cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13163
Views
70
Helpful
36
Replies

Ask the Expert: Open Shortest Path First (OSPF)

ciscomoderator
Community Manager
Community Manager

Vignesh R. PWith Vignesh R. P.

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions to Cisco expert Vignesh R. P. about how to configure and troubleshoot Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) is classified as an Interior Gateway Protocol (IGP).  This means that it distributes routing information between routers belonging to a single Autonomous System. The OSPF protocol is based on link-state or SPF technology. This is a departure from the Bellman-Ford base used by traditional TCP/IP internet routing protocols.

Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.

 

Remember to use the rating system to let Vignesh know if you have received an adequate response. 

Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Network Infrastructure sub-community discussion forum shortly after the event. This event lasts through through June 28, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

36 Replies 36

Using this topology without capability transit I agree the might be a loop or sub optimal routing introduced here !!! Good point Peter may be Vignesh can comment on this

Hello Peter & Marwan,

I was actually able to reproduce the scenario in my lab and below are my observations.

When Transit Capability parameter is set to True on the ABRs:-

RT1 recieves a Type 1 LSA for N1 across the Virtual Link between RT1 & RT4 originated by RT4.

RT1 also recieves a Type 3 LSA for N1 originated by RT5. The other internal routers in Area 1 also recieve a Type 3 LSA for N1 originated by RT5.

The Type 3 LSA originated by RT5 has a better metric than the Type 1 LSA recieved on RT1 for network N1.

RFC 2328

16.3.  Examining transit areas' summary-LSAs

        (4) Look up the routing table entry for the advertising router
            BR associated with the Area A. If it is unreachable, examine
            the next LSA. Otherwise, the cost to destination N is the
            sum of the cost in BR's Area A routing table entry and the
            cost advertised in the LSA. Call this cost IAC.

        (5) If this cost is less than the cost occurring in N's routing
            table entry, overwrite N's list of next hops with those used
            for BR, and set N's routing table cost to IAC. Else, if IAC
            is the same as N's current cost, add BR's list of next hops
            to N's list of next hops. In any case, the area associated
            with N's routing table entry must remain the backbone area,
            and the path type (either intra-area or inter-area) must
            also remain the same.

Based on the above points mentioned in the RFC under section 16.3, the Type 3 LSA is preferred on RT1 and the path via RT1-RT3-RT5 is chosen to reach the destination network N1.

When No Capability Transit is configured on the ABRs:-

RT1 recieves a Type 1 LSA for N1 across the Virtual Link between RT1 & RT4 originated by RT4.

RT1 also recieves a Type 3 LSA for N1 originated by RT5.

The Type 3 LSA has a better metric than the Type 1 LSA recieved on RT1.

Since the Transit Capability parameter has been disabled on the ABRs, RT1 prefers the Type1 LSA with R2 being the next hop. And as already explained by Peter in his previous post this leads to a permanent routing loop.

Based on the above two scenarios my observation is that the Virtual Links should have existed between RT1 - RT4 as well as RT1 - RT5. In simple words both the ABRs RT4 & RT5 should generate a Type 1 LSA for network N1 in order to avoid the routing loop. I believe since the usage of Virtual Links is not being encouraged much & that too the scenario we are discussing is a very rare corner case, it does not have a mention about it in the RFC nor the Drafts.

Kindly share your thoughts.

Thanks & Regards,

Vignesh R P

Hello Vignesh,

Thank you very much for your answer and sharing the results of your lab experiments. You have confirmed my analysis of the situation.

I believe since the usage of Virtual Links is not being encouraged much

They are indeed not recommended - not because they are problematic per se but rather because their overuse can lead to designing and running OSPF-routed networks with an arbitrary and highly erratic design, disrespecting the relation between the backbone area and other areas. However, virtual links can be deployed very usefully, one of their applications being the strenghtening of the backbone area against its partitioning.

the scenario we are discussing is a very rare corner case, it does not have a mention about it in the RFC nor the Drafts

Personally, I would not call this scenario a very rare corner case. Why do I believe that? First, while this topology from RFC 2328 has been carefully designed to show that there can be better paths through the transit area than the ones following the virtual link path, it was not directly designed to show that routing loops can occur with the no capability transit. Yet, they do occur. Second, it is easy to construct a network where all link costs are identical, yet a path to a network Nx via a particular ABR is significantly longer than through a different ABR, and we may end up with a similar situation.

In addition, the no capability transit appears to be Cisco's extension to OSPF. I am not surprised that it is not covered in RFCs/Drafts and that neither of these documents actually comments on the consequences of using it - because they do not define it in the first place.

A couple of questions arises as a result of these findings. Vignesh, can you kindly share your thoughts?

  1. What is the reason that the no capability transit command was implemented at all? When would I want to use it, considering the fact it can cause these problems?
  2. Would you agree that the general statement in Cisco's documentation about no capability transit causing the transit traffic to follow the path of the virtual link to be unfounded and basically incorrect?

Thank you!

Best regards,

Peter

Hello Vignesh,

I have learned something new on OSPF but I am not surprised of this, the CSC forums give me every day something to learn or to think of.

You have done a good job in labbing the complex scenario proposed by Peter and in posting the results.

To be honest in real world I avoid to use virtual links at all, I don't like them and there are some aspects I have never understood about them.

How is possible to build a virtual link when the OSPF router-ids of the two OSPF nodes are not published in OSPF routing domain?

Ok each device can examine the other device Router LSA sent in the transit area, but how to pick up an IP address to build the virtual link in this case?

Edit:

I tested this some years ago and with big surprise the virtual link formed even with OSPF RIDs not advertised in OSPF.

Best Regards

Giuseppe

Hello Giuseppe,

I have attached my reply as a notepad file. Kindly refer the same.

Thanks & Regards,

Vignesh R P

Hi,

Kindly explain the concept of forwarding address in OSPF.

Hi Suresh,

As far as I understand the concept of Forwarding Address comes into picture with respect to two scenarios. Kindly find them below.

Scenario 1:-

============

It’s a basic OSPF setup where area 1 is a NSSA area. As you can see we have two ABRs. In NSSA area, redistributed routes will be seen as N internally but as E outside the area. For this happen the ABR must translate the type 7 LSA to type 5 LSA. If we have multiple ABRs, which one is responsible for this task? The ABR with the highest RID will do the translation.

If we look at the LSA at R1, this is what it looks like.

R1#sh ip ospf data ex 10.10.4.0

            OSPF Router with ID (10.10.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA

  LS age: 1373

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 10.10.4.0 (External Network Number )

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x7306

  Length: 36

  Network Mask: /24

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 10.10.234.4

        External Route Tag: 0

So R3 is the ABR doing the translation but the forward address is set to 10.10.234.4 which is the address of R4. This means that traffic doesn’t need to pass through R3 to reach the R4 network. The router will lookup the 10.10.234.0/24 prefix and use the routing information to reach the 10.10.4.0 network.

R1#traceroute 10.10.4.4

Type escape sequence to abort.

Tracing the route to 10.10.4.4

  1 10.10.12.2 44 msec 44 msec 20 msec

  2 10.10.234.4 60 msec *  72 msec

If incase the Forwarding Address was not set the OSPF database would like the one below.

R1#sh ip ospf data ex 10.10.4.0

            OSPF Router with ID (10.10.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 212
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.10.4.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0x6218
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 0

And the traceroute would like as below.

R1#traceroute 10.10.4.4

Type escape sequence to abort.
Tracing the route to 10.10.4.4

  1 10.10.12.2 52 msec 76 msec 48 msec
  2 10.10.23.3 36 msec 48 msec 40 msec
  3 10.10.234.4 72 msec *  72 msec

So in short by setting the Forwarding Address we have an efficient routing in place.

Scenario 2:-

==============

R3 will be the router doing mutual redistribution between RIP and OSPF. You will see that the Forwarding Address will be set to 0.0.0.0 on R1.

R1#sh ip ospf data ex 10.10.4.0

OSPF Router with ID (10.10.13.1) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA
LS age: 79
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.10.4.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6616
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0

This means that traffic must traverse R3. We confirm with a traceroute.

R1#traceroute 10.10.4.4

Type escape sequence to abort.

Tracing the route to 10.10.4.4

1 10.10.12.2 64 msec 28 msec 24 msec

2 10.10.23.3 68 msec 40 msec 40 msec

3 10.10.234.4 96 msec * 76 msec

Now enable OSPF on R3 interface towards R4.

R3(config-if)#ip ospf 1 area 0

R1#traceroute 10.10.4.4

Type escape sequence to abort.
Tracing the route to 10.10.4.4

1 10.10.12.2 56 msec 32 msec 24 msec
2 10.10.234.4 60 msec * 72 msec

Traceroute is now takinig the shorter path. How did this happen? Take a look at the LSA on R1.

R1#sh ip ospf data ex 10.10.4.0

OSPF Router with ID (10.10.13.1) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA
LS age: 59
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.10.4.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0x7107
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.10.234.4
External Route Tag: 0

The Forwarding Address has now been set. How did this happen? The Forwarding Address will be set for external routes if we meet the following conditions.

  • OSPF is enabled on the ASBR’s next hop interface AND
  • ASBR’s next hop interface is non-passive under OSPF AND
  • ASBR’s next hop interface is not point-to-point AND
  • ASBR’s next hop interface is not point-to-multipoint AND
  • ASBR’s next hop interface address falls under the network range specified in the router ospf command.

Hope the above two scenarios gave a good insight into Forwarding Address in OSPF.

Thanks & Regards,

Vignesh R P

Murugan Pambulu
Level 1
Level 1

Who is selected first, DR or BDR?

Can you explain about  Area 0 & Area 0.0.0.0 and  it defferents

Peter,

great posts about transit capability, nice discussion.

I agree with you and this statement never made sense to me also:

"If you want to retain a traffic pattern through the virtual-link path, you can disable capability transit by entering the

no capability transit command"

I think the transit capability was an "improvement" of OSPFv2 vs OSPFv1. The problem is that the virtual link is used only for flooding LSA's, for the control plane information but not for the forwarding of data - data plane. Therefore, the sentence "a traffic pattern through the virtual-link" I think is not correct.

In RFC 2328 is explained quite clear after the example:

"Note that in this example the virtual link enables transit data traffic to be forwarded through Area 1, but the actual path the transit data traffic takes does not follow the virtual link.  In other words, virtual links allow transit traffic to be forwarded through an area, but do not dictate the precise path that the traffic will take."

If you configure a GRE tunnel configured in Area 0 instead of a Virtual-Link in this example, you will not have forwarding loops even though transit capability is disabled, because here the tunnel will dictate the path.

Best Regards,

Jose.

but with the GRE tunnel you need to make sure that the cost tuned properly to avoid having RT2 selecting RT1 to reach N1

Hello Marwan,

but with the GRE tunnel you need to make sure that the cost tuned properly to avoid having RT2 selecting RT1 to reach N1

Umm... I do not think so. With a GRE tunnel between RT1 and RT4, the outer IP header's source will be set to RT1 and destination will be RT4. Whatever packet is encapsulated inside, the routers in the Area 1 will be routing the GRE-encapsulated packet according to the outer header, towards RT4, because that will be the encapsulated packet's destination. The encapsulated packets will routed purely via intra-area routing in Area 1.

Best regards,

Peter

Hi,

OSPF actually sees areas in hex. This means that it considers Area 0 to be Area 0×00000000. OSPF will also convert dotted decimal to hex. This means that Area 0.0.0.0 is also equal to Area 0×00000000. To conclude there is no difference between Area 0 & Area 0.0.0.0 but they are just different methods of representing the same area.

R1

router ospf 1

log-adjacency-changes

redistribute connected subnets

network 172.16.1.1 0.0.0.0 area 0

R1

router ospf 1

log-adjacency-changes

redistribute connected subnets

network  172.16.1.1 0.0.0.0 area 0.0.0.0

Hope this clarifies.

Thanks & Regards,

Vignesh R P

Hello Murugan,

Thanks a lot for posting this query.

As per my understanding the BDR is the one

which gets elected first.

Also I would encourage you to read through section 9.4 of the RFC 2328. It would help you in understanding the election process in much detail.

Thanks & Regards,

Vignesh R P

Review Cisco Networking for a $25 gift card