Cisco: OSPF design

Posted: 12/06/2012 in Cisco
Tags: , , , , , , , , ,

In this design I decided to summarize all OSPF information I’ve got during my CCNP preparations. You can find here OSPF basic configuration, route summarization, stub areas, linked areas, route redistribution from EIGRP to OSPF and vice versa, authentication, etc.

Step 1: Basic network configuration

The draft above shows complete network design, some parts must be already configured:
1) There are three ABR routers in Area 0, one of them is ASBR, because it has connections outside OSPF routing domain.
2) Different OSPF areas: Area 0 is the backbone area, Areas 3 is the regular areas, Area 5 is transit, Area 10 is linked area (I’ll show later how to link it).
3) R5 is the EIGRP router, the same will be also configured on R1 in additional to OSPF.
4) Configure IP ranges and loopback interfaces on R5, R8 and on ISP (Internet connectivity emulation).
Every router has loopback IP according to its name (1.1.1.1 for R1, 8.8.8.8 for R8…).
5) To check Internet connectivity NAT overload must be configured on R1 to reach 50.50.1.1.
I’m not going to show here how to configure all above mentioned, because it’s not a problem for a typical CCNP student. Anyway, you can find all router config files in the end of this note.

Step 2: Basic OSPF configuration

R1

First, disable OSPF on link to ISP:

 R1(config)# router ospf 1
 R1(config-router)# passive-interface FastEthernet0/1

Advertise networks:

 R1(config-router)# network 1.1.1.1 0.0.0.0 area 0
 R1(config-router)# network 10.0.0.0 0.0.0.3 area 0
 R1(config-router)# network 10.0.1.0 0.0.0.3 area 0
 R1(config-router)# ex

Add and distribute to OSPF default route:

 R1(config)# ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
 R1(config)# router ospf 1
 R1(config-router)# default-information originate

R2

 R2(config)# router ospf 1
 R2(config-router)# network 2.2.2.2 0.0.0.0 area 3
 R2(config-router)# network 10.0.0.0 0.0.0.3 area 0
 R2(config-router)# network 172.16.0.0 0.0.0.3 area 3

R3

 R3(config)# router ospf 1
 R3(config-router)# network 3.3.3.3 0.0.0.0 area 5
 R3(config-router)# network 10.0.1.0 0.0.0.3 area 0
 R3(config-router)# network 172.16.1.0 0.0.0.3 area 5

R6

 R6(config)# router ospf 1
 R6(config-router)# network 6.6.6.6 0.0.0.0 area 3
 R6(config-router)# network 172.16.0.0 0.0.0.3 area 3

R7

 R7(config)# router ospf 1
 R7(config-router)# network 7.7.7.7 0.0.0.0 area 5
 R7(config-router)# network 172.16.1.0 0.0.0.3 area 5
 R7(config-router)# network 172.16.100.0 0.0.0.3 area 10

R8

 R8(config)# router ospf 1
 R8(config-router)# network 8.8.8.8 0.0.0.0 area 10
 R8(config-router)# network 80.80.0.0 0.0.0.255 area 10
 R8(config-router)# network 80.80.1.0 0.0.0.255 area 10
 R8(config-router)# network 80.80.2.0 0.0.0.255 area 10
 R8(config-router)# network 80.80.3.0 0.0.0.255 area 10
 R8(config-router)# network 172.16.100.0 0.0.0.3 area 10

Step 3: Virtual linking

Routers R1, R2, R3, R6 can’t see any routes from R8, because Area 10 is not connected to backbone Area 0.
According to Cisco recommendations all areas must be connected to backbone area, but sometimes it’s not possible to do, so, there is one solution to fix this: connect Area 10 to Area 0 using Area 5 as transit area, using virtual links. We need to configure routers R3 and R7 for this:

R3

 R3(config)# router ospf 1
 R3(config-router)# area 5 virtual-link 7.7.7.7

R7

 R7(config)# router ospf 1
 R7(config-router)# area 5 virtual-link 3.3.3.3

So, now every router knows routes to R8 networks like 80.80.0.0 and 8.8.8.8 and R8 gets default route and can reach Internet.

Step4: Stubbing

To reduce routing information advertised and to reduce CPU usage on routers we can configure stub area. In this case ABR drops all external or even internal routes replacing them with default route. In our design we are configuring totally stubby area to replace both types. The best candidate for this is Area 3 and R6 to be stubbed, but it also must be configure on ABR R2:

 R6(config)# router ospf 1
 R6(config-router)# area 3 stub no-summary

 R8(config)# router ospf 1
 R8(config-router)# area 3 stub no-summary

R6 should see only routes below after this:

 2.0.0.0/32 is subnetted, 1 subnets
 O 2.2.2.2 [110/2] via 172.16.0.2, 01:23:47, FastEthernet0/0
 6.0.0.0/32 is subnetted, 1 subnets
 C 6.6.6.6 is directly connected, Loopback0
 172.16.0.0/30 is subnetted, 1 subnets
 C 172.16.0.0 is directly connected, FastEthernet0/0
 O*IA 0.0.0.0/0 [110/2] via 172.16.0.2, 01:23:47, FastEthernet0/0

Step 5: Redistribution

Let’s configure EIGRP on R5 first:

 R5(config)# router eigrp 100
 R5(config-router)# no auto-summary
 R5(config-router)# network 30.30.0.0 0.0.0.255
 R5(config-router)# network 30.30.1.0 0.0.0.255
 R5(config-router)# network 192.168.0.0 0.0.0.3
 R5(config-router)# network 192.168.10.0

Now we need to do almost the same on R1, but we need also to inject default route into EIGRP using “redistribute static”:

 R1(config)# router eigrp 100
 R1(config-router)# no auto-summary
 R1(config-router)# redistribute static
 R1(config-router)# network 192.168.0.0 0.0.0.3

To inject EIGRP routes into OSPF we need to do the next:

 R1(config)# router ospf 1
 R1(config-router)# redistribute eigrp 100 subnets

After issuing this command every OSPF router can see next routes:

 R2#sh ip ro | i E2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 O E2 192.168.10.0/24 [110/20] via 10.0.0.2, 01:35:36, Serial1/0
 O E2 192.168.0.0 [110/20] via 10.0.0.2, 01:35:36, Serial1/0
 O E2 30.30.0.0 [110/20] via 10.0.0.2, 00:00:02, Serial1/0
 O E2 30.30.1.0 [110/20] via 10.0.0.2, 00:00:07, Serial1/0
 O*E2 0.0.0.0/0 [110/1] via 10.0.0.2, 01:35:36, Serial1/0

To make this routers type E1 previous command should be:

R1(config-router)# redistribute eigrp 100 subnets metric-type 1

In this case internal area cost is added to the seed metric.

It’s also possible to inject OSPF routes into EIGRP using the next commands:

 R1(config)# router eigrp 100
 R1(config-router)# default-metric 100000 10 255 1 1500
 R1(config-router)# redistribute ospf 1

But this is not necessary in this design, because R5 already has had default route with next hop to R1 and it will find all routes of OSPF domain.

Step 6: Summarization

To make routing tables shorter it’s always nice to make summarization. And it also helps to reduce CPU usage on routers.

For R8 with its 80.80.x.x networks we can implement internal summarization, but we can’t do this on R8 itself, it’s possible to make this only on ABR. This is R7 in our case:

 R7(config)# router ospf 1
 R7(config-router)# area 10 range 80.80.0.0 255.255.252.0

Checking on remote router R2:

 R2#sh ip ro | i 80
 80.0.0.0/22 is subnetted, 1 subnets
 O IA 80.80.0.0 [110/131] via 10.0.0.2, 01:47:29, Serial1/0

In case of 30.30.x.x routes from R5 we should configure external summarization on R1:

 R1(config)# router ospf 1
 R1(config-router)#summary-address 30.30.0.0 255.255.254.0

Checking:

 R2#sh ip ro | i 30
 30.0.0.0/23 is subnetted, 1 subnets
 O E2 30.30.0.0 [110/20] via 10.0.0.2, 00:00:52, Serial1/0

Step 7: Authorization

To make our design secure we should implement md5 authorization. Issue commands below for each interface on each router considering area numbers:

 R1(config)# int f0/1
 R1(config-if)# ip ospf message-digest-key 1 md5 0 boobs
 R1(config-if)# ip ospf authentication message-digest
 R1(config-if)# ex
 R1(config-if)# router ospf 1
 R1(config-router)# area 0 authentication message-digest

Step 8: Troubleshoot

Some useful troubleshoot commands:

 Router#show ip protocol
 Router#show ip route
 Router#show ip route ospf
 Router#show ip ospf
 Router#show ip ospf int brief
 Router# show ip ospf virtual-links
 Router#show ip ospf border-routers
 Router#show ip ospf database
 Router#show ip ospf database summary
 Router#show ip ospf interface
 Router#show ip ospf neighbor detail
 Router#debug ip ospf events
 Router#debug ip ospf adjacency

Summary

R1

!
 interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 !
 interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
 !
 interface FastEthernet0/1
 ip address 200.0.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
 !
 interface Serial1/0
 ip address 10.0.0.2 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 delay 2000
 serial restart-delay 0
 !
 interface Serial1/1
 ip address 10.0.1.2 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 serial restart-delay 0
 !
 router eigrp 100
 redistribute static
 network 192.168.0.0 0.0.0.3
 no auto-summary
 !
 router ospf 1
 log-adjacency-changes
 summary-address 30.30.0.0 255.255.254.0
 redistribute eigrp 100 subnets
 passive-interface FastEthernet0/1
 network 1.1.1.1 0.0.0.0 area 0
 network 10.0.0.0 0.0.0.3 area 0
 network 10.0.1.0 0.0.0.3 area 0
 default-information originate
 !
 ip forward-protocol nd
 ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
 !
 !
 no ip http server
 no ip http secure-server
 ip nat inside source list 1 interface FastEthernet0/1 overload
 !
 access-list 1 permit any
 !

R2

!
 interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 !
 interface FastEthernet0/0
 ip address 172.16.0.2 255.255.255.252
 speed 100
 full-duplex
 !
 interface Serial1/0
 ip address 10.0.0.1 255.255.255.252
 serial restart-delay 0
 !
 router ospf 1
 log-adjacency-changes
 area 3 stub no-summary
 network 2.2.2.2 0.0.0.0 area 3
 network 10.0.0.0 0.0.0.3 area 0
 network 172.16.0.0 0.0.0.3 area 3
 !

R3

!
 interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 !
 interface FastEthernet0/0
 ip address 172.16.1.2 255.255.255.252
 speed 100
 full-duplex
 !
 interface Serial1/1
 ip address 10.0.1.1 255.255.255.252
 serial restart-delay 0
 !
 router ospf 1
 log-adjacency-changes
 area 5 virtual-link 7.7.7.7
 network 3.3.3.3 0.0.0.0 area 5
 network 10.0.1.0 0.0.0.3 area 0
 network 172.16.1.0 0.0.0.3 area 5
 !

R5

!
 interface Loopback1
 ip address 30.30.0.1 255.255.255.0
 !
 interface Loopback2
 ip address 30.30.1.1 255.255.255.0
 !
 interface FastEthernet0/0
 ip address 192.168.0.2 255.255.255.252
 speed 100
 full-duplex
 !
 interface FastEthernet0/1
 ip address 192.168.10.1 255.255.255.0
 speed 100
 full-duplex
 !
 !
 router eigrp 100
 network 30.30.0.0 0.0.0.255
 network 30.30.1.0 0.0.0.255
 network 192.168.0.0 0.0.0.3
 network 192.168.10.0
 no auto-summary
 !

R6

!
 interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 !
 interface FastEthernet0/0
 ip address 172.16.0.1 255.255.255.252
 speed 100
 full-duplex
 !
 router ospf 1
 log-adjacency-changes
 area 3 stub no-summary
 network 6.6.6.6 0.0.0.0 area 3
 network 172.16.0.0 0.0.0.3 area 3
 !

R7

!
 interface Loopback0
 ip address 7.7.7.7 255.255.255.255
 !
 interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.252
 speed 100
 full-duplex
 !
 interface FastEthernet0/1
 ip address 172.16.100.1 255.255.255.252
 speed 100
 full-duplex
 !
 !
 router ospf 1
 log-adjacency-changes
 area 5 virtual-link 3.3.3.3
 area 10 range 80.80.0.0 255.255.252.0
 network 7.7.7.7 0.0.0.0 area 5
 network 172.16.1.0 0.0.0.3 area 5
 network 172.16.100.0 0.0.0.3 area 10
 !

R8

!
 interface Loopback0
 ip address 80.80.0.1 255.255.255.0
 !
 interface Loopback1
 ip address 80.80.1.1 255.255.255.0
 !
 interface Loopback2
 ip address 80.80.2.1 255.255.255.0
 !
 interface Loopback3
 ip address 80.80.3.1 255.255.255.0
 !
 interface Loopback5
 ip address 8.8.8.8 255.255.255.255
 !
 interface FastEthernet0/0
 ip address 172.16.100.2 255.255.255.252
 speed 100
 full-duplex
 !
 router ospf 1
 log-adjacency-changes
 network 8.8.8.8 0.0.0.0 area 10
 network 80.80.0.0 0.0.0.255 area 10
 network 80.80.1.0 0.0.0.255 area 10
 network 80.80.2.0 0.0.0.255 area 10
 network 80.80.3.0 0.0.0.255 area 10
 network 172.16.100.0 0.0.0.3 area 10
 !

ISP

!
 interface Loopback0
 ip address 50.50.1.1 255.255.255.0
 !
 interface FastEthernet0/0
 ip address 200.0.0.1 255.255.255.252
 speed 100
 full-duplex
 !

THE END

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s