OSPF,open shortest path first protocol(a kind of interior gateway) use to distrubute routing information within a single autonomous system
OSPF cost=带宽/100M (也可以强行设置 ip ospf cost <value>)
OSPF 中area 0 作为backbone
routes that are generated from within an area ( the destination belongs to the area) are called intra-area routes.
这类路由在路由表中用O表示
routes that originate from other areas are called inter-area or summary routes.
这类路由在路由表中用O IA表示
routes that originate from other routing protocols (or different ospf process ) and that are inject into ospf via redistribution are called external routes.
这类路由在路由表中用O E1 或O E2表示
E1、E2(external type1&external type 2)是计算cost的两种方法,E2只计算ASBR与外部之间的cost,E1还要加上ospf内部的cost),缺省为E2
1,Enable OSPF on router
router OSPF <process-id>
network <network or ip address> <mask> <area-id> (mask contain wild card bits where 0 is match and 1 is "don't care" bit)
例:
router ospf 100
network 192.213.0.0 0.0.255.255 area 0.0.0.0
network 128.213.1.1 0.0.0.0 area 23
2,OSPF Authentication
Null authentication、simple password authentication、message digest authentication(MD5)
(1)Simple Authentication,ip ospf authentication-key <key>(this go under the specific interface)
area <area-id> authentication (this go under "router ospf <process-id>)
例:
interface Ethernet 0
ip address 10.10.10.10 255.255.255.0
ip ospf authentication-key mypassword
router ospf 100
network 10.10.0.0 0.0.255.255 area 0
area 0 authentication
(2)MD5 authentication,ip ospf message-digest-key <key-id> md5 <key> (use under the interface)
area <area-id> authentication message-digest (use under "router ospf <process-id>)
例:
interface ethernet 0
ip address 10.10.10.10 255.255.255.0
ip ospf message-digest-key 10 md5 mypassword
router ospf 100
network 10.10.0.0 0.0.255.255 area 0
area 0 authentication message-digest
3,virtual link
(use for two purpose,a,link an area that does not have a physical connection to the backbone b,patching the backbone in case discontinuity of area 0 occurs)
area <area-id> virtual-link <RID> (area-id 是作为传输的area号,即做virtual link的两个area之间的area,RID是做virtual link 的两个路由器的id,一般是路由器上最大的ip address或最大的loopback地址)
例:
路由器RTA 地址为1.1.1.1 在area 1 中,路由器RTB 地址为2.2.2.2 在area 0 中,
area0 和area1 通过area 2 做virtual link.
RTA#
router ospf 100
area 2 virtual-link 2.2.2.2
RTB#
router ospf 100
area 2 virtual-link 1.1.1.1
4,Adjacencies:
ip ospf hello-interval <seconds>
ip ospf dead-interval <seconds>
ip ospf priority <value> (value 值缺省为1,设为0则该路由器不为DR、BDR)
sh ip ospf interface <interface>,sh ip ospf neighbor 验证
neighbor <ip-address> [priority <number>] [poll-interval <seconds>] (目前已较少使用)
5,NBMA:
(1) point to point subinterface
在物理口上开若干逻辑口实现点对点互连
例:
RTA#:
interface serial 0
no ip address
encapsulation frame-relay
interface serial0.1 point-to-point
ip address 128.213.63.6 255.255.252.0
frame-relay interface-dlci 20
iterface serial0.2 point-to-point
ip address 128.213.64.6 255.255.252.0
frame-relay interface-dlci 30
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
RTB#:
interface serial 0
no ip address
encapsulation frame-relay
interface serial0.1 point-to-point
ip address 128.213.63.5 255.255.252.0
frame-relay interface-dlci 40
interface serial 1
ip address 128.212.1.1 255.255.255.0
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
network 128.212.0.0 0.0.255.255 area 0
(2) Select interface network type:
ip ospf network {broadcast|non-broadcast|point-to-multipoint}
例:
RTA#:
interface loopback 0
ip address 200.200.10.1 255.255.255.0
interface serial 0
ip address 128.213.10.1 255.255.252.0
encapsulation frame-relay
ip ospf network point-to-multipoint
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
RTB#:
interface serial 0
ip address 128.213.10.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
interface serial 1
ip address 123.212.1.1 255.255.255.0
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
network 123.212.0.0 0.0.255.255 area 0
6,OSPF and route summarization
(1) Inter-area route summarization (done on ABRs)
area <area-id> range <address> <mask>
(2) External route summarization (effective only on ASBRs)
summary-address <ip-address> <mask>
例:
RTA#:
summary-address 128.213.64.0 255.255.224.0
redistribute bgp 50 metric 1000 subnets
RTB#:
summary-address 128.213.96.0 255.255.224.0
redistribute bgp 20 metric 1000 subnets
7,Stub Area
area <area-id> stub [no summary]
area <area-id> defaul-cost <cost> (cost default is 1)
8,Redistribute routes into OSPF
redistribute <protocol [process-id]> [metric <value>] [metric-type <value>] [route-map <map-tag>] [subnets]
( metric default is 20,except bgp is 1;metric-type default is 2)
route-map <map-tag> [[permit]|[deny] |[sequence-number]]
例,RTC作为ASBR,RTE为ospf内部路由器,两者通过serial 口互连,RTC通过E0口连外部的16.16.16.0/24,128.213.0.0/16
RTC:
interface Ethernet 0
ip address 203.250.14.2 255.255.255.0
interface serial 1
ip address 203.250.15.1 255.255.255.252
router ospf 10
redistribute static
network 203.250.15.0 0.0.0.255 area 2
network 203.250.14.0 0.0.0.255 area 0
ip route 16.16.16.0 255.255.255.0 ethernet0
ip route 128.213.0.0 255.255.0.0 ethernet0
RTE:
interface serial 0
ip address 203.250.15.2 255.255.255.252
router ospf 10
network 203.250.15.0 0.0.0.255 area 2
当sh ip route时,可看到只有128.213.0.0路由在表中。这是因为16.16.16.0为一个A类地址,并被划为子网,当没有用subnet参数时,不被redistribute.
RTC 配置若改为:
redistribute static metric 50 metric-type 1 subnets route-map STOPUPDATE
access-list 1 permit 128.213.0.0 0.0.255.255
route-map STOPUPDATE permit 10
match ip address 1
这时只有128.213.0.0 被redistrubute into OSPF
9,distribute ospf into other protocols
passive-interface
distribute-list <number> in <protocol> <protocol-id>
distribute-list <number> out <protocol> <protocol-id>
10,injecting defaults into ospf
default-information originate [always] [metric <metric-value>] [metric-type <type-value>] [route-map <map-name>]
11,ospf design tips,
(1) experience show that 40-50 routers per area is the upper bound for ospf
(2) try to avoid have the same router to be DR on more than one segament
(3) it's better to have each ABR connect to two area only
12 SHOW FULL OSPF DATABASE
sh ip ospf database router
sh ip ospf database network
sh ip ospf database summary
sh ip ospf database asbr-summary
sh ip ospf database external
APPENDIX:
1.ROUTER SUB_COMMANDS
network <n.n.n.n> <mask> Area <area_id>
Area <area_id> stub {no-summary}
Area <area_id> authentication
Area <area_id> default_cost <cost>
Area <area_id> virtual_link <route_id>,...
Area <area_id> range <address mask>
2,INTERFACE SUBCOMMANDS
ip ospf cost <cost>
ip ospf priority <8-bit-number>
ip ospf hello-interval <number-of-seconds>
ip ospf dead-interval <number-of-seconds>
ip ospf authentication-key <8-bytes-of-passwd>
ip ospf retransmit-interval <second>
Example:
router ospf 100
network 200.200.4.0 0.0.0.3 area 0
redistribute connected subnets 使其他路由器可以看到loopback 地址
ospf log-adjacency-changes 当相邻的路由器发生变化时可以在本地路由器上看到相关信息
sh ip route
sh ip ospf
sh ip ospf interfaace
sh ip ospf neighbor
sh ip ospf database
OSPF cost=带宽/100M (也可以强行设置 ip ospf cost <value>)
OSPF 中area 0 作为backbone
routes that are generated from within an area ( the destination belongs to the area) are called intra-area routes.
这类路由在路由表中用O表示
routes that originate from other areas are called inter-area or summary routes.
这类路由在路由表中用O IA表示
routes that originate from other routing protocols (or different ospf process ) and that are inject into ospf via redistribution are called external routes.
这类路由在路由表中用O E1 或O E2表示
E1、E2(external type1&external type 2)是计算cost的两种方法,E2只计算ASBR与外部之间的cost,E1还要加上ospf内部的cost),缺省为E2
1,Enable OSPF on router
router OSPF <process-id>
network <network or ip address> <mask> <area-id> (mask contain wild card bits where 0 is match and 1 is "don't care" bit)
例:
router ospf 100
network 192.213.0.0 0.0.255.255 area 0.0.0.0
network 128.213.1.1 0.0.0.0 area 23
2,OSPF Authentication
Null authentication、simple password authentication、message digest authentication(MD5)
(1)Simple Authentication,ip ospf authentication-key <key>(this go under the specific interface)
area <area-id> authentication (this go under "router ospf <process-id>)
例:
interface Ethernet 0
ip address 10.10.10.10 255.255.255.0
ip ospf authentication-key mypassword
router ospf 100
network 10.10.0.0 0.0.255.255 area 0
area 0 authentication
(2)MD5 authentication,ip ospf message-digest-key <key-id> md5 <key> (use under the interface)
area <area-id> authentication message-digest (use under "router ospf <process-id>)
例:
interface ethernet 0
ip address 10.10.10.10 255.255.255.0
ip ospf message-digest-key 10 md5 mypassword
router ospf 100
network 10.10.0.0 0.0.255.255 area 0
area 0 authentication message-digest
3,virtual link
(use for two purpose,a,link an area that does not have a physical connection to the backbone b,patching the backbone in case discontinuity of area 0 occurs)
area <area-id> virtual-link <RID> (area-id 是作为传输的area号,即做virtual link的两个area之间的area,RID是做virtual link 的两个路由器的id,一般是路由器上最大的ip address或最大的loopback地址)
例:
路由器RTA 地址为1.1.1.1 在area 1 中,路由器RTB 地址为2.2.2.2 在area 0 中,
area0 和area1 通过area 2 做virtual link.
RTA#
router ospf 100
area 2 virtual-link 2.2.2.2
RTB#
router ospf 100
area 2 virtual-link 1.1.1.1
4,Adjacencies:
ip ospf hello-interval <seconds>
ip ospf dead-interval <seconds>
ip ospf priority <value> (value 值缺省为1,设为0则该路由器不为DR、BDR)
sh ip ospf interface <interface>,sh ip ospf neighbor 验证
neighbor <ip-address> [priority <number>] [poll-interval <seconds>] (目前已较少使用)
5,NBMA:
(1) point to point subinterface
在物理口上开若干逻辑口实现点对点互连
例:
RTA#:
interface serial 0
no ip address
encapsulation frame-relay
interface serial0.1 point-to-point
ip address 128.213.63.6 255.255.252.0
frame-relay interface-dlci 20
iterface serial0.2 point-to-point
ip address 128.213.64.6 255.255.252.0
frame-relay interface-dlci 30
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
RTB#:
interface serial 0
no ip address
encapsulation frame-relay
interface serial0.1 point-to-point
ip address 128.213.63.5 255.255.252.0
frame-relay interface-dlci 40
interface serial 1
ip address 128.212.1.1 255.255.255.0
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
network 128.212.0.0 0.0.255.255 area 0
(2) Select interface network type:
ip ospf network {broadcast|non-broadcast|point-to-multipoint}
例:
RTA#:
interface loopback 0
ip address 200.200.10.1 255.255.255.0
interface serial 0
ip address 128.213.10.1 255.255.252.0
encapsulation frame-relay
ip ospf network point-to-multipoint
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
RTB#:
interface serial 0
ip address 128.213.10.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
interface serial 1
ip address 123.212.1.1 255.255.255.0
router ospf 10
network 128.213.0.0 0.0.255.255 area 1
network 123.212.0.0 0.0.255.255 area 0
6,OSPF and route summarization
(1) Inter-area route summarization (done on ABRs)
area <area-id> range <address> <mask>
(2) External route summarization (effective only on ASBRs)
summary-address <ip-address> <mask>
例:
RTA#:
summary-address 128.213.64.0 255.255.224.0
redistribute bgp 50 metric 1000 subnets
RTB#:
summary-address 128.213.96.0 255.255.224.0
redistribute bgp 20 metric 1000 subnets
7,Stub Area
area <area-id> stub [no summary]
area <area-id> defaul-cost <cost> (cost default is 1)
8,Redistribute routes into OSPF
redistribute <protocol [process-id]> [metric <value>] [metric-type <value>] [route-map <map-tag>] [subnets]
( metric default is 20,except bgp is 1;metric-type default is 2)
route-map <map-tag> [[permit]|[deny] |[sequence-number]]
例,RTC作为ASBR,RTE为ospf内部路由器,两者通过serial 口互连,RTC通过E0口连外部的16.16.16.0/24,128.213.0.0/16
RTC:
interface Ethernet 0
ip address 203.250.14.2 255.255.255.0
interface serial 1
ip address 203.250.15.1 255.255.255.252
router ospf 10
redistribute static
network 203.250.15.0 0.0.0.255 area 2
network 203.250.14.0 0.0.0.255 area 0
ip route 16.16.16.0 255.255.255.0 ethernet0
ip route 128.213.0.0 255.255.0.0 ethernet0
RTE:
interface serial 0
ip address 203.250.15.2 255.255.255.252
router ospf 10
network 203.250.15.0 0.0.0.255 area 2
当sh ip route时,可看到只有128.213.0.0路由在表中。这是因为16.16.16.0为一个A类地址,并被划为子网,当没有用subnet参数时,不被redistribute.
RTC 配置若改为:
redistribute static metric 50 metric-type 1 subnets route-map STOPUPDATE
access-list 1 permit 128.213.0.0 0.0.255.255
route-map STOPUPDATE permit 10
match ip address 1
这时只有128.213.0.0 被redistrubute into OSPF
9,distribute ospf into other protocols
passive-interface
distribute-list <number> in <protocol> <protocol-id>
distribute-list <number> out <protocol> <protocol-id>
10,injecting defaults into ospf
default-information originate [always] [metric <metric-value>] [metric-type <type-value>] [route-map <map-name>]
11,ospf design tips,
(1) experience show that 40-50 routers per area is the upper bound for ospf
(2) try to avoid have the same router to be DR on more than one segament
(3) it's better to have each ABR connect to two area only
12 SHOW FULL OSPF DATABASE
sh ip ospf database router
sh ip ospf database network
sh ip ospf database summary
sh ip ospf database asbr-summary
sh ip ospf database external
APPENDIX:
1.ROUTER SUB_COMMANDS
network <n.n.n.n> <mask> Area <area_id>
Area <area_id> stub {no-summary}
Area <area_id> authentication
Area <area_id> default_cost <cost>
Area <area_id> virtual_link <route_id>,...
Area <area_id> range <address mask>
2,INTERFACE SUBCOMMANDS
ip ospf cost <cost>
ip ospf priority <8-bit-number>
ip ospf hello-interval <number-of-seconds>
ip ospf dead-interval <number-of-seconds>
ip ospf authentication-key <8-bytes-of-passwd>
ip ospf retransmit-interval <second>
Example:
router ospf 100
network 200.200.4.0 0.0.0.3 area 0
redistribute connected subnets 使其他路由器可以看到loopback 地址
ospf log-adjacency-changes 当相邻的路由器发生变化时可以在本地路由器上看到相关信息
sh ip route
sh ip ospf
sh ip ospf interfaace
sh ip ospf neighbor
sh ip ospf database
