BSCI: OSPF – Lab
Voici un petit Laboratoire, même topologie que les précèdents Lab EIGRP, mais cette fois, avec OSPF, nous allons voir dans cette article les commandes de bases pour sa configuration, ainsi que les commandes show importantes afin de bien visualiser l’action de notre protocole OSPF sur cette topologie.
Topologie:
Configuration Dynagen:
### # Vendor: Cisco # Course: OSPF # Version: 1.1 # Date: 16.03.2007 # Modified: 20.04.2009 ### autostart = True [localhost:7200] [[7200]] [[ROUTER R1]] image = c7200-adventerprisek9-mz.124-15.T6.bin cnfg = R1.txt npe = npe-400 ram = 160 nvram = 256 mmap = False console = 2002 # modules/slots # cabling S1/0 = R2 S1/0 F0/0 = S1 1 [[ROUTER R2]] image = c7200-adventerprisek9-mz.124-15.T6.bin cnfg = R2.txt npe = npe-400 ram = 160 nvram = 256 mmap = False console = 2003 # modules/slots # cabling F0/0 = S1 3 [[ROUTER R3]] image = c7200-adventerprisek9-mz.124-15.T6.bin cnfg = R3.txt npe = npe-400 ram = 160 nvram = 256 mmap = False console = 2004 # modules/slots # cabling F0/0 = S1 5 [[ETHSW S1]] 1 = access 1 3 = access 1 5 = access 1
R1
no ip domain lookup no ip http server ! hostname R1 ! interface Loopback1 description Engineering Department ip address 10.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.200.1 255.255.255.0 ip ospf cost 50 ip ospf priority 10 duplex auto speed auto ! interface Serial 1/0 ip address 10.1.100.1 255.255.255.0 clock rate 64000 ! end
R2
no ip domain lookup no ip http server ! hostname R2 ! interface Loopback2 description Marketing Department ip address 10.1.2.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.200.2 255.255.255.0 ip ospf priority 5 ! interface Serial 1/0 ip address 10.1.100.2 255.255.255.0 ! end
R3
no ip domain lookup no ip http server ! hostname R3 ! interface Loopback3 description Accounting Department ip address 10.1.3.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.200.3 255.255.255.0 ! end
On commence par activer OSPF sur nos 3 routeurs:
R1
(config)#router ospf 1 (config-router)#network 10.1.1.0 0.0.0.255 area 0 (config-router)#network 10.1.100.0 0.0.0.255 area 0 (config-router)#network 10.1.200.1 0.0.0.0 area 0
R2
(config)#router ospf 1 (config-router)#network 10.1.2.0 0.0.0.255 area 0 (config-router)#network 10.1.100.0 0.0.0.255 area 0 (config-router)#network 10.1.200.0 0.0.0.255 area 0
R3
(config)#router ospf 1 (config-router)#network 10.1.3.0 0.0.0.255 area 0 (config-router)#network 10.1.200.0 0.0.0.255 area 0
Lorsqu’on shut/no shut une interface, et en appliquant un “debug ip ospf adjacency” on retrouve bien les différentes étapes
qu’un routeur suit pour former une adjacence (DOWN, INIT, 2 WAY, MASTER/SLAVE, EXSTART…).
R2(config)#int s1/0 R2(config-if)#sh R2(config-if)#no sh R1#deb ip ospf adj OSPF adjacency events debugging is on R1# !interface shutted *Jan 25 17:42:59.995: OSPF: Rcv LS UPD from 10.1.2.1 on FastEthernet0/0 length 76 LSA count 1 !interface unshutted *Jan 25 17:43:09.583: OSPF: Cannot see ourself in hello from 10.1.2.1 on Serial1/0, state INIT *Jan 25 17:43:09.715: OSPF: 2 Way Communication to 10.1.2.1 on Serial1/0, state2WAY *Jan 25 17:43:09.719: OSPF: Send DBD to 10.1.2.1 on Serial1/0 seq 0x1339 opt 0x52 flag 0x7 len 32 *Jan 25 17:43:09.723: OSPF: Rcv DBD from 10.1.2.1 on Serial1/0 seq 0x118F opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Jan 25 17:43:09.723: OSPF: NBR Negotiation Done. We are the SLAVE *Jan 25 17:43:09.727: OSPF: Send DBD to 10.1.2.1 on Serial1/0 seq 0x118F opt 0x52 flag 0x2 len 112 *Jan 25 17:43:09.891: OSPF: Rcv DBD from 10.1.2.1 on Serial1/0 seq 0x1190 opt 0x52 flag 0x3 len 112 mtu 1500 state EXCHANGE *Jan 25 17:43:09.895: OSPF: Send DBD to 10.1.2.1 on Serial1/0 seq 0x1190 opt 0x52 flag 0x0 len 32 *Jan 25 17:43:10.019: OSPF: Rcv LS UPD from 10.1.2.1 on FastEthernet0/0 length 88 LSA count 1 *Jan 25 17:43:10.027: OSPF: Rcv LS UPD from 10.1.2.1 on Serial1/0 length 88 LSAcount 1 *Jan 25 17:43:10.031: OSPF: Rcv DBD from 10.1.2.1 on Serial1/0 seq 0x1191 opt 0x52 flag 0x1 len 32 mtu 1500 state EXCHANGE *Jan 25 17:43:10.035: OSPF: Exchange Done with 10.1.2.1 on Serial1/0 *Jan 25 17:43:10.035: OSPF: Synchronized with 10.1.2.1 on Serial1/0, state FULL *Jan 25 17:43:10.039: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.2.1 on Serial1/0 fromLOADING to FULL, Loading Done *Jan 25 17:43:10.043: OSPF: Send DBD to 10.1.2.1 on Serial1/0 seq 0x1191 opt 0x52 flag 0x0 len 32 *Jan 25 17:43:14.859: OSPF: Rcv LS UPD from 10.1.2.1 on FastEthernet0/0 length 100 LSA count 1 *Jan 25 17:43:14.867: OSPF: Rcv LS UPD from 10.1.2.1 on Serial1/0 length 100 LSA count 1
Commandes utiles:
R1#sh ip protocol
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.1.1.0 0.0.0.255 area 0
10.1.100.0 0.0.0.255 area 0
10.1.200.1 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.1.2.1 110 00:08:28
10.1.3.1 110 00:08:28
10.1.1.1 110 00:08:28
Distance: (default is 110)
R1#sh ip ospf
Routing Process "ospf 1" with ID 10.1.1.1
Start time: 00:00:18.272, Time elapsed: 00:10:07.864
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Area BACKBONE(0)
Number of interfaces in this area is 3
Area has no authentication
SPF algorithm last executed 00:06:39.804 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 4. Checksum Sum 0x023A86
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R1#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.2.1 5 FULL/BDR 00:00:37 10.1.200.2 FastEthernet0/0 10.1.3.1 1 FULL/DROTHER 00:00:37 10.1.200.3 FastEthernet0/0 10.1.2.1 0 FULL/ - 00:00:39 10.1.100.2 Serial1/0
R1#show ip ospf interface FastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 10.1.200.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type BROADCAST, Cost: 50
Transmit Delay is 1 sec, State DR, Priority 10
Designated Router (ID) 10.1.1.1, Interface address 10.1.200.1
Backup Designated router (ID) 10.1.2.1, Interface address 10.1.200.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:06
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 1
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 10.1.2.1 (Backup Designated Router)
Adjacent with neighbor 10.1.3.1
Suppress hello for 0 neighbor(s)
R1#sh ip ospf database
OSPF Router with ID (10.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 665 0x80000004 0x00820F 4
10.1.2.1 10.1.2.1 515 0x80000005 0x003984 4
10.1.3.1 10.1.3.1 666 0x80000002 0x0090B8 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.1.200.1 10.1.1.1 669 0x80000001 0x00EE3B
Interface Loopback
L’interface loopback permet de stabiliser OSPF, et donc d’éviter les bagots (flapping) d’interfaces. Cela représent également l’ID du routeur, qui peut servir lors de l’élection de DR/BDR si le router-id ou la priorité n’est pas définie.
R1# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks O 10.1.2.1/32 [110/2] via 10.1.200.2, 00:00:03, FastEthernet0/0 O 10.1.3.1/32 [110/2] via 10.1.200.3, 00:00:03, FastEthernet0/0 C 10.1.1.0/24 is directly connected, Loopback1 C 10.1.100.0/24 is directly connected, Serial1/0 C 10.1.200.0/24 is directly connected, FastEthernet0/0
On peut voir les loopback des routeurs, mais leurs subnet est faux (/32), car le type de réseau par défaut annonce les loopback en /32.
Pour remédier à cela, il faut ajouter la commande ip ospf network point-to-point.
R1(config)# interface loopback1 R1(config-if)# ip ospf network point-to-point R2(config)# interface loopback2 R2(config-if)# ip ospf network point-to-point R3(config)# interface loopback3 R3(config-if)# ip ospf network point-to-point
R1# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 5 subnets O 10.1.3.0 [110/2] via 10.1.200.3, 00:00:01, FastEthernet0/0 O 10.1.2.0 [110/2] via 10.1.200.2, 00:00:01, FastEthernet0/0 C 10.1.1.0 is directly connected, Loopback1 C 10.1.100.0 is directly connected, Serial1/0 C 10.1.200.0 is directly connected, FastEthernet0/0
Priorité des interfaces
On change la priorité des interfaces suivantes:
R1(config)# interface fastEthernet 0/0 R1(config-if)# ip ospf priority 10 R2(config)# interface fastEthernet 0/0 R2(config-if)# ip ospf priority 5
On peut vérifier le changement avec la commande show ip ospf neighbor detail:
R1#sh ip ospf neighbor detail
Neighbor 10.1.2.1, interface address 10.1.200.2
In the area 0 via interface FastEthernet0/0
Neighbor priority is 5, State is FULL, 6 state changes
DR is 10.1.200.1 BDR is 10.1.200.2
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:39
Neighbor is up for 00:18:19
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Neighbor 10.1.3.1, interface address 10.1.200.3
In the area 0 via interface FastEthernet0/0
Neighbor priority is 1, State is FULL, 6 state changes
DR is 10.1.200.1 BDR is 10.1.200.2
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:39
Neighbor is up for 00:18:19
Index 1/1, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Neighbor 10.1.2.1, interface address 10.1.100.2
In the area 0 via interface Serial1/0
Neighbor priority is 0, State is FULL, 12 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:39
Neighbor is up for 00:15:50
Index 3/3, retransmission queue length 0, number of retransmission 2
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Pour forcer la réelection de DR/BDR, on peut utiliser la commande clear ip ospf process
R1#clear ip ospf process Reset ALL OSPF processes? [no]: yes R1# *Jan 25 18:02:27.423: OSPF: Interface FastEthernet0/0 going Down *Jan 25 18:02:27.423: OSPF: 10.1.1.1 address 10.1.200.1 on FastEthernet0/0 is dead, state DOWN *Jan 25 18:02:27.427: OSPF: Neighbor change Event on interface FastEthernet0/0 *Jan 25 18:02:27.431: OSPF: DR/BDR election on FastEthernet0/0 *Jan 25 18:02:27.431: OSPF: Elect BDR 10.1.2.1 *Jan 25 18:02:27.435: OSPF: Elect DR 10.1.2.1 *Jan 25 18:02:27.435: OSPF: Elect BDR 10.1.2.1 *Jan 25 18:02:27.439: OSPF: Elect DR 10.1.2.1 *Jan 25 18:02:27.439: DR: 10.1.2.1 (Id) BDR: 10.1.2.1 (Id) *Jan 25 18:02:27.439: OSPF: Reset adjacency with 10.1.3.1 on FastEthernet0/0, state 2WAY *Jan 25 18:02:27.439: OSPF: Flush network LSA immediately *Jan 25 18:02:27.439: OSPF: Remember old DR 10.1.1.1 (id) *Jan 25 18:02:27.439: OSPF: 10.1.2.1 address 10.1.200.2 on FastEthernet0/0 is dead, state DOWN *Jan 25 18:02:27.439: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.2.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Jan 25 18:02:27.439: OSPF: Neighbor change Event on interface FastEthernet0/0 *Jan 25 18:02:27.439: OSPF: DR/BDR election on FastEthernet0/0 *Jan 25 18:02:27.439: OSPF: Elect BDR 10.1.3.1 *Jan 25 18:02:27.439: OSPF: Elect DR 10.1.3.1 *Jan 25 18:02:27.439: DR: 10.1.3.1 (Id) BDR: 10.1.3.1 (Id) [....]
Changement de topologie
Si nous désactivons l’interface F0/0 sur R1, OSPF va recalculer ses routes et passer par R2, et l’interface Série.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int f0/0 R1(config-if)#sh
!Avant le shut de F0/0 R3#traceroute 10.1.1.1 Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.1.200.1 180 msec * 132 msec !Pendant le shut de F0/0 R3#ping 10.1.1.1 rep 50 Type escape sequence to abort. Sending 50, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!! Success rate is 94 percent (47/50), round-trip min/avg/max = 24/163/356 ms !Après le shut de F0/0 R3#traceroute 10.1.1.1 Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.1.200.2 296 msec 168 msec 100 msec 2 10.1.100.1 144 msec * 176 msec
OSPF Authentication
Plain-text
R1(config)# interface serial 1/0 R1(config-if)# ip ospf authentication R1(config-if)# ip ospf authentication-key cisco
R2(config)# interface serial 1/0 R2(config-if)# ip ospf authentication R2(config-if)# ip ospf authentication-key cisco
R1#sh ip ospf interface s1/0
*Jan 25 18:25:34.731: %SYS-5-CONFIG_I: Configured from console by console
Serial1/0 is up, line protocol is up
Internet Address 10.1.100.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.1.2.1
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
MD5
R1(config)# interface serial 1/0 R1(config-if)# ip ospf authentication message-digest R1(config-if)# ip ospf message-digest-key 1 md5 cisco
R2(config)# interface serial 1/0 R2(config-if)# ip ospf authentication message-digest R2(config-if)# ip ospf message-digest-key 1 md5 cisco
R1#sh ip ospf interface s1/0
Serial1/0 is up, line protocol is up
Internet Address 10.1.100.1/24, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.1.2.1
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
Benoit
Network engineer at CNS Communications. CCIE #47705, focused on R&S, Data Center, SD-WAN & Automation.
Follow Me:
