In the first part of the article we discussed about Hello protocol, how the neighbour relationship are established and how to configure a multi-area OSPF network.

CCNA Training – Resources (Intense)

We will continue in the second part with the configuration of the following:

Router ID Hello and dead intervals Authentication Link cost Load-balancing

We will continue to use the same topology as in part one of the article:

As previously said in part one, for OSPF to work, it needs a Router ID (RID). The RID can be either administratively assigned or automatically determined as long as there is at least one interface up.

You can configure the RID like this:

R2(config)#router ospf 2

R2(config-router)#router-id 100.100.100.100

Reload or use “clear ip ospf process” command, for this to take effect

R2(config-router)#end

R2#

As you can see, once the RID chosen, in order to modify it, you need to restart the OSPF process. This means that all OSPF adjacencies will flap:

R2#

*Mar 1 06:22:39.042: %OSPF-5-ADJCHG: Process 2, Nbr 3.3.3.3 on FastEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 06:22:39.046: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 06:22:39.046: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 06:22:39.558: %OSPF-5-ADJCHG: Process 2, Nbr 3.3.3.3 on FastEthernet1/0 from LOADING to FULL, Loading Done

*Mar 1 06:22:39.586: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL, Loading Done

R2#

*Mar 1 06:22:45.190: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on Serial0/1 from LOADING to FULL, Loading Done

R2#

Let’s check the list of the OSPF neighbours on R3 again and confirm that the RID of R2 has changed from 2.2.2.2 to 100.100.100.100:

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

5.5.5.5 0 FULL/ – 00:00:37 10.10.35.5 Serial2/0

4.4.4.4 1 FULL/DROTHER 00:00:32 10.10.0.4 FastEthernet1/0

5.5.5.5 1 FULL/DR 00:00:32 10.10.0.5 FastEthernet1/0

100.100.100.100 1 FULL/BDR 00:00:34 10.10.23.2 FastEthernet0/0

R3#

Sometimes it might be necessary to change the OSPF hello and dead timers. If needed, make sure that you configure the same values on all possible neighbours on a link.

This is how you can check the OSPF timers:

R3#sh ip ospf interface f0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.10.23.3/24, Area 1

Process ID 3, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.23.3

Backup Designated router (ID) 100.100.100.100, Interface address 10.10.23.2

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:06

Supports Link-local Signaling (LLS)

Index 1/4, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 5

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacentneighbor count is 1

Adjacent with neighbor 100.100.100.100 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

R3#

The timers are changed in the interface configuration:

R3(config-router)#int f0/0

R3(config-if)#ip ospf hello-interval 5

R3(config-if)#ip ospf dead-interval 20

R3(config-if)#

Let’s check the new timers:

R3#show ip ospf interface f0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.10.23.3/24, Area 1

Process ID 3, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.23.3

Backup Designated router (ID) 100.100.100.100, Interface address 10.10.23.2

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:02

Supports Link-local Signaling (LLS)

Index 1/4, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 5

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacentneighbor count is 1

Adjacent with neighbor 100.100.100.100 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

R3#

OSPF calculates the metric for each destination by adding up the cost of the outgoing interface. By default, OSPF has a parameter called reference-bandwidth, which is used to calculate the cost of each interface. The formula is reference_bandwidth/interface_bandwidth.

Reference-bandwidth defaults to 100Mbps; therefore, a Fast Ethernet interface will have a cost of 1. In today’s networks, you will find speeds higher than 100Mbps. If this happens, then the cost will be set to 1, making OSPF treat Fast Ethernet and Gigabit Ethernet interfaces equally.

This is how you can change the reference-bandwidth parameter:

R3(config-router)#auto-cost reference-bandwidth 10000

This changed the parameter to calculate the cost using 10G speed.

The OSPF cost of FastEthernet0/0 on R3 also changed:

R3#show ip ospf interface f0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.10.23.3/24, Area 1

Process ID 3, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 100

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.23.3

Backup Designated router (ID) 100.100.100.100, Interface address 10.10.23.2

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:04

Supports Link-local Signaling (LLS)

Index 1/4, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 3, maximum is 5

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacentneighbor count is 1

Adjacent with neighbor 100.100.100.100 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

R3#

However, you can directly set the cost of an OSPF interface:

R3(config)#int f0/0

R3(config-if)#ip ospf cost 250

R3(config-if)#end

R3#show ip ospf interface f0/0

*Mar 1 06:45:39.806: %SYS-5-CONFIG_I: Configured from console by console

R3#show ip ospf interface f0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.10.23.3/24, Area 1

Process ID 3, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 250

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.23.3

Backup Designated router (ID) 100.100.100.100, Interface address 10.10.23.2

Timer intervals configured, Hello 5, Dead 20, Wait 20, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:00

Supports Link-local Signaling (LLS)

Index 1/4, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 5

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacentneighbor count is 1

Adjacent with neighbor 100.100.100.100 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

R3#

As you can see, there are two links between R1 and R2. R2 has two next-hops to reach 1.1.1.1:

R2#sh ip route 1.1.1.1

Routing entry for 1.1.1.1/32

Known via “ospf 2”, distance 110, metric 65, type intra area

Last update from 10.10.12.1 on Serial0/0, 00:02:06 ago

Routing Descriptor Blocks:

* 10.10.21.1, from 1.1.1.1, 00:02:06 ago, via Serial0/1

Route metric is 65, traffic share count is 1

10.10.12.1, from 1.1.1.1, 00:02:06 ago, via Serial0/0

Route metric is 65, traffic share count is 1

R2#

By default, OSPF can install up to four paths to the same destination. The number of the paths that can be installed can be checked like this:

R2#sh ip protocols

Routing Protocol is “ospf 2”

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Router ID 100.100.100.100

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Maximum path: 4

Routing for Networks:

2.2.2.2 0.0.0.0 area 1

10.10.12.2 0.0.0.0 area 1

10.10.21.2 0.0.0.0 area 1

10.10.23.2 0.0.0.0 area 1

Reference bandwidth unit is 100 mbps

Routing Information Sources:

Gateway Distance Last Update

3.3.3.3 110 00:01:54

1.1.1.1 110 00:01:54

Distance: (default is 110)

R2#

Let’s configure R2 to use only one path:

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#router ospf 2

R2(config-router)#maximum

R2(config-router)#maximum-paths 1

R2(config-router)#end

R2#sh ip route 1.1.1.1

Routing entry for 1.1.1.1/32

Known via “ospf 2”, distance 110, metric 65, type intra area

Last update from 10.10.21.1 on Serial0/1, 00:00:05 ago

Routing Descriptor Blocks:

* 10.10.21.1, from 1.1.1.1, 00:00:05 ago, via Serial0/1

Route metric is 65, traffic share count is 1

R2#

Authentication is the most important optional feature of OSPF. Without authentication, an attacker can connect a router in the network and make all the routers from the network to remove the legitimate routes and install the routes advertised by this rogue device.

OSPF supports three type of authentication:

Type 0 – Null authentication(no authentication) Type 1 – Simple text( the password is sent as clear text) Type 2 – MD5 authentication

Due to the fact that in case of Type 1, the password is sent in clear text, is always recommended to configure MD5 authentication. Once the authentication is configured, then the neighbour router should be configured with the same authentication type and the same password.

The configuration of authentication requires two commands on the interface: one that specifies the type of authentication and one that specifies the password.

Let’s configure MD5 authentication between R2 and R3:

R2#show run int f1/0

Building configuration…

Current configuration : 175 bytes

!

interface FastEthernet1/0

ip address 10.10.23.2 255.255.255.0

ip ospf authentication message-digest

ip ospf message-digest-key 12 md5 cisco

duplex auto

speed auto

end

R2#

R3#show running-config interface f0/0

Building configuration…

Current configuration : 175 bytes

!

interface FastEthernet0/0

ip address 10.10.23.3 255.255.255.0

ip ospf authentication message-digest

ip ospf message-digest-key 12 md5 cisco

duplex auto

speed auto

end

R3#

Using this configuration , the OSPF adjacency between R2 and R3 is up:

R2#show ip ospf interface f1/0

FastEthernet1/0 is up, line protocol is up

Internet Address 10.10.23.2/24, Area 1

Process ID 2, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State BDR, Priority 1

Designated Router (ID) 3.3.3.3, Interface address 10.10.23.3



Backup Designated router (ID) 2.2.2.2, Interface address 10.10.23.2

Flush timer for old DR LSA due in 00:01:18

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:04

Supports Link-local Signaling (LLS)

Index 4/4, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacent neighbor count is 1



Adjacent with neighbor 3.3.3.3 (Designated Router)

Suppress hello for 0 neighbor(s)

Message digest authentication enabled



Youngest key id is 12



R2#

This is the configuration needed to enable simple text authentication:

R1#show running-config int s0/0

Building configuration…

Current configuration : 146 bytes

!

interface Serial0/0

ip address 10.10.12.1 255.255.255.0

ip ospf authentication

ip ospf authentication-key cisco

serial restart-delay 0

end

R1#

If you have many interfaces in the same area and you don’t want to spend time on configuring each and every interface with the authentication type, you can enable the authentication at area level.

Let assume that R2 will use MD5 configuration for all interfaces from area 1. Then, instead of going to each interface and specify that interface will use MD5 authentication, we will just apply commands at area level:

R2#show running-config | section router

router ospf 2

log-adjacency-changes

area 1 authentication message-digest

network 2.2.2.2 0.0.0.0 area 1

network 10.10.12.2 0.0.0.0 area 1

network 10.10.21.2 0.0.0.0 area 1

network 10.10.23.2 0.0.0.0 area 1

R2#

Keep in mind that the command specifying the password should still be configured under each interface.

In this second part of the OSPF article, we saw how we can change some of the OSPF parameters. Remember that changing few of them (like hello timers or authentication) on one router and not on the other will lead to OSPF adjacency to go down.

Before changing and default parameters, always try to understand why you need them to be changed. What will be your benefit and what can be the drawbacks of changing them?

References:

