270 likes | 426 Views
Evaluating OSPF. Advanced Features of OSPF Protocol. Our routing study thus far - idealization . all routers identical network “flat” … not true in practice. scale: with 200 million destinations: can’t store all destinations in routing tables! routing table exchange would swamp links!.
E N D
Evaluating OSPF Advanced Features of OSPF Protocol
Our routing study thus far - idealization • all routers identical • network “flat” … not true in practice scale: with 200 million destinations: • can’t store all destinations in routing tables! • routing table exchange would swamp links! administrative autonomy – Autonomous Systems(AS) • internet = network of networks • each network admin may want to control routing in its own network
OSPF Advanatages • No limitation on hop count • Supports classless (VLSM) routing • Routing updates sent only when there is a change or very rarely • Faster convergence • Better load balancing • Logical definition of areas • Authentication and external routes tagging
Review: Evaluation Criteria for Routing Protocols • Bandwidth • Metric calculation • Sharing and managing routing information • Scalability • Convergence • Performance • Hierarchy • Scalability • Administration and Management • Hardware and software resources • Reliability • Security
OSPF - Link State Protocol • Link • an interface on the router • Link state • description of the interface and the neighboring routers • IP address, mask, type, routers connected to • Link state database • collection of link state advertisement for all routers and networks
172.16.5.3 E2 172.16.1.1 192.168.10.5 T0 E1 E0 172.16.3.2 Area 1 Area 0 router ospf 63 network 172.16.5.3 0.0.0.0. area 1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.5 0.0.0.0 area 1 OSPF Basic Configuration Example Router (config) # router ospfprocess-id Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet mask
Bandwidth- The Metrics in OSPF 56 Kbps serial link 1758 64 Kbps serial link 1562 T1 (1.544 Mbps serial link) 65 E1 (2.048 Mbps serial link) 48 4 Mbps token ring 25 Ethernet 10 16 Mbps token ring 6 FDDI 1 The faster the link, smaller is the number => more desirable is the route formula: cost = 108 /bandwidth in bps
R2 R3 R1 10.10.10.0/24 OSPF Metric - OptimisingBandwidth Lo0 10.2.2.2 Fa0/0 .1 S0/0/0 S0/0/1 DCE 192.168.10.0/30 192.168.10.8/30 64kbps 128kbps .2 .9 S0/0/0 DCE Fa0/0 S0/0/1 Fa0/0 .17 .33 .10 .1 S0/0/1 172.16.1.16/28 172.16.1.32/29 S0/0/0 DCE .5 .6 192.168.10.4/30 Lo0 10.3.3.3 Lo0 10.1.1.1 256kbps R1(config-router) auto-cost reference-bandwidth
R2 R3 R1 OSPF Metric - Cost 10.10.10.0/24 Lo0 10.2.2.2 Fa0/0 .1 S0/0/0 S0/0/1 DCE 192.168.10.0/30 192.168.10.8/30 64kbps 128kbps .2 .9 S0/0/0 DCE Fa0/0 S0/0/1 Fa0/0 .17 .33 .10 .1 S0/0/1 172.16.1.16/28 172.16.1.32/29 S0/0/0 DCE .5 .6 192.168.10.4/30 Lo0 10.3.3.3 Lo0 10.1.1.1 256kbps
Load Balancing and Link Cost • OSPF allows for Equal-Cost load balancing. • R6 has two routers to R7 networks • Thru R5-R4 • Thru R4-R7 • Which path will be taken? • If you want to load-balance using both paths: • R6 needs to believe that the path cost through R5 and R4 are the same. • Artificially increase the cost of the currently preferred link of R6, using • IP ospf cost command, • Once the cost of the current preferred link is increased (made worse) and is made the same as the other path, equal cost load balancing will automatically begin. 500 Kbps 1.5Mbps
Bandwidth: Managing Routing information • Routing information is not exchanged in form of routes (Which protocol does that?) • Each router generates link-state advertisements containing elements of network topology • routers • neighbor relationships • Connected subnets and Others • Link-state advertisements are flooded to all routers when areas are not configured: Issue : LSA flooding -> hampers performance • Link-state database is used for storing network topology information • Dijkstra’a SPF (Shortest path first) algorithm used to compute shortest path in terms of COST (OSPF metric), and result stored in RIB(routing information database) • OSPF RIB is collection of best paths to each destination, installed in Routing table • When information in link state database changes, only a partial calculation is necessary
R2 R3 R4 R5 R1 Issue: Performance - Flooding LSAs R5 - LSA 224.0.0.6 R5 - LSA 224.0.0.6 • Multi-Access Networks: • To avoid flooding LSAs to all routers in the network, • Routers are designated: • Election of DR (Designated Router)- Routers send LSAs to the DR using the multicast address 224.0.0.6 • BDR (Backup Designated Router) : back up for DR, if DR fails DR BDR R5 - LSA 224.0.0.5 DRother R5 - LSA 224.0.0.5 DRother • The DR is responsible for forwarding the LSAs from R1 to all other routers. The DR uses the multicast address 224.0.0.5 R5 - LSA 224.0.0.5 DRother
Backbone Area #0 Hierarchical Structure • Introduced to put a boundary on the explosion of link-state updates • Every area is connected to the backbone area Area #2 Area #1 Area #3
OSPF Areas • The border area is OSPF area 0 • all routers belonging to the same area have identical database • SPF calculations are performed separately for each area • LSA flooding is bounded by area
OSPF: Multiple Areas Interior Router (IR) IR • Two-level hierarchy: local area, also called backbone.area • Link-state advertisements only in area • each nodes has detailed area topology; • only knows direction (shortest path) to networks in other areas. • Area border routers (ABR):“summarize” distances to networks in own area, advertise to other Area Border routers. • Backbone routers: run OSPF routing limited to backbone. • Autonomous System Boundary routers: connect to other AS’s. (Autonomous Systems) Area 3 Area 2 to other AS area 0 Backbone ASBR ABR: Area Border routers Area 4 Area 1 Virtual link ASBR: Autonomous System Border Routers
Scaling OSPF • Rule of thumb • no more than 150 routers /area • Reality • no more than 500 routers/area • Backbone area is an area that glue all the other areas • always marked as area 0 • proper use of areas reduces bandwidth • summarized routes • instability is limited within the area
172.16.5.3 E2 172.16.1.1 192.168.10.5 T0 E1 E0 172.16.3.2 Area 1 Area 0 router ospf 63 network 172.16.5.3 0.0.0.0. area 1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.5 0.0.0.0 area 1 OSPF Basic Configuration Example Router (config) # router ospfprocess-id Router (config-router) # network address wildcard-mask area area-id Wild card mask: inverse of subnet mask
Area 0 Interface Addresses(255.255.255.0 mask) 172.16.96.0 - 172.16.127.0 255.255.255.0 Interface Addresses(255.255.255.0 mask) 172.16.127.1 172.16.96.1 R2 172.16.64.1 172.16.32.1 R1 R2 172.16.64.0 - 172.16.95.0 255.255.255.0 172.16.32.0 - 172.16.63.0 255.255.255.0 Area 2 Area 1 R1# router ospf 100network 172.16.32.0 0.0.31.255 area 1network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0area 1 range 172.16.32.0 255.255.224.0 R2# router ospf 100network 172.16.64.0 0.0.31.255 area 2network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0area 2 range 172.16.64.0 255.255.224.0 Route Summarization Example
Area Link State Database • Link state database for every area is different • Area database is composed of • router links advertisements • network links advertisements • summary links advertisements • AS external advertisements
Stub Areas: Router performance • OSPF allows certain areas to be configured as stub areas. • Configuring a stub area reduces the topological database size inside an area and reduces the memory requirements of routers inside that area. • RTC# • interface Ethernet 0 • ip address 203.250.14.1 255.255.255.0 • interface Serial1 • ip address 203.250.15.1 255.255.255.252 • router ospf 10 • network 203.250.15.0 0.0.0.255 area 2 • network 203.250.14.0 0.0.0.255 area 0 • area 2 stub • RTE# • interface Serial1 • ip address 203.250.15.2 255.255.255.252 • router ospf 10 • network 203.250.15.0 0.0.0.255 area 2 • area 2 stub
Link State Advertisement (LSA) • Generated periodically or in response to any change • Contains: • source identification • sequence number • link state age • list of neighbors
Load Balancing by Multiple Path equal or proportional cost multiple paths R2 path 1 N1 N2 path 2 R3 R1 Unequal cost multiple paths not supported R4
Equal cost paths • Two routers are connected to each other via two p2p serial links of equal cost. R1 has Loopback 0 interface 1.1.1.1/32 and R2 has Loopback 0 interface 2.2.2.2/32. OSPF is used as the routing protocol. Hence, R1 can reach 2.2.2.2/32 via two equal-cost paths and R2 can reach 1.1.1.1/32 via two equal-cost paths. 1.1.1.1/32 2.2.2.2/32 R1 R2 R1# show ip route | begin GatewayGateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnetsC 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnetsO 2.2.2.2 [110/65] via 10.2.2.2, 00:01:44, Serial0/1 [110/65] via 10.1.1.2, 00:01:44, Serial0/0 10.0.0.0/30 is subnetted, 2 subnetsC 10.2.2.0 is directly connected, Serial0/1C 10.1.1.0 is directly connected, Serial0 R1# show ip route 2.2.2.2Routing entry for 2.2.2.2/32 Known via "ospf 1", distance 110, metric 65, type intra area Last update from 10.1.1.2 on Serial0/0, 00:02:10 ago Routing Descriptor Blocks: 10.2.2.2, from 2.2.2.2, 00:02:10 ago, via Serial0/1 Route metric is 65, traffic share count is 1 * 10.1.1.2, from 2.2.2.2, 00:02:10 ago, via Serial0/0 Route metric is 65, traffic share count is 1
Authenticated Routing Updates • Two possibilities are defined • no authentication (configured by default) • authentication • simple password authentication • message digest authentication
Simple Password Authentication • Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key. Drawback • Vulnerable to passive attacks. Anybody with a link analyzer could easily get the password off the wire. • interface Ethernet0 • ip address 10.10.10.10 255.255.255.0 • ipospf authentication-key mypassword • router ospf 10 • network 10.10.0.0 0.0.255.255 area 0 • area 0 authentication
Message Digest Authentication • Cryptographic authentication • A key (password) and key-id are configured on each router. The router uses an algorithm based on the OSPF packet, the key, and the keyid • to generate a "message digest" that gets appended to the packet. Unlike the simple authentication, the • key is not exchanged over the wire. A non-decreasing sequence number is also included in each OSPF • packet to protect against replay attacks. • interface Ethernet0 • ip address 10.10.10.10 255.255.255.0 • ipospf message-digest-key 10 md5 mypassword • router ospf 10 • network 10.10.0.0 0.0.255.255 area 0 • area 0 authentication message-digest
Memory Issues • Usually come up when too many external routes are injected in the OSPF domain. • A backbone area with 40 routers and a default route to the outside world would have less memory issues compared with a backbone area with 4 routers and 33,000 external routes injected into OSPF. • The total memory used by OSPF is the sum of the memory used in the routing table (show ip route • summary) and the memory used in the link-state database. • Example: • Each entry in the routing table will consume between approximately 200 and 280 bytes • Each LSA will consume a 100 byte overhead plus the size of the actual link state advertisement • This should be added to memory used by other processes and by the IOS itself.