Archive for the ‘area’ tag
Here’s a story from last week with little of no teaching value.
I got a call from one of our business units looking for some routing help. We don’t usually care about their production networks, but they were seeing some funky traceroutes, so I agreed to try and help them out.
They sent over two fresh traceroutes from a host on a 7600. In one of them, the trace went to the 7600 and then on down the line as expected. In the other, the trace showed the 7600, another router’s far interface IP (that is, an interface not facing the 7600), then the 7600′s interface facing that router. Every few minutes, the path was switch between the two. The dude told me that they were an OSPF shop, so I asked him to send me the standard show ip route and show ip ospf database commands so I could see what’s going on. The word “unexpected” comes to mind when trying to describe what I found. So do other words that aren’t very appropriate.
The 7600, the main router at the main campus, was in OSPF area 50. The router that showed up in the trace was also in area 50. The same was true for every other router at that location, so I figured that area 0 was at another location. Nope. All routers at all locations (probably around 20 total) were all in area 50, and area 0 was nowhere to be found. I always thought you could run a single non-backbone OSPF area, but I never understood why you would actually choose to do so. If you want one area, that’s fine, but why not make it area 0?
That single area was working so I didn’t ask too many questions and looked again at the outputs they sent over. I chuckled a bit when I noticed that the routes to the target network were showing up as an OSPF type-2 external. I got a copy of the config at the far network and, lo and behold, I found that there is a single network statement for the transit network back to the main campus along with redistribute connected subnets. For some reason, instead of actually advertising networks natively in OSPF, all the networks with hosts on them were being redistributed. I wasn’t there to redesign their network, so I just sighed out loud and kept looking.
I got a copy of the OSPF config for the main campus’s 7600 to see if would show why the traceroute was weirding out on them. Here’s the part where I actually laughed out loud on the phone. Right in the middle of the config, I see “area 50 nssa”. Yes, this single non-backbone area with no real costs being advertised was configured as a not-so-stubby area. Not only did they go out of their way to make it a non-backbone area but they also wanted it as a stub area. Since they had all the other networks redistributing into the area, they had to make it NSSA. It’s a week later, and I still roll my eyes.
How did this happen? When this business unit was being turned up, they actually outsourced the initial build to a company who will not be named here. They’re the ones who put in this creative OSPF configuration that I’m putting in my hall of shame (if I had one). They’re also the ones who caused the reported problem. After a few more hours of looking around, our guys discovered that the other company put in a new VPN endpoint configured with the IP of the SVI of the 7600. IP conflicts aren’t good, eh? Once that was changed, everything returned to normal.
A fun few hours indeed. At least it was entertaining.
A few hours ago, the last of the IPv4 addresses were allocated by IANA. Now's the time to learn more about IPv6! Yesterday, I posted about EIGRP for IPv6, so I think I'll continue the trend by introducing OSPFv3, which is the IPv6 implementation of OSPF. As always, I'm using Cisco routers here. Just as yesterday, this is just a guide to the absolutely basics; if you want to do some funky OSPF magic, you won't find it here – perhaps in time, though.
As with all IPv6 routing protocols, the first thing we need to do is enable IPv6 unicast routing.
OSPFv3 also has the same router ID problem as EIGRP for IPv6 has, so we have to sort that out. You can set the router ID either through a loopback interface with an IPv4 address on it or you can set it manually. I'll just do it manually for now. Let's use OSPF process ID 100.
Router(config)#ipv6 router ospf 100
Just like in OSPFv2 and in EIGRP for IPv6, we add interfaces to the routing protocol instead of using network statements; those don't exist in OSPFv3. Let's assume you already have IPv6 addresses on interface f0/0 and you want that network in area 0.
Router(config-if)#ipv6 ospf 100 area 0
You can see that it's really easy to add interfaces to different areas as well.
Checking Our Work
Just like we did yesterday, let's check to make sure the right interfaces are participating in the routing protocol. We can do this with the show ipv6 ospf interface brief command.
Router#show ipv6 ospf interface brief Interface PID Area Intf ID Cost State Nbrs F/C Fa0/1 100 0 5 10 BDR 1/1 Fa0/0 100 2 4 10 DR 0/0
You can see that we've got two FastEthernet interfaces in two different OSPF areas. You can even see the state and neighbor count in the output.
That looks good, so let's check to see if we have any neighbors. Of course, we already saw that we have one off of f0/1 from the output above, but just humor me and run show ipv6 ospf neighbors.
Router#sh ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface 192.0.2.2 1 FULL/DR 00:00:31 5 FastEthernet0/1
That looks good to me. The other guy is a DR and is full adjacent with our router. Cool.
One last command shows us the routing table. Can you guess what that command is without looking at the book? Very good, class. It's show ipv6 route.
Router#sh ipv6 route IPv6 Routing Table - 6 entries ... C FC00:1::/64 [0/0] via ::, FastEthernet0/1 L FC00:1::1/128 [0/0] via ::, FastEthernet0/1 C FC00:2::/64 [0/0] via ::, FastEthernet0/0 L FC00:2::1/128 [0/0] via ::, FastEthernet0/0 O FC00:3::/64 [110/20] via FE80::C001:1CFF:FED0:1, FastEthernet0/1 OI FC00:4::/64 [110/30] via FE80::C001:1CFF:FED0:1, FastEthernet0/1 L FF00::/8 [0/0] via ::, Null0
Isn't that fancy? We seem to have both an area router (the O route) and an inter-area route (the OI route). We are ready for the big time now!
tunnel broker recommendations questions my way.
Feel free to correct all this stuff. Additions are also welcome.
- How do I keep an area route from reaching a router in that area?
You don’t. That defeats the whole purpose of having the topology database on every router. If you filtered one route from a router, there’s no way that SPF could calculate routes correctly.
- Fine, then. Where do I filter routes?
You filter routes on an ABR or ASBR. Since routers only have the whole topology for their area, it’s safe to filter routes from another area or from a redistributed routing protocol. On a more technical note, you’re filtering type-3 LSAs on an ABR and type-5 LSAs on an ASBR.
- Show me an example of keeping the area 1’s route of 192.168.0.0/24 from hitting area 0.
R1(config)#ip prefix-list PL1 deny 192.168.0.0/24
R1(config)#ip prefix-list PL1 permit 0.0.0.0/0 le 32
R1(config)#router ospf 1
R1(config-router)#area 0 filter-list prefix PL1 in
- How about keeping a router from even learning about that same route from area 1?
R1(config)#router ospf 1
R1(config-router)#area 1 filter-list prefix PL1 out
- You know that that seems a little backwards, don’t you?
You have to think of filtering in terms of the area instead of in terms of the router. You’re filtering into the area or out of the area…not into or out of the router.
- How do you keep the OSPF route to 192.168.0.0/24 from being submitted to the routing table?
I’ll use the same prefix list above.
R1(config)#router ospf 1
R1(config-router)#distribute-list prefix PL1 in
- Isn’t that almost the same syntax to filter EIGRP routes?
- How do I send area 1 the summary route of 192.168.0.0/16 from area 0? That would be a type-3 LSA.
On the ABR: R1(config-router)#area 1 range 192.168.0.0 255.255.0.0
How do I do the same thing for external routes (type-5 LSAs)?
On the ASBR: R1(config-router)#summary-address 192.168.0.0 255.255.0.0
- If you see “totally” in the stub area description, what does that mean?
Someone at Cisco is a surfer. It also means that there are no type-3 LSAs in that area.
- Is the term “stubby” an insult?
No. It’s a term for an OSPF area that has certain types of LSAs filtered. Summary routes are usually involved. This is not filtering that we discussed above, though. This is keeping all instances of an LSA type from entering an area.
- What the heck is a type-7 LSA?
If an NSSA has an external route it needs to flood, it uses a type-7 instead of a type-5. This allows a router in a NSSA to advertise external routes without being bombarded by type-5s from other areas.
- What are the four types of stubby areas? What LSA types do they filter? What LSA types do they allow?
Stub – filters type-5s – allows type-3s
Totally stubby – filters type-3s and type-5s
NSSA – Filters type-5s – allows type-3s and type-7s
Totally NSSA – Filters type-3s and type-5s – allows type-7s
- What area can never be a stubby?
Area 0, of course.
- If area 1 is a stub, what LSA types will area 0 see from it?
Type-3s. The routes from area 1 are still advertised into area 0 as normal.
- How about if area 1 is a totally NSSA?
Type-3s and type-5s. The routes from area 1 are still advertised into area 0 as normal, and the type-7s would be translated to type-5s. [Someone check me on this one.]
- Where do you configure an area to be a stub?
On all the routers in the area. The same goes for NSSA.
- Where do you configure an area to be a totally stubby?
The totally stubby part is configured on the ABR. The other routers in the area should be configured as stub. The same goes for totally NSSA.
- What route always shows up in a stubby or totally stubby area unless someone has done something weird?
- Speaking of the default route, how do you manually summarize the default route in OSPF?
You can use the area 1 range 0.0.0.0 0.0.0.0. You can also use the default-information originate command in OSPF.
- What would you see on the internal routers if you had an ABSR that only had full BGP tables from your ISP configured with default-information originate?
You would see nothing. You need to have a default route somewhere for the router to advertise into OSPF. Since BGP full routes don’t contain a default, it won’t advertise.
What Command Was That
- …shows what type of stubby area an area is configured to be?
show ip ospf