2007 July 24 « L, S + P

Configuring OSPF Virtual Link

July 24, 2007 sigitp 1 comment

configuring ospf virtual link

Objective

configure an OSPF virtual link so that a disconnected area can reach the backbone as required by OSPF.

Topology

ospf virtual link

Configs

SanJose1#sh run
Building configuration…

Current configuration : 1015 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$bP5E$pamhnCUi0AcSl/F9Rej651
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.1.3 255.255.255.0
!
interface Loopback1
ip address 192.168.0.3 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.224.1 255.255.255.0
duplex half
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.224.0 0.0.0.255 area 51
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

SanJose1#

Singapore#sh run
Building configuration…

Current configuration : 1790 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Singapore
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$bPdv$hcFIbsP8L4rzFyuNrFoqE0
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.224.2 255.255.255.0
duplex half
!
interface Serial1/0
ip address 192.168.240.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
network 192.168.3.0 0.0.0.255 area 51
network 192.168.224.0 0.0.0.255 area 51
network 192.168.240.0 0.0.0.3 area 3
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

Singapore#

Auckland#sh run
Building configuration…

Current configuration : 1711 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Auckland
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$W3Ux$X4cR/1jc27f9IbV5b.Qgn0
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.252.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.248.1 255.255.255.0
duplex half
!
interface Serial1/0
ip address 192.168.240.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
network 192.168.240.0 0.0.0.3 area 3
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

Auckland#

Auckland#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.240.0/30 is subnetted, 1 subnets
C 192.168.240.0 is directly connected, Serial1/0
C 192.168.252.0/24 is directly connected, Loopback0
Auckland#

See that there’s no OSPF routes distributed to the Auckland router.

Inter Area traffice must transit the backbone area. Even though area 51 and area 3 are adjacent, they do not share OSPF routing updates.

Still, Singapore and Auckland has been able to form adjacency (sh ip ospf nei).

Area 3 is not connected to the area 0.

router Singapore is the ABR for area3, router SanJose1 is the ABR for area 0. therefore we must configure virtual link on Singapore and SanJose1 via area 51 as the transit area.

On SanJose1:

!
router ospf 1
log-adjacency-changes
area 51 virtual-link 192.168.3.1 (this is the other router’s RID)
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.224.0 0.0.0.255 area 51
!

On Singapore:

!
router ospf 1
log-adjacency-changes
area 51 virtual-link 192.168.1.3 (this is the other router’s RID)
network 192.168.3.0 0.0.0.255 area 51
network 192.168.224.0 0.0.0.255 area 51
network 192.168.240.0 0.0.0.3 area 3
!
Result:

Gateway of last resort is not set

O IA 192.168.224.0/24 [110/65] via 192.168.240.1, 00:01:32, Serial1/0
192.168.240.0/30 is subnetted, 1 subnets
C 192.168.240.0 is directly connected, Serial1/0
192.168.0.0/32 is subnetted, 1 subnets
O IA 192.168.0.3 [110/66] via 192.168.240.1, 00:00:01, Serial1/0
192.168.1.0/32 is subnetted, 1 subnets
O IA 192.168.1.3 [110/66] via 192.168.240.1, 00:00:01, Serial1/0
C 192.168.252.0/24 is directly connected, Loopback0
192.168.3.0/32 is subnetted, 1 subnets
O IA 192.168.3.1 [110/65] via 192.168.240.1, 00:01:32, Serial1/0

See that finally Auckland router receives LSA from area 0 through the virtual links. You can also do the sh ip ospf virtual-links to see the virtual-links condition.

Summary

virtual links should be configured on both edge via transit area.
inter area traffic mus transit area backbone.

Categories: learn, share

Configuring OSPF Stub and Totally Stub Area

July 24, 2007 sigitp 2 comments

configuring ospf stub and totally stub area

Objective:

configure ospf stub area (filter type 5 LSA E1 and E2 from populating stub area’s router routing table)
configure ospf totally stub area (cisco propietary, filter type 5 LSA, type 3 IA O, and type 4 IA O from populating stub area’s router routing table)
area 2 is a stub area. Capetown should have least routing table entry.

Topology:

ospf stub and totally stub

Configs:

Usual ConfigsSanJose1:

SanJose1#sh run
Building configuration…

Current configuration : 1244 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LDb6$zEg.92Fgad6druYY83bUE0
!
no aaa new-model
!
resource policy
!
ip cef
!
!
interface Loopback0 (simulate internal network on SanJose1)
ip address 192.168.64.1 255.255.255.0
!
interface Loopback1
ip address 192.168.80.1 255.255.255.0
!
interface Loopback2
ip address 192.168.96.1 255.255.255.0
!
interface Loopback3
ip address 192.168.112.1 255.255.255.0
!
interface Loopback5
ip address 10.0.0.6 255.255.255.252
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex half
!
router ospf 1
log-adjacency-changes
redistribute static (static routes redistribution using E2 type 5 LSA)
network 192.168.1.0 0.0.0.255 area 0
network 192.168.64.0 0.0.63.255 area 1
default-information originate
!
ip route 10.0.0.0 255.0.0.0 Null0 (simulate ISP connection)
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

SanJose1#
SanJose3:

SanJose3#sh run
Building configuration…

Current configuration : 1783 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$aHy.$gyYsVc6zVpucwrv99×296/
!
no aaa new-model
!
resource policy
!
ip cef
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.3 255.255.255.0
duplex half
!
interface Serial1/0
ip address 192.168.208.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.208.0 0.0.0.3 area 2
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

SanJose3#
Capetown:

Capetown#sh run
Building configuration…

Current configuration : 1711 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Capetown
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FoDT$Gc/68u.1hX6wJWX66t/j2/
!
no aaa new-model
!
resource policy
!
ip cef
!
!
interface Loopback0
ip address 192.168.220.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.216.1 255.255.255.0
duplex half
!
interface Serial1/0
ip address 192.168.208.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
network 192.168.208.0 0.0.0.3 area 2
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

Capetown#
result:

Capetown#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.208.0/30 is subnetted, 1 subnets
C 192.168.208.0 is directly connected, Serial1/0
192.168.64.0/32 is subnetted, 1 subnets
O IA 192.168.64.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0
192.168.80.0/32 is subnetted, 1 subnets
O IA 192.168.80.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0
O E2 10.0.0.0/8 [110/20] via 192.168.208.1, 00:06:48, Serial1/0
192.168.96.0/32 is subnetted, 1 subnets
O IA 192.168.96.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0
192.168.112.0/32 is subnetted, 1 subnets
O IA 192.168.112.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0
C 192.168.220.0/24 is directly connected, Loopback0
O IA 192.168.1.0/24 [110/65] via 192.168.208.1, 00:06:48, Serial1/0
192.168.3.0/32 is subnetted, 1 subnets
O IA 192.168.3.1 [110/65] via 192.168.208.1, 00:06:49, Serial1/0

O IA denotes LSA type 3 or type 4 Inter Area route summary, not filtered.
O E2 denotes LSA type 5 external route summary, not filtered.
So, Capetown’s routing table is full, not efficient for a stub area router. We need to filter type 3 or 4 LSA using stub configuration. More efficiently, we also need to filter type 5 LSA using totally stubby configuration (cisco propietary)
gateway of last resort is not set.

Stub Configs:

SanJose3:

just add these lines to make area 2 a stub area.

SanJose3:

SanJose3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SanJose3(config)#router ospf 1
SanJose3(config-router)#area 2 stub

Capetown:

Capetown#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Capetown(config)#router ospf 1
Capetown(config-router)#area 2 stub

result:

Capetown(config-router)#do sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is 192.168.208.1 to network 0.0.0.0

192.168.208.0/30 is subnetted, 1 subnets
C 192.168.208.0 is directly connected, Serial1/0
192.168.64.0/32 is subnetted, 1 subnets
O IA 192.168.64.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0
192.168.80.0/32 is subnetted, 1 subnets
O IA 192.168.80.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0
192.168.96.0/32 is subnetted, 1 subnets
O IA 192.168.96.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0
192.168.112.0/32 is subnetted, 1 subnets
O IA 192.168.112.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0
C 192.168.220.0/24 is directly connected, Loopback0
O IA 192.168.1.0/24 [110/65] via 192.168.208.1, 00:09:38, Serial1/0
192.168.3.0/32 is subnetted, 1 subnets
O IA 192.168.3.1 [110/65] via 192.168.208.1, 00:09:40, Serial1/0
O*IA 0.0.0.0/0 [110/65] via 192.168.208.1, 00:09:40, Serial1/0

No More O E2 routes because type 5 LSAs are filtered.
The routing table become a little bit smaller -just a little bit though.
gateway of last resort is automatically added.

Totally Stub Configs:

to configure area 2 as totally stubby, u have to change the configuration above -only at the ABR, in this case SanJose3 router. While Capetown’s config doesn’t have to be changed.

SanJose3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SanJose3(config)#
SanJose3(config)#router ospf 1
SanJose3(config-router)#no area
SanJose3(config-router)#no area 2 stub
SanJose3(config-router)#are
SanJose3(config-router)#area
SanJose3(config-router)#area 2 stu
SanJose3(config-router)#area 2 stub no
SanJose3(config-router)#area 2 stub no-summary

result:

Gateway of last resort is 192.168.208.1 to network 0.0.0.0

192.168.208.0/30 is subnetted, 1 subnets
C 192.168.208.0 is directly connected, Serial1/0
C 192.168.220.0/24 is directly connected, Loopback0
O*IA 0.0.0.0/0 [110/65] via 192.168.208.1, 00:01:05, Serial1/0

No more type 5 LSA (E1 or E2) route summary.
No more type 3 or 4 LSA (O IA) route summary.
Now, the routing table is definitely small.
gateway of last resort is automatically added.

Summary:

for stub networks router, it is better to keep the routing table small. use stub or totally stub area.
stub configuration applied on both interface of an areas link. stub configuration filter type 5 LSA (E1 or E2) from populating stub networks router routing table. gateway of last resort automatically added by the ABR.
totally stub configuration applied only at the ASBRs interface. stub configuration filter type 5 (E1 or E2), type 3 and type 4 LSA (O IA) from populating stub networks router routing table. gateway of last resort automatically added by the ABR.
The problem is : network 192.168.220.1 and 192.168.216.1 (both on router Capetown) can not be accessed from SanJose1 and SanJose3 (those networks injected to the OSPF AS using type 5 LSA -remember type 5 LSAs are filtered on stub area). I believe, this will be solved by NSSA configuration.

Categories: learn, share

Configuring OSPF NSSA

July 24, 2007 sigitp Leave a comment

configuring ospf nssa

Obejctive:

configure OSPF NSSA in order to import external routing information while retaining the benefits of a stub area.

you want to make Singapore router has routing table entry as least as possible because this router only has one way out to the ISP1 via router SanJose3. you can realize this by configuring area 51 as a stub or totally stubby area, but the Auckland network will not being advertised through the other areas, remember stub and totally stubby area filter type 5 LSA. so with stub or totally stubby configuration, we can’t ping Auckland network (192.168.240.1 for example) from router SanJose 1.in this case Singapore is an ASBR. an ASBR can not be a stub router.

the solution for this situation is to configure the area 51 as NSSA. with NSSA we can filter type 5 LSAs. by using NSSA with no-summary, we can filter both type 5 and type 3/4 LSAs, and the Auckland network will still being advertised using type 7 LSA. an amazing example of cisco propietary protocol.

Topology:

ospf nssa

Configs:

NSSA Configs

SanJose3#sh run
Building configuration…

Current configuration : 1743 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ypAG$EbdmRvrpwemBIcVcmu75b/
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.3 255.255.255.0
duplex half
!
interface Serial1/0
ip address 192.168.224.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
area 51 nssa (configure area 51 as nssa)
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.224.0 0.0.0.3 area 51
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

SanJose3#

Singapore#sh run
Building configuration…

Current configuration : 1867 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Singapore
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$AQ32$aPkEbUAsrR/1PajuOSNtq/
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.240.1 255.255.255.0
!
interface Loopback1
ip address 192.168.244.1 255.255.255.0
!
interface Loopback2
ip address 192.168.248.1 255.255.255.0
!
interface Loopback3
ip address 192.168.252.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.224.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
area 51 nssa (configure area 51 as nssa)
redistribute connected (this will be distributed using type 7 LSA, not type 5)
network 192.168.224.0 0.0.0.3 area 51
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

Singapore#

SanJose1#sh run
Building configuration…

Current configuration : 1189 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ocFL$HKIOiot107PO6H3IDYjIV0
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.64.1 255.255.255.0
!
interface Loopback1
ip address 192.168.80.1 255.255.255.0
!
interface Loopback2
ip address 192.168.96.1 255.255.255.0
!
interface Loopback3
ip address 192.168.112.1 255.255.255.0
!
interface Loopback5
ip address 10.0.0.6 255.255.255.252
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex half
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.64.0 0.0.63.255 area 1
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

SanJose1#

Result:

SanJose3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.224.0/30 is subnetted, 1 subnets
C 192.168.224.0 is directly connected, Serial1/0
O N2 192.168.240.0/24 [110/20] via 192.168.224.2, 00:02:12, Serial1/0
O N2 192.168.244.0/24 [110/20] via 192.168.224.2, 00:02:12, Serial1/0
192.168.64.0/32 is subnetted, 1 subnets
O IA 192.168.64.1 [110/2] via 192.168.1.1, 00:02:12, FastEthernet0/0
192.168.80.0/32 is subnetted, 1 subnets
O IA 192.168.80.1 [110/2] via 192.168.1.1, 00:02:12, FastEthernet0/0
192.168.96.0/32 is subnetted, 1 subnets
O IA 192.168.96.1 [110/2] via 192.168.1.1, 00:02:12, FastEthernet0/0
O N2 192.168.248.0/24 [110/20] via 192.168.224.2, 00:02:12, Serial1/0
192.168.112.0/32 is subnetted, 1 subnets
O IA 192.168.112.1 [110/2] via 192.168.1.1, 00:02:12, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
O N2 192.168.252.0/24 [110/20] via 192.168.224.2, 00:02:14, Serial1/0
C 192.168.3.0/24 is directly connected, Loopback0 SanJose3#sh ip ospf dat

OSPF Router with ID (192.168.3.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
192.168.3.1 192.168.3.1 662 0×80000007 0×0045B2 2
192.168.112.1 192.168.112.1 217 0×80000007 0×001689 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
192.168.1.1 192.168.112.1 1475 0×80000005 0×00990E

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
192.168.64.1 192.168.112.1 1475 0×80000005 0×00E7CA
192.168.80.1 192.168.112.1 1475 0×80000005 0×00376B
192.168.96.1 192.168.112.1 1475 0×80000005 0×00860C
192.168.112.1 192.168.112.1 1475 0×80000005 0×00D5AC
192.168.224.0 192.168.3.1 1416 0×80000005 0×006FD4

Router Link States (Area 51)

Link ID ADV Router Age Seq# Checksum Link count
192.168.3.1 192.168.3.1 662 0×80000008 0×00A51A 2
192.168.252.1 192.168.252.1 654 0×80000008 0×005372 2

Summary Net Link States (Area 51)

Link ID ADV Router Age Seq# Checksum
192.168.1.0 192.168.3.1 1332 0×80000001 0×005509
192.168.3.1 192.168.3.1 1332 0×80000001 0×003526
192.168.64.1 192.168.3.1 1332 0×80000001 0×009D7F
192.168.80.1 192.168.3.1 1332 0×80000001 0×00EC20
192.168.96.1 192.168.3.1 1332 0×80000001 0×003CC0
192.168.112.1 192.168.3.1 1332 0×80000001 0×008B61

Type-7 AS External Link States (Area 51)

Link ID ADV Router Age Seq# Checksum Tag
192.168.240.0 192.168.252.1 654 0×80000005 0×00F98A 0
192.168.244.0 192.168.252.1 654 0×80000005 0×00CDB2 0
192.168.248.0 192.168.252.1 654 0×80000005 0×00A1DA 0
192.168.252.0 192.168.252.1 654 0×80000005 0×007503 0

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
192.168.240.0 192.168.3.1 663 0×80000005 0×006424 0
192.168.244.0 192.168.3.1 665 0×80000005 0×00384C 0
192.168.248.0 192.168.3.1 665 0×80000005 0×000C74 0
192.168.252.0 192.168.3.1 665 0×80000005 0×00DF9C 0
SanJose3#

Singapore#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.224.0/30 is subnetted, 1 subnets
C 192.168.224.0 is directly connected, Serial1/0
C 192.168.240.0/24 is directly connected, Loopback0
C 192.168.244.0/24 is directly connected, Loopback1
192.168.64.0/32 is subnetted, 1 subnets
O IA 192.168.64.1 [110/66] via 192.168.224.1, 00:00:19, Serial1/0
192.168.80.0/32 is subnetted, 1 subnets
O IA 192.168.80.1 [110/66] via 192.168.224.1, 00:00:19, Serial1/0
192.168.96.0/32 is subnetted, 1 subnets
O IA 192.168.96.1 [110/66] via 192.168.224.1, 00:00:19, Serial1/0
C 192.168.248.0/24 is directly connected, Loopback2
192.168.112.0/32 is subnetted, 1 subnets
O IA 192.168.112.1 [110/66] via 192.168.224.1, 00:00:20, Serial1/0
O IA 192.168.1.0/24 [110/65] via 192.168.224.1, 00:00:20, Serial1/0
C 192.168.252.0/24 is directly connected, Loopback3
192.168.3.0/32 is subnetted, 1 subnets
O IA 192.168.3.1 [110/65] via 192.168.224.1, 00:00:20, Serial1/0 Singapore#sh ip ospf dat

OSPF Router with ID (192.168.252.1) (Process ID 1)

Router Link States (Area 51)

Link ID ADV Router Age Seq# Checksum Link count
192.168.3.1 192.168.3.1 706 0×80000008 0×00A51A 2
192.168.252.1 192.168.252.1 696 0×80000008 0×005372 2

Summary Net Link States (Area 51)

Link ID ADV Router Age Seq# Checksum
192.168.1.0 192.168.3.1 1376 0×80000001 0×005509
192.168.3.1 192.168.3.1 1376 0×80000001 0×003526
192.168.64.1 192.168.3.1 1376 0×80000001 0×009D7F
192.168.80.1 192.168.3.1 1376 0×80000001 0×00EC20
192.168.96.1 192.168.3.1 1376 0×80000001 0×003CC0
192.168.112.1 192.168.3.1 1376 0×80000001 0×008B61

Type-7 AS External Link States (Area 51)

Link ID ADV Router Age Seq# Checksum Tag
192.168.240.0 192.168.252.1 696 0×80000005 0×00F98A 0
192.168.244.0 192.168.252.1 696 0×80000005 0×00CDB2 0
192.168.248.0 192.168.252.1 697 0×80000005 0×00A1DA 0
192.168.252.0 192.168.252.1 697 0×80000005 0×007503 0
Singapore#

SanJose1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.224.0/30 is subnetted, 1 subnets
O IA 192.168.224.0 [110/65] via 192.168.1.3, 00:05:22, FastEthernet0/0
O E2 192.168.240.0/24 [110/20] via 192.168.1.3, 00:05:22, FastEthernet0/0
O E2 192.168.244.0/24 [110/20] via 192.168.1.3, 00:05:22, FastEthernet0/0
C 192.168.64.0/24 is directly connected, Loopback0
C 192.168.80.0/24 is directly connected, Loopback1
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.0.4 is directly connected, Loopback5
C 192.168.96.0/24 is directly connected, Loopback2
O E2 192.168.248.0/24 [110/20] via 192.168.1.3, 00:05:22, FastEthernet0/0
C 192.168.112.0/24 is directly connected, Loopback3
C 192.168.1.0/24 is directly connected, FastEthernet0/0
O E2 192.168.252.0/24 [110/20] via 192.168.1.3, 00:05:22, FastEthernet0/0
192.168.3.0/32 is subnetted, 1 subnets
O 192.168.3.1 [110/2] via 192.168.1.3, 00:05:23, FastEthernet0/0
SanJose1#sh ip ospf dat

OSPF Router with ID (192.168.112.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
192.168.3.1 192.168.3.1 781 0×80000007 0×0045B2 2
192.168.112.1 192.168.112.1 335 0×80000007 0×001689 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
192.168.1.1 192.168.112.1 1593 0×80000005 0×00990E

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
192.168.64.1 192.168.112.1 1593 0×80000005 0×00E7CA
192.168.80.1 192.168.112.1 1593 0×80000005 0×00376B
192.168.96.1 192.168.112.1 1593 0×80000005 0×00860C
192.168.112.1 192.168.112.1 1593 0×80000005 0×00D5AC
192.168.224.0 192.168.3.1 1536 0×80000005 0×006FD4

Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count
192.168.112.1 192.168.112.1 335 0×80000006 0×0039FE 4

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
192.168.1.0 192.168.112.1 1594 0×80000007 0×00A54B
192.168.3.1 192.168.112.1 1594 0×80000005 0×00935B
192.168.224.0 192.168.112.1 1594 0×80000005 0×007B5A

Summary ASB Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
192.168.3.1 192.168.112.1 816 0×80000005 0×007B73

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
192.168.240.0 192.168.3.1 782 0×80000005 0×006424 0
192.168.244.0 192.168.3.1 782 0×80000005 0×00384C 0
192.168.248.0 192.168.3.1 782 0×80000005 0×000C74 0
192.168.252.0 192.168.3.1 782 0×80000005 0×00DF9C 0
SanJose1#

summary:

the Auckland network ditributed to the ospf areas using type 7 LSA by Singapore router. because no-summary command is not used, there will be still O IA Inter Area routes (type 3 or 4 LSA) in Singapore’s routing table. Singapore’s link-state database contains type 7 LSA and there’s no type 5 LSA.
router SanJose 3 is the NSSA ABR that converts type 7 LSA into type 5 LSA and distribute them to area backbone. therefore, SanJose3’s routing table contains type 5 LSA and type7 LSA. in SanJose3 routing table there are N2 (NSSA type 2) routes learned from type 7 LSA being distributed by Singapore router.
router SanJose1 is unaware of the NSSA configuration in area 51. NSSA ABR, router SanJose3 has convert type 7 LSA into type 5 LSA. Auckland networks listed in SanJose1’s routing table as type 5 LSA (E2). in SanJose1’s link-state database there’s only type 5 LSAs from SanJose3’s converted type 7 LSAs.

NSSA no-summary Configs

everything is the same as above. the only difference is at NSSA ABR, the SanJose3 router. we should add this following line.

router ospf 1
log-adjacency-changes
area 51 nssa no-summary
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.224.0 0.0.0.3 area 51

Result:

Gateway of last resort is 192.168.224.1 to network 0.0.0.0

192.168.224.0/30 is subnetted, 1 subnets
C 192.168.224.0 is directly connected, Serial1/0
C 192.168.240.0/24 is directly connected, Loopback0
C 192.168.244.0/24 is directly connected, Loopback1
C 192.168.248.0/24 is directly connected, Loopback2
C 192.168.252.0/24 is directly connected, Loopback3
O*IA 0.0.0.0/0 [110/65] via 192.168.224.1, 00:00:05, Serial1/0
Singapore#

summary:

all O IA Inter Area routes are replaced with the 0.0.0.0/0 default route. area 51 now act like totally stubby area with the primary difference is that NSSA can redistribute external routes.
default route is automatically added.

Categories: learn, share

Configuring Multi Area OSPF

July 24, 2007 sigitp 3 comments

configuring multiarea ospf

objective:

configure multiarea OSPF operation, interarea summarization, external route summarization and default routing.

topology:

ospf multiarea

configs:

SanJose3:

SanJose3#sh run
Building configuration…

Current configuration : 1729 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ypAG$EbdmRvrpwemBIcVcmu75b/
!
no aaa new-model
!
resource policy
!
ip cef
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.3 255.255.255.0
duplex half
!
interface Serial1/0
ip address 192.168.224.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.224.0 0.0.0.3 area 51
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

SanJose3#

Singapore:

Singapore#sh run
Building configuration…

Current configuration : 1833 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Singapore
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$AQ32$aPkEbUAsrR/1PajuOSNtq/
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.224.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 1
log-adjacency-changes
summary-address 192.148.240.0 255.255.240.0 (external route summarization)
redistribute static metric-type 1 (external route summarization using E1 type 5 LSA)
network 192.168.224.0 0.0.0.3 area 51
!
ip route 192.168.240.0 255.255.255.0 Null0
ip route 192.168.244.0 255.255.255.0 Null0
ip route 192.168.248.0 255.255.255.0 Null0
ip route 192.168.252.0 255.255.255.0 Null0
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

Singapore#

SanJose1:

SanJose1#sh run
Building configuration…

Current configuration : 1237 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SanJose1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ocFL$HKIOiot107PO6H3IDYjIV0
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.64.1 255.255.255.0
!
interface Loopback1
ip address 192.168.80.1 255.255.255.0
!
interface Loopback2
ip address 192.168.96.1 255.255.255.0
!
interface Loopback3
ip address 192.168.112.1 255.255.255.0
!
interface Loopback5
ip address 10.0.0.6 255.255.255.252
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex half
!
router ospf 1
log-adjacency-changes
area 1 range 192.168.64.0 255.255.192.0 (interarea summarization)
network 192.168.1.0 0.0.0.255 area 0
network 192.168.64.0 0.0.63.255 area 1
default-information originate always (distribute default routing information)
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end

SanJose1#

summary:

Router SanJose1is an ABR and ASBR (do sh ip ospf)
Router SanJose3 is an ABR (do sh ip ospf)
Router Singapore is an ASBR (do sh ip ospf)
Type 5 LSA used to redistribute external routes. E2 type 5 LSA doesn’t count internal OSPF AS metric. E1 type 5 LSA count internal OSPF AS metric. So, when there are more than one link to external network, use E1 type 5 LSA do redistribute static metric-type 1 on router configuration mode.
To distribute default routing information for other OSPF area to a specific router, do default-information originate always on that router. This will distribute Gateway of last resort to other routers to this specific router. PS: this router must be the only way out for other routers to the internet.

Categories: learn, share

	sigitp on MPLS Traffic Engineering using…
	india1968 on Not To Complain Again Facing I…
	Siti on Not To Complain Again Facing I…
	Pratik Bhosale on Configuring OSPF Stub and Tota…
	akila on JUNOS logical-router

L, S + P

Archive

Configuring OSPF Virtual Link

Configuring OSPF Stub and Totally Stub Area

Configuring OSPF NSSA

Configuring Multi Area OSPF

Comrades

Wedding

Archives

Recent Comments

Wedding Photos

July 2007
M	T	W	T	F	S	S
« Mar				Aug »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31