronization (when two routers establish adjacency) or if there is any change to the network topology and the routers need to resynchronized. Synchronization is performed by way of OSPF packet type 2, 3, 4, and 5. Once two routers achieve the 2-way state, they start synchronizing their database by establishing a master-slave relationship. This is necessary so that one of the routers leads the database synchronization exchange. After the 2-way state, the routers go to the Exstart state where they have to find out who is the master. This is done (7 of 48) [10/11/2001 5:34:43 PM]

8 by Router ID. Initially both routers declare themselves as master but the router with the higher Router ID is elected as master. After the election, they go to the Exchange state at which point they start exchanging Database Description packets. The master sends a Database Description packet by incrementing the LS sequence for every different packet, and the slave just echoes back the LS sequence number sent by the master. Only one Database Description packet is sent and echoed at a time. This guarantees a reliable exchange between the two routers. During the exchange phase the routers make notes of their missing LSA or if the LSA that the neighbor has has a newer instant. Once the exchange is over, they are going to make a request (packet type 3) from their neighbor and they go to the Loading state. Once the loading is over, or if the routers do not have any LSA to request (link state request list empty), the routers go to Full adjacency. Note that in a multi-access network (broadcast, NBMA) where DR/BDR election takes place, only DR/BDR synchronize their databases with all the routers. In other words, two non DR/BDR routers remain in 2-way/ DOTHER state. Neighbor State Machine The following diagram shows the neighbor state machine. The following describes the states of the OSPF neighbors. (8 of 48) [10/11/2001 5:34:43 PM]

9 Down The initial state of a neighbor conversation. It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to "Down" neighbors, although at a reduced frequency. Attempt Is only valid for neighbors attached to Nonbroadcast Multiaccess (NBMA) networks. It indicates that no recent information has been received from the neighbor, but that a more concerted effort should be made to contact the neighbor. This is done by sending the neighbor Hello packets at intervals of set by the Hello interval. Init A Hello packet has recently been seen from the neighbor. However, bi-directional communication has not yet been established with the neighbor (i.e., the router itself did not appear in the neighbor's Hello packet). All neighbors in this state (or higher) are listed in the Hello packets sent from the associated interface. 2-Way Communication between the two routers is bi-directional. This has been assured by the operation of the Hello Protocol. This is the most advanced state short of beginning adjacency establishment. The (Backup) Designated Router is selected from the set of neighbors in state 2-Way state or greater. ExStart The first step in creating an adjacency between the two neighboring routers. The goal of this step is to decide which router is the master, and to decide upon the initial DD sequence number. Neighbor conversations in this state or greater are called adjacencies. Exchange The router is describing its entire link state database by sending Database Description packets to the neighbor. Each Database Description Packet has a DD sequence number, and is explicitly acknowledged. Only one Database Description Packet is allowed outstanding at any one time. In this state, Link State Request Packets may also be sent asking for the neighbor's more recent LSAs. All adjacencies in Exchange state or greater are used by the flooding procedure. In fact, these adjacencies are fully capable of transmitting and receiving all types of OSPF routing protocol packets. Loading Link State Request packets are sent to the neighbor asking for the more recent LSAs that have been discovered (but not yet received) in the Exchange state. Full The neighboring routers are fully adjacent. These adjacencies now appear in router LSAs and network LSAs. Shortest Path First Calculation After database synchronization, all routers in an area will have the exact same link state database. The database is just a collection of different LSAs that the router has received and should build up the routing table based on this information. There are two types of routes: Network route A destination IP address Router route The path (outgoing interface and next hop) to ABR or ASBR This will be used later in order to consider the inter-area route advertised by the ABR and the external route advertised by ASBR. In order to see the router route, use the show ip ospf border-routers command. SPF needs to see the network as a collection of nodes and point-to-point links. A multi-access network is represented by a Pseudonode (DR). Every router announces a connection to the transit network (DR) and the DR announces a connection to all attached routers. A router first finds out the path (outgoing interface and next hop) to all the nodes in its area by running the Dijkstra algorithm. The IP address is just additional information that is part of the node (included in the router LSA). Once (9 of 48) [10/11/2001 5:34:44 PM]

10 the path to all the nodes is found (outgoing interface and next hop), the path to all the IP addresses advertised by the node is calculated. The following describes the steps a router goes through in order to calculate the route to all destinations. 1. The router considers LSA type 1 and type 2 in order to build a shortest path tree. This means a router finds the outgoing interface and the next hop to reach all of the nodes. It is important to note that we are not talking about IP address, and a node is just represented by its router ID that identifies the router in the area NOTE: In order to accomplish step 1, which is to find the shortest path from a node to all the nodes in an area, Dijkstra algorithm is executed. Install the IP address advertised by the node in the routing table. At this stage, all intra-area routes have been found for a given area. Consider LSA type 3 and 4 in order to find all destinations to other areas and the path to an ASBR. This step is only performed by ABRs in an area in which there is a virtual link. In other words, the TransitCapability of the area is set to True. This step is necessary to find if there is any shorter path than found previously in step 3. An ABR considers the summary of the non-backbone transit area Note that this is the only time an ABR considers a summary from a non-backbone area as an ABR considers only summary from backbone areas (except if it has lost all its connections to the backbone but still has an active interface in area 0). At this stage all the inter-area routes have been found. The router considers the LSA type 5 in order to install the path to all external destinations. If an area is NSSA, LSA type 7 is considered instead. For an ABR attached to a NSSA area type 7, LSAs are processed after type 5. Dijkstra Algorithm Given a collection of nodes connected by way of point-to-point links, this algorithm finds the shortest path from a given node (root) to all the nodes. The router keeps track of three lists: Unknown list All the nodes to which the destination has not been found (distance is infinity). All routers start in this list. Candidate list The list of nodes that have been found in the step-by-step process from the root and are candidate to the shortest path tree. Shortest path list The list of paths that the calculating router has found to be the shortest path to all the nodes. In each step, one router is found and added to this list. A calculating node S (source) does the first iteration by placing itself in the shortest path tree and adding its neighbor to the candidate list. In each of the following iterations, the router performs one of the following functions: Move the shortest candidate (metric wide) from the candidate list to the shortest path list. Call this newly added node the active node. Initially, the source is itself the active node. Look at the neighbors of active nodes to perform the following: (10 of 48) [10/11/2001 5:34:44 PM]

11 If the shortest candidates are not already in the candidate list, move them into the candidate list. The cost from the root is the cost to the active node plus the cost from the active node to the newly added neighbors. The outgoing interface and next hop is inherited from the active node. If the shortest candidates are already in the candidate list and the current cost from the root is more than the cost through the active node, update the candidate list with this new information. Otherwise if the node already exists and its cost is equal to the cost through the active node, add the new next hop and outgoing interface (inherited from the active node) to the existing node. Check to see if the candidate list is empty. If the candidate list is not empty, start the iteration again. The algorithm requires N iteration (including the first one) where N is the number of nodes (router + transit networks represented by DR). Virtual Link To guarantee connectivity between areas, all areas should be connected to the backbone. There is no need for physical connectivity: An area can be connected to the backbone logically through the use of a virtual link. A virtual link connects two ABRs having in common a non-backbone area called a Transit area. A virtual link is considered as an unnumbered point-to-point link. However, there is an IP address associated with the virtual interface. The virtual interface is the interface through which a shortest intra-area path to the remote ABR is determined. Apart from attaching logically an area to the backbone, a virtual link can be used in order to have some control over a given path. This is illustrated in the following diagram. Since intra-area paths are always preferred over inter-area paths, if the link between RB and RC is placed in area 0, (11 of 48) [10/11/2001 5:34:44 PM]

12 area 1 will not have an optimal path since RB should go through RA to reach RC. If the link is placed in area 1, the traffic in area 0 will not have the optimal path. By placing the link in area 1, and configuring a virtual link between RB and RC, both areas will use the RB and RC link since the virtual link is part of area 0. As mentioned previously in the SPF section, after considering the summary LSA in order to find all destinations to other areas and the path to an ASBR, if there is a virtual link in the area, the ABR should set the TransitCapability to True in order to process the summary from the transit area (non-backbone). This is illustrated in the following diagram. There is a virtual link between RC and ABR1 in area 1. ABR1 announces a summary LSA for network X with a cost of 100. ABR2 announces the same summary but with a cost of 10. All routers in area 1 choose the shortest cost path and go through ABR2. However, since there is a virtual link between RC and ABR1, and this is part of area 0, RC will choose the intra-area path (area 0) rather than inter-area path advertised by ABR2. This could lead to a routing loop as RC will go through RB to reach ABR1 (virtual link) and RB will go through RC to reach ABR2 By setting the TransitCapability to True in the SPF, an ABR considers the summary from the non-backbone area (area 1). Therefore, RC looks at the summary advertised by ABR2 and sees that there is a shorter path through ABR2. Summarization Summarization consists of combining a set of IP addresses and advertising it as a block instead of advertising every specific component within the address range. This reduces the amount of information to be propagated and reduces the amount of information other routers should store. Most importantly, it increases the stability of the network as any change in a more specific component of the address range does not need to be propagated. Internal Route Summarization In order to guarantee inter-area routing, an ABR advertises through LSA type 3 destinations that are reachable in each attached area into other areas. An ABR can be configured to advertise a range of IP addresses and, therefore, summarize a given subnet of network for a given area instead of individually announcing all of the subnets within the range. (12 of 48) [10/11/2001 5:34:44 PM]

13 By configuring area x range < network> < mask>, an ABR summarizes the IP destination in area x using the specified network range and advertises this range into other areas. NOTE: An ABR needs at least a given IP address that is reachable in the summary range in order to advertise the range. If area x is backbone (x = 0), only the intra-area route (native) in the backbone is summarized and not the route learned through other areas. For example, an area range for area 1 is configured and announced to area 0. There is also an area range for the backbone covering the network range advertised by area 1. The area range of the backbone is only for its native route (intra-area ) and the summary of area 1 is leaked into other areas. It can be desirable to hide a set of destinations in an area from being announced into other areas (see Route Filtering). In order to achieve this, the area x range network mask not-advertise command needs to be configured. Internal Route Summarization Cost If an ABR is configured to summarize a range of IP address, the cost of the summary range is: The lowest cost of any IP address in the range if compatible rfc 1583 is enabled which is the default The highest cost of any IP address in the range if compatible rfc 1583 is disabled External Route Summarization In OSPF, external routes are advertised by an ASBR. It is very important to understand that only the originator of a type 5 (ASBR) can summarize its external routes. In order to summarize the external information the summary-address <network> <mask> command needs to be configured. The not-advertise key word can also be used in order to suppress the summary. In the case of an NSSA area, the external destination routes are imported into an NSSA area as type 7 and are flooded further by an ABR performing the type 7 to 5 translations. An ABR performing type 7 to type 5 translations could summarize the external information generated by an internal NSSA ASBR. By performing the type 7 to type 5 translations, the ABR becomes ASBR and changes the advertising router field in the LSA header. Since the ABR is now the ASBR, it can summarize the external information. External Route Summarization Cost If an ASBR summarizes a set of external IP addresses, the cost of the route is always the minimum cost of any given IP address. Note that RFC does not specify any recommendation regarding this. Route Filtering Filtering in OSPF is not as obvious and possible as is the case of the distance vector protocol. The reason is that OSPF does not advertise any routes. Hence, filtering cannot be performed. To prevent a route from being installed in the routing table, an inbound distribute list can be configured to deny a given route. However, this does not prevent other routers to learn this route as the information is flooded through LSA. As mentioned previously, between areas is similar to distance vector behavior. Cisco IOS has implemented inter-area route filtering (see CSCdi43518). It is now possible to use an inbound or outbound filter to filter a route to be injected to an area or to be advertised (13 of 48) [10/11/2001 5:34:44 PM]

14 out of the area. Another method of filtering is to configure a summary range for the area and use the not-advertise key word in the summary range in order to suppress the advertisement of the route into other areas. This option provides less control since it can only be used for a given range to be suppressed (outbound) so there is no control to specify a specific route within an IP range. Parameters Affecting the Convergence Convergence, by definition, is the time required for all routers in a domain to process any change introduced and go back to the previous stable station. There is always a tradeoff between convergence and stability in the network. A fast convergence requires a quick reaction to the change and this affects the stability of the network. There are many parameters in OSPF affecting the convergence. These following table describes these parameters. OSPF Parameter RouterDeadInterval Convergence Affected The time during which the router maintains the adjacency even if there is no Hello received from the neighbor. After each Hello reception, the timer is reset to its initial value. The RouterDeadInterval allows a router to detect a dead neighbor and notify other routers in the domain by generating a new LSA. The lower the value, the faster the convergence. By default, the Dead Interval is 40s for point-to-point, and Broadcast network. For NBMA and point-to-multipoint, it is 120s. It can be configured to a lower value. Depending on the link type and topology, the neighbor down situation can be noticed through Layer 2 and is much faster than the RouteDeadInterval. For example, a back-to-back GE link will be noticed through Layer 2 and will be much faster than the detection by RouterDeadInterval. To change the default value, use the following commands under a given interface: ip ospf hello-interval <sec> ip ospf dead-interval <sec> Note that all routers attached to a given interface require the same hello and dead (14 of 48) [10/11/2001 5:34:44 PM]

15 LSA_Delay_Interval interval. Otherwise the adjacency will not be formed. The initial interval time to wait before sending an LSA (type 1 and 2 only). This parameter is Cisco-specific and its value is 500 msec. Currently it is not possible to change this value but a back-off LSA generation will be implemented in the near future and the initial delay interval will be configurable. The reason behind this constant is that if a link flaps very quickly it won't be reported before this interval time. MinLSInterval This is an architectural constant of value 5 seconds defined in RFC, and is the minimum time a router should wait before generating the same LSA. This is also the rate-limiting LSA mechanism for LSA type 1 and 2. Other LSAs are based on the route installation in the routing table and are rate-limited by SPF. Cisco IOS, however, allows this parameter to be changed with a hidden command. In the near future, a back-off algorithm will be implemented for LSA generation and will make the value configurable. MinLSArrival This is an architectural constant of value 1 second defined in RFC, and is the minimum time required between the reception of the same LSA. If the same LSA is received less than this time, it is ignored and no Ack is sent to the neighbor. SPF_SCHD_DELAY Cisco IOS allows this parameter to be changed with a hidden command. Once an LSA has been received, the SPF is scheduled to run. However, the SPF actually runs after SPF_SCHD_DELAY time which is 5 seconds by default. This parameter can be changed using the Timers spf <delay > <hold> command. (15 of 48) [10/11/2001 5:34:44 PM]

16 SPF_HOLD_INTERVAL If two SPFs have to run consecutively, they will wait as specified by the SPF_HOLD_INTERVAL time which is 10 seconds by default. This prevents running too many SPFs due to a quick change. Network Architecture Campus Design Architecture This parameter can be changed using the Timers spf <delay > <hold> command. A scalable network is always designed in a multilayer or hierarchical manner. This allows for easy future growth and simplifies troubleshooting. It also increases the performance and isolates the problem caused to some parts of the network. A multilayer campus network consists of three blocks: Building block Consists of Layer 2 switches in the wiring closet to connect users. The wiring closet merges into a redundant distribution Layer 3 switch. Server farm block Consists of enterprise servers located usually in a separate block. The servers connect to Layer 2 switches, which in turn connect to a redundant Layer 3 switch. Core block The block that connects different building blocks and the server farm block. Depending on the network size, this can be a direct connection between a distribution layer switch in a fully or partially meshed topology, or through Layer 2 switches. For a large campus design, Layer 3 switches in the core are used to connect the different distribution layers. The following section describes each block and the different design models. Building Block Design The following diagram shows the architecture of a multilayer building block design. Users are connected to access Layer 2 switches in the wiring closet that are dual-homed to redundant Layer 3 switches in the distribution layer. Layer 3 switches reduce the scope of the broadcast domain and segment the campus into smaller and more manageable sections. (16 of 48) [10/11/2001 5:34:44 PM]

17 The following two scenarios are available. Every Layer 2 Switch in Wiring Closet is in Different VLAN This scenario results in no virtual local area network (VLAN) trunking and no Layer 2 spanning tree loop. Hot Standby Routing Protocol (HSRP) is configured between Layer 3 switches. Each Layer 3 switch is the primary gateway for one VLAN and the backup for another VLAN. Redundancy There are two links from every Layer 2 switch to the Layer 3 switch. If one of the links fails, the other link is used and HSRP maintains the connectivity of users. Load Balancing There are two ways to achieve load balancing: Use a different subnet (VLAN) for the uplink toward the Layer 3 distribution switch. In this case, every host on a subnet uses the corresponding subnet link. Use Multigroup Hot Standby Routing Protocol (MHSRP) for the same subnet but use a different IP address. Every Layer 3 switch is active for a given IP address. Load balancing can then be achieved by using the two active HSRP addresses as two different gateways for hosts. For example, Layer 3 switch A is active for group 1 with IP address and the backup for group 2 with IP address Layer 3 switch B is the backup for group 1 with IP address and active for group 2 with IP address (17 of 48) [10/11/2001 5:34:44 PM]

18 Same VLAN Across Layer 2 Switch If the same VLAN is configured on two different Layer 2 switches, a trunk is needed between Layer 3 switches in the distribution layer to guarantee the connectivity. This is illustrated in the following diagram. Layer 3 switches A and B are at the distribution layer and Layer 2 switches C and D are at the access layer. Switch A runs OSPF and, therefore, advertises the passive interface in its VLAN toward the core. If the link between switch A and D fails, switch A still advertises this subnet since it has still another port up on this VLAN (link A to C). So when the traffic reaches switch A for the users connected to switch D, if there is no link between A and B, the return path is broken and there is black-hole traffic for users connected to switch D. OSPF Design Perspective for Building Blocks Since the access layer consists of a Layer 2 switch, OSPF is only relevant to Layer 3 switches in the distribution layer. A Layer 3 switch in the distribution layer need not establish adjacency through the Layer 2 switch in the access layer since the Layer 3 switch needs only to announce the connectivity of its attached interfaces. For this reason, the passive interface router OSPF command is used for the Layer 3 switch interface toward the wiring closet. This reduces the routing protocol exchange and reduces the CPU overhead. A routed link is used between Layer 3 switches in the distribution layer to avoid intra-building traffic passing through the core. Server Farm Design The server farm design architecture is similar to the building block architecture. However, because of its critical operation, it should be implemented with high capacity links and maximum redundancy to ensure connectivity all the time. The following diagram shows a server farm design with servers dual-homed to Layer 2 switches that are in turn dual-homed to Layer 3 switches in the distribution layer. NOTES: There is a trunk between the distribution layer switches. This is necessary for backing up the path of a Layer 2 switch should an uplink fail. One of the Layer 3 switches is designated as the primary HSRP gateway and also is the root of the spanning tree (both ports are in forwarding state). To increase the spanning tree recovery, UplinkFast is enabled in each wiring closet switch. (18 of 48) [10/11/2001 5:34:44 PM]

19 OSPF Design Perspective for Server Farm Block As in the case of the building block design, only a Layer 3 switch is relevant to OSPF. There is no need for a Layer 3 switch to establish adjacency through a Layer 2 switch link. Passive interfaces are configured on the Layer 3 switch link in the distribution layer toward the Layer 2 switch. This reduces the routing protocol update and decreases CPU overhead. Core Block Design The different building blocks and the server farm block communicate to each other through the core block. It typically consists of Layer 3 switches but a Layer 2 design could exist as well. This section focuses on two different core designs: Layer 2 versus Layer 3, and the OSPF design practices for each. This section is describes two scenarios: Core design without a Layer 3 switch, essentially Layer 2 Core design with a Layer 3 switch The different designs are discussed with respect to the size of the campus network for which they are best suited. Core Block Without Layer 3 Switch Without the presence of a Layer 3 switch in the core, connecting the different distribution Layer 3 switches can be done through a direct Layer 3 connection or through the connection by way of a Layer 2 backbone switch. (19 of 48) [10/11/2001 5:34:44 PM]

20 Fully Meshed Campus Backbone For a small enterprise backbone, it may be desirable to directly connect the Layer 3 distribution switch of different building blocks. Note that this is not a scalable solution and should be used for small enterprise backbones as the number of the link increases as switches are added. OSPF Design Perspective All links between Layer 3 switches are placed in the same area 0 and each Layer 3 switch is adjacent to all neighbors. The interface toward the Layer 2 switch is passive. If a Layer 3 switch is connected to a high number of VLANs, it is desirable to summarize remote subnets before advertising them into the backbone. To summarize the building block subnets, a routed link is configured between the Layer 3 switch in each building block and server farm and is placed in a different area. In addition, the passive interface is part of this same area. Therefore, the Layer 3 switch becomes an ABR and is able to summarize the different subnets in a building block into a single IP range and advertise to the backbone. Partially Meshed Campus Backbone This is similar to a fully meshed backbone and should be used for small to medium size campus networks. Since the server farm plays a centralized role, all building blocks are connected to the server farm block. (20 of 48) [10/11/2001 5:34:44 PM]

21 OSPF Design Perspective All links between Layer 3 switches are placed in area 0 and the interface toward Layer 2 switch is passive in order to reduce the routing protocol update. To summarize the building block subnets, a routed link is configured between the Layer 3 switches in each block and placed in different areas. Therefore, the Layer 3 switch becomes an ABR and is able to summarize the subnet of a building block into a single IP range and advertise the summarized routes toward the backbone. Layer 2 Core Backbone To reduce the number of interface connections between the Layer 3 switches in the distribution layer, a Layer 2 core can be used. The Layer 2 core connects all Layer 3 switches in a single VLAN, making them part of the same subnet. To prevent spanning tree loop and its delayed convergence time, the link to the backbone is defined as a routed interface (no VLAN trunk) and there is no loop in order to put spanning tree in a blocking state. This design can be used for a small or medium campus network. OSPF Design Perspective All Layer 3 switches in the distribution layer are in the same VLAN and share the same IP address. All Layer 3 switches in the distribution layer are in a single area 0 and have a passive interface on interfaces toward the wiring closet switch in order to reduce the routing table update. (21 of 48) [10/11/2001 5:34:44 PM]

22 In terms of OSPF operation, a DR/BDR is elected for the common subnet. To reduce the number of subnets advertised toward the core, a routed link is configured between the Layer 3 switch in each block and placed in a different area. Therefore, the Layer 3 switch becomes an ABR and is able to summarize the subnet of a building block into a single IP range and advertise it toward the backbone. Core Block with Layer 3 Switch To build large and scalable campus networks, the core block should be based on Layer 3 switches, connecting all Layer 3 switches in the distribution layer. This reduces the peering of Layer 3 switches in the distribution layer altogether and therefore scales for a large campus network. The exact topology of the Layer 3 switch in the core depends on the size of the campus network, but a minimum of two Layer 3 switches with dual links between them is recommended to guarantee maximum redundancy and fast convergence. Redundancy Every distribution switch should have two links to the core router. The core routers should have two links between each other. If one of the links goes down, the other is immediately used since there are two equal path costs. Load Balancing Every Layer 3 switch should have two equal paths to other Layer 3 switches and load balancing. Depending on the configuration, per destination, or per packet load, balancing is used. However, it is recommended to leave the default destination as load balancing in order to avoid out-of-sequence packet reception. (22 of 48) [10/11/2001 5:34:44 PM]

23 OSPF Design Perspective Every building block or server farm block should be placed in a different area. That is, the link between the distribution Layer 3 switch in each block and the core Layer 3 backbone is placed in different areas. The link between the Layer 3 switch core is in area 0, making the core Layer 3 switch an ABR. Summarization is done on the ABR core Layer 3 switch in order to decrease the number of subnets advertised to each area. In addition, a routed link is configured between Layer 3 switches in the distribution layer of each block. This allows the traffic in a given block to go directly between Layer 3 switches in the distribution layer without having to go through the core. Every Layer 3 switch in the distribution layer has two equal cost paths to the other Layer 3 switches in the distribution layer. If one of the links becomes unavailable, the other link is used immediately and the convergence time is minimum. Alternative Layer 3 Core Topology Depending on the size of the campus network and the number of building blocks and server farms to interconnect, it is desirable to use a core Layer 3 switch consisting of more than two switches. This decreases the number of peering per ABR. This can be used for a very large campus network. The following diagram shows a campus design consisting of four switches in the core. Building block Layer 3 switch peering has been divided among the four core Layer 3 switches in order to decrease the number of (23 of 48) [10/11/2001 5:34:44 PM]

24 adjacencies per ABR. Every building block and the server farm is placed in different areas represented by a different color in the diagram. A, B, C, and D are core Layer 3 switches having their link in area 0 represented in black. Note that every Layer 3 switch in the distribution layer has two equal paths to all other Layer 3 switches in the distribution layer. All building blocks connected to the same core Layer 3 switch is two hops away from each other, otherwise there is three hops. For example, the building block 1, 2, 3 and 4, 5, 6 are three hop away since they are not connected to the same Layer 3 core switch. However, every building block is two hops away from the server farm. This is desirable since the majority of the traffic is between each building block and server farm. It should be noted that although each Layer 3 switch has two equal path costs to the server farm, ABR switches A, (24 of 48) [10/11/2001 5:34:44 PM]

25 B, C, D will only pick one link since intra-area routes are always preferred. Should the preferred intra-area route link go down, OSPF would need to converge in order to have another path. If a fast convergence is required, it is desirable to have two equal paths from each ABR to each distribution layer switch in the server farm. In this case, the two Layer 3 switches in the distribution layer of the server farm block should be connected to all four ABRs in the core. The following diagram shows this topology WAN Design Architecture There are four main WAN design architectures. The choice of the topology depends on the number of sites and optimal routing for intersite communication. Simple Point-to-Point When the number of sites or campuses to interconnect are small (3 to 4), a point-to-point architecture can be used. All routers connected through a point-to-point network should be part of area 0, summarizing each area or sets of areas in each site and the OSPF network type would be point-to-point. Partial Mesh Use this solution if the number of sites is substantial and when there is no need for optimal routing between (25 of 48) [10/11/2001 5:34:44 PM]

26 different sites. The exact topology of the partial mesh depends on the importance of the traffic pattern between sites. If the sites that interconnect each other are campus networks, they would be part of area 0. If they are remote sites, they can be placed in a non-backbone area that connects to area 0. The OSPF network type used could be point-to-point or point-to-multipoint but note that the latter introduces /32 route. Full Mesh Use a fully meshed solution if the number of sites is relatively small and there is a need for optimal routing between sites. Although all of the routers are fully meshed, the OSPF network broadcast or NBMA type should not be used. This will cause many problems. For example, if the link between two non-dr/bdr routers goes down, the traffic between the two routers will be black holed since the DR still tries to communicate with both routers. Also, if a link between the DR and another router goes down, this router will be isolated and lose all connection. Therefore, it is required to use a point-to-point or point-to-multipoint network type. Hub and Spoke Hub and spoke is used when there is a high number of remote sites that connect to the main campus or headquarters, and optimal routing is not required or at least does not justify the higher cost of additional connections between sites. Since the spoke sites goes through the hub site to reach any destination, a default route is sufficient in order to maintain the connectivity in the remote sites. For this reason, distance vector protocols are more suited for this topology as the route advertised to remote sites can be controlled (filtered). In OSPF, if a link between the hub and a spoke goes down, there is a new LSA generated and flooded to all the spoke routers. This action does not affect the routing at the spoke site since spoke sites rely on the default route to reach other destinations. Protocol Design Campus Design Considerations This section builds on the Network Architecture section and provides all design considerations required for OSPF addressing. When building a large and scalable network, the first step is to plan a network IP structure that can be summarized in a hierarchical level. Summarization decreases memory utilization on the routers holding the routing table. More importantly, it increases the stability of the network and decreases the routing control packet update to be propagated. This saves CPU cycles as the loss of a given route within a range is not propagated to other parts of the domain. The IP subnet in each building block should be a contiguous IP block address in order to be summarized at an ABR level. As a general OSPF rule, IP address structures should be contiguous within the area in order to be summarized. Distribution Layer All interfaces of Layer 3 switches in the distribution layer toward the wiring closet switch are passive. A routed (26 of 48) [10/11/2001 5:34:44 PM]