97 IPExpert OSPF Introduction

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] if there is a single most important topic on the lab if I would have to single out one thing that you cannot go to the lab not knowing that would be OSPF OSPF is by far the most complex of all the routing protocols that you will encounter in your CCI lab exam it is more complex than even BGP believe it or not and it will be on your lab in other news the skies blue so you will have OSPF on your lab it will be a dominant technology in both the troubleshooting and configuration sections in the troubleshooting section you can expect out of 10 tickets that at least three four maybe even five are somehow related to OSPF in the configuration section in the routing protocols part in in in the sections that are dealing with routing protocols you will spend most time configuring OSPF to meet the requirements of the lab this is why it's extremely important to understand how OSPF works both in the single area and in multi areas so this is exactly what I'm going to try today is I'm going to try to explain the OSPF how it operates why it works the way it does and then with a little bit of luck we're going to see it in action so when it comes to OSPF it's important to understand that fundamentally speaking it is a link-state routing protocol now this is what the books say now I which you probably have already noticed don't always agree with books so yes OSPF is link-state in a way but I prefer to think of our Spears as hybrid routing protocol now why hybrid because inside a single area OSPF is indeed a link state but when we go into multi area operations as you will see OSPF actually behaves in a very very distance-vector way so hence the hybrid thing now if you read RFC for OSPF and and RFC is 23:28 if my memory serves me well you are of course not going to see the mention of the word hybrid you are not going to see the mention of distance vector behavior but you are going to read about something that is called partial SPF and when you actually read and understand what that is you're going to realize that they are actually describing a distance vector behavior of the routing protocol now that said for the purposes of the written test if you are studying for your written test just remember OSPF is a link state routing protocol but for from practical perspective from a practical point of view it is actually hybrid now for the sake of argument I will just say that this is also true for is eius eius eius is also in a way a hybrid routing protocol but you don't care about the isi so i'm not going to waste too much time actually talking about these two so when we talk about OSPF it's very important to understand that you know explaining OSPF for an instructor that is trying to teach you at the level that you need for CCIE we are presented with multiple challenges first I can either make an assumption that you know how I spear Forks and that I just need to show you some advanced configurations but as I said at this point in in my life I have done a few CCI boot camps and I have seen so many misconceptions about the OSPF and being that I consider it to be a single most important topic for the exam I'm going to try to avoid making too many assumptions about what you know so I'm going to try to explain OSPF from ground up but as I said sometimes we as the instructors are faced with an incredible challenge there is that sometimes we have to explain some behavior using the terminology or using related behavior in OSPF that we have not yet explained so we are going to be playing chicken in the egg situation pretty much all the time so I can start talking Oh a spear from ground up but then I'm going to talk about the information exchange but how do I talk about the information exchange before I explain what is contained in those information exchanges but if I talk about that then how do they propagate and then we're done going to talk about the areas but what are the areas and what are the different area types so you see it can get very very complex real fast so I need to make a decision here so what I'm going to be doing here is I'm going to be explaining things in OSPF relatively from ground up and then I'm going to go on tangents explaining OSPF so I'm going to talk about one thing so we're going to be as you will see filling up some some tables and then when as we fill out those tables I'm going to go on tangents and explain relative concepts or concepts that are related to what I was just talking about and that means that we are going to be jumping a little bit back and forth in this lecture but I hope that you will be able to follow me oh SPF network types table the first network type that I'm going to talk about is going to be the broadcast network that now broadcast network type is using hello timers or it sends hellos every 10 seconds and it uses the dead timer of 40 seconds now this 10:40 or I should say 1 to 4 ratio between hello timers and dead timers is the default one you know SPF so if you change just the hello type on an interface for example oh sorry the hello timer on the interface you're automatically going to be modifying the dead timer as well so if I set my um hello timer to 20 seconds my dead interval automatically be 80 seconds and so on so this ratio is maintained until the moment you actually set the dead interval manually the minimum that you can set for the hello timer in OSPF is 1 second but sometimes you actually want to have a fast convergence that you want the routers to notice that the neighbor is down in shorter time than 1 second if that is the case you have to use the special configuration in which you declare that you want to use the minimal dead interval and the minimum dead interval that you can set is one second and then you configure something that is called the hello multiplier within that one second how many hellos you want to send so if you say something like IP ospf dead interval minimal and then hello multiply player four you will be sending hellos every 250 milliseconds on that interface now this is something that can be used to provide for a sub second convergence on that interface and is also also something that can very reliably provide for a complete meltdown in your network so be very very careful when you use these features and I can tell you from my personal experience that they sound much better than they actually are and I am not joking about the meltdown part now in the hello column here I'm going to mention that on the broadcast network type by default it will be the multicast hellos that are being sent and OSPF sends hellos - 2 - 4 0 0 5 so the hello destination so let me just write this down so we have hello destination for multicast is 2 2 4 0 0 5 now this is a link-local address which means that traffic sent to this address will not be routed by other routers so these hellos will be contained to a specific interface to a specific to a specific link neighbour column here do I need to specify the neighbor statement in order to establish successful adjacency on a broadcast network type the answer is no I don't need the neighbor statements I don't need to specify the neighbors and this goes hand-in-hand with the fact that we are using the multicast hellos because if we are using multicast hellos we don't need to have the neighbor statement because that's the whole idea of using the multicast hellos is that we don't need to know what the neighbor and it will be simply delivered to all OSPF routers the hello message will be delivered to all OSPF routers is there dr b dr election the answer is yes and here i'm going to go on a first longer tangent and i'm going to talk about what the dr is or the designated driver designated router on a shared segment so let's say that we have a segment of routers that are connected to the same Ethernet link so something along these lines so here let's else we have routers 1 2 3 4 & 5 now I represented Ethernet as just a bus but this is of course in these days all connected to the switch but the idea is the same if one router here sends a packet sends a multicast packet it will actually be delivered to all of these routers here now one of the requirements of OSPF is that the database that OSPF uses to calculate to keep information about the network to calculate the best path and i will talk about database a little bit later on in greater detail one of the requirements is that inside an area a database must be identical on all devices so whatever is on one of these routers must be present on all their routers now keep in mind here that when I say area I don't necessarily mean just this one segment we could have other routers for example connected on point-to-point links or another shared segments here that are in the same area and this database requirement that it needs to be identical holds true for all those routers as well so all these routers here must actually have identical databases because they are in the same OSPF area so this is in area and this part here this arrangement between one two three four and five this is something that we are going to call a shared segment now inside an area we can have multiple shared segments here is another one so this is another let me use a different color there so this here is going to be another shared segment that is very very different than the one on the top so they are unrelated in terms of dr election or the BDR election these are separate shared segments so we have one shared segment here and we have another shared segment here but they are in the same area and they need to have identical databases so going back to our shared network just focusing on that one bit so we are going to have four others here if the database must be identical on all of them let's examine what happens so I'm just going to copy all this what happens if for example our one here has a network end that it is advertising to all these routers so what it's going to do is going to send the network here going to send the advertisements here send the advertisement here and send the advertisement here now we can see that we are sending this advertisement here four times but not only that we need to maintain the adjacency with our five we need to maintain the adjacency with our two we need to maintain adjacency with our three and we need to maintain adjacency with our for our two needs to maintain adjacency with our one with our five with r3 and r4 our three needs to maintain adjacency with our five and our four on top of that and r4 and r5 healthy adjacency so basically what I have here is the full mesh of adjacencies which on five routers isn't really that much of a deal because every single router here will have only for adjacencies but what if we had 50 60 routers on this segment no not very likely scenario but also not extremely unlikely scenario this number here doesn't really scale well and especially given the fact that information that is sent by r1 to r2 is the identical information that is sent to our v r3 and r4 and in the other direction so there is we are simply going to be sending the exact same copy of the same information to all of the routers on the segment now this is not very scalable and it's not most optimal way of actually exchanging the information this is why in OSPF there is this concept of the designated router which basically is the rudder that is going to be acting as a virtual hub for the exchange of the information so not all traffic will be flowing through it as the result it's just going to be an exchange hub so in this case let's just say that for whatever reason our v here became our designated driver what's going to happen is that our v is going to maintain the adjacencies with these four routers here so the number of adjacencies is now n minus 1 in our network that means that we have this virtual hub-and-spoke of information exchange so when we have our network end here from r1 that needs to get advertised what's going to happen is r1 is going to send that information to our five and our five will fan it out where it needs to go so we are not going to send the same information from R 1 to R 5 from r1 to r2 from R 1 to R 3 from R 1 to R 4 and then from r5 2 2 3 4 then from 270 2 3 & 4 then from 3 send it to 4 and then from 470 to 5 so this is not going to happen this this ridiculous exchange of information of the exact same information so this is the prime roll of the designated writer is to provide this haben spoke like information exchange inside the shared segment that's the primary role of it another role of VR and this is going to get a little bit tricky now let's say that we have an area that involves a lot of shared segments or maybe even some point-to-point links stats that really doesn't matter so some relatively complex network so this is a single area inside this area as we can see we have multiple shared segments so we have this shared segment we have this one we have this one and we have this one here so on each and every one of these shared segments one of the routers is going to be the dr so i have circled them here as you can see these DRS are not connected to the rest of the network these routers are not connecting elsewhere so these routers here are providing for a virtual hub-and-spoke communication inside these shared segments on which they are in charge of so this is their primary role so this is the primary role they provide for that hub-and-spoke there is also a secondary role now the secondary role is to inform all other routers in the area about the arrangement that may exist on this segment here now what these routers here are going to do let's say this dr here let's call it dr one what it's going to do it's going to generate information I'm going to talk about this technically it is type two LSA but I will talk about LSA types later on it's going to generate type two LSA informing other routers in the network that there is this shared segment here that consists of let's say routers one two and three so it's going to generate this information and send it to its neighbors so it's going to send it to r2 it's going to send it to our three now our three due to the nature of the requirement that the database must be identical in the whole area is going to actually flood this information to other routers so this information that that shared segment exists is going to flow through the network so all these routers here are going to become a fully aware that this arrangement here exists this dr here is going to do the same thing for this shared segment this dr will do that for this shared segment and this dr will do that for this shared segment so there are these two roles of the designated router not this role here that i call the primary role is much much more important than the secondary one and for that purpose on this shared segment not only that we are going to have the designated router we are in most cases going to have a backup designated router so these are the adjacencies with the designated router and let's say that one of these routers let's say that our three here was elected to be the backup designated router the BDR will maintain the adjacency with two dr so this adjacency here exists but it's also going to maintain adjacencies with all other routers so the actual number of adjacencies is going to be two x and minus one in our network which is still much much fewer adjacencies then we have with full mesh now the reason here is that if this router here was to unexpectedly die we are still going to have the information exchange available through our backup designated router now what BDR is not going to do is this stuff here the secondary role there is no secondary role for the b dr so i'm just going to write this down so dr is the only router who is responsible for informing the others using type 2 LSA about the arrangement on the segment now if dr was to unexpectedly disappear from the network the BDR will actually get promoted to the dr and then it will be sending this information and one of the other routers may actually get promoted to become the be dr now when the PDR gets promoted to the dr it will send this type to LSA and the rest of the network will know that arrangement still exists there is in most cases no actual loss of traffic because if we take a look at this this arrangement here let's say that this router here was the dr and this router disappeared from the network now let's say that this router was the backup designated router was this designated router actually connected to the rest of the network the answer is no so these other routers still no technically speaking how to reach to this network through this router r3 the fact that for a brief period of time they had stale information from the BR doesn't matter because now they're going to get updated information from r2 that is going to be almost identical the only thing that is going to be missing there is r1 why because r1 disappeared from the network so now we are getting up-to-date information that r1 is no longer connected to that shared segment which which is actually true but but for a very very brief period of time these other routers in the network were under the impression that this network function properly but they could still reach two and three yes we were black hauling traffic to r1 but that fact of life why did we disappear from the network but when we receive the up-to-date information these routers are no longer going to think that r1 is reachable through that network so that is the role of the dr and that is the role of the BDR now how RDR and BD are chosen on the network so i'm going to go through dr and BDR election process now I'm going to say election under quotes here because it is actually a dictatorship and having lived under one I can tell you that the only good way to get rid of the dictators is to shoot them but that's me digress now let's say that we have several routers that are actually connected to the network and we need to elect the designated router now in OSPF all routers are identified to other routers using something that is called the router ID now quick digression here router ID is a 32-bit number that looks like an IP address but is not an IP address what I mean by that is that when you have router r1 and this r1 has multiple interfaces let's say that it has Ethernet interface it has serial interface it has gigabit interface and if he has a loopback interface all of these interfaces will have an IP address now when we fire up the router OSPF process what's going to happen an IP address from one of these interfaces is going to be used to become a router ID if you have a loopback interface this IP address will be used to become the router ID but it is going to be the value of the IP address that is used because router ID is not an IP address what's in it we had 1 1 1 1 here so the router ID here will become 1 1 1 1 now let's say that we actually remove this interface from the router our router ID stays 1 1 1 1 and everything functions normally because router ID does not have to be a reachable IP address is just a 32-bit number that looks and feels like an IP address but it's not actually an IP address now what am I saying this is that you can have a perfectly legitimate scenario could have trouble good luck troubleshooting this but this is a perfectly legitimate scenario where you have for example r1 and r2 and let's say that both of them have looked like 0 interfaces and this is 1 1 1 1 and this is 2 2 2 2 and the router ID on our 1 is 2 2 2 2 and router ID on 2 is 1 1 1 1 this is a perfectly ok scenario OSPF will work perfectly sorry about this so OSPF will work like a charm here it's only you who struggle to actually troubleshoot this in the case there a problem because you will see that there is a loopback that has IP address and then have a router ID that doesn't match now the reason why most candidates or more most on truckin genius would struggle with this is that you're in our immediate gut feeling is Oh rats riding is an actual IP address just remember this it looks like an IP address but it's not an IP address another example is for example this this is a perfectly valid router ID now this is very invalid IP address but this is an OK router ID so inside our OSPF each router here has a router ID router cannot operate in OSPF network unless it has a router ID assigned by default it will be assigned from one of the interface IP addresses loop backs are given preference if there are no loop packs configured then it will be simply the highest IP address on the router they can also be configured manually under the OSPF process with router OSPF whatever the process number is and then you specify the router ID and let's say that here router IDs are very very simple now when these routers become active on this segment the router IDs are going to be one of two things that are going to be used to determine which one of these becomes the designated router the second thing is going to be priority or the router priority this is a per interface setting so on different interfaces on the router we can have different OSPF priorities the default priority on OSPF routers on sorry on cisco routers is one so we can see here that all of our three routers have priority of one priority is the first thing that is taken into account so priority and then the router ID and the higher Lu is the one that is given preference to so in our case here what's going to happen is that our three is going to become the designated router why because the priority is the same on all three of them and then it will be the higher router ID that becomes the D our our our two here will become the backup designated router now this is all nice and fine except for one thing if our one booted first our one would be the only router on the network it would ask are there any DRS on the network if there are no DRS on the network our one would actually be promoted dr so going to write this again here we are election important thing is there is no preemption new router will not displace existing dr so if they are already exists on the segment it will not be replaced by any new router no matter how better the preference is on that router or how better priority is done that rudder or how higher the router ID is which creates a unique set of problems because when you have a network for example that is hub-and-spoke so here we have a hub-and-spoke network and what I mean by hub-and-spoke is that this here is a single interface so I'm not talking about the sub interfaces I'm talking about single individual interfaces so this is a hub and this is a spoke one this is spoke to now when you have a scenario that looks like this it's very very important that the hub here is the dr why let's take a look at the hellos if the hello here is sent and it's sent to 2 to 4 0 0 5 and remember that dimension it's very very significant to remember that this is a link-local address this will be received by the hub but it will not actually be forwarded out the same thing happens with the hello from from spoke to this router will be aware of this spoke but it will not send these hellos now of course hub itself is going to send hellos so we might actually have a valid adjacency here and we might have a valid adjacency here now let's say that the router ID here was 3 3 3 3 that here was 2 2 2 2 ended here we had one one one one what going to happen here is that and this is from hubs perspective is that hub is going to think that on this segment this is the dr and that spoke to is the BDR and it's going to think that it's dr other now what's going to happen here is let's say that there is a network n behind spoke 1 and let's say that this network n is now being advertised to hub now the hub being dr other assumes that there is an adjacency between spoke 1 and spoke to so it's not actually going to v-- flood this LSA 2 spoke to which means that spoke to cannot reach the network n so network n is unreachable from spoke to because hub did not forward that information out to it this is why whenever you have hub and spoke networks you need to absolutely ensure that if you are using the network type that elects the dr and the b dr you actually need to make sure that the hub is the dr and you need to ensure that no other routers in that segment can ever become the designated routers which brings me to another point the only way so again the election the only way to prevent sorry the only way to make sure a certain device is the dr is to ensure no one else is eligible why because of the preemption so i'm going to repeat that no preemption how do we make sure that routers are not eligible to become the ARS not eligible are the routers that have priority of zero so in a case of our hub-and-spoke environment here what we really need to do is we need to set the priority here to zero and we need to set priority here to zero and we need to set priority here to unknown zero value personally personal preference for me is to set it to 255 just to be absolutely sure it will be d the dr even though it makes no sense one is enough so this is the crucial part whenever you are dealing with hub-and-spoke environments on your spokes you need to make sure that your spokes have the priority set to zero if you don't set the priority to zero you are going to have a problem now hub-and-spoke environment is relatively easy to spot of course it's going to be frame relay but also private villains now imagine what private villains are doing so let's say here that we have again three routers they are connected to an Ethernet segment now on an Ethernet segment we know that everyone here so let's say r1 r2 and r3 that everyone here can communicate with everyone right this is the same broadcast domain so they can communicate with each other but when we add the private real ins basically what we are going to be doing let's say that this one here is the promiscuous port and the DS are in isolated villain what we are creating really is this we are creating to broadcast domains we have one broadcast domain here and we have another broadcast domain here so these guys can freely communicate so there is a free communication here and there is a free communication here but this device cannot communicate to this one so r1 and r3 cannot communicate their only way of communicating is through r2 which basically makes our to be the hub and these are spokes so this is poke and this is poke which means that we actually have a Hubble spoke set up on internet which is very very unnatural thing for internet because everyone is supposed to be able to communicate with everyone but they cannot communicate with each other because the private VLAN configuration is preventing this from communicating so this is the long story about the dr the dr election and the situations in which you need to actually take care of it so going back to our table here just a reminder on a broadcast network type if you remember that we already filling out some on the broadcast network type we do have dr and b dr election now the next field in this table is mask now what do I mean by mask this is what I mean by mask whenever we have a router configured and let's say that it has an interface and this is an Ethernet interface though it's Ethernet 0 0 and let's say that we have an IP address 192 168 150 117 and it's configured as slash 24 for example when we want to advertise this network here in OSPF and this is the default so this is the broadcast network type which mask is it going to be advertised is it going to be this mask or is it going to be something else that gets advertised now let's say that this was slash 27 for example or let's say that it was slash 28 or 29 and it doesn't matter what it was when you are dealing with the broadcast network type it will be the correct mask that gets advertised so whatever is actually configured on the interface will be that ends up being advertised in OSPF now this might look pointless and straightforward that I mean what else could it possibly be but bear with me there is a reason why I'm explaining this now next hop this is a really important one imagine a network scenario that looks like this so we have three routers and they are connected to the shared segment and let's say that this right here is the designated router and these two are D or other so I don't care about the the BD are at this point moment this is r1 this is r2 and this is r3 and there is some network in behind our one now one network M advertised in OSPF we know that r1 will actually advertise it to r2 and r2 will somehow advertise this network to r3 so r3 is now going to have a network but what is going to be the next hop for this route what is going to be the next hop is it going to be r2 or is it going to be r1 now in a broadcast network type the fact that our to actually riad ver ties this route is irrelevant the next hop will still be the interface of the router r1 in this shared segment so basically it will be r1 or as I like to say it will be unchanged because the hub side here the dr is good not going to change the next hop when we advertise is the route very straightforward and no problems with this except actually let me give you a more relevant example so in an Ethernet setup like this with r1 r2 and r3 this is not a big deal but what if we actually had a private villain here so what if this was isolated this was isolated and this was a promiscuous port so we have taken care of the fact that r2 is the DR that's good but what happens with the actual traffic when this route gets advertised to r2 and r2 sends this information to r3 + r3 knows that network n is reachable through r1 when it wants to send the traffic out it's actually going to send out the ARP request and who has and let's just use this as who has our once address I'm looking for the next hop for the route I know that network n is reachable through this address but I don't have the MAC address for it when r2 receives this ARP request which is broadcast remember this is one broadcast domain and this is another broadcast domain they are separated r2 is going to receive this broadcast this ARP request n is going to say well that's not me then r3 is going to resend it hey who has r1 or r2 is going to think to itself well this is not for me this is for someone else so basically r3 cannot communica Munich 8 with Network n because it cannot go through the hub because the next hop here was unchanged now in order to fix this if this was a broadcast network type again I am repeating we are dealing with the broadcast network type behavior in OSPF in order to fix this we need to implement a special hack on this interface here what we need to do is configure IP local proxy RP now what IP local proxy ARP is going to do is when this ARP request here arrives to r2 r2 is going to respond back and say okay you know what I have this IP address so now our three can actually send traffic to r2 and r2 can route it to r1 because r2 knows how to reach r1 so basically we are forcing the traffic to go through the hub we are working around the limitations of Ethernet but remember it's the IP local proxy are not to be confused with the proxy our proxy ARP is enabled on r2 would respond to our requests for anything except for the local segment so all the questions that are dealing with the local segment r2 will not answer if only look if sorry if only proxy our post configured but if r2 had some other network it would answer with its own IP address of the yeah with its own MAC address and yes this is me but when we configured the local proxy ARP r2 will actually respond to this ARP request even for other addresses that might appear to be on the same network and this is the scenario in which you might end up using this so going back here the next hop is unchanged now M here the default column deals with is this network type a default on any interfaces in OSPF yes it is default on all Internet interfaces by or on all types of Ethernet interfaces or if we have fast internet gigabit internet 10 gig 40 gig Ethernet hundred internet whatever it is the broadcast network type will be the default Network type the question I had here is will clearing of the routing process in all the routers take care of priam so if we already have a dr configured on the network and if we clear the router process on all the routers on the segment will they go to the election process the answer is yes but again make sure to do it relatively close to each other because if you wait too long between them one of them may declare itself as they are they're the routers have a built-in defense mechanism against this and I will talk about it in a moment but yes the short answer is yes you can do it but don't wait too long between clearing processes but if you do it within a couple of seconds of each other actually you do have a little bit more than just couple of seconds you will be fine so that can take care of preemption process but really the only thing that you have to do is just clear the the process on the elected dr you don't have to clear it on all of them because if you clear the dr and it's no longer sending the hellos after the dead interval expires after 40 seconds all other routers are actually going to declare the DRS dead and they're going to go through the reelection so the one that was BDR will be promoted and a newbie dr will be elected if you want to change both dr and the BDR just clear the process on two of them and the others the or others will actually go through the election process if of course they are eligible to become dr in the b dr that means that they must have their priorities as nonzero
Info
Channel: CCIEORDIE.COM
Views: 3,287
Rating: undefined out of 5
Keywords:
Id: StmTZgxaZys
Channel Id: undefined
Length: 45min 54sec (2754 seconds)
Published: Wed Jan 31 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.