CCNP ROUTE 2.0: OSPF Metrics, Cost, Virtual Links and Authentication

Route Metrics

  • Routes that are generated within the same area are called intra-area routes, represented in the routing table as “O”.
  • Routes that are learned from another area are called inter-area or summary routes, represented in the routing table as “O IA”.
  • Routes that originate from another routing protocol that are redistributed into OSPF are called External routes, represented in the routing table as “O E1″ and “O E2″.
  • Routes that originate from another routing protocol that are redistributed into an OSPF Stub area are called NSSA routes, represented in the routing table as “O N1″ and “O N2″.

Multiple OSPF routes to the same destination are preferred in the following order: [1] Intra-area, [2] Inter-area, [3] External E1, [4] External E2, [5] NSSA N1 and [6] NSSA N2

The difference between an External E1 and E2 route is the cost. The E2 route reflects the cost from the ASBR to the destination whereas the E1 route reflects the cost of the entire path. E2 is the default when redistribution routes from another routing protocol in OSPF. This can be changed by using the metric-type command when redistributing the routes.

R1 (config)# router ospf 1
R1 (config-router)# redistribute eigrp 100 metric-type 1

Interface Costs and Bandwidth

“O IA    192.168.3.0/24 [110/2] via 192.168.2.1, 00:00:00, FastEthernet0/0”

Where 110 is the administrative distance of OSPF (default), 2 is the cost of the path. OSPF Metric equals the cost of each link in the path; in other words the OSPF route is accumulated value from one router to the destination network. The paths with the lowest costs are selected as the best path.

NOTE – Only the cost of the outbound interface is used in the calculation of the metric/cost.

The cost is calculated using the following formula:

Cost = Reference bandwidth (default 100) / interface bandwidth in Mbps

Bandwidth    Cost
10Mb        10
100Mb        1
1000Mb        1
10000Mb    1


The default reference bandwidth is 100Mb, with faster interfaces common place that means 100Mb, 1Gb, 10Gb would have the same cost. Recommend to change the default from 100 to value greater than 10000. The default value can be changed using the “auto-cost” command, important to change this value on all routers.

R1 (config)# router ospf 1
R1 (config-router)# auto-cost reference-bandwidth 100000

Bandwidth    Cost
10Mb        10000
100Mb        1000
1000Mb        100
10000Mb    10

The cost of the path is now “1002”

“O IA    192.168.3.0/24 [110/1002] via 192.168.2.1, 00:00:00, FastEthernet0/0”

The cost can be specified manually per interface, this cost will override the calculated cost.

R1 (config)# interface fastethernet 0/0
R1 (config-if)# ip ospf cost 100

R1# show ip ospf interface fastethernet 0/0

Virtual Links

All area must have a physical connection to the backbone area 0. If this is not possible you can use a virtual link to connect to the backbone area 0 through a non-backbone area. The area through which the virtual link is built is referred to as the transit area and cannot be a stub network.


Use the command area <this area is the transit area>
virtual-link <RID of other router>

R2 (config)# router ospf 1
R2 (config-router)# area 1 virtual-link 0.0.0.4

R4 (config)# router ospf 1
R4 (config-router)# area 1 virtual-link 0.0.0.2

Running the command “show ip ospf neighbour” now on one of the routers configured with a Virtual Link will show a new adjacency to an virtual link interface “OSPF_VLx”


Running the command “show ip ospf virtual-links

Authentication

OSPF neighbour adjacency can be controlled using authentication, permitting only routers with a correct password to form an adjacency. By default OSPF does not use authentication.

OSPF has 3 types of authentication:

  • Type 0 = Null – no authentication, default
  • Type 1 = cleartext password
  • Type 2 = MD5 password

Configuring OSPF authentication is a 2 step procedure:

  1. Enable authentication either per interface or per area.
  2. Configure authentication key per interface

Plaintext Authentication

Configure Plaintext authentication key on the interface

R1 (config)# interface gigabitethernet 0/0
R1 (config-if)# ip ospf authentication-key XXXXXXX

Enable Plaintext Authentication on area

R1 (config)# router ospf 1
R1 (config-router)# area 0 authentication

Enable Plaintext Authentication on the interface

R1 (config)# interface gigabitethernet 0/0
R1 (config-if)# ip ospf authentication

MD5 Authentication

Configure OSPF MD5 authentication key on the interface

R1 (config)# interface gigabitethernet 0/0
R1 (config-if)# ip ospf message-digest-key 1 md5 XXXXXXX

Enable OSPF MD5 authentication on the area

R1 (config)# router ospf 1
R1 (config-router)# area 0 authentication message-digest

Enable OSPF MD5 authentication on an interface

R1 (config)# interface gigabitethernet 0/0
R1 (config-if)# ip ospf authentication message-digest

Debug authentication using “debug ip ospf adjacency”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s