11.0 Avoiding DRs and "neighbor" command on NBMA

Different methods can be used to avoid the complications of configuring static neighbors and having specific routers becoming DRs or BDRs on the non-broadcast cloud. Specifying which method to use is influenced by whether we are starting the network from scratch or rectifying an already existing design.


11.1 Point-to-point subinterfaces

A subinterface is a logical way of defining an interface. The same physical interface can be split into multiple logical interfaces, with each subinterface being defined as point-to-point. This was originally created in order to better handle issues caused by split horizon over NBMA and vector based routing protocols.

A point-to-point subinterface has the properties of any physical point-to-point interface. As far as OSPF is concerned, an adjacency is always formed over a point-to-point subinterface with no DR or BDR election. The following is an illustration of point-to-point subinterfaces:

spf12

In the above diagram, on RTA, we can split Serial 0 into two point-to-point subinterfaces, S0.1 and S0.2. This way, OSPF will consider the cloud as a set of point-to-point links rather than one multi-access network. The only drawback for the point-to-point is that each segment will belong to a different subnet. This might not be acceptable since some administrators have already assigned one IP subnet for the whole cloud.

Another workaround is to use IP unnumbered interfaces on the cloud. This also might be a problem for some administrators who manage the WAN based on IP addresses of the serial lines.


11.2.1 Point-to-multipoint interfaces

An OSPF point-to-multipoint interface is defined as a numbered point-to-point interface having one or more neighbors. This concept takes the previously discussed point-to-point concept one step further. Administrators do not have to worry about having multiple subnets for each point-to-point link. The cloud is configured as one subnet. This should work well for people who are migrating into the point-to-point concept with no change in IP addressing on the cloud. Also, they would not have to worry about DRs and neighbor statements. OSPF point-to-multipoint works by exchanging additional link-state updates that contain a number of information elements that describe connectivity to the neighboring routers.

spf13



Note that in RTC's IP routing table, network 123.212.1.0 is reachable via next hop 128.213.10.1 and not via 128.213.10.2 as you normally see over Frame Relay clouds sharing the same subnet. This is one advantage of the point-to-multipoint configuration because you do not need to resort to static mapping on RTC to be able to reach next hop 128.213.10.2.


11.2.2 Broadcast interfaces

This approach is a workaround for using the "neighbor" command which statically lists all existing neighbors. The interface will be logically set to broadcast and will behave as if the router were connected to a LAN. DR and BDR election will still be performed so special care should be taken to assure either a full mesh topology or a static selection of the DR based on the interface priority.


12.0 OSPF and Route Summarization

Summarizing is the consolidation of multiple routes into one single advertisement. This is normally done at the boundaries of Area Border Routers. Although summarization could be configured between any two areas, it is better to summarize in the direction of the backbone. This way the backbone receives all the aggregate addresses and in turn will injects them, already summarized, into other areas. There are two types of summarization:

1- Inter-area route summarization

2- External route summarization


12.1 Inter-area route summarization

Inter-area route summarization is done on ABRs and it applies to routes from within the AS. It does not apply to external routes injected into OSPF via redistribution. In order to take advantage of summarization, network numbers in areas should be assigned in a contiguous way to be able to lump these addresses into one range. To specify an address range, perform the following task in router configuration mode:

area area-id range address mask

Where the "area-id" is the area containing networks to be summarized. The "address" and "mask" will specify the range of addresses to be summarized in one range. The following is an example of summarization:

spf14

In the above diagram, RTB is summarizing the range of subnets from 128.213.64.0 to 128.213.95.0 into one range: 128.213.64.0 255.255.224.0. This is achieved by masking the first three left most bits of 64 using a mask of 255.255.244.0. In the same way, RTC is generating the summary address 128.213.96.0 255.255.224.0 into the backbone. Note that this summarization was successful because we have two distinct ranges of subnets, 64-95 and 96-127.

It would be hard to summarize if the subnets between area 1 and area 2 were overlapping. The backbone area would receive summary ranges that overlap and routers in the middle would not know where to send the traffic based on the summary address.

The following is the relative configuration of RTB:


 RTB#

 router ospf 100

 area 1 range 128.213.64.0 255.255.224.0

 


12.2 External route summarization

External route summarization is specific to external routes that are injected into OSPF via redistribution. Also, make sure that external ranges that are being summarized are contiguous. Summarization overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Summarization is done via the following "router ospf" subcommand:

summary-address ip-address mask

This command is effective only on ASBRs doing redistribution into OSPF.

spf15



In the above diagram, RTA and RTD are injecting external routes into OSPF by redistribution. RTA is injecting subnets in the range 128.213.64-95 and RTD is injecting subnets in the range 128.213.96-127.


13.0 Stub Areas

OSPF allows certain areas to be configured as stub areas. External networks, such as those redistributed from other protocols into OSPF, are not allowed to be flooded into a stub area. Routing from these areas to the outside world is based on a default route. Configuring a stub area reduces the topological database size inside an area and reduces the memory requirements of routers inside that area.

An area could be qualified a stub when there is a single exit point from that area or if routing to outside of the area does not have to take an optimal path. The latter description is just an indication that a stub area that has multiple exit points, will have one or more area border routers injecting a default into that area. Routing to the outside world could take a sub-optimal path in reaching the destination by going out of the area via an exit point which is farther to the destination than other exit points.

Other stub area restrictions are that a stub area cannot be used as a transit area for virtual links. Also, an ASBR cannot be internal to a stub area. These restrictions are made because a stub area is mainly configured not to carry external routes and any of the above situations cause external links to be injected in that area. The backbone, of course, cannot be configured as stub.

All OSPF routers inside a stub area have to be configured as stub routers. This is because whenever an area is configured as stub, all interfaces that belong to that area will start exchanging Hello packets with a flag that indicates that the interface is stub. Actually this is just a bit in the Hello packet (E bit) that gets set to 0. All routers that have a common segment have to agree on that flag. If they don't, then they will not become neighbors and routing will not take effect.

An extension to stub areas is what is called "totally stubby areas". Cisco indicates this by adding a "no-summary" keyword to the stub area configuration. A totally stubby area is one that blocks external routes and summary routes (inter-area routes) from going into the area. This way, intra-area routes and the default of 0.0.0.0 are the only routes injected into that area.

Example:

spf16



Assume that area 2 is to be configured as a stub area. The following example will show the routing table of RTE before and after configuring area 2 as stub.RTE has learned the inter-area routes (O IA) 203.250.14.0 and 128.213.63.0 and it has learned the intra-area route (O) 131.108.79.208 and the external route (O E2) 128.213.64.0.

Note that all the routes show up except the external routes which were replaced by a default route of 0.0.0.0. The cost of the route happened to be 65 (64 for a T1 line + 1 advertised by RTC).

Note that the only routes that show up are the intra-area routes (O) and the default-route 0.0.0.0. The external and inter-area routes have been blocked. The cost of the default route is now 74 (64 for a T1 line + 10 advertised by RTC). No configuration is needed on RTE in this case. The area is already stub, and the no-summary command does not affect the Hello packet at all as the stub command does.


14.0 Redistributing routes into OSPF

Redistributing routes into OSPF from other routing protocols or from static will cause these routes to become OSPF external routes.

The protocol and process-id are the protocol that we are injecting into OSPF and its process-id if it exits. The metric is the cost we are assigning to the external route. If no metric is specified, OSPF puts a default value of 20 when redistributing routes from all protocols except BGP routes, which get a metric of 1. The metric-type is discussed in the next paragraph.


14.1 E1 vs. E2 external routes

External routes fall under two categories, external type 1 and external type 2. The difference between the two is in the way the cost (metric) of the route is being calculated. The cost of a type 2 route is always the external cost, irrespective of the interior cost to reach that route. A type 1 cost is the addition of the external cost and the internal cost used to reach that route. A type 1 route is always preferred over a type 2 route for the same destination. This is illustrated in the following diagram:

spf17

As the above diagram shows, RTA is redistributing two external routes into OSPF. N1 and N2 both have an external cost of x. The only difference is that N1 is redistributed into OSPF with a metric-type 1 and N2 is redistributed with a metric-type 2. If we follow the routes as they flow from Area 1 to Area 0, the cost to reach N2 as seen from RTB or RTC will always be x. The internal cost along the way is not considered. On the other hand, the cost to reach N1 is incremented by the internal cost. The cost is x+y as seen from RTB and x+y+z as seen from RTC. Type 2 routes are preferred over type 1 routes in case two same cost routes exist to the destination. The default is type 2.


Example:

spf18



Suppose we added two static routes pointing to E0 on RTC: 16.16.16.0 255.255.255.0 (the /24 notation indicates a 24 bit mask starting from the far left) and 128.213.0.0 255.255.0.0.

Note that 16.16.16.0 has shown up now and the cost to external routes is 50. Since the external routes are of type 2 (E2), the internal cost has not been added. Suppose now, we change the type to E1

Note that the type has changed to E1 and the cost has been incremented by the internal cost of S0 which is 64, the total cost is 64+50=114.


15.0 Redistributing OSPF into other protocols

15.1 Use of a valid metric

Whenever you redistribute OSPF into other protocols, you have to respect the rules of those protocols. In particular, the metric applied should match the metric used by that protocol. For example, the RIP metric is a hop count ranging between 1 and 16, where 1 indicates that a network is one hop away and 16 indicates that the network is unreachable. On the other hand IGRP and EIGRP require a metric of the form:

default-metric bandwidth delay reliability loading mtu


15.2 VLSM

Another issue to consider is VLSM (Variable Length Subnet Guide)(Appendix C). OSPF can carry multiple subnet information for the same major net, but other protocols such as RIP and IGRP (EIGRP is OK with VLSM) cannot. If the same major net crosses the boundaries of an OSPF and RIP domain, VLSM information redistributed into RIP or IGRP will be lost and static routes will have to be configured in the RIP or IGRP domains. The following example illustrates this problem:

spf19



In the above diagram, RTE is running OSPF and RTA is running RIP. RTC is doing the redistribution between the two protocols. The problem is that the class C network 203.250.15.0 is variably subnetted, it has two different masks 255.255.255.252 and 255.255.255.192.

Note that RTE has recognized that 203.250.15.0 has two subnets while RTA thinks that it has only one subnet (the one configured on the interface). Information about subnet 203.250.15.0 255.255.255.252 is lost in the RIP domain. In order to reach that subnet, a static route needs to be configured on RTA:


15.3 Mutual Redistribution

Mutual redistribution between protocols should be done very carefully and in a controlled manner. Incorrect configuration could lead to potential looping of routing information. A rule of thumb for mutual redistribution is not to allow information learned from a protocol to be injected back into the same protocol. Passive interfaces and distribute lists should be applied on the redistributing routers. Filtering information with link-state protocols such as OSPF is a tricky business. Distribute-list out works on the ASBR to filter redistributed routes into other protocols. Distribute-list in works on any router to prevent routes from being put in the routing table, but it does not prevent link-state packets from being propagated, downstream routers would still have the routes. It is better to avoid OSPF filtering as much as possible if filters can be applied on the other protocols to prevent loops.

spf20

To illustrate, suppose RTA, RTC, and RTE are running RIP. RTC and RTA are also running OSPF. Both RTC and RTA are doing redistribution between RIP and OSPF. Let us assume that you do not want the RIP coming from RTE to be injected into the OSPF domain so you put a passive interface for RIP on E0 of RTC. However, you have allowed the RIP coming from RTA to be injected into OSPF.

Note that RTC has two paths to reach 203.250.15.128 subnet: Serial 1 and Ethernet 0 (E0 is obviously the wrong path). This happened because RTC gave that entry to RTA via OSPF and RTA gave it back via RIP because RTA did not learn it via RIP. This example is a very small scale of loops that can occur because of an incorrect configuration. In large networks this situation gets even more aggravated.

In order to fix the situation in our example, you could stop RIP from being sent on RTA's Ethernet 0 via a passive interface. This might not be suitable in case some routers on the Ethernet are RIP only routers. In this case, you could allow RTC to send RIP on the Ethernet; this way RTA will not send it back on the wire because of split horizon (this might not work on NBMA media if split horizon is off). Split horizon does not allow updates to be sent back on the same interface they were learned from (via the same protocol). Another good method is to apply distribute-lists on RTA to deny subnets learned via OSPF from being put back into RIP on the Ethernet. The latter is the one we will be using:


16.0 Injecting defaults into OSPF

An autonomous system boundary router (ASBR) can be forced to generate a default route into the OSPF domain. As discussed earlier, a router becomes an ASBR whenever routes are redistributed into an OSPF domain. However, an ASBR does not, by default, generate a default route into the OSPF routing domain.

To have OSPF generate a default route use the following:

default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name]

There are two ways to generate a default. The first is to advertise 0.0.0.0 inside the domain, but only if the ASBR itself already has a default route. The second is to advertise 0.0.0.0 regardless whether the ASBR has a default route. The latter can be set by adding the keyword "always". You should be careful when using the "always" keyword. If your router advertises a default (0.0.0.0) inside the domain and does not have a default itself or a path to reach the destinations, routing will be broken.

The metric and metric type are the cost and type (E1 or E2) assigned to the default route. The route map specifies the set of conditions that need to be satisfied in order for the default to be generated.

Example:

spf21

Assume that RTE is injecting a default-route 0.0.0.0 into RIP. RTC will have a gateway of last resort of 203.250.15.2.

Note that RTA has learned 0.0.0.0 as an external route with metric 10. The gateway of last resort is set to 203.250.15.67 as expected.


17.0 OSPF Design Tips

The OSPF RFC (1583) did not specify any guidelines for the number of routers in an area or number the of neighbors per segment or what is the best way to architect a network. Different people have different approaches to designing OSPF networks. The important thing to remember is that any protocol can fail under pressure. The idea is not to challenge the protocol but rather to work with it in order to get the best behavior. The following are a list of things to consider.


17.1 Number of routers per area

Experience has shown that 40 to 50 routers per area is the upper bound for OSPF. That does not mean that networks with 60 or 70 routers in an area won't function, but why experiment with stability if you don't need to. One of the main problems is that administrators let their backbone area grow too large. Try to outline the logical view of the network from the start, and remember that it doesn't hurt to start creating that other area.


17.2 Number of neighbors

The number of routers connected to the same LAN is also important. Each LAN has a DR and BDR that build adjacencies with all other routers. The fewer neighbors that exist on the LAN, the smaller the number of adjacencies a DR or BDR have to build. That depends on how much power your router has. You could always change the OSPF priority to select your DR. Also if possible, try to avoid having the same router be the DR on more than one segment. If DR selection is based on the highest RID, then one router could accidently become a DR over all segments it is connected to. This router would be doing extra effort while other routers are idle.

spf22


17.3 Number of areas per ABR


ABRs will keep a copy of the database for all areas they service. If a router is connected to five areas for example, it will have to keep a list of five different databases. It is better not to overload an ABR, you could always spread the areas over other routers. The ideal design is to have each ABR connected to two areas only, the backbone and another area with three areas being the upper limit. The following diagram shows the difference between one ABR holding five different databases (including area 0) and two ABRs holding three databases each. Again, these are just guidelines, the more areas you configure per ABR the lower performance you get. In some cases, the lower performance can be tolerated.

spf23


17.4 Full mesh vs. Partial Mesh

Non Broadcast Multi-Access (NBMA) clouds such as Frame Relay or X.25, are always a challenge. The combination of low bandwidth and too many link-states is a recipe for problems. A partial mesh topology has proven to behave much better than a full mesh. A carefully laid out point-to-point or point-to-multipoint network works much better than multipoint networks that have to deal with DR issues.

spf24


17.5 Memory issues

It is not easy to figure out the memory needed for a particular OSPF configuration. Memory issues usually come up when too many external routes are injected in the OSPF domain. A backbone area with 40 routers and a default route to the outside world would have less memory issues compared with a backbone area with 4 routers and 33,000 external routes injected into OSPF.

Memory could also be conserved by using a good OSPF design. Summarization at the area border routers and use of stub areas could further minimize the number of routes exchanged.

The total memory used by OSPF is the sum of the memory used in the routing table (sh ip route summary) and the memory used in the link-state database. The following numbers are a "rule of thumb" estimate. Each entry in the routing table will consume between approximately 200 and 280 bytes plus 44 bytes per extra path. Each LSA will consume a 100 byte overhead plus the size of the actual link state advertisement, possibly another 60 to 100 bytes (For router links, this depends on the number of interfaces on the router). This should be added to memory used by other processes and by the IOS itself. If you really want to know the exact number, you can do a sh memory with and without OSPF being turned on. The difference in the processor memory used would be the answer (keep a backup copy of the configs).

Normally, a routing table with < 500K bytes could be accommodated with 2 to 4Meg of RAM; large networks > 500K may need 8 to 16 Meg (Maybe 32 to 64 Meg if full routes are injected from the Internet).


18.0 Summary

The OSPF protocol defined in RFC 1583, provides a high functionality open protocol that allows multiple vendor networks to communicate using the TCP/IP protocol family. Some of the benefits of OSPF are, fast convergence, VLSM, authentication, hierarchical segmentation, route summarization, and aggregation which are needed to handle large and complicated networks.


Section 1  Section 2  Section 3  Section 4  Section 5