OSPF inter-area and intra-area routing rules

The following lab focuses on intra-area and inter-area route selection process.

For the sake of clarity, I put the final conclusions first, wrapped in a table form, with some explanations to ponder upon, followed by the different lab cases used to check OSPF route selection rules.

For each case, I used interface costs and states to illustrate OSPF selection rules in action.

 

Order of preference and criteria	Rules
1. Intra-area (O) Lowest cost Multipath	– Intra-area routes are always preferred over inter-area ones. – Intra-area routing to a destination inside a non-backbone area will take the shortest path without traversing the backbone area.- Intra-area routing to a destination inside a backbone area will take the shortest path without traversing a non-backbone area.	– ABR’s advertise only intra-area routes from non-backbone area to the backbone area and advertise intra-area and inter-area routes from backbone area to a non-backbone area. – ABRs do not take into account in SPF calculations LSAs received from non-backbone areas.
2. Inter-area (IA)	– Inter-area route between two non-backbone areas must pass through the backbone area. – Inter-area route will take the path with the shortest total cost.
3. External routes 3a. Type 1: Lowest total cost Multipath 3b. Type 2: Redistribution cost Total cost Multipath	For more information about comparing OSPF external routes, please refer to the lab OSPF external E1, E2, N1, N2…Who is the winner?

 

• References from RFCs:

rfc3509

OSPF prevents inter-area routing loops by implementing a split-horizon mechanism, allowing ABRs to inject into the backbone only Summary-LSAs derived from the intra-area routes, and limiting ABRs’ SPF calculation to consider only Summary-LSAs in the backbone area’s link-state database.

 

rfc2328

…Routing in the Autonomous System takes place on two levels, depending on whether the source and destination of a packet reside in the same area (intra-area routing is used) or different areas (inter-area routing is used). In intra-area routing, the packet is routed solely on information obtained within the area; no routing information obtained from outside the area can be used.   This protects intra-area routing from the injection of bad routing information.…

 

3.2.   Inter-area routingWhen routing a packet between two non-backbone areas the backbone is used. The path that the packet will travel can be broken up into three contiguous pieces: an intra-area path from the source to an area border router, a backbone path between the source and destination areas, and then another intra-area path to the destination. The algorithm finds the set of such paths that have the smallest cost.…The topology of the backbone dictates the backbone paths used between areas.…

 

… There are four possible types of paths used to route traffic to the destination, listed here in decreasing order of preference: intra-area, inter-area, type 1 external or type 2 external. …

To understand OSPF mechanism of loop prevention, think conceptually of OSPF areas as nodes in a loop-free tree with depth never bigger than 2.

 

OSPF tree: loop-free

You can visually see why 2 non-backbone areas cannot directly exchange routes and they must have area0 as an intermediate area to avoid loops:

 

OSPF tree: loop

Important notes:

• Throughout the lab, I am using cost to manipulate route selection.

• OSPF takes into account the cost of output interface toward the destination, so be careful when you change the cost on one end of a link, this can cause unwanted asymmetric routing.

• IGP protocols split the router (advertise routes through interfaces) whereas BGP splits the link between routers, this fundamental difference should be clearly depicted in the topology to avoid confusion.

• If you are advertising your loopback networks with mask less than 32 you will have to to set their ospf network type point-to-point (refer to this lab for more information).

• Observe the ospf database inf. for LSA3 “Routing Bit Set on this LSA“, this is a Cisco-specific implementation of OSPF protocol, indicating that a specific LSA is taken into account in the calculation of the best route.

• Multipath selection is considered locally through FIB and provided by CEF load balancing mechanism, if there next-hops leading to the same destination.

 

Low-level lab design topology

Here is the lab topology used for testing:

Figure3: Low Level Design Lab topology

 

Test cases

Case1:

• Traffic between R1 10.10.0.1 (area 123) to R5 50.10.0.5 (area0)
• Default interface ospf costs

Figure4: Case1

R1#Ping 50.10.0.5 source 10.10.0.1 repeat 5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.10.0.5, timeout is 2 seconds:
Packet sent with a source address of 10.10.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/27/40 ms
R1#trace 50.10.0.5 source 10.10.0.1

Type escape sequence to abort.
Tracing the route to 50.10.0.5

  1 192.168.31.3 8 msec
    192.168.21.2 12 msec
    192.168.31.3 16 msec
  2 192.168.42.4 16 msec
    192.168.43.4 16 msec
    192.168.42.4 32 msec
  3 192.168.54.5 28 msec 40 msec 40 msec
R1#sh ip route 50.10.0.5

Routing entry for 50.10.0.5/32

  Known via "ospf 666", distance 110, metric 4, type inter area

  Last update from 192.168.12.2 on FastEthernet1/0, 00:42:05 ago

  Routing Descriptor Blocks:

  * 192.168.13.3, from 3.3.3.3, 00:42:15 ago, via FastEthernet1/1

      Route metric is 4, traffic share count is 1

    192.168.12.2, from 2.2.2.2, 00:42:05 ago, via FastEthernet1/0

      Route metric is 4, traffic share count is 1

R1#
R1#sh ip ospf database summary 50.10.0.5

            OSPF Router with ID (1.1.1.1) (Process ID 666)

        Summary Net Link States (Area 123)

  Routing Bit Set on this LSA

  LS age: 543

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 50.10.0.5 (summary Network Number)

  Advertising Router: 2.2.2.2

  LS Seq Number: 80000002

  Checksum: 0x32BD

  Length: 28

  Network Mask: /32

    TOS: 0     Metric: 3 

  Routing Bit Set on this LSA

  LS age: 587

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 50.10.0.5 (summary Network Number)

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000002

  Checksum: 0x14D7

  Length: 28

  Network Mask: /32

    TOS: 0     Metric: 3 

R1#

R1#

 

Case2:

• Traffic from R1 10.10.0.1 (area123) to R5 50.20.0.5 (backbone)
• R1 fa1/0 cost = 10
• R2 fa1/1 cost = 10

Figure5: Case2

Making two inter-area paths with unequal total costs, (unequal intra-area costs)

R1#trace 50.10.0.5 source 10.10.0.1

Type escape sequence to abort.
Tracing the route to 50.10.0.5

  1  *
    192.168.13.3 12 msec 28 msec
  2  *
    192.168.34.4 16 msec 16 msec
  3  *
    192.168.45.5 44 msec 44 msec
R1#sh ip route 50.10.0.5
Routing entry for 50.10.0.5/32
  Known via "ospf 666", distance 110, metric 4, type inter area
  Last update from 192.168.13.3 on FastEthernet1/1, 00:48:22 ago
  Routing Descriptor Blocks:
  * 192.168.13.3, from 3.3.3.3, 01:06:54 ago, via FastEthernet1/1
      Route metric is 4, traffic share count is 1

R1#

R1#sh ip ospf database summary 50.10.0.5

            OSPF Router with ID (1.1.1.1) (Process ID 666)

        Summary Net Link States (Area 123)

  LS age: 827
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 50.10.0.5 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000007
  Checksum: 0x825F
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 12 

  Routing Bit Set on this LSA
  LS age: 90
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 50.10.0.5 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 8000000A
  Checksum: 0x4DF
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 3 

R1#

 

R5#trace 10.10.0.1 source 50.10.0.5

Type escape sequence to abort.
Tracing the route to 10.10.0.1

  1 192.168.45.4 8 msec 4 msec 8 msec
  2 192.168.34.3 16 msec *  32 msec
  3  *
    192.168.13.1 44 msec *
R5#

R5#sh ip ospf database summ 10.10.0.1

            OSPF Router with ID (5.5.5.5) (Process ID 666)

        Summary Net Link States (Area 0)

  LS age: 194
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000007
  Checksum: 0x50C7
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 2 

  Routing Bit Set on this LSA
  LS age: 691
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000008
  Checksum: 0x30E2
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 2 

        Summary Net Link States (Area 25)

  LS age: 198
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000007
  Checksum: 0x50C7
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 2 

  LS age: 203
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 5.5.5.5
  LS Seq Number: 80000007
  Checksum: 0xAFF
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 4 

R5#

Note that, for the return traffic R5 will receive both summary LSA3 from R2 and R3, but will take into account only R3 because of the ABR’s router ID = 3.3.3.3

Multipath is not considered because there is only one next-hop (R4) in the FIB.

Case3:

• Traffic from R1 10.10.0.1 (area 123) to R5 50.10.0.2 (backbone)
• R1 fa1/0 cost = 10
• R3 fa1/2 cost = 100

Figure6: Case3

R1#sh ip ospf database summ 50.10.0.5

            OSPF Router with ID (1.1.1.1) (Process ID 666)

        Summary Net Link States (Area 123)

  Routing Bit Set on this LSA
  LS age: 697
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 50.10.0.5 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000004
  Checksum: 0x2EBF
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 3

  LS age: 46
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 50.10.0.5 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000002
  Checksum: 0xF592
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 102

R1#      
R1#sh ip route 50.10.0.5             
Routing entry for 50.10.0.5/32
  Known via "ospf 666", distance 110, metric 13, type inter area
  Last update from 192.168.12.2 on FastEthernet1/0, 00:01:22 ago
  Routing Descriptor Blocks:
  * 192.168.12.2, from 2.2.2.2, 00:01:22 ago, via FastEthernet1/0
      Route metric is 13, traffic share count is 1

R1#
R1#trace 50.10.0.5 source 10.10.0.1         

Type escape sequence to abort.
Tracing the route to 50.10.0.5

  1 192.168.12.2 20 msec 20 msec 20 msec
  2 192.168.24.4 28 msec 20 msec 24 msec
  3 192.168.45.5 28 msec 36 msec 40 msec
R1#

 

With unequal costs to ABRs and unequal costs advertised by ABRs, R1 OSPF has chosen the path with the lowest total cost to destination: cost to ABRs + cost of LSA3 summary advertised by each ABR.

Case4:

• Traffic from R1 10.10.0.1 (area 123) to R5 50.10.0.2 (backbone)
• R1 fa1/0 cost = 10
• R3 fa1/2 cost = 10

Figure7: Case4

R1#sh ip ospf database summ 50.10.0.5    

            OSPF Router with ID (1.1.1.1) (Process ID 666)

        Summary Net Link States (Area 123)

  Routing Bit Set on this LSA
  LS age: 1072
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 50.10.0.5 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000004
  Checksum: 0x2EBF
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 3

  Routing Bit Set on this LSA
  LS age: 12
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 50.10.0.5 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0x6C75
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 12

R1#
R1#sh ip route 50.10.0.5                 
Routing entry for 50.10.0.5/32
  Known via "ospf 666", distance 110, metric 13, type inter area
  Last update from 192.168.13.3 on FastEthernet1/1, 00:01:21 ago
  Routing Descriptor Blocks:
    192.168.13.3, from 3.3.3.3, 00:01:21 ago, via FastEthernet1/1
      Route metric is 13, traffic share count is 1
  * 192.168.12.2, from 2.2.2.2, 00:08:09 ago, via FastEthernet1/0
      Route metric is 13, traffic share count is 1

R1#
R1#trace 50.10.0.5 source 10.10.0.1  

Type escape sequence to abort.
Tracing the route to 50.10.0.5

  1 192.168.13.3 8 msec
    192.168.12.2 8 msec
    192.168.13.3 8 msec
  2 192.168.24.4 20 msec
    192.168.34.4 24 msec
    192.168.24.4 16 msec
  3 192.168.45.5 20 msec 32 msec 24 msec
R1#

 

With unequal costs to ABRs and unequal costs advertised by ABRs, R1 OSPF has chosen multipath because of the equal total cost to destination: cost to ABRs + cost of LSA3 summary advertised by each ABR.

Case5:

• Traffic from R5 50.10.0.5 (backbone) to R1 10.10.0.1 (area 123)
• R3 fa1/1 cost = 10

Figure8: Case5

R5#sh ip ospf database summary 10.10.0.1

            OSPF Router with ID (50.10.0.5) (Process ID 666)

        Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 1906
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000011
  Checksum: 0x3CD1
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 2

  LS age: 19
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0x947A
  Length: 28
  Network Mask: /32
        TOS: 0     Metric: 11
          
...
R5#
R5#sh ip route 10.10.0.1                
Routing entry for 10.10.0.1/32
  Known via "ospf 666", distance 110, metric 4, type inter area
  Last update from 192.168.45.4 on FastEthernet1/0, 00:02:53 ago
  Routing Descriptor Blocks:
  * 192.168.45.4, from 2.2.2.2, 00:02:53 ago, via FastEthernet1/0
      Route metric is 4, traffic share count is 1

R5#
R5#trace 10.10.0.1 source 50.10.0.5     

Type escape sequence to abort.
Tracing the route to 10.10.0.1

  1 192.168.45.4 4 msec 12 msec 8 msec
  2 192.168.24.2 24 msec 20 msec 20 msec
  3 192.168.12.1 20 msec 28 msec 20 msec
R5#

 

With equal paths to ABRs R2 and R3, R5 ospf choose the path with the lowest total cost (cost to ABR + cost advertised by ABR)

Case6:

• Traffic from R5 50.10.0.5 (backbone) to R1 10.10.0.1 (area 123)
• R3 fa1/1 cost = 10
• R4 fa1/1 cost = 5

Figure9: Case6

R5#sh ip ospf database summary 10.10.0.1

            OSPF Router with ID (50.10.0.5) (Process ID 666)

        Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 573
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000012
  Checksum: 0x3AD2
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 2

  LS age: 710
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.0.1 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0x947A
  Length: 28
  Network Mask: /32
        TOS: 0     Metric: 11
          
...   
R5#
R5#sh ip route 10.10.0.1                
Routing entry for 10.10.0.1/32
  Known via "ospf 666", distance 110, metric 8, type inter area
  Last update from 192.168.45.4 on FastEthernet1/0, 00:02:49 ago
  Routing Descriptor Blocks:
  * 192.168.45.4, from 2.2.2.2, 00:02:49 ago, via FastEthernet1/0
      Route metric is 8, traffic share count is 1

R5#
R5#trace 10.10.0.1 source 50.10.0.5     

Type escape sequence to abort.
Tracing the route to 10.10.0.1

  1 192.168.45.4 16 msec 12 msec 8 msec
  2 192.168.24.2 20 msec 20 msec 20 msec
  3 192.168.12.1 28 msec 24 msec 20 msec
R5#

 

Note that OSPF on R5 did not choose the shortest path to ABR (R3), but the total cost.

==> The same from area0 to non-backbone area, the router looks at the total cost of LSA3 + cost of the route inside area0

Case7:

• Traffic from R1 10.10.0.1 (area123) to R2 20.10.0.2 (area 123)
• R1 fa1/0 cost = 100

Figure10: Case7

R1#sh ip route 20.10.0.2
Routing entry for 20.10.0.2/32
  Known via "ospf 666", distance 110, metric 101, type intra area
  Last update from 192.168.12.2 on FastEthernet1/0, 00:00:11 ago
  Routing Descriptor Blocks:
  * 192.168.12.2, from 2.2.2.2, 00:00:11 ago, via FastEthernet1/0
      Route metric is 101, traffic share count is 1

R1#trace 20.10.0.2 source 10.10.0.1

Type escape sequence to abort.
Tracing the route to 20.10.0.2

  1 192.168.12.2 16 msec 12 msec 8 msec
R1#

 

R3#sh ip route 20.10.0.2
Routing entry for 20.10.0.2/32
  Known via "ospf 666", distance 110, metric 102, type intra area
  Last update from 192.168.13.1 on FastEthernet1/1, 00:01:24 ago
  Routing Descriptor Blocks:
  * 192.168.13.1, from 2.2.2.2, 00:01:24 ago, via FastEthernet1/1
      Route metric is 102, traffic share count is 1

R3#

 

Case8:

• Traffic from R1 10.10.0.1 (area123) to R2 20.10.0.2 (area 123)
• R1-R2 link down (no inter-area route to 20.10.0.2)

Figure11: Case8

R1#sh ip route 20.10.0.2
% Subnet not in table
R1#
R1#
R1#sh ip ospf database summ
R1#sh ip ospf database summary 20.10.0.2

            OSPF Router with ID (1.1.1.1) (Process ID 666)
R1#

 

R1 can no more reach the destination in the same area, though it is reachable from R3 which is itself reachable to R1

R3#sh ip route 20.10.0.2
Routing entry for 20.10.0.2/32
  Known via "ospf 666", distance 110, metric 3, type inter area
  Last update from 192.168.34.4 on FastEthernet1/2, 00:01:12 ago
  Routing Descriptor Blocks:
  * 192.168.34.4, from 2.2.2.2, 00:01:12 ago, via FastEthernet1/2
      Route metric is 3, traffic share count is 1

R3#ping 20.10.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.10.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/32 ms
R3#trace 20.10.0.2

Type escape sequence to abort.
Tracing the route to 20.10.0.2

  1 192.168.34.4 12 msec 8 msec 12 msec
  2 192.168.24.2 16 msec 24 msec 16 msec
R3#

 

OSPF will always choose the intra-area path without crossing area 0

Case9:

• Intra-area traffic from R4 40.10.0.4 (backbone) to R2 20.10.0.2 (backbone)
• R4 f1/1 cost = 100

Figure12: Case9

R4#sh ip route 20.20.0.2
Routing entry for 20.20.0.2/32
  Known via "ospf 666", distance 110, metric 101, type intra area
  Last update from 192.168.24.2 on FastEthernet1/1, 00:01:51 ago
  Routing Descriptor Blocks:
  * 192.168.24.2, from 2.2.2.2, 00:01:51 ago, via FastEthernet1/1
      Route metric is 101, traffic share count is 1

R4#trace 20.20.0.2 source 40.10.0.4

Type escape sequence to abort.
Tracing the route to 20.20.0.2

  1 192.168.24.2 20 msec 12 msec 8 msec
R4#

 

R3#sh ip route 20.20.0.2
Routing entry for 20.20.0.2/32
  Known via "ospf 666", distance 110, metric 102, type intra area
  Last update from 192.168.34.4 on FastEthernet1/2, 00:02:44 ago
  Routing Descriptor Blocks:
  * 192.168.34.4, from 2.2.2.2, 00:02:44 ago, via FastEthernet1/2
      Route metric is 102, traffic share count is 1

R3#

 

R4 chose the worse path through R2 inside the backbone without crossing non-backbone area.

Case10:

• Traffic from R1 10.10.0.2 (area123) to R2 20.20.0.2 (backbone)
• R4-R2 link down (no inter-area route to 20.20.0.2)

Figure13: Case10

R1#sh ip route 20.20.0.2
Routing entry for 20.20.0.2/32
  Known via "ospf 666", distance 110, metric 2, type inter area
  Last update from 192.168.12.2 on FastEthernet1/0, 00:00:02 ago
  Routing Descriptor Blocks:
  * 192.168.12.2, from 2.2.2.2, 00:00:02 ago, via FastEthernet1/0
      Route metric is 2, traffic share count is 1

R1#trace 20.20.0.2 source 10.10.0.2

Type escape sequence to abort.
Tracing the route to 20.20.0.2

  1 192.168.12.2 12 msec 8 msec 8 msec
R1#

R4#sh ip route 20.20.0.2
% Network not in table
R4#
R4#sh ip ospf data summ 20.20.0.2  

            OSPF Router with ID (4.4.4.4) (Process ID 666)
R4#

R3#sh ip route 20.20.0.2
% Network not in table
R3#sh ip ospf data summary  20.20.0.2

            OSPF Router with ID (3.3.3.3) (Process ID 666)

        Summary Net Link States (Area 123)

  LS age: 3429
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 20.20.0.2 (summary Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 8000001C
  Checksum: 0x17D7
  Length: 28
  Network Mask: /32
    TOS: 0     Metric: 1

R3#

Though R3 has received the summary LSA3 from R2 though the non-backbone area 123, it did not include it in the routing table, even if it is reachable from R1

Case11:

• Traffic between two non-backbone areas. From area123 to area25.
• Default interface costs

Figure14: Case11

R1#sh ip route 50.20.0.5
Routing entry for 50.20.0.5/32
  Known via "ospf 666", distance 110, metric 3, type inter area
  Last update from 192.168.12.2 on FastEthernet1/0, 00:02:54 ago
  Routing Descriptor Blocks:
  * 192.168.12.2, from 2.2.2.2, 00:02:54 ago, via FastEthernet1/0
      Route metric is 3, traffic share count is 1

R1#trace 50.20.0.5 source 10.10.0.1

Type escape sequence to abort.
Tracing the route to 50.20.0.5

  1 192.168.12.2 16 msec 0 msec 8 msec
  2 192.168.25.5 20 msec 24 msec 32 msec
R1#

From R1, OSPF will choose the path with the lowest total cost within area 123, the backbone and area 25. This happens to be the path through R2, which is directly connected to area25. This seems to defeat the rule B, but it doesn’t, because the ABR R2 has an interface in the backbone.

Case12:

• Traffic generated from R2: 20.10.0.2 (area 123) to R5 50.20.0.5 (area 25).
• R2 fa1/2 cost = 100

Figure15: Case12

R2(config-if)#do sh ip route 50.20.0.5           
Routing entry for 50.20.0.5/32
  Known via "ospf 666", distance 110, metric 101, type intra area
  Last update from 192.168.25.5 on FastEthernet1/2, 00:04:03 ago
  Routing Descriptor Blocks:
  * 192.168.25.5, from 5.5.5.5, 00:04:03 ago, via FastEthernet1/2
      Route metric is 101, traffic share count is 1

R2(config-if)#
R2(config-if)#do trace 50.20.0.5 source 20.10.0.2

Type escape sequence to abort.
Tracing the route to 50.20.0.5

  1 192.168.25.5 20 msec 24 msec 20 msec
R2(config-if)#

Even though inter-area link cost is made worse (higher cost), R2 ospf will choose the shortest path without crossing the backbone.

Case13:

• R2 fa1/1 Down

Figure16: Case13

R2#sh ip route 50.20.0.2
% Subnet not in table
R2#

R1#sh ip route 50.20.0.5           
Routing entry for 50.20.0.5/32
  Known via "ospf 666", distance 110, metric 4, type inter area
  Last update from 192.168.13.3 on FastEthernet1/1, 00:08:28 ago
  Routing Descriptor Blocks:
  * 192.168.13.3, from 3.3.3.3, 00:12:15 ago, via FastEthernet1/1
      Route metric is 4, traffic share count is 1

R1#trace 50.20.0.5 source 10.10.0.1

Type escape sequence to abort.
Tracing the route to 50.20.0.5

  1 192.168.13.3 12 msec 8 msec 8 msec
  2 192.168.34.4 16 msec 16 msec 20 msec
  3 192.168.45.5 20 msec 28 msec 28 msec
R1#

Note that, as soon as R2 interface connected to the backbone is down, R2 can no more reach area25. And R1 will turn to the path advertised through R3.

Case14:

• R2 fa1/1 Down
• R1 fa1/1 Down

Figure17: Case14

R1#sh ip route 50.20.0.5           
% Network not in table
R1#t  

Even though R1 link to R2 is up and R2 link (area 25) to R5 is up, R1 will not be able to use the inter-area path, because it doesn’t cross the backbone (not even a connected interface to the backbone).

 

 

DMVPN animation

Here is an interactive animation of DMVPN (Dynamic Multipoint VPN), followed by a detailed offline lab (a snapshot of the topology under test with hopefully all commands needed for analysis and study).

Finally, check your understanding of the fundamental concepts by taking a small quiz.

Studied topology:

Animation

Offline Lab

You might consider the following key points for troubleshooting:

Routing protocols:

To avoid RPF failure, announce routing protocols only through tunnel interfaces.

EIGRP

• Turn off “next-hop-self” to makes spokes speak directly. Without it traffic between spokes will always pass through the HUB and NHRP resolution will not occur.
• Turn off “split-horizon” to allow eigrp to advertise a received route from one spoke to another spoke through the same interface.
• Turn off sumarization
• Pay attention to the bandwidth required for EIGRP communication. requires BW > tunnel default BW “bandwidth 1000”

OSPF

• “ip ospf network point-to-multipoint”, allows only phase1 (Spokes Data plane communication through the HUB)
• “ip ospf broadcast” on all routers allows Phase2 (Direct Spoke-to-spoke Data plane communication)
• Set the ospf priority on the HUBs (DR/BDR) to be bigger than the priority on spokes (“ip ospf priority 0”).
• Make sure OSPF timers match if spokes and the HUB use different OSPF types.
• Because spokes are generally low-end devices, they probably can’t cope with LSA flooding generated within the OSPF domain. Therefore, it’s recommended to make areas Stubby (filter-in LSA5 from external areas) or totally stubby (neither LSA5 nor inter-area LSA3 are accepted)

Make sure appropriate MTU value matches between tunnel interfaces (“ip mtu 1400 / ip tcp mss-adjust 1360”)

Consider the OSPF scalability limitation (50 routers per area). OSPF requires much more tweekening for large scale deployments.

Layered approach:

DMVPN involves multiple layers of technologies (mGRE, routing, NHRP, IPSec), troubleshooting an issue can be very tricky.

To avoid cascading errors, test your configuration after each step and move forward only when the current step works fine. For example: IPSec encryption is not required to the functioning of DMVPN, so make sure your configuration works without it and only then you add it (set IPSEc parameters and just add “tunnel protection ipsec profile” to the tunnel interface).

Quiz

Read more of this post

OSPF external E1, E2, N1, N2…Who is the winner?

This lab focuses on route selection mechanism of OSPF external routes. The complexity of OSPF selection process is due to its inherent hierarchical structure.

The following selection order should be familiar to you:

1. intra-area (O)
2. inter-area (IA)
3. external routes

OSPF provides more flexibility for external routes by manipulating the following criteria:

• Regular areas or NSSA (Not So Stubby Area)
• type1 or type2
• total cost, cost to ABR and cost to ASBR

The idea is to provide a lab topology in which all types of external routes are artificially available in the same time to the main router (R1). This is done by injecting an overlapping prefix 10.10.10.1/32 through different areas into the same OSPF process.

R1(made the DR) is configured not to advertise LSAs and prefixes between its interfaces.

Each lab starts with all paths available (case1), then the forwarding interface of the best elected path is shutdown (case2) to see who is the next best route. And so on until the last preferable path.

Three topologies are used to narrow down the tests:

• The 1^st lab (Mix of external routes): Compare all types of external routes
• The 2^nd lab (All E2): Compare E2 routes with the same redistribution cost, but different costs to ABR and costs to ASBR.
• The 3^rd lab (All E1): Compare E1 routes with the same total cost, but different costs to ABR and costs to ASBR.

For each lab, the following is provided:

• Lab topology
• The result table for studied cases
• Verification commands
• An offline lab (A comprehensive report of the network state during each test case)

To keep visible the general structure of the post, verifications commands, configuration listings and the gory details of router configurations are kept in compact flash boxes with selectable text.

Lab1

Lab1 topology

Table1: Lab1 (Mix of external routes)

Case	Route type	Route cost	Next-hop	Cost to ABR	Cost to ASBR From ABR (LSA4)	ASBR	Redistribution Cost
1	E1	22	192.168.121.2	1	1	192.168.61.8	20
2	E1	22	192.168.121.2	1	64	192.168.62.8	20
3	N1	30	192.168.161.6		10	192.168.161.6	20
4	N1	84	192.168.162.6		64	192.168.162.6	20
5	E1	85	192.168.122.2	64	64	192.168.62.8	20
***	N2	20	192.168.163.7		1	192.168.163.7	20
6	N2	20	192.168.164.7		64	192.168.164.7	20
7	E2	83	192.168.131.3	1	62	192.168.63.9	20
8	E2	83	192.168.131.3	1	64	192.168.64.9	20
9	E2	83	192.168.132.3	64	64	192.168.64.9	20

*** During the automatic testing the link from R1 to R2 (192.168.167) was unstable, so R1 RIB didn’t take it into account. But, theoretically it should be there.

Results:

Obviously OSPF consider type1 before type2 as indicated by RFC2328 (http://www.ietf.org/rfc/rfc2328.txt)

… There are four possible types of paths used to route traffic to the destination, listed here in decreasing order of preference: intra-area, inter-area, type 1 external or type 2 external. …

Knowing that type 1 cost is equal to the total cost of the route (redistribution cost + cost inside OSPF domain), OSPF does not differentiate between external routes from regular areas and NSSA areas. The one with the lowest total cost wins (N1 and E1 in table1).

Lab1 verification commands

Lab1 offline

Lab2 (All E2)

Lab2 topology

According to lab1 results, though the cost of type 2 route is equal to the cost of the redistribution, it looks like among routes with the same cost OSPF considers other criteria.

Let’s consider a separated lab to compare routes with the same redistribution cost but different combinations of (cost to ABR + cost to ASBR).

Table2: Lab2 (All E2)

Case	Route type	Route cost	Next-hop	Cost to ABR	Cost to ASBR From ABR (LSA4)	Redistribution Cost
1	E2	20	192.168.163.7	1	1	20
2	E2	20	192.168.162.6	64	1	20
	E2	20	192.168.131.3	1	64	20
3	E2	20	192.168.122.2	64	64	20

Results:

According to the table, even though E2 cost is equal to the cost of redistribution, among routes with the same cost, OSPF consider the total cost as the tie breaker.

E2 selection process: Redistribution cost Total cost Multiple path installed

Lab2 verification commands

Lab2 offline

Lab3 (All E1)

Lab3 topology

Table3: Lab3 (All E1)

Case	Route type	Route cost	Next-hop	Cost to ABR	Cost to ASBR From ABR (LSA4)	Redistribution Cost
1	E1	148	192.168.163.7	1	1	146
	E1	148	192.168.162.6	64	1	83
	E1	148	192.168.131.3	1	64	83
	E1	148	192.168.122.2	64	64	20

Results

For E1 routes, it looks like nothing counts but the total cost.

Lab3 verification commands

Lab3 offline

Conclusion

According to lab results, OSPF external route selection process works as follow:

External routes type 1: Lowest total cost Multipath External routes type 2: Redistribution cost Total cost Multipath

Administrative Distance, prefix length, metric… Who is the winner?

• The Concept
  
• Procedural tasks
  
• Result table
  
• Conclusion
  

The concept

The idea of the lab is to test the RIB best route election criteria of a border router. To do so, four overlapping subnets are configured in different parts of the network and available to a border router through different routing protocols. One of them is directly connected.

All prefixes are made available and reachable in the same time to see who is going to be elected as best route, then remove the winner from the competition by making the corresponding path unavailable and iterate the selection process until the last path.

One directly connected segment and three routing protocols, so four administrative distances: directly connected (AD=0), RIP(AD=120),OSPF(AD=110) and EIGRP internal(AD=90).

Each protocol has two unequal paths (different metrics) to reach the same prefix.

Prefix masks are configured to be inversely proportional to routing protocol administrative distances.

Lab topology

Procedural tasks

For each test case, the routing table is checked for the best route, a trace route to check the path and make the winner path unavailable.

Result table

Classification	Mask length	metric	AD	prefix	Path	Routing protocol
4	28	110	110	192.168.1.64	A	OSPF
3		74		192.168.1.64	B
1	29	1	120	192.168.1.64	C	RIP
2		2		192.168.1.64	D
6	27	32195456	90	192.168.1.64	E	EIGRP
5		2195456		192.168.1.64	F
7	26	0	0	192.168.1.64	G	– Directly connected

RIB looks at the mask length first. The directly connected prefix with the shortest mask length is considered last as the longer the mask, the more accurate the prefix.

Conclusion

With the same prefix and different mask lengths, the border router considers the following criteria in order of preference:

1. Longest mask among all routing protocols
2. Lowest cost with the same routing protocol

Routing Protocol Redistribution and Path optimization

Case A: Redistribution from one routing domain into another with higher (worse) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is OSPF (AD=110) and the destination administrative domain is EIGRP (internal prefix AD =90 and external prefix AD = 170).

Picture 1: Lab High level design

Picture 2: Low level design

• redistribute 33.33.33.0/24 (external domain/connected) into OSPF at R3
  

router ospf 123 redistribute connected route-map rmap-connnected subnets ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24 route-map rmap-connnected permit 10 match ip address prefix-list pfx-33 set tag 133

Picture 3: redistribution at R3:

• Mutual redistribution between EIGRP & OSPF at R2
  

router eigrp 124 redistribute ospf 123 route-map to-eigrp metric 1500 1 100 1 1500 !router ospf 123 network 192.168.23.0 0.0.0.255 area 0 redistribute eigrp 124 subnets route-map to-ospf ip prefix-list eigrp-pfx seq 5 permit 192.168.14.0/24 ip prefix-list eigrp-pfx seq 15 permit 192.168.24.0/24 ! ip prefix-list ospf-pfx seq 5 permit 192.168.23.0/24 ip prefix-list ospf-pfx seq 15 permit 192.168.13.0/24 ip prefix-list ospf-pfx seq 25 permit 33.33.33.0/24 route-map to-ospf permit 10 match ip address prefix-list eigrp-pfx set tag 100 ! route-map to-eigrp permit 10 match ip address prefix-list ospf-pfx set tag 324

Picture4: Mutual redistribution between EIGRP & OSPF at R2

Beware! IOS will not alert you in case of the following errors during redistribution: Wrong route map name Wrong ACL/prefix-list name inside the route-map Default metric not configured (EIGRP/OSPF/IS-IS)

• test connectivity from the BR R1
  

  Picture 5: primary path
  

  
  

R1#sh ip eigrp topology IP-EIGRP Topology Table for AS(124)/ID(11.11.11.11) Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply, r – reply Status, s – sia Status P 33.33.33.0/24, 0 successors, FD is Inaccessible, tag is 324 via 192.168.14.4 (1757952/1732352), FastEthernet0/0 P 192.168.13.0/24, 0 successors, FD is Inaccessible, tag is 324 via 192.168.14.4 (1757952/1732352), FastEthernet0/0 P 192.168.14.0/24, 1 successors, FD is 281600 via Connected, FastEthernet0/0 P 192.168.24.0/24, 1 successors, FD is 307200 via 192.168.14.4 (307200/281600), FastEthernet0/0 P 192.168.23.0/24, 0 successors, FD is Inaccessible, tag is 324 via 192.168.14.4 (1757952/1732352), FastEthernet0/0 R1#

R1#ping 33.33.33.33 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/64 ms R1#trace 33.33.33.33 Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.13.3 68 msec * 52 msec R1#

• Simulate a failure on R3 fa0/1
  

  A link failure is simulated by shuting down R3 fa0/1 interface to check path redundancy

R3(config-if)#int fa0/1 R3(config-if)#sh R3(config-if)# *Mar 1 01:00:07.515: %OSPF-5-ADJCHG: Process 123, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 01:00:09.487: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down *Mar 1 01:00:10.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config-if)#

• Test connectivity at R1
  

  Picture6: path redundancy
  

  

R1#route4 … 33.0.0.0/24 is subnetted, 1 subnets D EX 33.33.33.0 [170/1757952] via 192.168.14.4, 00:00:01, FastEthernet0/0 … R1#

Only in the absence of a better choice R1 chose EIGRP path through external domain

R1#ping 33.33.33.33 source 192.168.14.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds: Packet sent with a source address of 192.168.14.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/139/220 ms R1#

R1# R1#trace 33.33.33.33 source 192.168.14.1 Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.14.4 112 msec 32 msec 44 msec 2 192.168.24.2 44 msec 36 msec 56 msec 3 192.168.23.3 64 msec * 88 msec R1#

Case B: Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination administrative is domain OSPF with a better AD of 110.

Picture 1: Lab High level design

Picture 2: Low level design

• redistribute 33.33.33.0/24 (external domain/connected) into EIGRP at R3
  

  The network 33.33.33.0/24 can be a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

  Because EIGRP differentiate between internal and external prefixes by assigning different Administrative Distances, the prefix 33.33.33.0/24 become (D EX) with AD=170.

router eigrp 123 redistribute connected metric 1500 1 100 1 1500 route-map rmap-connnected ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24 route-map rmap-connnected permit 10 match ip address prefix-list pfx-33 set tag 133

Picture 3: redistribution at R3:

• Mutual redistribution between EIGRP & OSPF at R2
  

  For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2 and 11.11.11.0/24 is redistributed into OSPF on R1 to check connectivity between 11.11.11.11 and 33.33.33.33

  R2:
  

router eigrp 123 redistribute ospf 124 route-map to-eigrp metric 1500 1 100 1 1500 ! router ospf 124 redistribute eigrp 123 subnets route-map to-ospf ip prefix-list eigrp-pfx seq 5 permit 192.168.23.0/24 ip prefix-list eigrp-pfx seq 15 permit 192.168.13.0/24 ip prefix-list eigrp-pfx seq 25 permit 33.33.33.0/24 ! ip prefix-list ospf-pfx seq 5 permit 192.168.14.0/24 ip prefix-list ospf-pfx seq 15 permit 192.168.24.0/24 ip prefix-list ospf-pfx seq 25 permit 11.11.11.0/24 ! route-map to-ospf permit 10 match ip address prefix-list eigrp-pfx set tag 100 route-map to-eigrp permit 10 match ip address prefix-list ospf-pfx set tag 324

R1:

router ospf 124 redistribute eigrp 123 subnets route-map to-ospf ! ip prefix-list 11-pfx seq 5 permit 11.11.11.0/24 ! route-map to-ospf permit 10 match ip address prefix-list 11-pfx

Picture4: Mutual redistribution between EIGRP & OSPF at R2

Beware! IOS will not alert you in case of the following errors during redistribution: Wrong route map name Wrong ACL/prefix-list name inside the route-map Default metric not configured (EIGRP/OSPF/IS-IS)

• test connectivity from the BR R1
  

R1#route4… 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:09:11, FastEthernet0/0 … R1#

R1#sh ip eigrp topology IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1) Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply, r – reply Status, s – sia Status P 11.11.11.0/24, 1 successors, FD is 128256 via Connected, Loopback11 P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200 via Redistributed (1706752/0) P 192.168.13.0/24, 1 successors, FD is 281600 via Connected, FastEthernet0/1 R1#

R1#ping 33.33.33.33 source 11.11.11.11Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds: Packet sent with a source address of 11.11.11.11 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 124/129/132 ms R1# R1#trace 33.33.33.33 source 11.11.11.11 Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.14.4 96 msec 32 msec 0 msec 2 192.168.24.2 76 msec 36 msec 36 msec 3 192.168.23.3 32 msec * 176 msec R1#

Picture 5: primary path

Note that the primary path is through OSPF domain (suboptimal) because R1 has received the prefix 33.33.33.0/24 from R4 as an external OSPF prefix with (AD=110) which is better than the same prefix received from R1 through an external EIGRP with AD=170.

The same prefix is also present in EIGRP topology table.

• Solutions :
  

  5.1- Control paths by controlling the redistribution on the border routers: This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain. 5.2- Change the AD per-prefix: In case you need to guarantee route redundancy for internal traffic even through external domains. 5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list. 5.4- Perform summarization to shorter subnet mask  So at the destination router receiving the update, the longest prefix is selected.

5.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

5.2- Change the AD per-prefixes:

router ospf 124 distance 180 192.168.14.4 0.0.0.0 ACL33 ! ip access-list standard ACL33 permit 33.33.33.0 0.0.0.255 log

We need to clear OSPF process locally for the changes to take effect.

R1#clear ip ospf pr Reset ALL OSPF processes? [no]: yes R1# *Mar 1 00:42:32.291: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 00:42:32.851: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done R1#

R1#sh ip route … Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1 D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1 D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:21:44, FastEthernet0/1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 44.0.0.0/32 is subnetted, 1 subnets O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:00, FastEthernet0/0 R1#

Now the RIB has chosen the path provided by EIGRP, let’s take a look at OSPF database:

R1#sh ip ospf data OSPF Router with ID (1.1.1.1) (Process ID 124) … Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 11.11.11.0 1.1.1.1 277 0x80000002 0x003A40 0 33.33.33.0 2.2.2.2 811 0x80000002 0x0010BF 100 192.168.13.0 2.2.2.2 1581 0x80000001 0x007944 100 192.168.23.0 2.2.2.2 811 0x80000002 0x0009A9 100 R1#

OSPF prefix 33.33.33.0/24 is still there but with a worse administrative distance of 180.

We can verify it by simulating a failure between R1 and R3, let’s see the result at R1:

R3(config-if)#int fa0/1R3(config-if)#sh R3(config-if)# *Mar 1 00:49:30.591: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.13.1 (FastEthernet0/1) is down: interface down *Mar 1 00:49:32.503: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down *Mar 1 00:49:33.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config-if)#

R1#sh ip route … Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0 O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0 O E2 192.168.23.0/24 [110/20] via 192.168.14.4, 00:01:13, FastEthernet0/0 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 44.0.0.0/32 is subnetted, 1 subnets O 44.44.44.44 [110/11] via 192.168.14.4, 00:08:13, FastEthernet0/0 R1#

5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

R1(config-router)#do route4 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0 O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0 D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:00:37, FastEthernet0/1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 44.0.0.0/32 is subnetted, 1 subnets O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:03, FastEthernet0/0 R1(config-router)#

R1:

router ospf 124 distribute-list ACL_NO_33 in FastEthernet0/0 ! ip access-list standard ACL_NO_33 deny 33.33.33.0 0.0.0.255

Clear OSPF process for filtering to take effect

R1#clear ip ospf pro Reset ALL OSPF processes? [no]: yes R1# *Mar 1 05:58:23.862: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 05:58:24.266: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#route4 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1 D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1 D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:04:17, FastEthernet0/1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 R1#

5.4- Prefix summarization:

Let’s perform summarization of the prefix 33.33.33.0/24 on R3 to a shorter mask length of /16 before announcing it to R1.

R4 before summarization:

R4#s ip route … 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.24.2, 00:16:28, FastEthernet0/1 … R4#

R1 before summarization:

R1(config-router)#do s ip route … 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:15, FastEthernet0/0 … R1(config-router)#

R1 EIGRP topology

R1(config-router)#do s ip eigrp topo IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1) … via Connected, Loopback11 P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200 via Redistributed (1706752/0) …. R1(config-router)#

For the sake of route consistency inside areas, summarization has to be done at the ABR or ASBR.

Summarization on R3 (ASBR router):

R2(config)#router ospf 124R2(config-router)#summary-address 33.33.0.0 255.255.0.0 tag 666

Now let’s take a look again at the routing table of R1:

R1#route4 … 33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O E2 33.33.0.0/16 [110/20] via 192.168.14.4, 00:07:43, FastEthernet0/0 D EX 33.33.33.0/24 [170/1732352] via 192.168.13.3, 00:07:43, FastEthernet0/1 … R1#

R1 has received the summary address 33.0.0.0/16 and consider it as different from 33.33.33.0/24 received through EIGRP.

To forward traffic, RIB chooses the longest match i.e. 33.33.33.0/24

R1#trace 33.33.33.33 source 11.11.11.11Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.13.3 48 msec * 24 msec R1#

Conclusion

The following are the techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute. 2- Manipulate AD per-prefix (be careful with this technique!) 3- Filter prefixes from IGPs into the routing table using inbound distribute-list. 4- Summarization to shorter subnet mask on the source router.

OSPF Interactive troubleshooting

This is the second post of the series “Interactive troubleshooting” in effort to “procedurize” troubleshooting process and develop a more efficient and systematic approach.

The initial reference document is Cisco OSPF troubleshooting flowchart.

The document is subject to ongoing change, so your feedback is welcome.

Here is the remote link to the OSPF interactive troubleshooting

Below an attempt to embedd the flash content locally.

OSPF loopback network type

The main advantage of OSPF over other IGP protocols is its organizational aspect, it brings routing design efforts down to the infrastructure, providing better stability and faster troubleshooting.

OSPF network type classification is an example of this organization. In production environment you certainly have been dealing with  “point-to-point”, “broadcast”, ”NBMA”,  “point-to-multipoint” and “point-to-multipoint-non Broadcast” but less with “loopback” type.

“Loopback” type is frequently used in testbeds and lab environments to imitate subnet segments, but there is some limitations related to this network type. The purpose of this lab is enumerate different methods that will help get rid of these limitations to make the lab topology as close as possible to the production environment.

Figure1 shows an example of Lab topology in which a loopback interfaces are used:

Figure1: topology

R3:

R3#sh ip ospf int loo1 Loopback1 is up, line protocol is up   Internet Address 30.0.0.1/24, Area 23   Process ID 10, Router ID 3.3.3.3, Network Type LOOPBACK, Cost: 1   Loopback interface is treated as a stub Host R3#

 

R3#sh ip ospf int loo2 Loopback2 is up, line protocol is up   Internet Address 33.33.33.33/16, Area 23   Process ID 10, Router ID 3.3.3.3, Network Type LOOPBACK, Cost: 1   Loopback interface is treated as a stub Host R3#

All loopback interfaces are considered as OSPF “LOOPBACK” network type and treated as stub host.

Stub hosts are visible to the routing protocols but not used for forwarding.

Loopback interface is advertised as a host with /32 mask as shown below from the routing table of other OSPF routers:

R2:

R2#sh ip route …   Gateway of last resort is not set        33.0.0.0/32 is subnetted, 1 subnets O       33.33.33.33 [110/2] via 10.32.129.3, 00:03:48, FastEthernet0/0      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks C       10.1.1.0/24 is directly connected, FastEthernet2/0 O       10.0.0.1/32 [110/2] via 10.32.1.1, 00:12:06, FastEthernet1/0 C       10.32.0.0/17 is directly connected, FastEthernet1/0 C       10.32.128.0/17 is directly connected, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O       30.0.0.1 [110/2] via 10.32.129.3, 00:03:48, FastEthernet0/0 R2#

To change this and make OSPF advertise routes such 33.33.33.33 with its subnet mask, three methods area used:

1           If the area to which the loopback belongs is contiguous to area 0:

1.1          Change loopback OSPF network type.

1.2          Summarize loopback IP (as from ABR).

2           If the area to which the loopback belongs is non-contiguous to area 0, join the two area using traditional methods (OSPF virtual links or GRE/IPIP tunneling) in addition to either (1.1) or (1.2).

3           Redistribute connected (as from ASBR).

 

1.1- Directly change OSPF interface type

In this section we consider R3 loopback1 interface as it belongs to area 23 contiguous to area0 (figure2), the interface type is changed to point-to-point and the route to the interface is seen as intra-area route.

Figure2: case1 topology

R3:

R3(config-router)#int loo2 R3(config-if)#ip ospf network point-to-point

 

R3(config-if)#do sh ip ospf int loo2 Loopback2 is up, line protocol is up   Internet Address 33.33.33.33/16, Area 23   Process ID 10, Router ID 3.3.3.3, Network Type POINT_TO_POINT, Cost: 1   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     oob-resync timeout 40   Supports Link-local Signaling (LLS)   Index 3/3, flood queue length 0   Next 0x0(0)/0x0(0)   Last flood scan length is 0, maximum is 0   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 0, Adjacent neighbor count is 0   Suppress hello for 0 neighbor(s) R3(config-if)#

Now the interface is recognized as point-to-point and advertised with its configured subnet mask:

R2:

R2#sh ip route …   Gateway of last resort is not set        33.0.0.0/16 is subnetted, 1 subnets O       33.33.0.0 [110/2] via 10.32.129.3, 00:09:45, FastEthernet0/0      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks C       10.1.1.0/24 is directly connected, FastEthernet2/0 O       10.0.0.1/32 [110/2] via 10.32.1.1, 01:13:14, FastEthernet1/0 C       10.32.0.0/17 is directly connected, FastEthernet1/0 C       10.32.128.0/17 is directly connected, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O       30.0.0.1 [110/2] via 10.32.129.3, 00:09:45, FastEthernet0/0 R2#

 

1.2- Summarize loopback IP:

Let’s consider R2 loopback2:

R2(config-router)#do sh ip ospf int loo1 Loopback1 is up, line protocol is up   Internet Address 22.22.22.22/16, Area 23   Process ID 10, Router ID 2.2.2.2, Network Type LOOPBACK, Cost: 1   Loopback interface is treated as a stub Host R2(config-router)#

The interface is configured to belong to area 23, and summarized using area range command because R2 is an ABR, consequently it will be advertised as “O IA» an inter-area type route:

R1:

R1(config-router)#do sh ip route Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area        N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2        E1 – OSPF external type 1, E2 – OSPF external type 2        i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2        ia – IS-IS inter area, * – candidate default, U – per-user static route        o – ODR, P – periodic downloaded static route   Gateway of last resort is not set        33.0.0.0/32 is subnetted, 1 subnets O IA    33.33.33.33 [110/3] via 10.32.1.2, 00:20:39, FastEthernet0/0      22.0.0.0/16 is subnetted, 1 subnets O IA    22.22.0.0 [110/2] via 10.32.1.2, 00:00:10, FastEthernet0/0      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C       10.1.1.0/24 is directly connected, FastEthernet1/0 C       10.0.0.0/24 is directly connected, Loopback1 C       10.32.0.0/17 is directly connected, FastEthernet0/0 O IA    10.32.128.0/17 [110/2] via 10.32.1.2, 02:05:16, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O IA    30.0.0.1 [110/3] via 10.32.1.2, 02:05:16, FastEthernet0/0 R1(config-router)#

However, it is still treated by R2 as STUB host; loopback interface IP address is advertised with its configured subnet mask /16:

R2:

R2(config-router)#do sh ip ospf int loo1 Loopback1 is up, line protocol is up   Internet Address 22.22.22.22/16, Area 23   Process ID 10, Router ID 2.2.2.2, Network Type LOOPBACK, Cost: 1   Loopback interface is treated as a stub Host R2(config-router)#

R1:

R1(config-router)#do sh ip route Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area        N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2        E1 – OSPF external type 1, E2 – OSPF external type 2        i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2        ia – IS-IS inter area, * – candidate default, U – per-user static route        o – ODR, P – periodic downloaded static route   Gateway of last resort is not set        33.0.0.0/32 is subnetted, 1 subnets O IA    33.33.33.33 [110/3] via 10.32.1.2, 00:20:39, FastEthernet0/0      22.0.0.0/16 is subnetted, 1 subnets O IA    22.22.0.0 [110/2] via 10.32.1.2, 00:00:10, FastEthernet0/0      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C       10.1.1.0/24 is directly connected, FastEthernet1/0 C       10.0.0.0/24 is directly connected, Loopback1 C       10.32.0.0/17 is directly connected, FastEthernet0/0 O IA    10.32.128.0/17 [110/2] via 10.32.1.2, 02:05:16, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O IA    30.0.0.1 [110/3] via 10.32.1.2, 02:05:16, FastEthernet0/0 R1(config-router)#

 

2- Non-contiguous area:

a)  With R3 loopback IP in a different area than 23 (figure3), we can apply virtual-link to join the non-contiguous area to the backbone through regular area 23.

Figure3: non-contiguous areas

R3:

router ospf 10  network 33.33.0.0 0.0.255.255 area 33

 

Interface  Loopback 2  ip ospf network point-to-point

 

area 23 virtual-link 2.2.2.2

R2:

area 23 virtual-link 3.3.3.3

R2:

R2#sh ip route Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area        N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2        E1 – OSPF external type 1, E2 – OSPF external type 2        i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2        ia – IS-IS inter area, * – candidate default, U – per-user static route        o – ODR, P – periodic downloaded static route   Gateway of last resort is not set        33.0.0.0/16 is subnetted, 1 subnets O IA    33.33.0.0 [110/2] via 10.32.129.3, 00:00:26, FastEthernet0/0      22.0.0.0/16 is subnetted, 1 subnets C       22.22.0.0 is directly connected, Loopback1      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks C       10.1.1.0/24 is directly connected, FastEthernet2/0 O       10.0.0.1/32 [110/2] via 10.32.1.1, 00:06:10, FastEthernet1/0 C       10.32.0.0/17 is directly connected, FastEthernet1/0 C       10.32.128.0/17 is directly connected, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O       30.0.0.1 [110/2] via 10.32.129.3, 00:06:10, FastEthernet0/0 R2#

 

b) Another alternative to Virtual-links is GRE/IPIP tunneling, whether it is GRE or IPIP it depends on your needs, GRE has the advantage of supporting other layer 3 protocols against only “IP” for IPIP, both cases are presented here:

R2:

interface Tunnel0  ip address 1.1.1.6 255.255.255.252  ip ospf 10 area 33  tunnel source FastEthernet0/0  tunnel destination 10.32.129.3  tunnel mode ipip

Actually, the tunnel subnet belongs to the same area as R3 loopback2 IP, area 33 to make it directly connected to area 0 through R2.

The only difference in configuration with GRE tunneling is mode as shown in the following line:

tunnel mode gre ip

R3 :

interface Tunnel0  ip address 1.1.1.5 255.255.255.252  ip ospf 10 area 33  tunnel source FastEthernet0/0  tunnel destination 10.32.129.2  tunnel mode ipip

Figure3 illustrates the logical topology using GRE/IPIP tunnels

Figure3: logical topology with GRE/IPIP tunnels

R2:

R2#sh int tunn 0 Tunnel0 is up, line protocol is up   Hardware is Tunnel   Internet address is 1.1.1.6/30   MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,      reliability 255/255, txload 1/255, rxload 1/255   Encapsulation TUNNEL, loopback not set   Keepalive not set   Tunnel source 10.32.129.2 (FastEthernet0/0), destination 10.32.129.3   Tunnel protocol/transport IP/IP   Tunnel TTL 255   Fast tunneling enabled   Tunnel transmit bandwidth 8000 (kbps)   Tunnel receive bandwidth 8000 (kbps) …

 

R2#sh ip route …   Gateway of last resort is not set        1.0.0.0/30 is subnetted, 1 subnets C       1.1.1.4 is directly connected, Tunnel0      33.0.0.0/16 is subnetted, 1 subnets O       33.33.0.0 [110/11112] via 1.1.1.5, 00:56:19, Tunnel0      22.0.0.0/16 is subnetted, 1 subnets C       22.22.0.0 is directly connected, Loopback1      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks C       10.1.1.0/24 is directly connected, FastEthernet2/0 O       10.0.0.1/32 [110/2] via 10.32.1.1, 00:55:59, FastEthernet1/0 C       10.32.0.0/17 is directly connected, FastEthernet1/0 C       10.32.128.0/17 is directly connected, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O       30.0.0.1 [110/2] via 10.32.129.3, 00:55:59, FastEthernet0/0 R2#

Do not forget that for R3 Loopback2 subnet to be announced with its subnet mask you have to either change the interface OSPF network type or perform summarization at R2 (the ABR between area 33 and area 0).

R1:

R1#sh ip route …   Gateway of last resort is not set        1.0.0.0/30 is subnetted, 1 subnets O IA    1.1.1.4 [110/11112] via 10.32.1.2, 01:06:07, FastEthernet0/0      33.0.0.0/16 is subnetted, 1 subnets O IA    33.33.0.0 [110/11113] via 10.32.1.2, 01:06:07, FastEthernet0/0      22.0.0.0/16 is subnetted, 1 subnets O IA    22.22.0.0 [110/2] via 10.32.1.2, 01:06:07, FastEthernet0/0      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C       10.1.1.0/24 is directly connected, FastEthernet1/0 C       10.0.0.0/24 is directly connected, Loopback1 C       10.32.0.0/17 is directly connected, FastEthernet0/0 O IA    10.32.128.0/17 [110/2] via 10.32.1.2, 01:06:07, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O IA    30.0.0.1 [110/3] via 10.32.1.2, 01:06:07, FastEthernet0/0 R1#

Finally, the verification that traffic destined to R2 loopback2 takes the configured tunnel:

R1#trace 33.33.33.33 source 10.0.0.1   Type escape sequence to abort. Tracing the route to 33.33.33.33     1 10.32.1.2 68 msec 72 msec 44 msec   2 1.1.1.5 88 msec *  104 msec R1#

 

3- Route redistribution:

Let’s go back to loopback 2 interface defined in R3, it doesn’t matter whether the loopback interface IP is announced with OSPF or not, as soon as redistribute connected is configured, the route will be announced as external type E2 route and we will lose control over it, though it is configured inside our OSPF domain:

R3:

R3(config-if)#do sh ip ospf int loo2 %OSPF: OSPF not enabled on Loopback2 R3(config-if)#

 

R3(config-router)#redistribute connected subnet

R2:

R2(config-router)#do sh ip route Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area        N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2        E1 – OSPF external type 1, E2 – OSPF external type 2        i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2        ia – IS-IS inter area, * – candidate default, U – per-user static route        o – ODR, P – periodic downloaded static route   Gateway of last resort is not set        33.0.0.0/16 is subnetted, 1 subnets O E2    33.33.0.0 [110/20] via 10.32.129.3, 00:00:51, FastEthernet0/0      22.0.0.0/16 is subnetted, 1 subnets C       22.22.0.0 is directly connected, Loopback1      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks C       10.1.1.0/24 is directly connected, FastEthernet2/0 O       10.0.0.1/32 [110/2] via 10.32.1.1, 00:32:49, FastEthernet1/0 C       10.32.0.0/17 is directly connected, FastEthernet1/0 C       10.32.128.0/17 is directly connected, FastEthernet0/0      30.0.0.0/32 is subnetted, 1 subnets O       30.0.0.1 [110/2] via 10.32.129.3, 00:00:56, FastEthernet0/0 R2(config-router)#

 

R2(config-router)#do sh ip ospf data               OSPF Router with ID (2.2.2.2) (Process ID 10)   …                   Type-5 AS External Link States   Link ID         ADV Router      Age         Seq#       Checksum Tag 33.33.0.0       3.3.3.3         456         0x80000001 0x005101 0 R2(config-router)#

 

SUMMARY

The /32 advertisement limitation of loopback interfaces can be overcome by either changing OSPF network type to point-to-point or creating summary route with the desired mask.

In case the loopback interface belongs to a non-contiguous area use either OSPF virtual-links or GRE/IPIP tunnels to join it to area 0.

 

Tags: OSPF