OSPF (Open Shortest Path First)
OSPF (Open Shortest Path First)
Many of our problems with large-scale outages relate to the usage of the BGP (Border Gateway Protocol), and which can also lead to major security issues where traffic is routed through malious routes. But, it doesn’t have to be like this, and OSPF provides an excellent alternative.
BGP
As with OSPF, BGP is an exterior gateway protocol, and allows for the routing of data between Autonomous Systems. The routing descision is based on a number of options including the weight (the highest locally derived preference number); the path origin (network or aggregate); the shortest AS path to the destination network; and the preferred path. While BGP has low computing resource requirements as compared with OSPF, it sometimes struggles to converge the overall selection of routes. You can read more here:
So the Internet isn’t the large-scale distributed network that DARPA tried to create, and which could withstand a…medium.com
OSPF
The OSPF (Open Shortest Path First) is an open, non-proprietary standard which was created by the IETF (Internet Engineering Task Force), a task force of the IAB. It is a link-state routing protocol and is thus able to maintain a complete and more current view of the total internetwork, than distance-vector routing protocols. Link state routing protocols have these features:
- They use link-state packets (LSPs) which are special datagrams that determine the names of and the cost or distance to any neighboring routers and associated networks.
- Any information learned about the network is then passed to all known routers, and not just neighboring routers, using LSPs. Thus all routers have a fuller knowledge of the entire internetwork than the view of only the immediate neighbors (as with distance-vector routing).
OSPF adds to these features with:
- Additional hierarchy. OSPF allows the global network to be split into areas. Thus, a router in a domain does not necessarily have to know how to reach all the networks with a domain, it simply has to send to the right area.
- Authentication of routing messages using an 8-byte password. This length is not long enough to stop unauthorized users from causing damage. Its main purpose is to reduce the traffic from misconfigured routers. Typically, a misconfigured router will inform the network that it can reach all nodes with no overhead.
- Load balancing. OSPF allows multiple routes to the same place to be assigned the same cost and will cause traffic to be distributed evenly over those routes.
Figure 1 shows the OSPF header. The fields in the header are:
- A version number (1 byte) which, in current implementations, has the version number of 2.
- The type field (1 byte) which can range from 1 to 5. Type 1 is the Hello message and the others are to request, send and acknowledge the receipt of link state messages. Nodes, to convince their neighbors that they are alive and reachable, use hello messages. If a router fails to receive these messages from one of its neighbors for a period of time, it assumes that the node is no longer directly reachable and updates its link state information accordingly.
- Router ID (4 bytes) identifies the sender of the message.
- Area ID (4 bytes) is an identifier to the area in which the node is located.
- Authentication field can either be set to 0 (none) or 1. If it is set to 1 then the authentication contains an 8-byte password.
The following is an example Hello packet, and where we see the OSPF sits on top of Layer 3 (IP):
The Hello packet is used to establish and maintain a connection. It is used to determine the routers that are connected to the current router. The connected routers then agree on HelloInterval and RouterDeadInterval values. The HelloIntervalue defines the number of seconds between Hello packets. The smaller the value, the faster the detection of topological changes. For example, X.25 typically uses 30 sec and LANs use 10 sec. The RouterDeadInterval defines the number of seconds before a router assumes that a route is down. It should be a multiple of HelloInterval (such as four times).
When a router thinks that it does not have the correct information on a part of a route, it sends Link-state Request, which request parts of a neighbor’s database. The requested neighbor then sends back a Database Description which describes the requested part of its database.
When a router detects a change in its connections it sends a Link-state Update message, which is then flooded to all the routers on the internetwork. Routers return back a Link-state Acknowledgement to acknowledge the flooded advertisements.
It would of course be impossible for every router in the world to know about every other router and every link, thus each internetwork is segmented into Automomous Systems (ASs), which are bounded by a gateway. In these, each router knows the complete topology of the AS. An interior routing protocol (such as OSPF) is used to transmit routing information within the AS, and an exterior routing protocol (such as EGP) is used to route between ASs. The Network Information Center (NIC) assigns a unique 16-bit number to enterprises for ASs.
The usage of ASs provides for a similar architecture for the Internet, where data packets are routed from one domain into another. For example, all the universities in France could define one domain. Anyone communicating with them will be routed in a defined domain through a designated gateway. The routers within the domain would then have a complete picture of all the internetworks within the domain. ASs also help to hide the architecture of the interior network from other routers outside the AS.
Example configuration
In OSPF the backbone area is always defined as area 0. All routers will be in the backbone area with a flat design. In this, all the routers will recalculate their best paths when a single link goes down. There can thus be scalability problems with a flat design. The basic OSPF commands are:
router ospf {process-id}and
network {address} {wildcard-mask} area {area-id}where
- Process ID. A numerical value that uniquely identifies the OSPF routing process. It only has local significance and does not have to match the OSPF process ID used on any other router.
- Network. This identifies the interfaces that participate in OSPF routing and to assign these interfaces to the proper OSPF area. It can be used with either an absolute address or a subnet address. An absolute address with a 0.0.0.0 wildcard-mask as-signs only one interface to the OSPF area, and, for example, a network or subnet address with a 0.0.0.255 wildcard-mask assigns all interfaces that fall within that range to the OSPF area.
- Area ID. This identifies the area associated with the absolute address, network address, or subnet address. Where a single domain is used there will be only area 0, which will typically be referenced as area 0.0.0.0.
For example on Router A [here]:
(config)# int s0
(config-if)# ip address 10.64.0.1 255.255.255.0
(config-if)# exit
(config)# int e0
(config-if)# ip address 10.32.0.1 255.255.255.0
(config-if)# exit
(config-if)# router ospf 1
(config-if)# network 10.0.0.0 area 0and on the router connected to it (Router B) [here]:
(config)# int s1
(config-if)# ip address 10.64.0.2 255.255.255.0
(config-if)# exit
(config)# int s0
(config-if)# ip address 10.16.0.1 255.255.255.0
(config-if)# exit
(config-if)# router ospf 55
(config-if)# network 10.64.0.2 area 0
(config-if)# network 10.16.0.1 area 0It can be seen in this case that port S0 on router A connects to S1 on router B. On router A, OSPF is defined with a process ID of, and it is run on all interfaces whose address is part of network 10.0.0.0, on area 0. The OSPF process ID on router B is 55, and uses absolute addresses for the network statements. This requires a separate network statement for every interface that will participate in OSPF routing.
On OSPF the common area is any area other than the backbone area, which may have multiple exit and entry points to and from a common area. It can also have a stub area which only has one entry and one exit point to the backbone area, and is used where smaller routers are used to run OSPF. In a hierarchal design there are four types of routers:
- Internal router. These are routers which exist within the boundary of a common area, and will know about every subnet within its area. It will also know the identity of all its neighbors within the area, and will send updates to all of the routers within its area. It will also receive routing updates only from routers in its own area, where information about subnets in other areas comes from the area border routers.
- Backbone router. These are the core routers in area 0. They thus know how to get to all subnets in all areas, and are typically located at the border of the backbone and a common area. They send updates to other backbone routers and learn about the rest of the network through the area border routers.
- Area Border Router (ABR). These provide the foundation of the hierarchical design and route traffic between areas. They thus attach to multiple areas and maintain a separate topological database for each connected area, and can summarize routing information passed between a common area and the backbone area. In a design with additional redundancy, a common area may have more than one area border router.
- Autonomous system boundary router (ASBR). This is an OSPF router that connects to an external network, which may or may not be running OSPF, and can import or export information to and from the OSPF autonomous system.
The following is sample configuration [here]:
> en
# config t
(config)# router ospf 146
(config-router)# network 211.79.208.0 0.0.0.255 area 0
(config-router)# network 130.184.0.0 0.0.0.255 area 0
(config-router)# network 206.198.48.0 0.0.0.255 area 0
(config-router)# area 0 range 192.168.64.0 255.255.255.0
(config-router)# exit
(config)# int e0
(config-if)# ip address 211.79.215.7 255.255.255.0
(config-if)# ip ospf hello-interval 26
(config-if)# ip ospf dead-interval 9