PP8600 Technical Configuration Guide for OSPF€¦ · OSPF Overview Open Shortest Path First is a...

PP8600 Technical Configuration Guide

for OSPF

PP8600 TCG OSPF Version 1.2 August 2003

Nortel Networks External Distribution 1

Copyright © 2003 Nortel Networks All rights reserved. August 2003 The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc. The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license. Trademarks Nortel Networks, the Nortel Networks logo, the Globemark, Unified Networks, and PASSPORT are trademarks of Nortel Networks. Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporate.



Table of Contents

1. OSPF OVERVIEW ............................................................................................................................. 4 2. CIRCUITLESS IP (CLIP) .................................................................................................................. 4 3. CONFIGURING OSPF....................................................................................................................... 5 4. OSPF NETWORK TYPES................................................................................................................. 5

CONFIG EXAMPLE – OSPF NETWORK TYPE ............................................................................................... 6 5. EQUAL COST MULTI PATH (ECMP) ........................................................................................... 7 6. SECURITY........................................................................................................................................... 8

6.1 SIMPLE PASSWORD MECHANISM ................................................................................................... 8 6.2 MESSAGE DIGEST 5 (MD5)............................................................................................................ 8 6.3 CONFIGURATION EXAMPLE – USING MD5 .................................................................................... 9

7. OSPF NEIGHBOR STATES.............................................................................................................. 9 8. OSPF AREAS .................................................................................................................................... 11

8.1 CLASSIFICATION OF ROUTERS ..................................................................................................... 12 8.2 TYPES OF OSPF AREAS ............................................................................................................... 13

9. CONFIGURATION EXAMPLES ................................................................................................... 20 9.1 OSPF ROUTE DISTRIBUTION TO RIP, RIP TO OSPF (AS-EXTERNAL-LSA TYPE 1 METRICS) ..... 20 9.2 DISTRIBUTING AN INTERNET DEFAULT ROUTE TO OSPF USING AS-EXTERNAL-LSA TYPE 2 ..... 22 9.3 CONTROLLING EXTERNAL ROUTES ADVERTISED IN AN NSSA AREA.......................................... 24 9.4 SUPPLYING A DEFAULT ROUTE.................................................................................................... 28 9.5 COMPLEX CONFIGURATION EXAMPLE:........................................................................................ 28

10. SOFTWARE BASELINE............................................................................................................. 33 11. REFERENCE DOCUMENTATION: ......................................................................................... 33 12. ADDENDUM A ............................................................................................................................. 34

12.1 CIRCUITLESS IP (CLIP) CLI ........................................................................................................ 34 12.2 OSPF BROUTER PORT CLI .......................................................................................................... 34 12.3 OSPF NETWORK CLI .................................................................................................................. 34 12.4 MD5 AUTHENTICATION CLI ....................................................................................................... 35 12.5 ADD OSPF INTERFACE TO NEW AREA CLI ................................................................................. 35 12.6 STUB AREA CLI........................................................................................................................... 35 12.7 NSSA ASBR ROUTER CLI.......................................................................................................... 36 12.8 OSPF ASBR CLI......................................................................................................................... 37 12.9 DEFAULT ROUTE TO OSPF CLI................................................................................................... 37 12.10 CONTROLLING EXTERNAL ROUTES (NSSA AREA) CLI .......................................................... 38



Table of Figures: Figure 1: OSPF Configuration ......................................................................................................... 5 Figure 2: OSPF Network Type ........................................................................................................ 6 Figure 3: Equal Cost Multi Path (ECMP)......................................................................................... 7 Figure 4: MD5 Authentication .......................................................................................................... 9 Figure 5: Normal Areas ................................................................................................................. 14 Figure 6: ABR Configuration Example .......................................................................................... 14 Figure 7: Stub Area Example ........................................................................................................ 16 Figure 8: NSSA.............................................................................................................................. 18 Figure 9: NSSA Configuration Example ........................................................................................ 18 Figure 10: OSPF ASBR Configuration Example ........................................................................... 20 Figure 11: Distributing Default Route to OSPF ............................................................................. 22 Figure 12: Controlling External Routes (NSSA Area).................................................................... 24 Figure 13: Default Routes.............................................................................................................. 28 Figure 14: PP8600 Network Example ........................................................................................... 29



1. OSPF Overview Open Shortest Path First is a link state protocol designed as a standards based Internal Gateway Protocol (IGP) for the purpose of interconnecting users and networks. OSPF maintains a link state database of interface, link, router, and network status in order to calculate the shortest path to each and every network element. From the link state database, a routing table is built. This calculation is based on Dijkstra’s model of calculating the shortest path from one point to another. OSPF Standards supported on Passport 8600 The Passport 8600 supports the following standards:

• RFC 1253 (OSPF MIB) • RFC 1583 (OSPF version 2) • RFC 2178 (OSPF version 2) • RFC 1850 (OSPF Management Information Base) • RFC 2178 (OSPF MD5 cryptographic authentication)

Dijkstra’s Algorithm This calculation is used to determine the best path to any network based on the total path cost. All paths to a given network are determined and the cost calculated, however, only the best path will be used populate the routing table.

2. Circuitless IP (CLIP) A Circuitless IP address, sometimes referred to as a loopback address, is an IP address that is not tied to any specific interface. Since it is not tied to a physical port or VLAN, its state is always active. It is highly recommended to use the Circuitless IP address for the OSPF Router-ID. By doing so, the OSPF Router-ID is always active regardless of any port state (up/down). To configure CLIP and use it for the OSPF Router-ID, the following commands are used. Step 1 Configure a Circuitless IP address config ip circuitless-ip-int X create

<ipaddress/mask> config ip circuitless-ip-int X ospf enable

This step creates a circuitless IP address which will be used for the OSPF Router-ID where X is the CLIP ID and can be any instance from 1-32. The CLIP IP address typically uses a 32-bit mask.

Step 2 Enable OSPF config ip ospf admin-state enable

config ip ospf router-id <CLIP IP Address> config ip ospf enable

These commands enables OSPF and set the OSPF Router-ID using Circuitless IP created in Step 1.


Nortel Networks External Distribution

3. Configuring OSPF OSPF can be configured at an interface (brouter port) or VLAN (port or IP-Subnet) level.

Figure 1: OSPF Configura

In reference to the drawing below, the following configuratiOSPF on brouter port 2/1 and VLAN2: Step 1 Configure OSPF Interface – brouter

port

config ethernet 2/1 ip create 10.1.1.21/30 2134 config ethernet 2/1 ip ospf enable

Thes2/1 a2134inter

Step 2 Configure OSPF Interface – VLAN config vlan 2 create byport 1

config vlan 2 ports add 1/2 config vlan 2 ip create 172.3.1.1/24 config vlan 2 ip ospf enable

ThesVLAN

Step 3 Configure a Circuitless IP address config ip circuitless-ip-int 1 create

1.1.1.1/32 config ip circuitless-ip-int 1 ospf enable

This addrOSP

Step 4 Enable OSPF Globally config ip ospf router-id 1.1.1.1

config ip ospf enable ThesassigStep

4. OSPF Network Types OSPF Network Types were created to allow OSPF neighbodifferent types of network infrastructures. That being the cconfigured to support each network type. The following taband usages that the Passport 8600 supports.

PP8600A

Area 0

VLAN 2

172.3.1.0/24

.1

1/2 OSPF Network

.21

Brouter Port

10.1.1.20/3

5

tion

on steps are used to configure

e two commands configure port s a brouter port with VLAN ID and enables OSPF on this face.

e commands create port-based 2 under STG 1 with OSPF.

step creates a circuitless IP ess which will be used for the F Router-ID

e commands enable OSPF and ns the Circuitless IP created in

3 as the OSPF Router-ID

ring between routers over ase, each interface can be le defines the network types


Nortel Networks External Distributio

Interface Type Usage Broadcast Will automatically discover every OSPF router on the network by

sending OSPF Hello’s to the multicast group AllSPFRouters (224.0.0.5). Neighboring is automatic and need not be configured. Typically used in an Ethernet, ATM, or certain Frame Relay environments.

Non-Broadcast Multi-Access

OSPF NBMA network type was used to correctly model network environments that do not have native Layer 2 broadcast/multicast capabilities, such as Frame Relay and X.25. Hellos are unicasted to manually configured neighbors.

Passive Allows interface network to be included in OSPF without generating LSAs or forming adjacencies. Typically used on an access network, or on an interface that is used for BGP peering. This also limits the amount of CPU cycles required to process Dijkstra.

Configuring OSPF Network Type: The OSPF Network type can be configured by using the following command:

• config ethernet x/y ip ospf interface-type ({broadcast | nbma | passive} where: x = slot # y = port #

Config Example – OSPF Network Type

Figure 2: OSPF Netw

For this example, we will configure VLAN 2 on PP8interface type as passive. By configuring VLAN 2 awill be sent on this segment while still advertising tnetwork. Step 1 Configure OSPF Interface – VLAN config vlan 2 create byport 1

config vlan 2 ports add 1/2 config vlan 2 ip create 172.3.1.1/24 config vlan 2 ip ospf interface-type passive config vlan 2 ip ospf enable

PP8600A

Area 0

VLAN 2

172.3.1.0/24

.1

1/2 OSPF Network

.21

Brouter Port

10.1.1.20/3

n 6

ork Type

600A with OSPF and set the s passive, no OSPF hello messages his interface to the rest of the OSPF

These commands create port-based VLAN 2 under STG 1 with OSPF and sets the interface type as passive.



5. Equal Cost Multi Path (ECMP) ECMP is a feature, which will load balance routed IP traffic across up to four equal cost paths. The Passport 8600 supports ECMP operation for OSPF, RIP, static routes, and default routes. There are a few benefits of ECMP when used with OSPF:

1. no need to rerun Dijkstra should the main path fail, the other ECMP path(s) will automatically take the load.

2. loadsharing implies better use of network facilities. The traffic distribution algorithm is identical to the Multi-Link Trunk (MLT) algorithm for IP datagrams:

MOD (DestIP(X)[5:0] XOR SrcIP(Y)[5:0],#of active links) 'XOR the last 6 bits of the source and destination IP address, divide by the number of links, and take the remainder.Configuration Example – ECMP

Figure 3: Equal Cost Multi Path (ECMP)

Configuration of ECMP is quite simple. For example, in reference to PP8600A, the commands to enable ECMP over two paths is as follows:

• config ip ecmp enable • config ip ecmp-max-path 2

After ECMP is configured, ECMP paths can be verified in the routing table. Those paths with an E in the Type column are designated equal cost paths. In this example we see two routes to 1.1.1.2, and two routes to 10.1.30.0. show ip route info Response from A: Ip Route ================================================================================ DST MASK NEXT COST VLAN PORT PROT AGE TYPE PRF -------------------------------------------------------------------------------- 1.1.1.1 255.255.255.255 1.1.1.1 1 0 -/- LOC 0 DB 0 10.1.40.0 255.255.255.255 10.1.1.2 12 2190 2/7 OSPF 0 IBE 20 10.1.40.0 255.255.255.255 10.1.1.6 12 2191 2/8 OSPF 0 IBE 20 2.1.1.0 255.255.255.252 2.1.1.1 1 3999 -/- LOC 0 DB 0 10.1.1.0 255.255.255.252 10.1.1.1 1 - 2/7 LOC 0 DB 0 10.1.1.4 255.255.255.252 10.1.1.5 1 - 2/8 LOC 0 DB 0 . . . . 10.1.30.0 255.255.255.0 10.1.1.2 11 2190 2/7 OSPF 0 IBE 20 10.1.30.0 255.255.255.0 10.1.1.6 11 2191 2/8 OSPF 0 IBE 20 13 out of 11 Total Num of Dest Networks,13 Total Num of Route Entries displayed. -------------------------------------------------------------------------------- TYPE Legend: I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route , U=Unresolved Route, N=Not in HW

PP8600A PP8600C

PP8600D

Area 0

10.1.1.0/30 .1 .2

10.1.1.24/30

.25

.26

CLIP = 1.1.1.1

CLIP = 1.1.1.4

CLIP = 1.1.1.3

10.1.1.4/30

.5

10.1.40.0/24

10.1.30.0/24 .6



6. Security The Passport 8600 implementation of OSPF includes security mechanisms to prevent the OSPF routing domain from being attacked by unauthorized routers. This prevents someone from joining an OSPF domain and advertising false information in its OSPF LSAs. Likewise, it prevents a misconfigured router from joining an OSPF domain.

6.1 Simple Password Mechanism The Simple Password is a text simple password mechanism, only routers that contain the same authentication id in their LSA headers can communicate with each other. To configure simple password, use the following commands.

Brouter Ports: • config ethernet x/y ip ospf authentication-type simple • config ethernet x/y ip ospf authentication-key <string>

where: x = slot # y = port #

VLAN: • config vlan x ip ospf authentication-type simple • config vlan x ip ospf authentication-key <string>

where: x = VLAN #

The problem with this feature is that the password is stored in plain text and can be read off the config file or LSA packet.

6.2 Message Digest 5 (MD5) This is the preferred method of OSPF security as it provides standards based (RFC 1321) authentication using 128-bit encryption. It is almost impossible to compute or extrapolate the decryption codes from the OSPF packets. Basically each OSPF packet will have a message digest appended to it which needs to be matched between sending and receiving routers. The message digest is calculated on either side, based on the MD5 Key and any padding, then compared, if they do not match, the packet is rejected. The first step is to create a MD5 key and key-id and then set the authentication type for message-digest.

• config ip ospf interface <IP address> add-message-digest-key <md5-key-id> md5-key <value>

• config ip ospf interface <IP address> authentication-type message-digest where:

md5-key-id = 1-255 md5-key value = alphanumeric password of up to 16 bytes {string length 0..16} auth-type = authentication type {none|simple|message-digest}



6.3 Configuration Example – Using MD5

Figure 4: MD5 Authentication

Assuming we wish to enable MD5 authentication between PP8600A and PP8600B, the commands are as follows: Step 1 Configure PP8600A config ip ospf interface 10.1.1.1 add-

message-digest-key 1 md5-key qwsdf89 config ip ospf interface 10.1.1.1 authentication-type message-digest

These commands enable md5 authentication for ospf interface 10.1.1.1 using key ‘qwsdf89’.

Step 2 Configure PP8600B config ip ospf interface 10.1.1.2 add-

message-digest-key 1 md5-key qwsdf89 config ip ospf interface 10.1.1.2 authentication-type message-digest

These commands enable md5 authentication for ospf interface 10.1.1.2 using key ‘qwsdf89’.

7. OSPF Neighbor States Upon initial startup, routers will attempt to find and form adjacencies with other OSPF routers via Hello packets. Once these are received the routers perform some handshaking before adjacency is established. The following table describes the various states of forming an adjacency. Step State Description 1 Down This is the initial OSPF neighbor state. It means a router has

not received any information (hellos) from its neighbor even if it can still send hellos to its neighbor. This state can occur for NBMA or Point-to-Multipoint neighbors. During a full adjacency state, if a router does not receive hello packets from a neighbor within the Router Dead Interval time, then the neighbor state changes from Full to Down. The default Dead Interval time is 4 x Hello Interval, which by default is 40 seconds. This state does not occur on Broadcast networks, which is initially in an Init state.

2 Attempt Also on NBMA interfaces, this state occurs when the router attempts to send unicast hellos to any configured interfaces.

3 Init Router has received a general Hello packet (without its Router ID) from another router.

4 2-Way Router received a Hello directed to it from another router.

PP8600A PP8600C

Area 0

10.1.1.0/30 .1 .2

CLIP = 1.1.1.1 CLIP = 1.1.1.3



(Hello contains its Router ID). 5 ExStart Master/Slave election process. 6 Exchange Link State Database is exchanged 7 Loading Processing of the LSDB for input into the routing table. Router

may request LSA for missing or corrupt routes. 8 Full Normal full adjacency state.

7.1.1 Troubleshooting Neighbor States The following command will show all the neighbors and the current state of adjacency. Passport-8610:6# show ip ospf neighbors ================================================================================ Ospf Neighbors ================================================================================ INTERFACE NBRROUTERID NBRIPADDR PRIO_STATE RTXQLEN PERMANENCE ------------------------------------------------------------------------------------------------------------------------ 10.1.1.22 1.1.1.1 10.1.1.21 100 Full 0 Dynamic 10.1.1.17 1.1.1.5 10.1.1.18 0 Full 0 Dynamic 10.1.1.9 1.1.1.4 10.1.1.10 1 Full 0 Dynamic Total ospf neighbors: 3 Most problems with OSPF occur at initial startup where the router cannot form adjacencies with other routers and the state is stuck in INIT or EXSTART/EXCHANGE. INIT State problems A router may be stuck in INIT state and not form an adjacency. This could mean a couple things: a) There is a mismatch in authentication keys or that both sides are not configured for

authentication. By issuing the ‘trace Level 6 2’ command, we can see the OSPF packets being received. The example below shows the error received when there is an authentication failure:

• Passport 8600 # trace level 6 2 • Passport 8600 # trace screen on [03/24/03 15:55:07:216] tMainTask OSPF: os_recv.c : 710 : verify_ospf_packet: authType mismatch ipa= 10.1.1.18

b) The path is not reachable due to Access Lists implemented on routers, ensure the multicast address of 224.0.0.5 is able to traverse the link. If multicast traffic is being blocked for some reason, the Passport 8600 may have to be configured for OSPF NBMA instead of Broadcast. c) When forming an adjacency over ATM link, both routers must be able to support Inverse ARP which will map the IP address to a PVC. Passport 8600 will do this automatically, however in the case that Passport is connecting to another router, ensure that Inverse ARP is enabled on the other router. If Inverse ARP is not supported then it may be necessary to configure a static ARP entry.



EXSTART/EXCHANGE Problems Both routers may recognize each other and have moved beyond 2-way, however there may be a problem with the routers being stuck in EXSTART/EXCHANGE state. This is usually caused by a mismatch in MTU sizes, i.e. one router be set for a high MTU size and the other is default at a smaller value. Depending on the size of the LSDB, the router with the smaller value may not be able to process the larger packets and thus be stuck in EXSTART/EXCHANGE state. Ensure that the MTU sizes match! This is typical when interoperating with other vendors. Use “Trace Level 6 2” to help troubleshoot this problem. Since release 3.2.2.2, the Passport 8600 starting checking for the OSPF MTU mismatch. The following is taken form the 3.2.2.2 release notes:

In Passport 8600 Software Release 3.2.0.0 and higher, the supported MTU size for OSPF is 1500 bytes by default. Incoming OSPF DBD packets would be dropped if their MTU size is greater than 1500 bytes. To allow the Passport 8600 routing switch to accept OSPF DBD packets with a different MTU, a CLI command is introduced in Software Release 3.2.2.2, which is configurable per OSPF interface: config ip ospf interface <ip address> mtu-ignore <enable|disable> (default value of mtu-ignore is disable) Once "mtu-ignore" is enabled the MTU Check on the incoming OSPF DBD packet is not performed. NOTE: This change will however still not allow the Passport 8600 routing switch to process packets sent on ATM links larger than 1950 bytes.

8. OSPF Areas In large networks with many routers and networks, the link state database (LSDB) and routing table can become very large. Large route tables and LSDBs consume memory. Processing of link state advertisements results in more CPU cycles being needed to make forwarding decisions. To help reduce these undesired effects, an OSPF network can be divided into sub-domains called areas. An area is made up of a number of OSPF routers with the same area identification. By dividing a network into multiple areas, a separate LSDB consisting of router LSA’s and network LSA’s are maintained for each area. Each router within an area will maintain a LSDB only for the area to which it belongs. In other words, the area’s router-LSA’s and network-LSA’s are not flooded beyond the area’s borders. Hence, the impact of a topology change is localized to the area that it occurs. The only exception to this is for the area border routers, which must maintain a LSDB for each area to which they belong. Changes in topology are advertised to the rest of the network by the area border routers by advertising Summary-LSAs. Area’s are identified by a 32-bit Area ID and is expressed in IP address format such as 0.0.0.0 for 0. Area 0 is also known as the backbone area and is responsible for distributing routing information to all other areas. If multiple areas are used, they should all be attached to the backbone via an Area Border Router (ABR), which connects area



0.0.0.0 to the non-backbone area(s). If an area cannot be physically directly connected via an ABR to area 0, you will need to configure a Virtual Link to logically connect the area to the backbone area.

8.1 Classification of Routers When an OSPF Autonomous System is broken up into multiple OSPF areas, the routers are further divided into specific functions:

• Internal Routers A router that has all its networks and interfaces belonging to one area. This router will have a one LSDB belonging to this area.

• Area Border Routers (ABR) An ABR router connects to two or more OSPF areas. It will have a separate LSDB for each area it is attached to. It will in turn condense the routing topology from its attached area for distribution to the OSPF backbone area. The backbone in turn will distribute this information to all other areas. ABR’s use Summary-LSA’s to advertise IP subnets into the backbone by using Type 3 Summary-LSAs and Type 4 ASBR-summary-LSAs. Type 4 ASBR-summary-LSAs advertises the location of the ASBRs from area to area.

• Backbone Routers A backbone router is simply a router that has an interface connected to the backbone area. This includes all routers including the ABR.

• Autonomous System Boundary Router (ASBR) An ASBR router is a router that has a connection to another Autonomous System. To distribute into OSPF any external routes that originated from a protocol such as RIP, BGP-4, IS-IS or Static Routes, the router must be configured as an ASBR. An ASBR router will import external routes into the OSPF domain by using AS-external-LSAs (LSA Type 5) originated by the ASBR. AS-external-LSAs are flooded across area borders. When an ASBR imports external routes, it may import routes info OSPF using external Type 1 or Type 2 metrics. This will give a four-level routing hierarchy as show in the table below according to routing preference. Level Description 1 Intra-area routing 2 Inter-area routing 3 External Type 1 metrics 4 External Type 2 metrics This results in a routing preference from most preferred to least preferred of:

1. routing within an OSPF area 2. routing within the OSPF domain 3. routing within the OSPF domain and external routes with External

Type 1 metrics 4. routing within the OSPF domain and external routes with External

Type 2 metrics



For example, an ASBR can be configured to import RIP routes into OSPF with external Type 1 metrics. Another ASBR can be configured to import Internet routes and advertise a default route with an external Type 2 metric. This will result in RIP imported routes having a higher preference than the Internet imported default routes. In reality, External Type 2 metrics should always be used for BGP Internet routes whereas External Type 1 should always be used for RIP imported routes. The reason for this is routes imported into OSPF as External Type 1 are supposed to be from IGP (internal gateway protocols) whose external metric is comparable to OSPF metrics. With External Type 1 metrics, OSPF will add the internal cost to the ASBR to the external metric. External Type 2 metrics are used for EGP (exterior gateway protocols) whose metric is not comparable to OSPF metrics. For External Type 2 metrics, only the internal OSPF cost to the ASBR router is used in the routing decision.

8.2 Types of OSPF Areas In reference to the area types below, the following chart displays the various LSA types exchanged between area’s. LSA’s are used to share link state information among routers; there are 7 different types. They typically contain information about the router and its neighbors and are generated periodically to ensure connectivity or generated upon the change in state of a router/link (up/down). LSA TYPE Description Area of Distribution

1 LSA Type 1 are called router-LSAs and is originated by a router to describe its set of active interfaces and neighbors.

Only within the same area.

2 LSA Type 2 are called network-LSAs and describes a network segment such as broadcast or NBMA. In a broadcast network, network-LSAs are originated by the Designated Router (DR).

Only within the same area.

3 LSA Type 3 are called network-summary-LSAs. Describes the networks within an area. Originated by the Area Border Router (ABR).

Passed between areas.

4 LSA Type 4 are called ASBR-summary-LSAs and advertises the location of the ASBRs from area to area


5 LSA Type 5 are called AS-external-LSAs. Describes networks outside of the OSPF domain. Originated by the ASBR and passed between areas. In Stub and NSSA area, LSA Type 5 routes are replaced with a single default route.


6 LSA Type 6 are called group-membership-LSAs. Used to identify the location of Multicast group members in MOSPF.


7 LSA Type 7 are used in OSPF NSSA areas to import external routes.

Translated between areas.



8.2.1 Normal Areas A normal area is simply a collection of routers using the same Area-ID that calculates inter-area and external routes through the use of summary-LSAs, ASBR-summary-LSAs, and AS-external-LSAs. A Normal Area supports ABR and ASBRs.

Figure 5: Normal Areas

8.2.1.1 Configuring the ABR

There is no configuration parameter to configure a Passport 8600 as an ABR. It becomes an ABR automatically when more than one area is configured on it.

8.2.1.2 Configuring the ASBR

When configuring an OSPF ASBR on the Passport 8600, it can be configured to: • Distribute all OSPF routes to BGP or RIP. • Distribute RIP, BGP, Direct, or static routes to OSPF

To configure a Passport 8600 as an ASBR, use the following command

• PP8600A# config ip ospf as-boundary-router enable

8.2.1.2.1 Configuration Example - Configuring the ABR

On the Passport 8600, there are no configuration steps to enable a Passport 8600 for ABR. As soon as more than one area is configured, the Passport 8600 is automatically configured as an OSPF ABR. The following is an example on how to add an OSPF interface to a new area:

Figure 6: ABR Configuration Example

In reference to PP8600B, the following commands are used to configur0.0.0.2 and area 0.0.0.0 thereby making it an OSPF ABR.

PP8600A (ASBR) PP8600C

(ASBR)

Normal Area 0.0.0.0

Normal Area 0.0.0.1

PP8600B(ABR) Normal Area

0.0.0.0

AS-external-LSAs (LSA Type 5) from Area 1


Summary-LSAs (LSA Type 3 & 4) from Area 1


PP8600E

Normal Area Area 2

2/6

172.3.3.1/24

.18 .17 2/6.1

CLIP = 1.1.1.5

2/1

.21

Area 0

1/48VLAN 2

CLI

10.1.1.20/3

14

e it for area

PP8600B

2/1 .22

P = 1.1.1.2



PP8600B Configuration Steps Command Comments Step 1 Configure OSPF Interface config ethernet 2/6 ip create 10.1.1.17/30

2090 config ethernet 2/6 ip ospf enable

These two command configure port 2/6 as a brouter port and enables OSPF on this interface

Step 2 Configure Second OSPF Interface config ethernet 2/1 ip create 10.1.1.22/30



Step 3 Create Circuitless IP config ip circuitless-ip-int 1 create

1.1.1.2/255.255.255.255 config ip circuitless-ip-int 1 ospf enable

These commands create a circuitless IP address which will be used for the OSPF Router-ID

Step 4 Enable OSPF ip ospf router-id 1.1.1.2

ip ospf enable ip ospf area 0.0.0.2 create ip ospf interface 10.1.1.17 area 0.0.0.2

These commands configure the PP8600 as border router. Note by default, OSPF interface 10.1.1.22 is by default put into OSPF area 0.0.0.0. Since we added one additional area of 0.0.0.2, PP8600B automatically becomes an ABR.

To view the area’s created use the following command:

PP8600B# show ip ospf area ================================================================================ Ospf Area ================================================================================ AREA_ID STUB_AREA NSSA IMPORT_SUM ACTIVE_IFCNT -------------------------------------------------------------------------------- 0.0.0.0 false false true 2 0.0.0.2 false false true 1 STUB_COST SPF_RUNS BDR_RTR_CNT ASBDR_RTR_CNT LSA_CNT LSACK_SUM -------------------------------------------------------------------------------- 0 61 2 0 18 565959 1 28 2 1 19 606498

You can use the following command to view the ABR status: PP8600A# show ip ospf info Ospf General ================================================================================ RouterId: 1.1.1.2 AdminStat: enabled VersionNumber: 2

AreaBdrRtrStatus: true ⇐ ASBdrRtrStatus: false ExternLsaCount: 1 ExternLsaCksumSum: 29660(0x73dc) TOSSupport: 0 OriginateNewLsas: 270 RxNewLsas: 1047 TrapEnable: false AutoVirtLinkEnable: false SpfHoldDownTime: 10



8.2.2 Stub Area A stub area does not receive advertisements for external routes (AS-external LSAs, type 5) from an Area Border Router, which reduces the size of the link state database. Instead, routing to external destinations from within a stub area is based simply on the default route originated by a stub area border router. A stub area has only one area border router. Any packets destined outside the area are simply routed to that area border exit point where the packets are examined by the area border router and forwarded to a destination. ASBR’s cannot be supported within a stub area. Without AS-external LSA’s, stub area’s cannot support virtual links.

8.2.2.1 Configuring a Stub Area

To configure an OSPF area as a stub or NSSA, use the following command • PP8600A# config ip ospf area <area IP address> stub <true | false> • PP8600A# config ip ospf area <area IP address> nssa <true | false>

NOTE: AS-external LSA’s are not flooded into a Stub area’s. Instead, only one default route to external destinations is distributed into the Stub area by the Stub ABR router 8.2.2.1.1 Configuration Example – Stub Area Configuration

Figure 7: Stub Area Example

The following are the configuration step required on PP860 PP8600E Configuration Steps: Command ComStep 1 Configure OSPF Interface config ethernet 2/6 ip create 10.1.1.18/30


Thes2/6 aOSPF

Configure VLAN 2 config vlan 2 create byport 1

config vlan 2 ports add 1/48 config vlan 2 ip create 172.3.3.1/255.255.255.0 vlan 2 ip ospf enable

Thesand e

Step 2 Create Circuitless IP

PP8600E

Area 2 Stub

2/6

172.3.3.1/24

.18 .17 2/6.1

CLIP = 1.1.1.5

2/1

.21

Area 0

1/48VLAN 2

10.1.1.20/3

16

0E and PP8600B:

ments

e two command configure port s a brouter port and enables on this interface

e command create VLAN = 2 nabled ospf for this interface.

PP8600B

2/1 .22



config ip circuitless-ip-int 1 create 1.1.1.5/255.255.255.255 config ip circuitless-ip-int 1 ospf enable



ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 stub true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2 ip ospf interface 172.3.3.1 area 0.0.0.2

These commands configure the PP8600 as stub area 2, assigns the Circuitless IP created in Step 2 as the OSPF Router-ID, and finally adds the OSPF interfaces to Area 2.

PP8600B Configuration Steps Command Comments Step 1 Configure OSPF Interface config ethernet 2/6 ip create 10.1.1.17/30



Configure Second OSPF Interface config ethernet 2/1 ip create 10.1.1.22/30







ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 stub true ip ospf interface 10.1.1.17 area 0.0.0.2

These commands configure the PP8600 as stub border router. Note by default, OSPF interface 10.1.1.22 is by default put into OSPF area 0.0.0.0. Since we added one additional sub area of 0.0.0.2, PP8600B automatically becomes an stub ABR.



NSSA

- A not so stubby area (NSSA) also prevents the flooding of AS-External Link State advertisements into the area by replacing them with a default route. The added feature of NSSA is the ability to import small stub (non-OSPF) routing domains into OSPF. This allows the NSSA to import external routes such as RIP routes and then advertise these routes throughout the network. External routing information is imported into a NSSA by using Type-7 LSAs. These LSA’s are translated at the NSSA boundary into LSA Type-5. The N/P bit in the Type-7 LSA Options field indicates whether the Type-7 LSA should be translated. Only those LSA’s with the N/P-bit set are translated.

Figure 8: NSSA 8.2.2.1.2 Configuration Example – Configuring an NSSA Area

Figure 9: NSSA Configuration Example

In this example, we will configure PP8600E as an NSSA ASBR router. Command Comments Step 1 Configure RIP Interface config ethernet 1/48 ip create 20.1.1.2/30

2091 config ethernet 1/48 ip rip enable

These two comm1/48 as a brouteRIP on this inter

Step 2 Enable RIP Globally and Configure RIP Interface for RIPv2

PP8600 (ASBR)

PP8600(ASBR)

Normal Area 0.0.0.0

NSSA Area 0.0.0.1

PP8600(ABR) Normal Area

0.0.0.0



LSA Type 7 is translated to LSA Type 5

Type-7-LSAs

Summary-LSA with Default Route (all external routes replaces with one default route

Summary-LSAs (LSA Type 3) from Area 0

Type-5-LSAs

P

PP8600E(ASBR)

Area 2 NSSA

2/6 10.1.1.16/30

.18 .17 2/620.1.1.2/30 .2

CLIP = 1.1.1.5

2/1

.21

Area 0

RIPv2 14.14.14.0/2415.15.15.0/24

1/48

10.1.1.20/3

18

and configure port r port and enables face

P8600B .9 2/7

2/1 .22



config ip rip enable config ip rip interface 20.1.1.2 send-mode rip2 config ip rip interface 20.1.1.2 receive-mode rip2

Step 3 Configure OSPF Interface config ethernet 2/6 ip create 10.1.1.18/30






Step 5 Enable OSPF ip ospf as-boundary-router enable

ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 nssa true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2

These commands configure the PP8600 as an ASBR, assigns the Circuitless IP created in Step 4 as the OSPF Router-ID, creates OSPF NSSA area 2, and finally adds the OSPF interfaces to Area 2.

Step 6 Configure a Route Policy to distribute direct and OSPF to RIP

config ip route-policy "Rip_Dist" seq 1 create config ip route-policy "Rip_Dist" seq 1 enable config ip route-policy "Rip_Dist" seq 1 action permit config ip route-policy "Rip_Dist" seq 1 match-protocol local|ospf config ip route-policy "Rip_Dist" seq 1 set-metric-type type1

These commands create a route policy named “Rip_Dist” that distribute directly connected and OSPF routes into RIP

Step 7 Apply Route Policy to RIP Out-Policy ip rip interface 20.1.1.2 out-policy

"Rip_Dist"

Step 8 Configure OSPF route distribution to distribute RIP routes as AS-external-LSA Type 1

config ip ospf redistribute rip create config ip ospf redistribute rip metric-type type1 config ip ospf redistribute rip enable



9. Configuration Examples 9.1 OSPF Route Distribution to RIP, RIP to OSPF (AS-

external-LSA Type 1 Metrics)

Figure 10: OSPF ASBR Configuration Example

To configure a Passport 8600 as an OSPF ASBR and distribute all Oand RIP to OSPF, perform the following steps: Command Comments Step 1 Configure RIP Interface config ethernet 1/31 ip create

10.1.1.41/30 2136 config ethernet 1/31 ip rip enable

These two com1/31 as a brouRIP on this int


These commaconfigures theRIPv2 mode o

Step 2 Configure OSPF Interface config ethernet 2/7 ip create 10.1.1.2/30


These two com2/7 as a brouteOSPF on this



This step creaaddress whichOSPF Router-

Step 4 Enable OSPF

config ip ospf as-boundary-router enable config ip ospf router-id 1.1.1.3 config ip ospf enable

These commaPP8600 as anthe Circuitlessas the OSPF R


config ip ospf redistribute rip create config ip ospf redistribute rip metric 10 config ip ospf redistribute rip metric-type type1 config ip ospf redistribute rip enable

These commarouter distributOSPF. In turn,distribute the Rexternal-LSA uType 1.

PP8600C(ASBR)

Router

1/31

CLIP = 1.1.1.3

10.1.1.40/30

.41.42

10.1.1.0/30 .2 OSPF

Network 2/7

Area 0
172.2.2.0/2
20

SPF routes to RIP

mands configure port ter port and enables erface nds enable RIP and RIP interface for nly.

mands configure port r port and enables

interface

tes a circuitless IP will be used for the ID

nds configure the ASBR and assigns IP created in Step 3 outer-ID

nds configure OSPF ion to import RIP into PP8600C will IP routes as AS-sing external metric

.1 RIPv2 Network



Step 6 Configure a Route Policy to distribute OSPF and Direct interfaces to RIP

A Route Policy is required for OSPF to RIP route distribution. After the policy is created, it needs to be applied to the RIP interface.

config ip route-policy "Allow" seq 1 create config ip route-policy "Allow" seq 1 enable config ip route-policy "Allow" seq 1 action permit config ip route-policy "Allow" seq 1 match-protocol local|ospf

These commands will create a Route Policy named “Allow” and will distribute both local interfaces and OSPF.

Step 7 Apply Route Policy to RIP Out-Policy config ip rip interface 10.1.1.41 out-

policy "Allow" This command applies the Route Policy created in Step 1 to RIP interface 10.1.1.41.

The above procedure is fine if you don’t have a large OSPF network, as all OSPF routes will be distributed to RIP. Instead, you can configure the Passport 8600 ASBR to distribute only a default route instead of all OSPF routes to RIP. Command Comments Step 1 Configure a IP Prefix List with a

Default Route

config ip prefix-list "default" add-prefix 0.0.0.0/0

This command creates an IP Prefix list named “default” with address 0.0.0.0/0

Step 2 Configure a Route Policy to distribute a default route to RIP

config ip route-policy "Policy_Default" seq 1 create config ip route-policy "Policy_Default" seq 1 enable config ip route-policy "Policy_Default" seq 1 action permit config ip route-policy "Policy_Default" seq 1 match-protocol ospf config ip route-policy "Policy_Default" seq 1 set-injectlist "default" config ip route-policy "Policy_Default" seq 1 set-metric-type type1

These commands will create a Route Policy named “Policy_Default” and will distribute the IP Prefix list created in Step 1. Notice that ospf is selected for match-protocol. Hence, the default route will only be advertised via RIP if OSPF is up.

Step 3 Apply Route Policy to RIP Out-Policy config ip rip interface 10.1.1.41 out-

policy "Policy_Default" This command applies the Route Policy created in Step 2 to RIP interface 10.1.1.41.



9.2 Distributing an Internet Default Route to OSPF using AS-external-LSA Type 2

The following is an example on how to configure an OSPF ASBR to distribute a default route for Internet traffic.

Figure 11: Distributing Default Rou

Command CommStep 1 Configure OSPF Interface config ethernet 2/1 ip create 10.1.1.1/30


These1/31 aOSPF



This saddrethe OSidentif

Step 3 Enable OSPF config ip ospf as-boundary-router enable

config ip ospf router-id 1.1.1.1 config ip ospf enable

ThesePP860the Cias the

Step 4 Configure the BGP Interface config ethernet 1/2 ip create

131.168.1.2/30 2065

config ip bgp local-as 65500 config ip bgp enable config ip bgp neighbor 131.168.1.1 create config ip bgp neighbor 131.168.1.1 remote-as 65503 config ip bgp neighbor 131.168.1.1 admin-state enable

Step 5 Configure a Prefix List with the default route

config ip prefix-list "Default_Prefix" add-prefix 0.0.0.0/0

This cwith thused i

Step 6 Configure a Route Policy to distribute for default route distribution

PP8600A(ASBR)

1.1.1

2/1

Internet

131.168.1.0/30

.2

1/2 .21
OSPF
Network
10.1.1.20/3
22

te to OSPF

ents

two command configure port s a brouter port and enables on this interface

tep creates a circuitless IP ss which will be used for both PF Router-ID and BGP

ier.

commands configure the 0 as an ASBR and assigns

rcuitless IP created in Step 2 OSPF Router-ID

ommands add a Prefix List e default route which will be n Step 6.



config ip route-policy "Default_Route" seq 1 create config ip route-policy "Default_Route" seq 1 enable config ip route-policy "Default_Route" seq 1 action permit config ip route-policy "Default_Route" seq 1 set-injectlist "Default_Prefix" config ip route-policy "Default_Route" seq 1 set-metric 100 config ip route-policy "Default_Route" seq 1 set-metric-type type2

These commands create a Route Policy named ‘Default-Route” and adds the Prefix List created in Step 5. Notice the external metric is set for Type 2.

Step 7 Configure OSPF Route Distribution config ip ospf redistribute bgp create

config ip ospf redistribute bgp metric 1 config ip ospf redistribute bgp route-policy "Default_Route" config ip ospf redistribute bgp enable

These command enable BGP route importation into OSPF, but, distribute only a Default Route.

** Please refer to the ‘Configure BGP Services’ manual on how to distribute OSPF routes to BGP. Viewing AS_External LSA’s An ASBR will advertise, such as RIP routes from the example above, as AS_external LSA’s (LSA Type 5). AS_external LSA’s can viewed by using the following command:

Passport-8610:6# show ip ospf ase

================================================================================

Ospf AsExternal Lsas

================================================================================

LSTYPE LINKSTATEID ADV_ROUTER E_METRIC ASE_FWD_ADDR AGE SEQ_NBR CSUM

--------------------------------------------------------------------------------

AsExternal 0.0.0.0 1.1.1.1 1 100 0.0.0.0 276 0x8000015c 0x2fdc

AsExternal 15.15.15.0 1.1.1.2 1 2 10.1.1.18 262 0x800000ed 0xaa28

AsExternal 172.2.2.0 1.1.1.3 0 10 0.0.0.0 236 0x800000be 0x769d

You can also use the ‘show ip ospf lsdb’ command to view all the LSA’s including AS_External LSA’s.



9.3 Controlling External Routes Advertised in an NSSA Area

In an OSPF NSSA area, the NSSA N/b-bit in the Options field of OSPF Hello packets is used to tell the border router what external routes can be advertised to other areas. The NSSA N/p-bit, if set, tells the area border router to export the external route. This is the default behavior with the Passport 8600. Otherwise, if not set, it informs the area border router to drop the external route. A route policy can be created on the Passport 8600 manipulate the N/p-bit.

Figure 12: Controlling External Routes (N

In this configuration example, there is a RIP network insidelike to only advertise the 15.15.15.0/24 network to Area 0. Tconfiguration step required on PP8600E:

• Enable PP8600E as an OSPF ASBR • Create NSSA Area 2 • Create a Route Policy to advertise OSPF and direct• Create a Route Policy to only advertise RIP network

using the NSSA N/p-bit PP8600E Configuration Steps: Command ComStep 1 Configure RIP Interface config ethernet 1/48 ip create 20.1.1.2/30

2091 config ethernet 1/48 ip rip enable

Thes1/48 RIP o

Step 2 Enable RIP Globally and Configure RIP Interface for RIPv2


Step 3 Configure OSPF Interface

PP8600E(ASBR)

Area 2 NSSA

2/6 10.1.1.16/30

.18 .17 2/620.1.1.2/30 .2

CLIP = 1.1.1.5

2/1

Area 0

RIPv2 14.14.14.0/24 15.15.15.0/24

1/48

10.1.1.20/3.21

24

SSA Area)

the NSSA Area 2. We would he following are the

interfaces to RIP 15.15.15.0/24 to Area 0 by

ments

e two command configure port as a brouter port and enables n this interface

PP8600B .9 2/7

2/1 .22



config ethernet 2/6 ip create 10.1.1.18/30 2090 config ethernet 2/6 ip ospf enable





Step 5 Enable OSPF ip ospf as-boundary-router enable

ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 nssa true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2

These commands configure the PP8600 as an ASBR, assigns the Circuitless IP created in Step 4 as the OSPF Router-ID, creates OSPF NSSA area 2, and finally adds the OSPF interfaces to Area 2.

Step 6 Configure a Route Policy to distribute direct and OSPF to RIP

config ip route-policy "Rip_Dist" seq 1 create config ip route-policy "Rip_Dist" seq 1 enable config ip route-policy "Rip_Dist" seq 1 action permit config ip route-policy "Rip_Dist" seq 1 match-protocol local|ospf config ip route-policy "Rip_Dist" seq 1 set-metric-type type1 config ip route-policy "Rip_Dist" seq 1 set-nssa-pbit enable

These commands create a route policy named “Rip_Dist” that distribute directly connected and OSPF routes into RIP

Step 7 Apply Route Policy to RIP Out-Policy ip rip interface 20.1.1.2 out-policy

"Rip_Dist"

Step 8 Configure Prefix Lists config ip prefix-list "15.15.15.0" add-

prefix 15.15.15.0/24 config ip prefix-list "14.14.14.0" add-prefix 14.14.14.0/24

These commands add two Prefix Lists named “15.15.15.0” and “14.14.14.0” with pertaining to the networks from the RIP network.



Step 9 Configure a Route Policy to set NSSA

p-bit

config ip route-policy "P_bit" seq 1 createconfig ip route-policy "P_bit" seq 1 enable config ip route-policy "P_bit" seq 1 action permit config ip route-policy "P_bit" seq 1 match-network "15.15.15.0" config ip route-policy "P_bit" seq 1 match-protocol ospf config ip route-policy "P_bit" seq 1 set-nssa-pbit enable config ip route-policy "P_bit" seq 2 createconfig ip route-policy "P_bit" seq 2 enable config ip route-policy "P_bit" seq 2 action permit config ip route-policy "P_bit" seq 2 match-network "14.14.14.0" config ip route-policy "P_bit" seq 2 match-protocol ospf config ip route-policy "P_bit" seq 2 set-nssa-pbit disable

These commands create a Route Policy named “P_bit” that sets the NSSA N/P-bit only for the Prefix List named “15.15.15.0”.


config ip ospf redistribute rip create config ip ospf redistribute rip metric-type type1 config ip ospf redistribute rip route-policy "P_bit" config ip ospf redistribute rip enable

PP8600E Configuration File: # # PORT CONFIGURATION - PHASE II # ethernet 1/48 ip create 20.1.1.2/255.255.255.252 2091 mac_offset 2 ethernet 1/48 ip rip enable ethernet 2/6 ip create 10.1.1.18/255.255.255.252 2090 mac_offset 1 ethernet 2/6 ip ospf enable ethernet 2/6 ip ospf priority 0 # # IP PREFIX LIST CONFIGURATION # ip prefix-list "15.15.15.0" add-prefix 15.15.15.0/24 maskLenFrom 24 maskLenTo 24 ip prefix-list "14.14.14.0" add-prefix 14.14.14.0/24 maskLenFrom 24 maskLenTo 24



# # IP ROUTE POLICY CONFIGURATION # ip route-policy "Rip_Dist" seq 1 create ip route-policy "Rip_Dist" seq 1 enable ip route-policy "Rip_Dist" seq 1 action permit ip route-policy "Rip_Dist" seq 1 match-protocol local|ospf ip route-policy "Rip_Dist" seq 1 set-metric-type type1 ip route-policy "Rip_Dist" seq 1 set-nssa-pbit enable ip route-policy "P_bit" seq 1 create ip route-policy "P_bit" seq 1 enable ip route-policy "P_bit" seq 1 action permit ip route-policy "P_bit" seq 1 match-network "15.15.15.0" ip route-policy "P_bit" seq 1 match-protocol ospf ip route-policy "P_bit" seq 1 set-metric-type type2 ip route-policy "P_bit" seq 1 set-nssa-pbit enable ip route-policy "P_bit" seq 2 create ip route-policy "P_bit" seq 2 enable ip route-policy "P_bit" seq 2 action permit ip route-policy "P_bit" seq 2 match-network "14.14.14.0" ip route-policy "P_bit" seq 2 match-protocol ospf ip route-policy "P_bit" seq 2 set-metric-type type2 ip route-policy "P_bit" seq 2 set-nssa-pbit disable ip rip enable ip rip interface 20.1.1.2 send-mode rip2 ip rip interface 20.1.1.2 receive-mode rip2 # # CIRCUITLESS IP INTERFACE CONFIGURATION # ip circuitless-ip-int 1 create 1.1.1.5/255.255.255.255 ip circuitless-ip-int 1 ospf enable # # OSPF CONFIGURATION # ip ospf admin-state enable ip ospf as-boundary-router enable ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 nssa true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 10.1.1.18 add-message-digest-key 1 md5-key Test ip ospf interface 1.1.1.5 area 0.0.0.2 ip ospf interface 172.3.3.1 area 0.0.0.2 # # IP REDISTRIBUTION CONFIGURATION # ip ospf redistribute rip create ip ospf redistribute rip metric-type type1 ip ospf redistribute rip route-policy "P_bit" ip ospf redistribute rip enable # # RIP POLICY CONFIGURATION # ip rip interface 20.1.1.2 out-policy "Rip_Dist"



9.4 Supplying a Default Route

Figure 13: Default Routes

In this example, we wish to - Use brouter ports for all core links - Configure port based VLANs for local networks. - Configure PP8600A to add a default route pointing to the Network Core and

advertise the default route to PP8600B and PP8600C.

9.5 Complex Configuration Example: This section has configuration examples for five Passport 8600’s pertaining to the diagram below:

• PP8600A is an OSPF ASBR belonging to OSPF Area 0 and 3. It also configured to distribute a default route for Internet traffic.

• PP8600B is an OSPF Stub ABR to OSPF Area 2 and ABR to OSPF Area 3 • PP8600C is an OSPF ASBR and is configured to distribute OSPF to RIP and RIP

to OSPF • PP8600D is an OSPF internal router in Area 3 • PP8600E is an internal OSPF Sub router in Area 2 • All OSPF interfaces will be brouter ports with the exception of PP8600E. For

network 172.3.3.0/24 on PP8600E, VLAN configuration will be used instead of brouter port. The reason for using brouter ports versus VLANs is spanning tree is disable by default by using brouter interfaces.

• All interfaces used for this configuration are Ethernet, hence OSPF interfaces are broadcast with the exception of the Circuitless IP interfaces which are passive. PP8600E is configured so that if never becomes a Designated Router (DR) by setting it’s interface priority to 0.

• Setup OSPF Router Priority so that PP8600A becomes DR (priority = 100) and PP8600B becomes BDR (priority = 50).

PP8600A

PP8600C

PP8600B VLAN 2 10.1.30.0/24

VLAN 2 10.1.40.0/24

VLAN 2 10.1.20.0/24

10.1.1.4/30

10.1.1.0/30 .1 .2

.5

.6 Network

Core

10.1.1.8/30 .9

.10

2/7 2/8

2/8

2/7

2/1 2/1 1/48

1/48

1/48

10.1.1.12/30 .13 .14



The reason for using Stub or NSSA areas is to reduce the LSDB size by not including external LSA’s. The Sub ABR will advertise a default route into the Stub area for all external routes.

Figure 14: PP8600 Network Example

PP8600A # # PORT CONFIGURATION - PHASE II # ethernet 1/2 auto-negotiate disable ethernet 1/2 speed 100 ethernet 1/2 duplex full ethernet 1/2 ip create 131.168.1.2/255.255.255.252 2065 mac_offset 1 ethernet 2/1 ip create 10.1.1.21/255.255.255.252 2190 mac_offset 6 ethernet 2/1 ip ospf enable ethernet 2/1 ip ospf priority 100 ethernet 2/7 ip create 10.1.1.1/255.255.255.252 2134 mac_offset 0 ethernet 2/7 ip ospf enable ethernet 2/7 ip ospf priority 100 # # IP PREFIX LIST CONFIGURATION # ip prefix-list "Default_Prefix" add-prefix 0.0.0.0/0 maskLenFrom 0 maskLenTo 0 # # IP ROUTE POLICY CONFIGURATION # ip route-policy "Default_Route" seq 1 create ip route-policy "Default_Route" seq 1 enable ip route-policy "Default_Route" seq 1 action permit ip route-policy "Default_Route" seq 1 set-injectlist "Default_Prefix" ip route-policy "Default_Route" seq 1 set-metric 100 ip route-policy "Default_Route" seq 1 set-metric-type type2 ip route-policy "Default_Route" seq 1 set-nssa-pbit enable

PP8600A

PP8600B

PP8600E

PP8600C (ASBR)

PP8600D

Area 2 Stub Area

Area 3 Router

RIPv2 N

Area 0

10.1.1.0/30 .1 .2 2/7 2/7

2/1

10.1.1.24/30 .25

2/6 10.1.1.16/30

.18 .17 10.1.1.8/30

.9 .10

1/31

.26 2/1

2/7 2/7 2/6 .1

CLIP = 1.1.1.1

CLIP = 1.1.1.4

CLIP = 1.1.1.3

CLIP = 1.1.1.5

2/1

2/1

.21

.22

CLIP = 1.1.1.2

Internet

131.168.1.0/30 .2

1/2

172.2.2.0/2

etwork

.1

172.3.3.0/2
10.1.1.20/3
172.2.4.0/2



# # CIRCUITLESS IP INTERFACE CONFIGURATION # ip circuitless-ip-int 1 create 1.1.1.1/255.255.255.255 ip circuitless-ip-int 1 ospf enable # # OSPF CONFIGURATION # ip ospf admin-state enable ip ospf as-boundary-router enable ip ospf router-id 1.1.1.1 ip ospf enable ip ospf area 0.0.0.3 create ip ospf interface 10.1.1.1 area 0.0.0.3 # # BGP CONFIGURATION # ip bgp local-as 65500 ip bgp enable ip bgp neighbor 131.168.1.1 create ip bgp neighbor 131.168.1.1 remote-as 65503 ip bgp neighbor 131.168.1.1 route-advertisement-interval 30 add ip bgp neighbor 131.168.1.1 admin-state enable # # IP REDISTRIBUTION CONFIGURATION # ip ospf redistribute bgp create ip ospf redistribute bgp metric 1 ip ospf redistribute bgp route-policy "Default_Route" ip ospf redistribute bgp enable PP8600B Since PP8600B belongs to three area’s with one being a stub area, it will be configured for an Stub ABR. # # PORT CONFIGURATION - PHASE II # ethernet 2/1 ip create 10.1.1.22/255.255.255.252 2201 mac_offset 6 ethernet 2/1 ip ospf enable ethernet 2/1 ip ospf priority 50 ethernet 2/6 ip create 10.1.1.17/255.255.255.252 2200 mac_offset 5 ethernet 2/6 ip ospf enable ethernet 2/6 ip ospf priority 50 ethernet 2/7 ip create 10.1.1.9/255.255.255.252 2198 mac_offset 1 ethernet 2/7 ip ospf enable ethernet 2/7 ip ospf priority 50 # # CIRCUITLESS IP INTERFACE CONFIGURATION # ip circuitless-ip-int 1 create 1.1.1.2/255.255.255.255 ip circuitless-ip-int 1 ospf enable # # OSPF CONFIGURATION #



ip ospf admin-state enable ip ospf router-id 1.1.1.2 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 stub true ip ospf area 0.0.0.3 create ip ospf interface 10.1.1.17 area 0.0.0.2 ip ospf interface 10.1.1.9 area 0.0.0.3 PP8600C # # PORT CONFIGURATION - PHASE II # ethernet 1/31 ip create 10.1.1.41/255.255.255.252 2136 mac_offset 8 ethernet 1/31 ip rip enable ethernet 1/31 ip rip default-supply enable ethernet 2/1 ip create 10.1.1.25/255.255.255.252 2190 mac_offset 4 ethernet 2/1 ip ospf enable ethernet 2/7 ip create 10.1.1.2/255.255.255.252 2134 mac_offset 1 ethernet 2/7 ip ospf enable # # IP ROUTE POLICY CONFIGURATION # ip route-policy "Allow" seq 1 create ip route-policy "Allow" seq 1 enable ip route-policy "Allow" seq 1 action permit ip route-policy "Allow" seq 1 match-protocol local|ospf ip route-policy "Allow" seq 1 set-metric-type type2 ip route-policy "Allow" seq 1 set-nssa-pbit enable ip rip enable ip rip interface 10.1.1.41 send-mode rip2 ip rip interface 10.1.1.41 receive-mode rip2 # # CIRCUITLESS IP INTERFACE CONFIGURATION # ip circuitless-ip-int 1 create 1.1.1.3/255.255.255.255 ip circuitless-ip-int 1 ospf enable # # OSPF CONFIGURATION # ip ospf admin-state enable ip ospf as-boundary-router enable ip ospf router-id 1.1.1.3 ip ospf enable ip ospf area 0.0.0.3 create ip ospf interface 10.1.1.41 create broadcast ip ospf interface 10.1.1.25 area 0.0.0.3 ip ospf interface 10.1.1.2 area 0.0.0.3 ip ospf interface 1.1.1.3 area 0.0.0.3 # # IP REDISTRIBUTION CONFIGURATION # ip ospf redistribute rip create ip ospf redistribute rip metric 10 ip ospf redistribute rip enable # # RIP POLICY CONFIGURATION # ip rip interface 10.1.1.41 out-policy "Allow"



PP8600D Configuration # # PORT CONFIGURATION - PHASE II # ethernet 2/1 ip create 10.1.1.26/255.255.255.252 2190 mac_offset 6 ethernet 2/1 ip ospf enable ethernet 2/7 ip create 10.1.1.10/255.255.255.252 2134 mac_offset 1 ethernet 2/7 ip ospf enable # # CIRCUITLESS IP INTERFACE CONFIGURATION # ip circuitless-ip-int 1 create 1.1.1.4/255.255.255.255 ip circuitless-ip-int 1 ospf enable # # OSPF CONFIGURATION # ip ospf admin-state enable ip ospf router-id 1.1.1.4 ip ospf enable ip ospf area 0.0.0.3 create ip ospf interface 10.1.1.26 area 0.0.0.3 ip ospf interface 10.1.1.10 area 0.0.0.3 ip ospf interface 1.1.1.4 area 0.0.0.3

PP8600E Configuration # # VLAN CONFIGURATION # vlan 1 ports remove 1/1-1/48,2/1-2/8 member portmember vlan 2 create byport 1 color 1 vlan 2 ports remove 1/3-1/48,2/1-2/8 member portmember vlan 2 ports add 1/1-1/2 member portmember vlan 2 ip create 172.3.3.1/255.255.255.0 mac_offset 0 vlan 2 ip ospf enable vlan 2 ip ospf priority 0 # # PORT CONFIGURATION - PHASE II # ethernet 2/6 ip create 10.1.1.18/255.255.255.252 2090 mac_offset 1 ethernet 2/6 ip ospf enable ethernet 2/6 ip ospf priority 0 # # CIRCUITLESS IP INTERFACE CONFIGURATION # ip circuitless-ip-int 1 create 1.1.1.5/255.255.255.255 ip circuitless-ip-int 1 ospf enable # # OSPF CONFIGURATION # ip ospf admin-state enable ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 stub true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2 ip ospf interface 172.3.3.1 area 0.0.0.2



10. Software Baseline This document is based on Passport 8600 Software Release 3.5.

11. Reference Documentation: Document Title Publication

Number Description

Configuring IP Routing Operations

314720-C Rev 00May 2003

Technical Publication

PP8600 TCG ARP n/a Technical Config Guide PP8600 TCG VRRP n/a Technical Config Guide PP8600 TCG QoS Filters n/a Technical Config Guide PP8600 TCG RIP n/a Technical Config Guide

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?BV_SessionID=@@@@0596164734.1054320445@@@@&BV_EngineID=eadchgeemjlibhkcginchgcgio.0&level=6&category=8&subcategory=5&subtype=&DocumentOID=86495&RenditionID=REND39072

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?BV_SessionID=@@@@0596164734.1054320445@@@@&BV_EngineID=eadchgeemjlibhkcginchgcgio.0&level=6&category=8&subcategory=5&subtype=&DocumentOID=86495&RenditionID=REND39072



12. Addendum A The following CLI strings are intended to be used in a cut and paste manner to facilitate Passport 8600 OSPF configurations. Please reference the associated figure and configuration notes in that section then use the Acrobat "Text Select Tool" to copy the commands and paste in a provisioning window, edit associated parameters as required.

12.1 Circuitless IP (CLIP) CLI Reference Section 2 (page 4): config ip circuitless-ip-int X create <ipaddress/mask> config ip circuitless-ip-int X ospf enable config ip ospf admin-state enable config ip ospf router-id <CLIP IP Address> config ip ospf enable

12.2 OSPF Brouter Port CLI Reference Figure 1 (page 5) and the configuration tables on page 5: config ethernet 2/1 ip create 10.1.1.21/30 2134 config ethernet 2/1 ip ospf enable config vlan 2 create byport 1 config vlan 2 ports add 1/2 config vlan 2 ip create 172.3.1.1/24 config vlan 2 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.1/32 config ip circuitless-ip-int 1 ospf enable config ip ospf router-id 1.1.1.1 config ip ospf enable

12.3 OSPF Network CLI Reference Figure 2 (page 6) and the configuration tables on page 6:

config vlan 2 create byport 1 config vlan 2 ports add 1/2 config vlan 2 ip create 172.3.1.1/24 config vlan 2 ip ospf interface-type passive config vlan 2 ip ospf enable



12.4 MD5 Authentication CLI Reference Figure 4 (page 9) and the configuration tables on page 9:

config ip ospf interface 10.1.1.1 add-message-digest-key 1 md5-key qwsdf89 config ip ospf interface 10.1.1.1 authentication-type message-digest config ip ospf interface 10.1.1.2 add-message-digest-key 1 md5-key qwsdf89 config ip ospf interface 10.1.1.2 authentication-type message-digest

12.5 Add OSPF Interface to New Area CLI Reference Figure 6 (page 14) and the configuration tables on page 15: PP8600B Configuration:

config ethernet 2/6 ip create 10.1.1.17/30 2090 config ethernet 2/6 ip ospf enable config ethernet 2/1 ip create 10.1.1.22/30 2090 config ethernet 2/1 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.2/255.255.255.255 config ip circuitless-ip-int 1 ospf enable ip ospf router-id 1.1.1.2 ip ospf enable ip ospf area 0.0.0.2 create ip ospf interface 10.1.1.17 area 0.0.0.2

12.6 Stub Area CLI Reference Figure 7 (page 16) and the configuration tables on pages 16-17: Passport 8600E Configuration: config ethernet 2/6 ip create 10.1.1.18/30 2090 config ethernet 2/6 ip ospf enable config vlan 2 create byport 1 config vlan 2 ports add 1/48 config vlan 2 ip create 172.3.3.1/255.255.255.0 vlan 2 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.5/255.255.255.255 config ip circuitless-ip-int 1 ospf enable ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 stub true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2 ip ospf interface 172.3.3.1 area 0.0.0.2



Passport 8600B Configuration: config ethernet 2/6 ip create 10.1.1.17/30 2090 config ethernet 2/6 ip ospf enable config ethernet 2/1 ip create 10.1.1.22/30 2090 config ethernet 2/1 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.2/255.255.255.255 config ip circuitless-ip-int 1 ospf enable ip ospf router-id 1.1.1.2 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 stub true ip ospf interface 10.1.1.17 area 0.0.0.2

12.7 NSSA ASBR Router CLI Reference Figure 9 (page 18) and the configuration tables on pages 18-19: Passport 8600E Configuration config ethernet 1/48 ip create 20.1.1.2/30 2091 config ethernet 1/48 ip rip enable config ip rip enable config ip rip interface 20.1.1.2 send-mode rip2 config ip rip interface 20.1.1.2 receive-mode rip2 config ethernet 2/6 ip create 10.1.1.18/30 2090 config ethernet 2/6 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.5/255.255.255.255 config ip circuitless-ip-int 1 ospf enable ip ospf as-boundary-router enable ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 nssa true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2 config ip route-policy "Rip_Dist" seq 1 create config ip route-policy "Rip_Dist" seq 1 enable config ip route-policy "Rip_Dist" seq 1 action permit config ip route-policy "Rip_Dist" seq 1 match-protocol local|ospf config ip route-policy "Rip_Dist" seq 1 set-metric-type type1 ip rip interface 20.1.1.2 out-policy "Rip_Dist" config ip ospf redistribute rip create config ip ospf redistribute rip metric-type type1 config ip ospf redistribute rip enable



12.8 OSPF ASBR CLI Reference Figure 10 (page 20) and the configuration tables on pages 20-21: Passport 8600C Configuration: config ethernet 1/31 ip create 10.1.1.41/30 2136 config ethernet 1/31 ip rip enable config ip rip enable config ip rip interface 10.1.1.41 send-mode rip2 config ip rip interface 10.1.1.41 receive-mode rip2 config ethernet 2/7 ip create 10.1.1.2/30 2134 config ethernet 2/7 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.3/32 config ip circuitless-ip-int 1 ospf enable config ip ospf as-boundary-router enable config ip ospf router-id 1.1.1.3 config ip ospf enable config ip ospf redistribute rip create config ip ospf redistribute rip metric 10 config ip ospf redistribute rip metric-type type1 config ip ospf redistribute rip enable config ip route-policy "Allow" seq 1 create config ip route-policy "Allow" seq 1 enable config ip route-policy "Allow" seq 1 action permit config ip route-policy "Allow" seq 1 match-protocol local|ospf config ip rip interface 10.1.1.41 out-policy "Allow" To configure the Passport 8600 ASBR to distribute only a default route instead of all OSPF routes to RIP: config ip prefix-list "default" add-prefix 0.0.0.0/0 config ip route-policy "Policy_Default" seq 1 create config ip route-policy "Policy_Default" seq 1 enable config ip route-policy "Policy_Default" seq 1 action permit config ip route-policy "Policy_Default" seq 1 match-protocol ospf config ip route-policy "Policy_Default" seq 1 set-injectlist "default" config ip route-policy "Policy_Default" seq 1 set-metric-type type1 config ip rip interface 10.1.1.41 out-policy "Policy_Default"

12.9 Default Route to OSPF CLI Reference Figure 11 (page 22) and the configuration tables on pages 22-23:

Passport 8600A Configuration: config ethernet 2/1 ip create 10.1.1.1/30 2134 config ethernet 2/1 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.1/32 config ip circuitless-ip-int 1 ospf enable config ip ospf as-boundary-router enable config ip ospf router-id 1.1.1.1 config ip ospf enable



config ethernet 1/2 ip create 131.168.1.2/30 2065 config ip bgp local-as 65500 config ip bgp enable config ip bgp neighbor 131.168.1.1 create config ip bgp neighbor 131.168.1.1 remote-as 65503 config ip bgp neighbor 131.168.1.1 admin-state enable config ip prefix-list "Default_Prefix" add-prefix 0.0.0.0/0 config ip route-policy "Default_Route" seq 1 create config ip route-policy "Default_Route" seq 1 enable config ip route-policy "Default_Route" seq 1 action permit config ip route-policy "Default_Route" seq 1 set-injectlist "Default_Prefix" config ip route-policy "Default_Route" seq 1 set-metric 100 config ip route-policy "Default_Route" seq 1 set-metric-type type2 config ip ospf redistribute bgp create config ip ospf redistribute bgp metric 1 config ip ospf redistribute bgp route-policy "Default_Route" config ip ospf redistribute bgp enable ** Please refer to the ‘Configure BGP Services’ manual on how to distribute OSPF routes to BGP.

12.10 Controlling External Routes (NSSA Area) CLI Reference Figure 12 (page 24) and the configuration tables on pages 24-26: Passport 8600E Configuration: config ethernet 1/48 ip create 20.1.1.2/30 2091 config ethernet 1/48 ip rip enable config ip rip enable config ip rip interface 20.1.1.2 send-mode rip2 config ip rip interface 20.1.1.2 receive-mode rip2 config ethernet 2/6 ip create 10.1.1.18/30 2090 config ethernet 2/6 ip ospf enable config ip circuitless-ip-int 1 create 1.1.1.5/255.255.255.255 config ip circuitless-ip-int 1 ospf enable ip ospf as-boundary-router enable ip ospf router-id 1.1.1.5 ip ospf enable ip ospf area 0.0.0.2 create ip ospf area 0.0.0.2 nssa true ip ospf interface 10.1.1.18 area 0.0.0.2 ip ospf interface 1.1.1.5 area 0.0.0.2 config ip route-policy "Rip_Dist" seq 1 create config ip route-policy "Rip_Dist" seq 1 enable config ip route-policy "Rip_Dist" seq 1 action permit config ip route-policy "Rip_Dist" seq 1 match-protocol local|ospf config ip route-policy "Rip_Dist" seq 1 set-metric-type type1 config ip route-policy "Rip_Dist" seq 1 set-nssa-pbit enable ip rip interface 20.1.1.2 out-policy "Rip_Dist" config ip prefix-list "15.15.15.0" add-prefix 15.15.15.0/24



config ip prefix-list "14.14.14.0" add-prefix 14.14.14.0/24 config ip route-policy "P_bit" seq 1 create config ip route-policy "P_bit" seq 1 enable config ip route-policy "P_bit" seq 1 action permit config ip route-policy "P_bit" seq 1 match-network "15.15.15.0" config ip route-policy "P_bit" seq 1 match-protocol ospf config ip route-policy "P_bit" seq 1 set-nssa-pbit enable config ip route-policy "P_bit" seq 2 create config ip route-policy "P_bit" seq 2 enable config ip route-policy "P_bit" seq 2 action permit config ip route-policy "P_bit" seq 2 match-network "14.14.14.0" config ip route-policy "P_bit" seq 2 match-protocol ospf config ip route-policy "P_bit" seq 2 set-nssa-pbit disable config ip ospf redistribute rip create config ip ospf redistribute rip metric-type type1 config ip ospf redistribute rip route-policy "P_bit" config ip ospf redistribute rip enable



Copyright © 2003 Nortel Networks All rights reserved. August 2003 The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc. The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license. Trademarks Nortel Networks, the Nortel Networks logo, the Globemark, Unified Networks, and PASSPORT are trademarks of Nortel Networks. Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporate.

Contact Us: For product support and sales information, visit the Nortel Networks website at:

http://www.nortelnetworks.com In North America, dial toll-free 1-800-4Nortel, outside North America, dial 987-288-3700.

PP8600 Technical Configuration Guide for OSPF€¦ · OSPF Overview Open Shortest Path First is a...

Documents

Transcript of PP8600 Technical Configuration Guide for OSPF€¦ · OSPF Overview Open Shortest Path First is a...