OSPF configuring

Configuring OSPF consists of several steps. Some of them are mandatory and some are optional. After the design of OSPF-network is chosen the basic configuring is to switch OSPF on routers on and to allocate interfaces into appropriate zones.

To configure OSPF one should pass next steps:

Step 1.

Switch to the configuring mode using the router ospf <process No.> command, where No. is in range <0-65535> in the global configuring mode.

Step 2.

Configure OSPF router identifyer (optional). Use the ospf router-id <value> command, where value is IPv4 address or define IP-address for a loopback interface.

Step 3.

In the configuring mode OSPF specify one or more command network <IP-address> <wildcard mask> area <zone identfyer>, where <IP-address> <wildcard mask> area <zone identfyer> are interfaces' parameters. Use the passive-interface <interface name> command to exclude the specified interface from OSPF-process.

Step 4. (optional)

If the network type doesn't support multicast address distribution neigbors must specifyed manually.

In configuring interface mode use the ip ospf network command to specify network type. In configuring protocol mode specify neighboring networks manually by the neighbor command.

Step 5. (optional)

In configuring interface mode change timers' values by ip ospf dead-interval and ip ospf hello- interval.

Step 6. (optional)

Set up manually interfaces' costs to effect on a best route selection. In configuring interface mode specify the value by ip ospf cost <value> command. In the OSPF configuring mode use the auto-cost reference-bandwidth command to change the multiplier in a route cost formule.

Step 7. (optional)

Configure an OSPF authentification for separate interface by ip ospf authentication command or in configuring protocol mode for all interfaces in a specified zone by area authetication commmand.

Configuration example

See the multizonal OSPF configuring schema on the picture below:

Here's routers configure example

ECO-1

Step 1. Naming the router.

(config)#hostname ECO-1

Step 2. Ports, interfaces and service instances setup.

(config)#interface e1

(config-if)#ip address 10.10.0.1/16

(config)#iinterface e2

(config-if)#ip address 10.12.0.1/16

(config)#interface e3

(config-if)#ip address 10.13.0.1/16

(config)#port ge1

(config-port)#service-instance ge1/e1

(config-service-instance)#encapsulation untagged

(config-service-instance)#connect ip interface e1

(config)#port ge2

(config-port)#service-instance ge2/e2

(config-service-instance)#encapsulation untagged

(config-service-instance)#connect ip interface e2

(config)#port ge3

(config-port)#service-instance ge3/e3

(config-service-instance)#encapsulation untagged

(config-service-instance)#connect ip interface e3

Step 3. Swithcing routing on and connected networks declaring.

(config)#router ospf 1

(config-router)#network 10.10.0.1 0.0.0.0 area 1

(config-router)#network 10.12.0.1 0.0.0.0 area 0

(config-router)#network 10.13.0.1 0.0.0.0 area 1

The other routers should be configured in the same way.

hostname ECO-2

interface e1

ip address 10.12.0.2/16

interface e2

ip address 10.20.0.2/16

interface e3

ip address 10.23.0.2/16

port ge1

service-instance ge1/e1

encapsulation untagged

connect ip interface e1

port ge2

service-instance ge2/e2

encapsulation untagged

connect ip interface e2

port ge2

service-instance ge2/e2

encapsulation untagged

connect ip interface e2

router ospf 2

network 10.12.0.2 0.0.0.0 area 0

network 10.20.0.2 0.0.0.0 area 0

network 10.23.0.2 0.0.0.0 area 0

hostname ECO-3

interface e1

ip address 10.13.0.3/16

interface e2

ip address 10.23.0.3/16

interface e3

ip address 10.30.0.3/16

port ge1

service-instance ge1/e1

encapsulation untagged

connect ip interface e1

port ge2

service-instance ge2/e2

encapsulation untagged

connect ip interface e2

port ge2

service-instance ge2/e2

encapsulation untagged

connect ip interface e2

router ospf 2

network 10.13.0.3 0.0.0.0 area 1

network 10.23.0.3 0.0.0.0 area 0

network 10.30.0.3 0.0.0.0 area 1

Authentication

OSPF v.2 supports authentification configuration between neighbors. To enable this feature in the interface configuration mode one should create an authentification-key and switch authentification support on on the interface or in the OSPF process for all the area. One must choose when creating authentification-key the form which the key would be transferred in between a neighbors - open form or md5-hash.

See configuration commands in the table below:

See various examples of authentification settings below for the topology shown before.

Configuring plain-text authentification betwen ECO-1 and ECO-2 with a key named "ecorouter".

ECO-1

(config)#interface e2 

(config-if)#ip ospf authentication 

(config-if)#ip ospf authentication-key ecorouter 

The ECO-2 router must be configuered in the same way excepting interface id.

Configuring plain-text authentification betwen ECO-1 and ECO-2 with a key named "ecorouter" and switching on in the configuration mode.

ECO-2

(config)#router ospf 1
(config-router)#area 0 authentication
(config-router)#exit
(config)#interface e3
(config-if)#ip ospf authentication-key ecorouter

In this example an authentification mode will be applied to the all interfaces in the zone0 (e1, e2, e3). The ECO-3 router must be configuered in the same way excepting interface id.

Configuring md5 authentification between ECO-1 and ECO-3 with a key named "ecorouter".

ECO-1
(config)#interface e3
(config-if)#ip ospf authentication message-digest 
(config-if)#ip ospf message-digest-key 1 md5 ecorouter

The ECO-3 router must be configuered in the same way excepting interface id.

 Configuring md5 authentification between ECO-1 and ECO-3 with a key named "ecorouter" and switching on in the configuration mode.

ECO-1

(config)#interface e3

(config-router)#area 1 authentication message-digest

(config-router)#exit
(config)#interface e3
(config-if)#ip ospf message-digest-key 1 md5 ecorouter 

The ECO-3 router must be configuered in the same way excepting interface id.

Filtering and summarizing OSPF routes

The internal OSPF logic allows to filter and summarize on ABR and ASBR domain routers only. One can filter using filter-list and distribute-list which are based on prefix-list or policy-filter-list. See the example of filter-list use below.

In the OSPF routing configuration mode use the area 0 filter-list <номер prefix-list/policy-filter-list> in command to filter on ABR routes from area 1 and area 2. To filter routes from area 2 on ABR use the area 2 filter-list <номер prefix-list/policy-filter-list> out command, where prefix-list and policy-filter-list correspond to a specific subnets. Read more about these lists in correspondimg paragraphs.

EcoRouterOS supports routes filtration using distribute-list too. Attention: in this case the route information will be contained in the OSPF topology base, but not in the route table. It can increase time to find and detect network problems. Ude the distribute-list <номер policy-filter-list> in command to filter.

One can summarize both on ABR and ASBR. The commands for different routers type in domain differ too.

On ABR use the area <area-id> range <ip-address/mask> [advertise | not-advertise] command, where the advertize parameter is set by default, the not-advertise parameter disables the summarized route advertising.

On ASBR use the summary-address <ip-address/mask> [tag] [not-advertise] command. The route can be marked by keyword tag or filtered.

By default, for summarising inner routes the biggest metric of all is used. In the router configuration mode use the compatible rfc1583 command to use the smallest metric.

Default route

In the router configuration mode use the default-information originate [ always ] [ metric <value> ] [ metric-type 1 | metric-type 2 ] [ route-map <name> ] command to configure default route.

This command causes this router to promote itself as default (in case the default route is in the router's routing table).

In case of unknown presence the default route in the router's routing table use the parameter always. It cancels an obligatory presence the default route in the router's routing table.

The parameter metric sets metric's value, the parameter metric-type sets OSPF metric type, the parameter route-map refers to conditions in the route map. Attention, the default route will be announced as a LSA type 5. 

OSPF zones

To decrease data base size in proper designed OSPF-network one should use OSPF stub zones. EcoRouterOS supports this feature.

area <No.> stub

area <No.> stub no-summary

area <No.> nssa

area <No.> nssa no-summary

OSPF redistribution

To redistribute from different OSPF routing protocols, static and connected routes in the router configuration mode use the redistribute <bgp/ospf/isis/rip/connected/static> [ metric <значение> ] [ metric-type 1 | metric-type 2 ] [ route-map <имя> ] [tag] command, where parameter metric sets metric value, parameter metric-type specifys OSPF metric type, parameter route-map refers to conditions in the route map, parameter tag tags redistributed networks. Use the default-metric command to specify all redistributed routes. The distance command specifys OSPF administrative distance value. 

Virtual links and multi-area neighborhood

One should use virtual link carefully. Using it permanently can cause administrative problems on growing OSPF-topology. To configure virtual link in router configuration mode use the area <No.> virtual-link <ip-address> command, where No. is area id which virtual link would be made through, ip-address is neighbor's address. Use more options to configure link timing and authentification.

Multi-area creation can be useful for resolving routing problems. EcoRouterOS supports this feature. To create multi-area use the area <No.> multi-area-adjacency <interface name> neighbor <IP-address> command where area No. is an area which routing is configuring for, interface name corresponds the name of output interface to the neighbor direction. Attention, the neighbor address is required in this command.

OSPF show commands

Additional OSPF configuration commands

Restart routing process commands

Use the clear ip ospf process or clear ip ospf <process id> process for restart OSPF process. These commands execute in administration mode.

Loop-Free Alternate (LFA) in OSPF

The LFA feature is used in OSPF for fast switching from the main route to the precomputed alternate one.

When this option is enabled, the new table with reserved redundant routes is created for fast route switching (fast-reroute). The redundance of the route is understood here as loopless.

If router detects fault of the link used by main route then alternate route selected in advance is immediately sent to FIB.

The recalculation by SPF algorithm is made regardeless the switching to the alternate route and can be made both during the switch process and after it.

The following condition is necessary and sufficient to add the alternate route to the fast re-routing table:

D(N,D) < D(N,S) + D(S,D) 

where:

D(x,y) - distance between x and y, expressed in the ospf metric;

N - neighbor router the alternate route is searched through;

D - destination route;

S - source.

Only one alternate route can exist. When several route are supposed to become alternate, the following rules are implemented:

1. The route with minimum metric wins.
2. If metrics are equal then the route with the minimum address of the neighbor router is selected.

These rules can not be changed.

In case two active routes are in the RIB routing table that is ECMP enabled then the fast reroute table will be empty.

The alternate route is calculated individually for each main route (per-prefix LFA). In case of ECMP for each main route the second active rout will be the alternative. As both routes are in the main routing table there's no need to include them into the fast rerouting table.

Use the fast-reroute keep-all-paths command in the context OSPF configuration mode to enable this feature.

Use the ip ospf fast-reroute per-prefix candidate disable command to disable the feature for specific interface.

Use the show ip route fast-reroute command to display possible alternative routes. The command output is similar to the show ip route command one.

This feature is also available with VRF. Use the show ip route vrf <NAME> fast-reroute command to display where <NAME> is the VRF name.