We will discuss these topics in this session:
1. OSPF configuration
2. OSPF passive interface
3. OSPF Virtual Link
4. OSPF interface network type
5. OSPF interface cost manipulation
6. OSPF Authentication
This is the network topology for these configurations:
This is the initial configuration on these routers:
set version 10.1R1.8 set system host-name R1 set system root-authentication encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9." set system login user amolak uid 2000 set system login user amolak class super-user set system login user amolak authentication encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0" set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces em0 unit 0 family inet address 1.1.12.1/24 set interfaces em1 unit 0 family inet address 1.1.21.1/24 set interfaces lo0 unit 0 family inet address 1.1.1.1/32 set routing-options router-id 1.1.1.1 set version 10.1R1.8 set system host-name R2 set system root-authentication encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9." set system login user amolak uid 2000 set system login user amolak class super-user set system login user amolak authentication encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0" set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces em0 unit 0 family inet address 1.1.12.2/24 set interfaces em1 unit 0 family inet address 1.1.21.2/24 set interfaces em3 unit 0 family inet address 1.1.23.2/24 set interfaces lo0 unit 0 family inet address 2.2.2.2/32 set routing-options router-id 2.2.2.2 set version 10.1R1.8 set system host-name R3 set system root-authentication encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9." set system login user amolak uid 2000 set system login user amolak class super-user set system login user amolak authentication encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0" set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces em0 unit 0 family inet address 1.1.34.3/24 set interfaces em3 unit 0 family inet address 1.1.23.3/24 set interfaces lo0 unit 0 family inet address 3.3.3.3/32 set routing-options router-id 3.3.3.3 set version 10.1R1.8 set system host-name R4 set system root-authentication encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9." set system login user amolak uid 2000 set system login user amolak class super-user set system login user amolak authentication encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0" set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces em0 unit 0 family inet address 1.1.34.4/24 set interfaces lo0 unit 0 family inet address 4.4.4.4/32 set routing-options router-id 4.4.4.4 ## Router-ID is already configured on all routers with below command. set routing-options router-id x.x.x.x
1. OSPF configuration
– Configure OSPF area on router interfaces as per drawing. Configure loopback interface as passive interface.
R1: amolak@R1> configure Entering configuration mode [edit] amolak@R1# set protocols ospf area 0 interface em0.0 amolak@R1# set protocols ospf area 0 interface em1.0 amolak@R1# set protocols ospf area 0 interface lo0.0 passive amolak@R1# commit and-quit R2: amolak@R2> configure Entering configuration mode [edit] amolak@R2# set protocols ospf area 0 interface em0.0 amolak@R2# set protocols ospf area 0 interface em1.0 amolak@R2# set protocols ospf area 0 interface lo0.0 passive amolak@R2# set protocols ospf area 1 interface em3.0 amolak@R2# commit and-quit R3: amolak@R3> configure Entering configuration mode [edit] amolak@R3# set protocols ospf area 1 interface em3.0 amolak@R3# set protocols ospf area 2 interface em0.0 amolak@R3# set protocols ospf area 1 interface lo0.0 passive amolak@R3# commit and-quit R4: amolak@R4> configure Entering configuration mode [edit] amolak@R4# set protocols ospf area 2 interface em0.0 amolak@R4# set protocols ospf area 2 interface lo0.0 passive amolak@R4# commit and-quit
Verification: amolak@R1> show ospf interface Interface State Area DR ID BDR ID Nbrs em0.0 BDR 0.0.0.0 2.2.2.2 1.1.1.1 1 em1.0 BDR 0.0.0.0 2.2.2.2 1.1.1.1 1 lo0.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0 amolak@R1> show ospf neighbor Address Interface State ID Pri Dead 1.1.12.2 em0.0 Full 2.2.2.2 128 34 1.1.21.2 em1.0 Full 2.2.2.2 128 38 amolak@R1> show ospf database OSPF database, Area 0.0.0.0 Type ID Adv Rtr Seq Age Opt Cksum Len Router *1.1.1.1 1.1.1.1 0x80000005 130 0x22 0xd7da 60 Router 2.2.2.2 2.2.2.2 0x80000004 131 0x22 0x3b69 60 Network 1.1.12.2 2.2.2.2 0x80000002 131 0x22 0x26ee 32 Network 1.1.21.2 2.2.2.2 0x80000002 131 0x22 0xc249 32 Summary 1.1.23.0 2.2.2.2 0x80000002 166 0x22 0x3edb 28 Summary 3.3.3.3 2.2.2.2 0x80000001 102 0x22 0xcc5b 28 amolak@R1> show route protocol ospf inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.23.0/24 *[OSPF/10] 00:01:21, metric 2 to 1.1.12.2 via em0.0 > to 1.1.21.2 via em1.0 2.2.2.2/32 *[OSPF/10] 00:01:21, metric 1 > to 1.1.12.2 via em0.0 to 1.1.21.2 via em1.0 3.3.3.3/32 *[OSPF/10] 00:00:55, metric 2 > to 1.1.12.2 via em0.0 to 1.1.21.2 via em1.0 224.0.0.5/32 *[OSPF/10] 00:02:32, metric 1 MultiRecv amolak@R2> show ospf interface Interface State Area DR ID BDR ID Nbrs em0.0 DR 0.0.0.0 2.2.2.2 1.1.1.1 1 em1.0 DR 0.0.0.0 2.2.2.2 1.1.1.1 1 lo0.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0 em3.0 DR 0.0.0.1 2.2.2.2 3.3.3.3 1 amolak@R2> show ospf neighbor Address Interface State ID Pri Dead 1.1.12.1 em0.0 Full 1.1.1.1 128 33 1.1.21.1 em1.0 Full 1.1.1.1 128 35 1.1.23.3 em3.0 Full 3.3.3.3 128 35 amolak@R2> show ospf database OSPF database, Area 0.0.0.0 Type ID Adv Rtr Seq Age Opt Cksum Len Router 1.1.1.1 1.1.1.1 0x80000005 135 0x22 0xd7da 60 Router *2.2.2.2 2.2.2.2 0x80000004 134 0x22 0x3b69 60 Network *1.1.12.2 2.2.2.2 0x80000002 134 0x22 0x26ee 32 Network *1.1.21.2 2.2.2.2 0x80000002 134 0x22 0xc249 32 Summary *1.1.23.0 2.2.2.2 0x80000002 169 0x22 0x3edb 28 Summary *3.3.3.3 2.2.2.2 0x80000001 105 0x22 0xcc5b 28 OSPF database, Area 0.0.0.1 Type ID Adv Rtr Seq Age Opt Cksum Len Router *2.2.2.2 2.2.2.2 0x80000004 112 0x22 0xa246 36 Router 3.3.3.3 3.3.3.3 0x80000002 108 0x22 0xcef6 48 Network *1.1.23.2 2.2.2.2 0x80000001 112 0x22 0x13ef 32 Summary *1.1.1.1 2.2.2.2 0x80000001 129 0x22 0x2907 28 Summary *1.1.12.0 2.2.2.2 0x80000002 169 0x22 0xb76d 28 Summary *1.1.21.0 2.2.2.2 0x80000002 169 0x22 0x54c7 28 Summary 1.1.34.0 3.3.3.3 0x80000002 103 0x22 0xa664 28 Summary *2.2.2.2 2.2.2.2 0x80000002 169 0x22 0xee3d 28 Summary 4.4.4.4 3.3.3.3 0x80000001 64 0x22 0x809f 28 amolak@R2> show route protocol ospf inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[OSPF/10] 00:01:33, metric 1 > to 1.1.12.1 via em0.0 to 1.1.21.1 via em1.0 3.3.3.3/32 *[OSPF/10] 00:01:09, metric 1 > to 1.1.23.3 via em3.0 224.0.0.5/32 *[OSPF/10] 00:02:24, metric 1 MultiRecv amolak@R3> show ospf interface Interface State Area DR ID BDR ID Nbrs em3.0 BDR 0.0.0.1 2.2.2.2 3.3.3.3 1 lo0.0 DRother 0.0.0.1 0.0.0.0 0.0.0.0 0 em0.0 DR 0.0.0.2 3.3.3.3 4.4.4.4 1 amolak@R3> show ospf neighbor Address Interface State ID Pri Dead 1.1.23.2 em3.0 Full 2.2.2.2 128 38 1.1.34.4 em0.0 Full 4.4.4.4 128 39 amolak@R3> show ospf database OSPF database, Area 0.0.0.1 Type ID Adv Rtr Seq Age Opt Cksum Len Router 2.2.2.2 2.2.2.2 0x80000004 131 0x22 0xa246 36 Router *3.3.3.3 3.3.3.3 0x80000002 125 0x22 0xcef6 48 Network 1.1.23.2 2.2.2.2 0x80000001 131 0x22 0x13ef 32 Summary 1.1.1.1 2.2.2.2 0x80000001 148 0x22 0x2907 28 Summary 1.1.12.0 2.2.2.2 0x80000002 188 0x22 0xb76d 28 Summary 1.1.21.0 2.2.2.2 0x80000002 188 0x22 0x54c7 28 Summary *1.1.34.0 3.3.3.3 0x80000002 120 0x22 0xa664 28 Summary 2.2.2.2 2.2.2.2 0x80000002 188 0x22 0xee3d 28 Summary *4.4.4.4 3.3.3.3 0x80000001 80 0x22 0x809f 28 OSPF database, Area 0.0.0.2 Type ID Adv Rtr Seq Age Opt Cksum Len Router *3.3.3.3 3.3.3.3 0x80000004 85 0x22 0x6167 36 Router 4.4.4.4 4.4.4.4 0x80000002 84 0x22 0xdcc5 48 Network *1.1.34.3 3.3.3.3 0x80000002 85 0x22 0xc326 32 Summary *1.1.23.0 3.3.3.3 0x80000002 120 0x22 0x20f5 28 Summary *3.3.3.3 3.3.3.3 0x80000002 120 0x22 0xa281 28 amolak@R3> show route protocol ospf inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[OSPF/10] 00:01:15, metric 2 > to 1.1.23.2 via em3.0 1.1.12.0/24 *[OSPF/10] 00:01:15, metric 2 > to 1.1.23.2 via em3.0 1.1.21.0/24 *[OSPF/10] 00:01:15, metric 2 > to 1.1.23.2 via em3.0 2.2.2.2/32 *[OSPF/10] 00:01:15, metric 1 > to 1.1.23.2 via em3.0 4.4.4.4/32 *[OSPF/10] 00:00:35, metric 1 > to 1.1.34.4 via em0.0 224.0.0.5/32 *[OSPF/10] 00:01:25, metric 1 MultiRecv amolak@R4> show ospf interface Interface State Area DR ID BDR ID Nbrs em0.0 BDR 0.0.0.2 3.3.3.3 4.4.4.4 1 lo0.0 DRother 0.0.0.2 0.0.0.0 0.0.0.0 0 amolak@R4> show ospf neighbor Address Interface State ID Pri Dead 1.1.34.3 em0.0 Full 3.3.3.3 128 36 amolak@R4> show ospf database OSPF database, Area 0.0.0.2 Type ID Adv Rtr Seq Age Opt Cksum Len Router 3.3.3.3 3.3.3.3 0x80000004 96 0x22 0x6167 36 Router *4.4.4.4 4.4.4.4 0x80000002 92 0x22 0xdcc5 48 Network 1.1.34.3 3.3.3.3 0x80000002 96 0x22 0xc326 32 Summary 1.1.23.0 3.3.3.3 0x80000002 131 0x22 0x20f5 28 Summary 3.3.3.3 3.3.3.3 0x80000002 131 0x22 0xa281 28 amolak@R4> show route protocol ospf inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.23.0/24 *[OSPF/10] 00:00:42, metric 2 > to 1.1.34.3 via em0.0 3.3.3.3/32 *[OSPF/10] 00:00:42, metric 1 > to 1.1.34.3 via em0.0 224.0.0.5/32 *[OSPF/10] 00:00:52, metric 1 MultiRecv amolak@R1> ping 3.3.3.3 source 1.1.1.1 PING 3.3.3.3 (3.3.3.3): 56 data bytes 64 bytes from 3.3.3.3: icmp_seq=0 ttl=63 time=0.856 ms 64 bytes from 3.3.3.3: icmp_seq=1 ttl=63 time=0.704 ms ^C --- 3.3.3.3 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.704/0.780/0.856/0.076 ms amolak@R1> ping 2.2.2.2 source 1.1.1.1 PING 2.2.2.2 (2.2.2.2): 56 data bytes 64 bytes from 2.2.2.2: icmp_seq=0 ttl=64 time=0.552 ms ^C --- 2.2.2.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.552/0.552/0.552/nan ms
3. OSPF Virtual Link
As per OSPF requirement, All Areas should be connected to backbone Area0. Here Area2 is not connected to Area0, because of this design issue Area0 and Area2 routers are not having each others advertised LSA in their ospf database. We need to create a virtual link to fix this issue.
– Configure OSPF virtual link between R2 and R3.
amolak@R2> configure Entering configuration mode [edit] amolak@R2# set protocols ospf area 0 virtual-link neighbor-id 3.3.3.3 transit-area 1 amolak@R3> configure Entering configuration mode [edit] amolak@R3# set protocols ospf area 0 virtual-link neighbor-id 2.2.2.2 transit-area 1 ## 'neighbor-id' is the peer router's router-id ## Verification: amolak@R2> show ospf interface Interface State Area DR ID BDR ID Nbrs em0.0 DR 0.0.0.0 2.2.2.2 1.1.1.1 1 em1.0 DR 0.0.0.0 2.2.2.2 1.1.1.1 1 lo0.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0 vl-3.3.3.3 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 em3.0 DR 0.0.0.1 2.2.2.2 3.3.3.3 1 amolak@R2> show ospf neighbor Address Interface State ID Pri Dead 1.1.12.1 em0.0 Full 1.1.1.1 128 33 1.1.21.1 em1.0 Full 1.1.1.1 128 34 1.1.23.3 vl-3.3.3.3 Full 3.3.3.3 0 32 1.1.23.3 em3.0 Full 3.3.3.3 128 33 amolak@R3> show ospf interface Interface State Area DR ID BDR ID Nbrs em3.0 BDR 0.0.0.1 2.2.2.2 3.3.3.3 1 lo0.0 DRother 0.0.0.1 0.0.0.0 0.0.0.0 0 em0.0 DR 0.0.0.2 3.3.3.3 4.4.4.4 1 vl-2.2.2.2 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 amolak@R3> show ospf neighbor Address Interface State ID Pri Dead 1.1.23.2 em3.0 Full 2.2.2.2 128 33 1.1.34.4 em0.0 Full 4.4.4.4 128 34 1.1.23.2 vl-2.2.2.2 Full 2.2.2.2 0 37 Now R3 is connected to Area0 via virtual-link and become ABR for Area0,Area1 and Area2. Area0 and Area2 router should have each others prefix in their databases. amolak@R3> show ospf database OSPF database, Area 0.0.0.0 Type ID Adv Rtr Seq Age Opt Cksum Len Router 1.1.1.1 1.1.1.1 0x80000005 414 0x22 0xd7da 60 Router 2.2.2.2 2.2.2.2 0x80000007 78 0x22 0x9dca 72 Router *3.3.3.3 3.3.3.3 0x80000003 77 0x22 0xd51c 36 Network 1.1.12.2 2.2.2.2 0x80000002 413 0x22 0x26ee 32 Network 1.1.21.2 2.2.2.2 0x80000002 413 0x22 0xc249 32 Summary 1.1.23.0 2.2.2.2 0x80000002 448 0x22 0x3edb 28 Summary *1.1.23.0 3.3.3.3 0x80000001 77 0x22 0x22f4 28 Summary *1.1.34.0 3.3.3.3 0x80000001 77 0x22 0xa863 28 Summary 3.3.3.3 2.2.2.2 0x80000001 384 0x22 0xcc5b 28 Summary *3.3.3.3 3.3.3.3 0x80000001 77 0x22 0xa480 28 Summary *4.4.4.4 3.3.3.3 0x80000001 77 0x22 0x809f 28 OSPF database, Area 0.0.0.1 Type ID Adv Rtr Seq Age Opt Cksum Len Router 2.2.2.2 2.2.2.2 0x80000006 78 0x22 0xaa38 36 Router *3.3.3.3 3.3.3.3 0x80000004 77 0x22 0xd6e8 48 Network 1.1.23.2 2.2.2.2 0x80000001 393 0x22 0x13ef 32 Summary 1.1.1.1 2.2.2.2 0x80000001 410 0x22 0x2907 28 Summary 1.1.12.0 2.2.2.2 0x80000002 450 0x22 0xb76d 28 Summary 1.1.21.0 2.2.2.2 0x80000002 450 0x22 0x54c7 28 Summary *1.1.34.0 3.3.3.3 0x80000002 382 0x22 0xa664 28 Summary 2.2.2.2 2.2.2.2 0x80000002 450 0x22 0xee3d 28 Summary *4.4.4.4 3.3.3.3 0x80000001 342 0x22 0x809f 28 OSPF database, Area 0.0.0.2 Type ID Adv Rtr Seq Age Opt Cksum Len Router *3.3.3.3 3.3.3.3 0x80000005 77 0x22 0x5f68 36 Router 4.4.4.4 4.4.4.4 0x80000002 346 0x22 0xdcc5 48 Network *1.1.34.3 3.3.3.3 0x80000002 347 0x22 0xc326 32 Summary *1.1.1.1 3.3.3.3 0x80000001 77 0x22 0x1516 28 Summary *1.1.12.0 3.3.3.3 0x80000001 77 0x22 0xa57b 28 Summary *1.1.21.0 3.3.3.3 0x80000001 77 0x22 0x42d5 28 Summary *1.1.23.0 3.3.3.3 0x80000002 382 0x22 0x20f5 28 Summary *2.2.2.2 3.3.3.3 0x80000001 77 0x22 0xdc4b 28 Summary *3.3.3.3 3.3.3.3 0x80000002 382 0x22 0xa281 28 amolak@R4> show ospf database OSPF database, Area 0.0.0.2 Type ID Adv Rtr Seq Age Opt Cksum Len Router 3.3.3.3 3.3.3.3 0x80000005 68 0x22 0x5f68 36 Router *4.4.4.4 4.4.4.4 0x80000002 344 0x22 0xdcc5 48 Network 1.1.34.3 3.3.3.3 0x80000002 348 0x22 0xc326 32 Summary 1.1.1.1 3.3.3.3 0x80000001 68 0x22 0x1516 28 Summary 1.1.12.0 3.3.3.3 0x80000001 68 0x22 0xa57b 28 Summary 1.1.21.0 3.3.3.3 0x80000001 68 0x22 0x42d5 28 Summary 1.1.23.0 3.3.3.3 0x80000002 383 0x22 0x20f5 28 Summary 2.2.2.2 3.3.3.3 0x80000001 68 0x22 0xdc4b 28 Summary 3.3.3.3 3.3.3.3 0x80000002 383 0x22 0xa281 28 amolak@R4> show route protocol ospf inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[OSPF/10] 00:01:08, metric 3 > to 1.1.34.3 via em0.0 1.1.12.0/24 *[OSPF/10] 00:01:08, metric 3 > to 1.1.34.3 via em0.0 1.1.21.0/24 *[OSPF/10] 00:01:08, metric 3 > to 1.1.34.3 via em0.0 1.1.23.0/24 *[OSPF/10] 00:05:40, metric 2 > to 1.1.34.3 via em0.0 2.2.2.2/32 *[OSPF/10] 00:01:08, metric 2 > to 1.1.34.3 via em0.0 3.3.3.3/32 *[OSPF/10] 00:05:40, metric 1 > to 1.1.34.3 via em0.0 224.0.0.5/32 *[OSPF/10] 00:05:50, metric 1 MultiRecv amolak@R1> show ospf database OSPF database, Area 0.0.0.0 Type ID Adv Rtr Seq Age Opt Cksum Len Router *1.1.1.1 1.1.1.1 0x80000005 402 0x22 0xd7da 60 Router 2.2.2.2 2.2.2.2 0x80000007 70 0x22 0x9dca 72 Router 3.3.3.3 3.3.3.3 0x80000003 71 0x22 0xd51c 36 Network 1.1.12.2 2.2.2.2 0x80000002 403 0x22 0x26ee 32 Network 1.1.21.2 2.2.2.2 0x80000002 403 0x22 0xc249 32 Summary 1.1.23.0 2.2.2.2 0x80000002 438 0x22 0x3edb 28 Summary 1.1.23.0 3.3.3.3 0x80000001 71 0x22 0x22f4 28 Summary 1.1.34.0 3.3.3.3 0x80000001 71 0x22 0xa863 28 Summary 3.3.3.3 2.2.2.2 0x80000001 374 0x22 0xcc5b 28 Summary 3.3.3.3 3.3.3.3 0x80000001 71 0x22 0xa480 28 Summary 4.4.4.4 3.3.3.3 0x80000001 71 0x22 0x809f 28 amolak@R1> show route protocol ospf inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.23.0/24 *[OSPF/10] 00:07:00, metric 2 to 1.1.12.2 via em0.0 > to 1.1.21.2 via em1.0 1.1.34.0/24 *[OSPF/10] 00:01:33, metric 3 to 1.1.12.2 via em0.0 > to 1.1.21.2 via em1.0 2.2.2.2/32 *[OSPF/10] 00:07:00, metric 1 > to 1.1.12.2 via em0.0 to 1.1.21.2 via em1.0 3.3.3.3/32 *[OSPF/10] 00:06:34, metric 2 > to 1.1.12.2 via em0.0 to 1.1.21.2 via em1.0 4.4.4.4/32 *[OSPF/10] 00:01:33, metric 3 to 1.1.12.2 via em0.0 > to 1.1.21.2 via em1.0 224.0.0.5/32 *[OSPF/10] 00:08:11, metric 1 MultiRecv Let's check end to end connectivity. amolak@R1> ping 4.4.4.4 source 1.1.1.1 PING 4.4.4.4 (4.4.4.4): 56 data bytes 64 bytes from 4.4.4.4: icmp_seq=0 ttl=62 time=0.696 ms 64 bytes from 4.4.4.4: icmp_seq=1 ttl=62 time=0.816 ms 64 bytes from 4.4.4.4: icmp_seq=2 ttl=62 time=0.815 ms ^C --- 4.4.4.4 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.696/0.776/0.816/0.056 ms
4. OSPF interface network type
All the links are actually connected between two routers only, i.e, point-to-point link. But ethernet interface has default ospf network type is LAN that requires DR/BDR election and LSA type 2 in the OSPF database.
– Configure interface type as point-to-point between R2 and R3.
Interface type before this configuration: amolak@R3> show ospf interface em3.0 detail Interface State Area DR ID BDR ID Nbrs em3.0 DR 0.0.0.1 3.3.3.3 0.0.0.0 1 Type: LAN, Address: 1.1.23.3, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 1.1.23.3, Priority: 128 Adj count: 0 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 1 amolak@R2> configure Entering configuration mode [edit] amolak@R2# set protocols ospf area 1 interface em3.0 interface-type p2p amolak@R2# commit and-quit amolak@R3> configure Entering configuration mode [edit] amolak@R3# set protocols ospf area 1 interface em3.0 interface-type p2p amolak@R3# commit and-quit commit complete Exiting configuration mode amolak@R3> show ospf interface em3.0 detail Interface State Area DR ID BDR ID Nbrs em3.0 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 1.1.23.3, Mask: 255.255.255.0, MTU: 1500, Cost: 1 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 1 amolak@R3> show ospf interface Interface State Area DR ID BDR ID Nbrs em3.0 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1 lo0.0 DRother 0.0.0.1 0.0.0.0 0.0.0.0 0 em0.0 DR 0.0.0.2 3.3.3.3 4.4.4.4 1 vl-2.2.2.2 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
5. OSPF interface cost manipulation
There are two equal cost paths on R1 to reach rest of the network. Change ospf cost on interface so that the interface em0 link should be prefer path and em1 should be backup path.
When evaluating the cost of individual network segments, OSPF evaluates the reference bandwidth. For any link faster than 100 Mbps, the default cost metric is 1. To control the cost of the network segment, you can modify the metric value on an individual interface.
amolak@R1> show ospf interface em0.0 detail Interface State Area DR ID BDR ID Nbrs em0.0 BDR 0.0.0.0 2.2.2.2 1.1.1.1 1 Type: LAN, Address: 1.1.12.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 1.1.12.2, BDR addr: 1.1.12.1, Priority: 128 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 1 amolak@R1> show ospf interface em1.0 detail Interface State Area DR ID BDR ID Nbrs em1.0 BDR 0.0.0.0 2.2.2.2 1.1.1.1 1 Type: LAN, Address: 1.1.21.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 1.1.21.2, BDR addr: 1.1.21.1, Priority: 128 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 1 Let's increase the cost of interface em1.0 to make it as less prefered path. amolak@R1> configure Entering configuration mode [edit] amolak@R1# set protocols ospf area 0 interface em1.0 metric 2 amolak@R1# commit and-quit amolak@R2> configure Entering configuration mode [edit] amolak@R2# set protocols ospf area 0 interface em1.0 metric 2 amolak@R2# commit and-quit amolak@R1> show route 2.2.2.2 inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.2/32 *[OSPF/10] 00:01:30, metric 1 > to 1.1.12.2 via em0.0 If em0.0 goes down. amolak@R1> configure Entering configuration mode [edit] amolak@R1# set interfaces em0.0 disable [edit] amolak@R1# commit commit complete [edit] amolak@R1# run show route 2.2.2.2 inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.2/32 *[OSPF/10] 00:00:01, metric 2 > to 1.1.21.2 via em1.0 [edit] amolak@R1# run ping 2.2.2.2 source 1.1.1.1 PING 2.2.2.2 (2.2.2.2): 56 data bytes 64 bytes from 2.2.2.2: icmp_seq=0 ttl=64 time=0.521 ms ^C --- 2.2.2.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.521/0.521/0.521/nan ms [edit] amolak@R1# delete interfaces em0.0 disable [edit] amolak@R1# commit and-quit commit complete Exiting configuration mode
6. OSPF Authentication
All OSPFv2 protocol exchanges can be authenticated to guarantee that only trusted routing devices participate in the autonomous system’s routing. By default, OSPFv2 authentication is disabled.
Simple authentication – Authenticates by using a plain-text password that is included in the transmitted packet. The receiving routing device uses an authentication key (password) to verify the packet. Simple authentication uses a plain-text password that is included in the transmitted packet. The receiving routing device uses an authentication key (password) to verify the packet. Plain-text passwords are not encrypted and might be subject to packet interception.
- Configure Simple Authentication between R3 and R4. Use password key '@SIMPLE' amolak@R3> configure Entering configuration mode [edit] amolak@R3# set protocols ospf area 2 interface em0.0 authentication simple-password @SIMPLE amolak@R3# commit and-quit amolak@R4> configure Entering configuration mode [edit] amolak@R4# set protocols ospf area 2 interface em0.0 authentication simple-password @SIMPLE amolak@R4# commit and-quit amolak@R3> show ospf interface em0.0 detail Interface State Area DR ID BDR ID Nbrs em0.0 BDR 0.0.0.2 4.4.4.4 3.3.3.3 1 Type: LAN, Address: 1.1.34.3, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 1.1.34.4, BDR addr: 1.1.34.3, Priority: 128 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: Password Protection type: None Topology default (ID 0) -> Cost: 1 amolak@R4> show ospf interface em0.0 detail Interface State Area DR ID BDR ID Nbrs em0.0 DR 0.0.0.2 4.4.4.4 3.3.3.3 1 Type: LAN, Address: 1.1.34.4, Mask: 255.255.255.0, MTU: 1500, Cost: 1 DR addr: 1.1.34.4, BDR addr: 1.1.34.3, Priority: 128 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: Password Protection type: None Topology default (ID 0) -> Cost: 1
MD5 authentication – Authenticates by using an encoded MD5 checksum that is included in the transmitted packet. The receiving routing device uses an authentication key (password) to verify the packet. MD5 authentication uses an encoded MD5 checksum that is included in the transmitted packet. The receiving routing device uses an authentication key (password) to verify the packet.
You define an MD5 key for each interface. If MD5 is enabled on an interface, that interface accepts routing updates only if MD5 authentication succeeds. Otherwise, updates are rejected. The routing device only accepts OSPFv2 packets sent using the same key identifier (ID) that is defined for that interface.
For increased security, you can configure multiple MD5 keys, each with a unique key ID, and set the date and time to switch to a new key. The receiver of the OSPF packet uses the ID to determine which key to use for authentication.
– Configure MD5 Authentication between R2 and R3.Use password key ‘@OSPFMD5′
amolak@R3> configure Entering configuration mode [edit] amolak@R3# set protocols ospf area 1 interface em3.0 authentication md5 ? Possible completions: <key-id> Key ID for MD5 authentication (0..255) [edit] amolak@R3# set protocols ospf area 1 interface em3.0 authentication md5 1 ? Possible completions: key MD5 authentication key value start-time Start time for key transmission (YYYY-MM-DD.HH:MM) [edit] amolak@R3# set protocols ospf area 1 interface em3.0 authentication md5 1 key @OSPFMD5 ? Possible completions: <[Enter]> Execute this command start-time Start time for key transmission (YYYY-MM-DD.HH:MM) | Pipe through a command [edit] amolak@R3# set protocols ospf area 1 interface em3.0 authentication md5 1 key @OSPFMD5 [edit] amolak@R3# commit and-quit amolak@R2> configure Entering configuration mode [edit] amolak@R2# set protocols ospf area 1 interface em3.0 authentication md5 1 key @OSPFMD5 [edit] amolak@R2# commit and-quit amolak@R2> show ospf interface em3.0 detail Interface State Area DR ID BDR ID Nbrs em3.0 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 1.1.23.2, Mask: 255.255.255.0, MTU: 1500, Cost: 1 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1 amolak@R3> show ospf interface em3.0 detail Interface State Area DR ID BDR ID Nbrs em3.0 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 1.1.23.3, Mask: 255.255.255.0, MTU: 1500, Cost: 1 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 5, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1
Here is the final configuration on all routers:
R1:
amolak@R1> show configuration
## Last commit: 2014-05-11 09:19:56 UTC by amolak
version 10.1R1.8;
system {
host-name R1;
root-authentication {
encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9."; ## SECRET-DATA
}
login {
user amolak {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0"; ## SECRET-DATA
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 1.1.12.1/24;
}
}
}
em1 {
unit 0 {
family inet {
address 1.1.21.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
}
}
routing-options {
router-id 1.1.1.1;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface em0.0;
interface em1.0 {
metric 2;
}
}
}
}
amolak@R1>
R2:
amolak@R2> show configuration
## Last commit: 2014-05-11 09:26:23 UTC by amolak
version 10.1R1.8;
system {
host-name R2;
root-authentication {
encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9."; ## SECRET-DATA
}
login {
user amolak {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0"; ## SECRET-DATA
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 1.1.12.2/24;
}
}
}
em1 {
unit 0 {
family inet {
address 1.1.21.2/24;
}
}
}
em3 {
unit 0 {
family inet {
address 1.1.23.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}
routing-options {
router-id 2.2.2.2;
}
protocols {
ospf {
area 0.0.0.0 {
virtual-link neighbor-id 3.3.3.3 transit-area 0.0.0.1;
interface em0.0;
interface em1.0 {
metric 2;
}
interface lo0.0 {
passive;
}
}
area 0.0.0.1 {
interface em3.0 {
interface-type p2p;
authentication {
md5 1 key "$9$3Mtqn6CrlvL7dikTFnC0OEhSrWL"; ## SECRET-DATA
}
}
}
}
}
amolak@R2>
R3:
amolak@R3> show configuration
## Last commit: 2014-05-11 09:26:30 UTC by amolak
version 10.1R1.8;
system {
host-name R3;
root-authentication {
encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9."; ## SECRET-DATA
}
login {
user amolak {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0"; ## SECRET-DATA
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 1.1.34.3/24;
}
}
}
em3 {
unit 0 {
family inet {
address 1.1.23.3/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 3.3.3.3/32;
}
}
}
}
routing-options {
router-id 3.3.3.3;
}
protocols {
ospf {
area 0.0.0.1 {
interface em3.0 {
interface-type p2p;
authentication {
md5 1 key "$9$NG-dwkqPQ3/ylL7-w4oUDik5Q"; ## SECRET-DATA
}
}
interface lo0.0 {
passive;
}
}
area 0.0.0.2 {
interface em0.0 {
authentication {
simple-password "$9$8w8LXNbsgoJUz3hyrvXxbwY"; ## SECRET-DATA
}
}
}
area 0.0.0.0 {
virtual-link neighbor-id 2.2.2.2 transit-area 0.0.0.1;
}
}
}
amolak@R3>
R4:
amolak@R4> show configuration
## Last commit: 2014-05-11 09:26:59 UTC by amolak
version 10.1R1.8;
system {
host-name R4;
root-authentication {
encrypted-password "$1$xWlYH6tk$VKHjArc1AcBtkzma6DOB9."; ## SECRET-DATA
}
login {
user amolak {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$avCx48qv$IoOMsiL/nUI1mDD6v4nJy0"; ## SECRET-DATA
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 1.1.34.4/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 4.4.4.4/32;
}
}
}
}
routing-options {
router-id 4.4.4.4;
}
protocols {
ospf {
area 0.0.0.2 {
interface em0.0 {
authentication {
simple-password "$9$61fb/9tO1Ecyebs.f5F9COBI"; ## SECRET-DATA
}
}
interface lo0.0 {
passive;
}
}
}
}
amolak@R4>