Tag Archives: OSPF

3.3.n Implement and troubleshoot routing protocol authentication

  • 3.3.n [i] MD5
  • 3.3.n [ii] Key-chain
  • 3.3.n [iv] OSPFv2 SHA1-196bit

in ios vers 15.4 or later you can use SHA  for OSPF authentication… as if routing protocol authentication needed yet more security…

you’ll need to set up a key, similar to EIGRP, as below:

from http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/iro-ospfv2-crypto-authen-xe.html

1.    enable

2.    configure terminal

3.    key chain name

4.    key key-id

5.    key-string name

6.    cryptographic-algorithm name

7.    send-lifetime start-time {infinite | end-time | duration seconds}

8.    end

for the rest of us humans there is this lab:

screenshot

down arrow smaller

ospf_auth

VIDEO

https://www.youtube.com/watch?v=DugJyPUVmPI

 

3.6.d Implement and troubleshoot network types area types and router types

3.6.d [iv] Virtual link

screenshot

down arrow smaller

topology:

ospf_virt_gre

this is the video solution available on youtube excluding auto-cost and redistributing E1

https://www.youtube.com/watch?v=eIcdbWqvv7s

*Mar  1 00:03:07.639: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 192.168.23.2, FastEthernet1/0

R2(config-router)#
*Mar  1 00:11:19.379: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on OSPF_VL2 from LOADING to FULL, Loading Done

remember, it is router-id’s with virtual-links.

ospf_virt_01

Set up RIP between R3 and R4 and perform mutual redistribution:

ospf_virt_02

note the metrics for the route table and the database agree on the default metric of 20, as it should be since that is the value OSPF assigns to E2’s.

Change the metric type for redistribution into OSPF to E1.

ospf_virt_03

the metric in the routing table has added the cost of three egress hops to the default cost, while the cost has remained the same in the database. E1 is cumulative.

in the hopes that this network will one day support much higher bandwidths, let’s change the reference bandwidth to reflect that. (best practice is to do this for all the OSPF routers)

R1(config-router)#do sh ip ospf int f0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 192.168.12.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10

R1(config-router)#auto-cost ref 1000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers.
R1(config-router)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 192.168.12.2, 00:00:09, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/21] via 192.168.12.2, 00:00:09, FastEthernet0/0
4.0.0.0/24 is subnetted, 1 subnets
O E1    4.4.4.0 [110/50] via 192.168.12.2, 00:00:09, FastEthernet0/0
O IA 192.168.23.0/24 [110/20] via 192.168.12.2, 00:00:09, FastEthernet0/0
O IA 192.168.34.0/24 [110/30] via 192.168.12.2, 00:00:09, FastEthernet0/0

20 + 10 + 10 + 10

Get rid of the virtual link on R2 and R3.

configure a GRE tunnel to perform the same function:

R1(config-router)#do sh ip route 4.4.4.0
Routing entry for 4.4.4.0/24
Known via “ospf 1”, distance 110, metric 65575, type extern 1
Last update from 192.168.12.2 on FastEthernet0/0, 00:00:38 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 3.3.3.3, 00:00:38 ago, via FastEthernet0/0
Route metric is 65575, traffic share count is 1

R2(config-if)#do sh ip ospf int tun 0
Tunnel0 is up, line protocol is up
Internet Address 99.99.99.2/24, Area 34
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 65535
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

R2(config-if)#do sh ip route 4.4.4.0
Routing entry for 4.4.4.0/24
Known via “ospf 1”, distance 110, metric 65565, type extern 1
Last update from 99.99.99.3 on Tunnel0, 00:03:48 ago
Routing Descriptor Blocks:
* 99.99.99.3, from 3.3.3.3, 00:03:48 ago, via Tunnel0
Route metric is 65565, traffic share count is 1

R2(config-if)#do sh run int tun 0
Building configuration…

Current configuration : 142 bytes
!
interface Tunnel0
 ip address 99.99.99.2 255.255.255.0
 ip ospf 1 area 34
 tunnel source 192.168.23.2
 tunnel destination 192.168.23.3
end

3.6.d Implement and troubleshoot network types area types and router types

3.6.d [iii] Internal router, ABR, ASBR

screenshot

down arrow smaller

ospf_stub_nssa

your network should look a lot like this before stub and nssa.

ospf_nssa_01

router 1 lost the elections on both links. fix that so it looks like this:

ospf_nssa_02

much nicer…

this is stub area 35 ruining your beautiful network:

ospf_nssa_04

and below is an example of nssa playing nicer… when you’re screwing around with nssa try the debug ip ospf flood command; that’ll put some hair on your ass… needless to say; NOT on a production network…

R4(config-router)#do sh ip ospf data nssa

OSPF Router with ID (4.4.4.4) (Process ID 1)

Type-7 AS External Link States (Area 24)

LS age: 354
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 6.6.6.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xCA99
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0

LS age: 354
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 11.11.11.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0x163F
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0

LS age: 371
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 12.12.12.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xF160
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0

LS age: 373
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 13.13.13.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xCD81
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0

LS age: 378
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 14.14.14.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xA9A2
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0

LS age: 380
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 192.168.46.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xF5E8
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0

3.6.a Describe packet types

3.6.a [ii] Route types [N1, N2, E1, E2]

cloudshark is my new best friend… i can  upload caps and they can be analyzed from the link… below is an example of the e-bit (external bit) set to 1 for a type E2…

R3(config-router)#do sh ip route | i E2
E1 – OSPF external type 1, E2 – OSPF external type 2
O E2     2.2.2.0 [110/20] via 192.168.13.1, 00:04:45, FastEthernet1/0
R3(config-router)#

cloudshark_e-bit

click on this damn thing…

down arrow smaller

https://www.cloudshark.org/captures/c7a3e400bc58?filter=ospf