OSPF Multi-area and Route Summarisation

From csn
Revision as of 05:56, 18 April 2020 by Koziniec (talk | contribs) (Created page with "=Scenario= File:OSPF-MA-EVE.png.png Consider the network topology above. There are two regional locations, Perth and Melbourne, each featuring a core router. The two ro...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Scenario

OSPF-MA-EVE.png.png

Consider the network topology above. There are two regional locations, Perth and Melbourne, each featuring a core router. The two routers are connected via a WAN link and each supports two local branch offices (North and South).

Each branch office supports three departments (Sales, Factory and Admin) that for security or performance reasons need to be on seperate subnets.

The departmental requirements at each site are as follows:

  • Sales - 20 IP Devices
  • Factory - 28 IP Devices
  • Admin - 8 IP Devices

Assuming we have been allocated the IP address range defined by 198.18.0.0 /15 (An alternative view is 198.18.0.0/24 and 198.18.1.0/24), there are a number of ways of tackling the IP addressing problem.

Beware! - It is so easy to accidentally type 192. The allocated block of IP addresses is 198.18 not 192.16!

One approach is to make the most efficient use of the available address and pack the subnets as tightly as possible and minimise waste and small discontiguous blocks of address space. The normal practice is to determine the size of the subnets that will minimally accomodate the requirements and allocate them from the available address space from largest to smallest.

These two worksheets provide an example of this approach.

Media:VLSM-for-address-preservation-1.pdf

Media:VLSM-for-address-preservation-2.pdf

Note that this technique provides a large block of contiguous address space (green) that could be used for other purposes. However, the addresses used within a region are spread out across the address space, making summararisation impossible. This leads to unecessarily large routing tables, poor scalability, lower routing performance and very complex access control lists. For global IPv4 addresses, which are in short supply, this approach, although undesirable, may be required.

If possible, it is always desirable to try to structure addressing in a heirachical fashion as this leads to more efficient route summarisation. Where there is little need to preserve addresses this should be the approach taken. Situations where this would occur are when using private addressing or IPv6. The following VLSM worksheets show how a two level heirarchical design can be constructed to match the physical topology and allow efficient summarisation.

Media:VLSM-for-Summarisation-1.pdf

Media:VLSM-for-Summarisation-2.pdf

With some thought it is possible to optimise the address layout to minimise the amount of reconfiguration required should one department grow. In the following design it is possible to grow the Factory subnet to /26 without affecting others in the renumbering process. Similarly it is possible grow Admin to a /27 without renumbering the other two departments.

Media:VLSM-for-Summarisation-Allowance-for-growth-1.pdf

Media:VLSM-for-Summarisation-Allowance-for-growth-2.pdf

Lab Exercise

In this lab we'll use a dynamic routing protocol (OSPF) and examine how routing protocol features and sound IP addressing practices come together to build more efficient routing tables.

In this lab we'll configure what is known as "multi-area" OSPF to illustrate the benefits of VLSM and hierarchical address design.


Launching EVE

For this exercise implement the IP addressing structure outlined in these two worksheets:

Media:VLSM-for-Summarisation-Allowance-for-growth-1.pdf

Media:VLSM-for-Summarisation-Allowance-for-growth-2.pdf

  • Boot the lab computer into EVE Ubuntu Linux.
  • Start the EVE virtual machine
  • Open the IP address shown on your EVE server with a Web Browser.
  • Import and start the OSPF topology file.

Basic Link and Interface Configuration

Now that EVE is running and your topology is loaded you can commence the lab.

  • Configure hostnames on each of the routers.
  • For each LAN (department) configure a Loopback interface on the router. Configure the first usable IP address from the VLSM plan. In otherwords, on each of the four distribution layer routers you will have 3 loopbacks corresponding to the three departments.
  • Configure the four Distribution to Core router links. Use the first usable IP address on the core router interface and the second available IP address as the Distribution router address.
  • Configure the link between PerthCore and MelbourneCore routers. Use the first available IP address for the PerthCore router.

The address for the WAN link is the very last /30 on the second PDF. It's not obvious as it isn't coloured.

  • Check that all of your links are configured correctly by pinging your directly connected neighbours. Make sure you resolve any connectivity issues before proceding.

Why can't you ping beyond your directly connected neighbours?
(Hint - "show ip route").

OSPF Configuration

For each interface that you have configured on the routers we need OSPF to advertise it to other routers. When configuring OSPF, specify a process ID of 1 (it doesn't really matter what it is but by convention we use 1) and advertise the interfaces with an appropriate network statement.

For example:

PerthCore(config)#router ospf 1
PerthCore(config-router)#network 198.18.0.112 0.0.0.3 area 1
PerthCore(config-router)#network 198.18.0.240 0.0.0.3 area 1
PerthCore(config-router)#network 198.18.1.252 0.0.0.3 area 0

You should have one network statement for each interface on your local router.
The OSPF wildcard mask is the inverse (swap 1's and 0's) of the subnet mask on your interface.

The "area" corresponds to the three ellipses in the topology diagram. Make sure the "area" you specify for each network corresponds to the area shown for that interface in the diagram.

A few facts that explain why we're doing this:

  • OSPF can only summarise IP addresses as they pass from one area to another area via an ABR (Area Border Router) or from OSPF to another protocol.
  • Part of the design process with OSPF is to work out where you want summarisation to occur and pick areas to match.
  • All areas connect together through a common area "zero". This is the OSPF backbone.
  • None of these are general rules that apply to other routing protocols. Each routing protocol has its own rules, design features, requirements and quirks.

Testing

  • Export your configurations to save progress.
  • As you are emulating the routers in EVE you need to select More Actions -> Export all CFGs. This copies the configuration files from the individual routers into the EVE lab environment.
  • EVE allows you to choose whether to start the devices using a previously saved configuration or a blank state. You choose this function from the File:Startup-config-button-eve.png button in EVE. Check that the slide button is ON for your Distribution routers. You can also click on the routers name to see what configuration file EVE is storing for that device.
  • Check that from one of the Distribution routers (Nth/Sth) you can ping all of the loopbacks on the other routers. This confirms that OSPF is operating correctly.
  • Assuming all is well, examine the routing table.
Router# show ip route

You should find that there is an entry for each network you configured. Note that many networks will appear to have a network prefix of /32 even though you configured them with /27 and /28 subnet masks. OSPF is clever, it knows that you configured a Loopback interface that can't have any other devices attached and so it advertises just a single address. If we had configured an Ethernet interface which was really capable of supporting 20 users then it would have believed us and you would see a /27 mask.

Example output:

NthPerth#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override   

Gateway of last resort is not set 

      198.18.0.0/24 is variably subnetted, 12 subnets, 4 masks
C        198.18.0.0/27 is directly connected, Loopback1
L        198.18.0.1/32 is directly connected, Loopback1
C        198.18.0.64/27 is directly connected, Loopback0
L        198.18.0.65/32 is directly connected, Loopback0
C        198.18.0.96/28 is directly connected, Loopback2
L        198.18.0.97/32 is directly connected, Loopback2
C        198.18.0.112/30 is directly connected, Serial0/1
L        198.18.0.114/32 is directly connected, Serial0/1
O        198.18.0.129/32 [110/129] via 198.18.0.113, 00:16:41, Serial0/1
O        198.18.0.193/32 [110/129] via 198.18.0.113, 00:16:41, Serial0/1
O        198.18.0.225/32 [110/129] via 198.18.0.113, 00:16:41, Serial0/1
O        198.18.0.240/30 [110/128] via 198.18.0.113, 00:16:41, Serial0/1
      198.18.1.0/24 is variably subnetted, 9 subnets, 2 masks
O IA     198.18.1.1/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.65/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.97/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.112/30 [110/192] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.129/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.193/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.225/32 [110/193] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.240/30 [110/192] via 198.18.0.113, 00:06:28, Serial0/1
O IA     198.18.1.252/30 [110/128] via 198.18.0.113, 00:06:28, Serial0/1
NthPerth#

Note that some routes are labelled IA (Inter-Area). For these networks your router knows how to get to them but it doesn't have the detailed link state database entries that it has for its own area.

Summarisation

The large number of routes in the routing table is undesirable and unecessary as we have carefully constructed a hierarchical addressing scheme. OSPF areas form regions within which routers share detailed network and link state information (a complete picture). Between areas the administrator can choose what level of detail is exchanged between routers. If you look at our topology you will see that we have two areas (one and two) that are aligned with our top level (/24) summarisation. We can instruct OSPF to present only a summary route to the other area. This can only be done at the border between two areas. In otherwords only on the PerthCore and MelbourneCore routers.

The command to perform Inter-Area (IA) summarisation in OSPF is the area-range command.

For example on the PerthCore router ad the following:

PerthCore(config)#router ospf 1
PerthCore(config-router)#area 1 range 198.18.0.0 255.255.255.0

This instructs OSPF to advertise the routes contained within Area 1 as a single 198.18.0.0/24 network.

  • Configure the area-range command on the PerthCore and MelbourneCore routers. You need to figure out what the appropriate range will be for Melbourne.
  • Observe the effects on the routing tables of each of the routers. On the Distribution routers the table size should be almost halved. If we added more regions it would only increase the routing table by a single entry each time. This is where scalable network design comes into its own.

Example output:

NthPerth#show ip route 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      198.18.0.0/24 is variably subnetted, 12 subnets, 4 masks
C        198.18.0.0/27 is directly connected, Loopback1
L        198.18.0.1/32 is directly connected, Loopback1
C        198.18.0.64/27 is directly connected, Loopback0
L        198.18.0.65/32 is directly connected, Loopback0
C        198.18.0.96/28 is directly connected, Loopback2
L        198.18.0.97/32 is directly connected, Loopback2
C        198.18.0.112/30 is directly connected, Serial0/1
L        198.18.0.114/32 is directly connected, Serial0/1
O        198.18.0.129/32 [110/129] via 198.18.0.113, 00:30:17, Serial0/1
O        198.18.0.193/32 [110/129] via 198.18.0.113, 00:30:17, Serial0/1
O        198.18.0.225/32 [110/129] via 198.18.0.113, 00:30:17, Serial0/1
O        198.18.0.240/30 [110/128] via 198.18.0.113, 00:30:17, Serial0/1
      198.18.1.0/24 is variably subnetted, 2 subnets, 2 masks
O IA     198.18.1.0/24 [110/192] via 198.18.0.113, 00:00:35, Serial0/1
O IA     198.18.1.252/30 [110/128] via 198.18.0.113, 00:20:04, Serial0/1

* * * At this point you should complete this weeks participation quiz * * *

Final Configs

PerthCore.cfg

hostname PerthCore
!
interface Serial0/0
 ip address 198.18.1.253 255.255.255.252
 serial restart-delay 0
!         
interface Serial0/1
 ip address 198.18.0.113 255.255.255.252
 serial restart-delay 0
!
interface Serial0/2
 ip address 198.18.0.241 255.255.255.252
 serial restart-delay 0
!
router ospf 1
 area 1 range 198.18.0.0 255.255.255.0
 network 198.18.0.112 0.0.0.3 area 1
 network 198.18.0.240 0.0.0.3 area 1
 network 198.18.1.252 0.0.0.3 area 0
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
end

MelbourneCore.cfg

hostname MelbourneCore
!
interface Serial0/0
 ip address 198.18.1.254 255.255.255.252
 serial restart-delay 0
!         
interface Serial0/1
 ip address 198.18.1.113 255.255.255.252
 serial restart-delay 0
!
interface Serial0/2
 ip address 198.18.1.241 255.255.255.252
 serial restart-delay 0
!
router ospf 1
 area 2 range 198.18.1.0 255.255.255.0
 network 198.18.1.112 0.0.0.3 area 2
 network 198.18.1.240 0.0.0.3 area 2
 network 198.18.1.252 0.0.0.3 area 0
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
end

NthMelbourne.cfg

hostname NthMelbourne
!
interface Loopback0
 description Nth Melbourne Sales
 ip address 198.18.1.65 255.255.255.224
!
interface Loopback1
 description Nth Melbourne Factory
 ip address 198.18.1.1 255.255.255.224
!
interface Loopback2
 description Nth Melbourne Admin
 ip address 198.18.1.97 255.255.255.240
!
interface Serial0/1
 ip address 198.18.1.114 255.255.255.252
 serial restart-delay 0
!         
router ospf 1
 network 198.18.1.0 0.0.0.31 area 2
 network 198.18.1.64 0.0.0.31 area 2
 network 198.18.1.96 0.0.0.15 area 2
 network 198.18.1.112 0.0.0.3 area 2
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
end

SthMelbourne.cfg

hostname SthMelbourne
!
interface Loopback0
 description Sth Melbourne Sales
 ip address 198.18.1.193 255.255.255.224
!
interface Loopback1
 description Sth Melbourne Factory
 ip address 198.18.1.129 255.255.255.224
!
interface Loopback2
 description Sth Melbourne Admin
 ip address 198.18.1.225 255.255.255.240
!
interface Serial0/2
 ip address 198.18.1.242 255.255.255.252
 serial restart-delay 0
!
router ospf 1
 network 198.18.1.128 0.0.0.31 area 2
 network 198.18.1.192 0.0.0.31 area 2
 network 198.18.1.224 0.0.0.15 area 2
 network 198.18.1.240 0.0.0.3 area 2
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
end

NthPerth.cfg

hostname NthPerth
!
interface Loopback0
 description NthPerth Sales
 ip address 198.18.0.65 255.255.255.224
!
interface Loopback1
 description NthPerth Factory
 ip address 198.18.0.1 255.255.255.224
!
interface Loopback2
 description NthPerth Admin
 ip address 198.18.0.97 255.255.255.240
!
interface Serial0/1
 ip address 198.18.0.114 255.255.255.252
 serial restart-delay 0
!
router ospf 1
 network 198.18.0.0 0.0.0.31 area 1
 network 198.18.0.64 0.0.0.31 area 1
 network 198.18.0.96 0.0.0.15 area 1
 network 198.18.0.112 0.0.0.3 area 1
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
end

SthPerth.cfg

hostname SthPerth
!
interface Loopback0
 description SthPerth Sales
 ip address 198.18.0.193 255.255.255.224
!
interface Loopback1
 description SthPerth Factory
 ip address 198.18.0.129 255.255.255.224
!
interface Loopback2
 description SthPerth Admin
 ip address 198.18.0.225 255.255.255.240
!
interface Serial0/2
 ip address 198.18.0.242 255.255.255.252
 serial restart-delay 0
!
router ospf 1
 network 198.18.0.128 0.0.0.31 area 1
 network 198.18.0.192 0.0.0.31 area 1
 network 198.18.0.224 0.0.0.15 area 1
 network 198.18.0.240 0.0.0.3 area 1
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
end

EVE Final topology - configured as above

(Terry - Check NthPerth Media:OSPF-Topology-(configured).zip