OSPF election process happens in the Init phase during wich OSPF Hello protocol (multicast) is in charge of the DR/BDR elections for a network segment combining various factors in the following order:
1- Choose the highest OSPF priority (default is 1, note that if you configure priority of 0 that router wont enter the election process - used on FR networks.)
2- Choose the highest router-id
3- Choose the highest loopback interface
4- Choose the highest configured physical interface (must be up/up)
Mind that there is no preemption meaning that when a DR goes ofline, the BDR takes his place and when it comes back online it wont be the DR again, for it to be considered for another election process in a network segment, all DR/BDR must go offline so that one router can become the DR again for that segment.
The BDR is actually elected first, followed by the DR. The RFC explains why:
"The reason behind the election algorithm's complexity is the desire for an orderly transition from Backup Designated Router to Designated Router, when the current Designated Router fails. This orderly transition is ensured through the introduction of hysteresis: no new Backup Designated Router can be chosen until the old Backup accepts its new Designated Router responsibilities."
A DR and a BDR is eligible for each LAN segment inside an area (broadcast network type)
Network types:
Broadcast: DR/BDR election, multicast hellos
Non-broadcast: DR/BDR election, no multicast hellos, Hub is force to be DR with high priority value, Hub defines neighbors, spokes are forced to not participate in DR election with priority 0
Point - Point: No DR/BDR election, multicast hellos (224.0.0.5)
Point - Multipoint: No DR/BDR election, multicast hellos (224.0.0.5)
Point - Multipoint Nonbroadcast: No DR/BDR election, unicast hellos that's why hub must define neighbors
OSPF will always advertise loopback interfaces with mask /32, changing the ospf network type to point-point will advertise the real mask
Interface Cost= Reference bandwidth/interface bandwidth = 10^8/(interface bandwidth(Mbps))
To change Reference bandwidth apply the command auto-cost reference-bandwidth (Mbps)
OSPF Path Selection with Per-Neighbor Cost: valid for network type’s point-to-multipoint and point-to-multipoint non-broadcast) neighbor x.y.z.w cost x
Non-backbone (not area 0) areas can be used for inter-area transit if a shorter path can be found through them, and if the "TransitCapability parameter has been set to TRUE, (default on cisco routers)
Ej:
router ospf 1
area 1 virtual-link 150.1.1.1
no capability transit
Demand circuit This feature is enabled with the interface-level command ip ospf demand-circuit, OSPF Hellos are suppressed and periodic LSA refreshes (30 minutes) by setting the DoNotAge (DNA) bit in the LSA. The link is bring up only when they are exchanged for the first time, or when a change occurs in the information they contain. Change the network type to point-to-point or point-to-multipoint to suppress hellos cause in broadcast networks OSPF Hellos are not supressed
Flood reduction This feature is enabled with the interface-level command ip ospf flood-reduction, periodic LSA refreshes (30 minutes) are suppres by setting the DoNotAge (DNA) bit in the LSA.
OSPF authentication clear text:(two ways)
- On each interface: ip ospf authentication, ip ospf authentication-key PASSWORD
- On router process: area # autentication, on each interface: ip ospf authentication-key PASSWORD
OSPF authentication md5 with one or multiple keys:(two ways)
- On each interface: ip ospf authentication message-digest, ip ospf message-digest-key # md5 PASSWORD
- On router process: area # autentication message-digest, on each interface: ip ospf message-digest-key # md5 PASSWORD
OSPF authentication SHA authentication
- On interface level: ip ospf authentication key-chain "name of the chain", then create the key chain at general configuration level: In this case 256 bits digest, it could be 160, 384 and 512
key 1
key-string "password"
cryptographic-algorithm hmac-sha-256
OSPF authentication null
Enable ospf authentication at router opsf configuration level, then choose which interfaces wil not participate in authentication with interface level command ip ospf authentication null
No comments:
Post a Comment