Difference between revisions of "OSPF Multi-area and Route Summarisation"
(Created page with "=Scenario= File:OSPF-MA-EVE.png.png Consider the network topology above. There are two regional locations, Perth and Melbourne, each featuring a core router. The two ro...") |
|||
Line 81: | Line 81: | ||
==OSPF Configuration== | ==OSPF Configuration== | ||
− | For each interface that you have configured | + | For each interface on every router that you have configured, we need OSPF to advertise it to other routers. |
− | When configuring OSPF, specify a process ID of 1 (it doesn't really matter what it is but by convention we use 1) and advertise the interfaces with an appropriate | + | When configuring OSPF, specify a process ID of 1 (it doesn't really matter what it is but by convention we use 1) and advertise the interfaces with an appropriate statement. |
For example: | For example: | ||
− | PerthCore(config)#''' | + | PerthCore(config)#'''interface s0/0''' |
− | PerthCore(config- | + | PerthCore(config-if)#'''ip ospf 1 area 0''' |
− | PerthCore(config- | + | PerthCore(config-if)#'''interface s0/1''' |
− | PerthCore(config- | + | PerthCore(config-if)#'''ip ospf 1 area 1''' |
− | ''' | + | PerthCore(config-if)#'''interface s0/2''' |
− | You should have one | + | PerthCore(config-if)#'''ip ospf 1 area 1''' |
− | + | ||
+ | You should have one OSPF statement for each interface on your local router.<br> | ||
The "area" corresponds to the three ellipses in the topology diagram. Make sure the "area" you specify for each network corresponds to the area shown for that interface in the diagram. | The "area" corresponds to the three ellipses in the topology diagram. Make sure the "area" you specify for each network corresponds to the area shown for that interface in the diagram. |
Latest revision as of 16:24, 14 September 2020
Contents
Scenario
Consider the network topology above. There are two regional locations, Perth and Melbourne, each featuring a core router. The two routers are connected via a WAN link and each supports two local branch offices (North and South).
Each branch office supports three departments (Sales, Factory and Admin) that for security or performance reasons need to be on seperate subnets.
The departmental requirements at each site are as follows:
- Sales - 20 IP Devices
- Factory - 28 IP Devices
- Admin - 8 IP Devices
Assuming we have been allocated the IP address range defined by 198.18.0.0 /15 (An alternative view is 198.18.0.0/24 and 198.18.1.0/24), there are a number of ways of tackling the IP addressing problem.
Beware! - It is so easy to accidentally type 192. The allocated block of IP addresses is 198.18 not 192.16!
One approach is to make the most efficient use of the available address and pack the subnets as tightly as possible and minimise waste and small discontiguous blocks of address space. The normal practice is to determine the size of the subnets that will minimally accomodate the requirements and allocate them from the available address space from largest to smallest.
These two worksheets provide an example of this approach.
Media:VLSM-for-address-preservation-1.pdf
Media:VLSM-for-address-preservation-2.pdf
Note that this technique provides a large block of contiguous address space (green) that could be used for other purposes. However, the addresses used within a region are spread out across the address space, making summararisation impossible. This leads to unecessarily large routing tables, poor scalability, lower routing performance and very complex access control lists. For global IPv4 addresses, which are in short supply, this approach, although undesirable, may be required.
If possible, it is always desirable to try to structure addressing in a heirachical fashion as this leads to more efficient route summarisation. Where there is little need to preserve addresses this should be the approach taken. Situations where this would occur are when using private addressing or IPv6. The following VLSM worksheets show how a two level heirarchical design can be constructed to match the physical topology and allow efficient summarisation.
Media:VLSM-for-Summarisation-1.pdf
Media:VLSM-for-Summarisation-2.pdf
With some thought it is possible to optimise the address layout to minimise the amount of reconfiguration required should one department grow. In the following design it is possible to grow the Factory subnet to /26 without affecting others in the renumbering process. Similarly it is possible grow Admin to a /27 without renumbering the other two departments.
Media:VLSM-for-Summarisation-Allowance-for-growth-1.pdf
Media:VLSM-for-Summarisation-Allowance-for-growth-2.pdf
Lab Exercise
In this lab we'll use a dynamic routing protocol (OSPF) and examine how routing protocol features and sound IP addressing practices come together to build more efficient routing tables.
In this lab we'll configure what is known as "multi-area" OSPF to illustrate the benefits of VLSM and hierarchical address design.
Launching EVE
For this exercise implement the IP addressing structure outlined in these two worksheets:
Media:VLSM-for-Summarisation-Allowance-for-growth-1.pdf
Media:VLSM-for-Summarisation-Allowance-for-growth-2.pdf
- Boot the lab computer into EVE Ubuntu Linux.
- Download and copy the following file Media:OSPF-Topology.zip to your computer.
- Start the EVE virtual machine
- Open the IP address shown on your EVE server with a Web Browser.
- Import and start the OSPF topology file.
Basic Link and Interface Configuration
Now that EVE is running and your topology is loaded you can commence the lab.
- Configure hostnames on each of the routers.
- For each LAN (department) configure a Loopback interface on the router. Configure the first usable IP address from the VLSM plan. In otherwords, on each of the four distribution layer routers you will have 3 loopbacks corresponding to the three departments.
- Configure the four Distribution to Core router links. Use the first usable IP address on the core router interface and the second available IP address as the Distribution router address.
- Configure the link between PerthCore and MelbourneCore routers. Use the first available IP address for the PerthCore router.
The address for the WAN link is the very last /30 on the second PDF. It's not obvious as it isn't coloured.
- Check that all of your links are configured correctly by pinging your directly connected neighbours. Make sure you resolve any connectivity issues before proceding.
Why can't you ping beyond your directly connected neighbours?
(Hint - "show ip route").
OSPF Configuration
For each interface on every router that you have configured, we need OSPF to advertise it to other routers. When configuring OSPF, specify a process ID of 1 (it doesn't really matter what it is but by convention we use 1) and advertise the interfaces with an appropriate statement.
For example:
PerthCore(config)#interface s0/0 PerthCore(config-if)#ip ospf 1 area 0 PerthCore(config-if)#interface s0/1 PerthCore(config-if)#ip ospf 1 area 1 PerthCore(config-if)#interface s0/2 PerthCore(config-if)#ip ospf 1 area 1
You should have one OSPF statement for each interface on your local router.
The "area" corresponds to the three ellipses in the topology diagram. Make sure the "area" you specify for each network corresponds to the area shown for that interface in the diagram.
A few facts that explain why we're doing this:
- OSPF can only summarise IP addresses as they pass from one area to another area via an ABR (Area Border Router) or from OSPF to another protocol.
- Part of the design process with OSPF is to work out where you want summarisation to occur and pick areas to match.
- All areas connect together through a common area "zero". This is the OSPF backbone.
- None of these are general rules that apply to other routing protocols. Each routing protocol has its own rules, design features, requirements and quirks.
Testing
- Export your configurations to save progress.
- As you are emulating the routers in EVE you need to select More Actions -> Export all CFGs. This copies the configuration files from the individual routers into the EVE lab environment.
- EVE allows you to choose whether to start the devices using a previously saved configuration or a blank state. You choose this function from the File:Startup-config-button-eve.png button in EVE. Check that the slide button is ON for your Distribution routers. You can also click on the routers name to see what configuration file EVE is storing for that device.
- Check that from one of the Distribution routers (Nth/Sth) you can ping all of the loopbacks on the other routers. This confirms that OSPF is operating correctly.
- Assuming all is well, examine the routing table.
Router# show ip route
You should find that there is an entry for each network you configured. Note that many networks will appear to have a network prefix of /32 even though you configured them with /27 and /28 subnet masks. OSPF is clever, it knows that you configured a Loopback interface that can't have any other devices attached and so it advertises just a single address. If we had configured an Ethernet interface which was really capable of supporting 20 users then it would have believed us and you would see a /27 mask.
Example output:
NthPerth#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 198.18.0.0/24 is variably subnetted, 12 subnets, 4 masks C 198.18.0.0/27 is directly connected, Loopback1 L 198.18.0.1/32 is directly connected, Loopback1 C 198.18.0.64/27 is directly connected, Loopback0 L 198.18.0.65/32 is directly connected, Loopback0 C 198.18.0.96/28 is directly connected, Loopback2 L 198.18.0.97/32 is directly connected, Loopback2 C 198.18.0.112/30 is directly connected, Serial0/1 L 198.18.0.114/32 is directly connected, Serial0/1 O 198.18.0.129/32 [110/129] via 198.18.0.113, 00:16:41, Serial0/1 O 198.18.0.193/32 [110/129] via 198.18.0.113, 00:16:41, Serial0/1 O 198.18.0.225/32 [110/129] via 198.18.0.113, 00:16:41, Serial0/1 O 198.18.0.240/30 [110/128] via 198.18.0.113, 00:16:41, Serial0/1 198.18.1.0/24 is variably subnetted, 9 subnets, 2 masks O IA 198.18.1.1/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.65/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.97/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.112/30 [110/192] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.129/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.193/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.225/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.240/30 [110/192] via 198.18.0.113, 00:06:28, Serial0/1 O IA 198.18.1.252/30 [110/128] via 198.18.0.113, 00:06:28, Serial0/1 NthPerth#
Note that some routes are labelled IA (Inter-Area). For these networks your router knows how to get to them but it doesn't have the detailed link state database entries that it has for its own area.
Summarisation
The large number of routes in the routing table is undesirable and unecessary as we have carefully constructed a hierarchical addressing scheme. OSPF areas form regions within which routers share detailed network and link state information (a complete picture). Between areas the administrator can choose what level of detail is exchanged between routers. If you look at our topology you will see that we have two areas (one and two) that are aligned with our top level (/24) summarisation. We can instruct OSPF to present only a summary route to the other area. This can only be done at the border between two areas. In otherwords only on the PerthCore and MelbourneCore routers.
The command to perform Inter-Area (IA) summarisation in OSPF is the area-range command.
For example on the PerthCore router ad the following:
PerthCore(config)#router ospf 1 PerthCore(config-router)#area 1 range 198.18.0.0 255.255.255.0
This instructs OSPF to advertise the routes contained within Area 1 as a single 198.18.0.0/24 network.
- Configure the area-range command on the PerthCore and MelbourneCore routers. You need to figure out what the appropriate range will be for Melbourne.
- Observe the effects on the routing tables of each of the routers. On the Distribution routers the table size should be almost halved. If we added more regions it would only increase the routing table by a single entry each time. This is where scalable network design comes into its own.
Example output:
NthPerth#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 198.18.0.0/24 is variably subnetted, 12 subnets, 4 masks C 198.18.0.0/27 is directly connected, Loopback1 L 198.18.0.1/32 is directly connected, Loopback1 C 198.18.0.64/27 is directly connected, Loopback0 L 198.18.0.65/32 is directly connected, Loopback0 C 198.18.0.96/28 is directly connected, Loopback2 L 198.18.0.97/32 is directly connected, Loopback2 C 198.18.0.112/30 is directly connected, Serial0/1 L 198.18.0.114/32 is directly connected, Serial0/1 O 198.18.0.129/32 [110/129] via 198.18.0.113, 00:30:17, Serial0/1 O 198.18.0.193/32 [110/129] via 198.18.0.113, 00:30:17, Serial0/1 O 198.18.0.225/32 [110/129] via 198.18.0.113, 00:30:17, Serial0/1 O 198.18.0.240/30 [110/128] via 198.18.0.113, 00:30:17, Serial0/1 198.18.1.0/24 is variably subnetted, 2 subnets, 2 masks O IA 198.18.1.0/24 [110/192] via 198.18.0.113, 00:00:35, Serial0/1 O IA 198.18.1.252/30 [110/128] via 198.18.0.113, 00:20:04, Serial0/1
* * * At this point you should complete this weeks participation quiz * * *
Final Configs
PerthCore.cfg
hostname PerthCore ! interface Serial0/0 ip address 198.18.1.253 255.255.255.252 serial restart-delay 0 ! interface Serial0/1 ip address 198.18.0.113 255.255.255.252 serial restart-delay 0 ! interface Serial0/2 ip address 198.18.0.241 255.255.255.252 serial restart-delay 0 ! router ospf 1 area 1 range 198.18.0.0 255.255.255.0 network 198.18.0.112 0.0.0.3 area 1 network 198.18.0.240 0.0.0.3 area 1 network 198.18.1.252 0.0.0.3 area 0 ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! end
MelbourneCore.cfg
hostname MelbourneCore ! interface Serial0/0 ip address 198.18.1.254 255.255.255.252 serial restart-delay 0 ! interface Serial0/1 ip address 198.18.1.113 255.255.255.252 serial restart-delay 0 ! interface Serial0/2 ip address 198.18.1.241 255.255.255.252 serial restart-delay 0 ! router ospf 1 area 2 range 198.18.1.0 255.255.255.0 network 198.18.1.112 0.0.0.3 area 2 network 198.18.1.240 0.0.0.3 area 2 network 198.18.1.252 0.0.0.3 area 0 ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! end
NthMelbourne.cfg
hostname NthMelbourne ! interface Loopback0 description Nth Melbourne Sales ip address 198.18.1.65 255.255.255.224 ! interface Loopback1 description Nth Melbourne Factory ip address 198.18.1.1 255.255.255.224 ! interface Loopback2 description Nth Melbourne Admin ip address 198.18.1.97 255.255.255.240 ! interface Serial0/1 ip address 198.18.1.114 255.255.255.252 serial restart-delay 0 ! router ospf 1 network 198.18.1.0 0.0.0.31 area 2 network 198.18.1.64 0.0.0.31 area 2 network 198.18.1.96 0.0.0.15 area 2 network 198.18.1.112 0.0.0.3 area 2 ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! end
SthMelbourne.cfg
hostname SthMelbourne ! interface Loopback0 description Sth Melbourne Sales ip address 198.18.1.193 255.255.255.224 ! interface Loopback1 description Sth Melbourne Factory ip address 198.18.1.129 255.255.255.224 ! interface Loopback2 description Sth Melbourne Admin ip address 198.18.1.225 255.255.255.240 ! interface Serial0/2 ip address 198.18.1.242 255.255.255.252 serial restart-delay 0 ! router ospf 1 network 198.18.1.128 0.0.0.31 area 2 network 198.18.1.192 0.0.0.31 area 2 network 198.18.1.224 0.0.0.15 area 2 network 198.18.1.240 0.0.0.3 area 2 ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! end
NthPerth.cfg
hostname NthPerth ! interface Loopback0 description NthPerth Sales ip address 198.18.0.65 255.255.255.224 ! interface Loopback1 description NthPerth Factory ip address 198.18.0.1 255.255.255.224 ! interface Loopback2 description NthPerth Admin ip address 198.18.0.97 255.255.255.240 ! interface Serial0/1 ip address 198.18.0.114 255.255.255.252 serial restart-delay 0 ! router ospf 1 network 198.18.0.0 0.0.0.31 area 1 network 198.18.0.64 0.0.0.31 area 1 network 198.18.0.96 0.0.0.15 area 1 network 198.18.0.112 0.0.0.3 area 1 ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! end
SthPerth.cfg
hostname SthPerth ! interface Loopback0 description SthPerth Sales ip address 198.18.0.193 255.255.255.224 ! interface Loopback1 description SthPerth Factory ip address 198.18.0.129 255.255.255.224 ! interface Loopback2 description SthPerth Admin ip address 198.18.0.225 255.255.255.240 ! interface Serial0/2 ip address 198.18.0.242 255.255.255.252 serial restart-delay 0 ! router ospf 1 network 198.18.0.128 0.0.0.31 area 1 network 198.18.0.192 0.0.0.31 area 1 network 198.18.0.224 0.0.0.15 area 1 network 198.18.0.240 0.0.0.3 area 1 ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! end
EVE Final topology - configured as above
(Terry - Check NthPerth Media:OSPF-Topology-(configured).zip