cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2273
Views
0
Helpful
7
Replies

[PACKET TRACER]Understanding OSPF Inter-Area Routing area 0 requirement

GillverK
Level 1
Level 1

Hello All,

 

I'm a little confused about OSPF's requirement for the networks to be connected to Area 0 in some capacity.

 

I was trying to create an OSPF network with a layer of obfuscation that would make an attacker have to try to discover/guess what Area numbers were being used between separate networks. Unfortunately, when watching videos on Inter-Area Routing the tutorial vids always had Area 0 in the middle so the networks would work but I want to design something a bit more nuanced.

 

In the videos the topolgies were akin to:

R1        -------------- R2       ----------------- R3

Area 1                            Area 0                                 Area 2   

10.0.0.0/24                    Area 1                                 30.0.0.0/24

                                      10.0.0.0/24

                                      Area 2

                                      30.0.0.0/24

 

 

What I desire is in the attached screenshot.

I was wondering, in order to achieve this do I need to create a loopback that is attached to Area 0 on each router just to get this to actually work?

And also, if Area 6 were attached to a separate network which was an Area 0 network, but none of the other routers were directly attached to that Area 0 network and had no Area 0 setting would they actually be able to send/receive packets if they could potentially be made to have a route to the Area 0?

 

1 Accepted Solution

Accepted Solutions

jalejand
Cisco Employee
Cisco Employee

For Areas to be inter-connected in OSPF, Area 0 is needed, mainly because of the concept of an ABR.

Starting from the ABR concept, it is usually mistaken that an ABR is just an OSPF router which has interfaces in two or more different areas, however, the true definition of an ABR is for a router which has an Area 0 interface and other area or areas attached to it. If no Area 0 exists on the router (in the form of a network statement or Virtual Link), such router is not considered ABR.

ABRs do a quite important job in regards of SPF calculation. Starting from the fact that LSA type 1 and LSA type 2 are the LSAs that include enough information for SPF to determine a loop-free calculation path, these are expected to be flooded inside an area, but how are these flooded towards other areas? ABRs take that information and create an LSA type 3 which basically says "no need to calculate complex LSA type 1 structures, for all the routers in my area, you can just reach that prefix destination towards me"

Taking that in consideration, a router siting between Area 1 and Area 2 is in fact, no ABR, no LSA type 1 to LSA type 3 "conversion" does ever exist. LSA Type 1s generated in Area 1 will not be passed through Area 2 and vice versa, because that intermediatte router is no ABR. In fact, if you create a loopback for Area 0 in that router, then it becomes ABR and then, now it can generate such LSAs.

For the last question.

(Area7)(RTRX)----------------(Area 7)(RTRA)(Area 6)----------- (Area6)(RTRB)(Area0)

If this is similar to what you want to achieve, then this is a Virtual-Link case use scenario, RTA is attached to Area 7 and 6 but not to Area 0. In summary, RTRB is an ABR while RTRA is not, no LSA3 generation will be done on RTRA.

RTRX and RTRB need to establish a tunnel in between in the form of a virtual-link in OSPF, a virtual-link is by nature, a p2p tunnel in area 0 with no periodic hello between them. This creates a virtual path from a non ABR router to a true ABR router, allowing routes (LSAs) to be propagated.



View solution in original post

7 Replies 7

jalejand
Cisco Employee
Cisco Employee

For Areas to be inter-connected in OSPF, Area 0 is needed, mainly because of the concept of an ABR.

Starting from the ABR concept, it is usually mistaken that an ABR is just an OSPF router which has interfaces in two or more different areas, however, the true definition of an ABR is for a router which has an Area 0 interface and other area or areas attached to it. If no Area 0 exists on the router (in the form of a network statement or Virtual Link), such router is not considered ABR.

ABRs do a quite important job in regards of SPF calculation. Starting from the fact that LSA type 1 and LSA type 2 are the LSAs that include enough information for SPF to determine a loop-free calculation path, these are expected to be flooded inside an area, but how are these flooded towards other areas? ABRs take that information and create an LSA type 3 which basically says "no need to calculate complex LSA type 1 structures, for all the routers in my area, you can just reach that prefix destination towards me"

Taking that in consideration, a router siting between Area 1 and Area 2 is in fact, no ABR, no LSA type 1 to LSA type 3 "conversion" does ever exist. LSA Type 1s generated in Area 1 will not be passed through Area 2 and vice versa, because that intermediatte router is no ABR. In fact, if you create a loopback for Area 0 in that router, then it becomes ABR and then, now it can generate such LSAs.

For the last question.

(Area7)(RTRX)----------------(Area 7)(RTRA)(Area 6)----------- (Area6)(RTRB)(Area0)

If this is similar to what you want to achieve, then this is a Virtual-Link case use scenario, RTA is attached to Area 7 and 6 but not to Area 0. In summary, RTRB is an ABR while RTRA is not, no LSA3 generation will be done on RTRA.

RTRX and RTRB need to establish a tunnel in between in the form of a virtual-link in OSPF, a virtual-link is by nature, a p2p tunnel in area 0 with no periodic hello between them. This creates a virtual path from a non ABR router to a true ABR router, allowing routes (LSAs) to be propagated.



Ah, alrighty. This helped me understand it a bit more but some of it went over my help.

 

Still this was indeed very, very, very helpful!

 

Thank you.

luis_cordova
VIP Alumni
VIP Alumni

Hi @GillverK 

 

do I need to create a loopback that is attached to Area 0 on each router just to get this to actually work?

No, because as @jalejand  indicates, it is necessary that the routers that connect the areas (ABR) have one of their interfaces in common with the area 0.

In your scheme, this would not be possible. What you can do is put a switch in the middle of all your areas and connect the ABRs to this switch.

You create a new network and configure it on the interfaces of the routers that connect to the switch. This network is declared in the ABRs in area 0 and that's it.
62326612-9C1A-46A7-B39E-91CB25F9FB20.jpeg

 

Regards

 

I LOVE THIS ANSWER!!

This was PERFECT! I think I actually get it now, which means I have to put in a lot of work tp fix this.

Alright, I'm going to change my topology and see if I can make this work given the recommendations.

 

Thank you so much!! I really appreciate it.

luis_cordova
VIP Alumni
VIP Alumni

Hi @GillverK 

 

if Area 6 were attached to a separate network which was an Area 0 network, but none of the other routers were directly attached to that Area 0 network and had no Area 0 setting would they actually be able to send/receive packets if they could potentially be made to have a route to the Area 0?


As already indicated, only areas that share an interface (network) with area 0 may have inter-area connectivity.

As proposed in your question, there will only be connectivity between area 0 and area 6.

 

 

Regards

 

Joseph W. Doherty
Hall of Fame
Hall of Fame

BTW, if you're concerned about attackers, rather then worrying about attackers figuring out area numbers, it likely would be better to focus on OSPF security features such as passwords to authorize neighbors, etc.

Indeed. When i'm ready for them I'll approach them for sure. Trying to get the basics down for now.

Review Cisco Networking for a $25 gift card