Extended configuration of OSPF

Extended configuration of OSPF

1. certification

(1) Interface certification

1) Interface plaintext authentication

r11(config)#interface s0/1
r11(config-if)#ip ospf authentication 
#Open the plaintext authentication requirements of the interface first. After the interface is opened, the authentication type field is modified in the OSPF packet sent by the interface. Although there is no authentication secret key, it is still required that the parameters of the neighbor must be consistent
r12(config-if)#Ip ospf authentication key cisco123 authenticates the plaintext secret key. Both sides need to be consistent

2) Interface ciphertext authentication

r11(config)#interface s0/1
r11(config-if)#Ip ospf authentication message digest ciphertext requirements
r11(config-if)#Ip ospf message digest key 1 MD5 cisco123 secret key

(2) Regional certification

For example: open the plaintext or ciphertext authentication for zone 0 on R1; in fact, modify the plaintext or ciphertext authentication type field of all the interfaces belonging to zone 0 on R1; equal to the need to open in the interface authentication of all zone 0 interface configurations of R1; configure the plaintext or ciphertext secret key to each interface one by one;

r11(config)#router ospf 1 
r11(config-router)#area 1 authentication area clear text
r11(config-router)#Area 1 authentication message digest

(3) Virtual link authentication

r11(config)#router ospf 1 
#ClearText Authentication
r11(config-router)#area 1 virtual-link authentication
r11(config-router)#area 1 virtual-link authentication-key cisco123
#Ciphertext authentication
r11(config-router)#area 1 virtual-link authentication message-digest
r11(config-router)#area 1 virtual-link message-digest-key 1  md5 cisco123 

2. Extension of summary (the following rules are mostly used for the premise that there are multiple ABR s between two regions)

(1) Modify the cost value of the summary entry while summarizing the inter domain routes

r11(config-router)#area 1 range cost 10

The significance is that if there are multiple ABRs between two regions, when they summarize region A to region B by default, the given starting metric is the largest metric from ABR to the summarized details; by modifying cost while summarizing route, it can play the role of path interference;

It can also be used for interference routing, and OSPF has no offset list; therefore, ABR can use the method of summary entry + cost value to modify human measurement when routing area A to area B;

#R1 is ABR, need to transmit to other areas
r1(config-router)#area 1 range cost 10

(2) Route filtering

Premise: if R1 is ABR, do not want to share the route of in zone 1 to zone 0;

r1(config)#router ospf 1 
r1(config-router)#area 1 range not-advertise 

You can also filter routes outside the domain. Suppose R1 is ASBR and is routes of other protocols, which need to be republished to OSPF

r1(config-router)#summary-address ?
not-advertise  Do not advertise or translate

Tags can also be modified during the transfer process, and they are used for other strategies

r1(config-router)#summary-address tag ?
<0-4294967295>  32-bit tag value

r1(config)#interface e0/0
r1(config-if)#ip ospf cost 50

For all routing entries from the interface (entry direction of control level), add 50 to the previous measurement;

(3) Protection features of LSDB (the maximum operating radius of IOS above 12.4 supporting ospf is 10000 LSA S)

Note: the maximum working radius of EIGRP is 100 hops

Less device cache - fewer route entries can be saved, it is recommended to be peripheral area device
If there are still many routes, exceeding the local cache limit will lead to device failure

r1(config)#router ospf 1 
r1(config-router)#max-lsa   1000               100 
                             Maximum LSA entries threshold

The default threshold is 75%, which is modified to 100%
Threshold reached disconnect neighbor

r1(config-router)#Max LSA 1000 100 ignore time 5 disconnect neighbor for 5 minutes

r1(config-router)#Max LSA 100 warning only 75 Las reaches 75% of 100 to warn

Note: one LSA sent by one LSA of class 1 contains all information; one information of class 3 / 5 LSA is one;

(4) Convergence time

When modifying the interface hello time, the local dead time automatically matches the 4x relationship; the hello and dead time between neighbors must be completely consistent, otherwise the neighbor relationship cannot be established

r3(config)#interface tunnel 0
r3(config-if)#ip ospf hello-interval 10
r3(config-if)#ip ospf dead-interval 40

(5) Default route (Class 3 default, class 5 default, class 7 default)

Class 3 default: must be generated automatically by special area - end area, full end, full NSSA

Class 5 default: re publish from outside the domain to enter the OSPF domain; for the device to be published by default, there must be a default route in its routing table first - the route entry generation method is not concerned (manual configuration - re publish - the default route generated in the local routing table through non OSPF protocol or different OSPF processes; the premise of re publish to another OSPF process or OSPF protocol is the local route There must be a default route in the table first)

r3(config)#router ospf 1 
r3(config-router)#default-information originate 

The default route entered by default is external type 2;
Type 1 - start measure is 1 - stack internal measures
Type 2 - start measure 1 - do not stack internal measures

r9(config-router)#Default information original metric type 1 modification type

If the local router table does not have a default route, it cannot be republished to the OSPF domain normally, which can be generated by force

r9(config-router)#default-information originate always
#Default to type 2; can be modified to type 1

Class 7 default: normally, it is only configured in the normal NSSA environment; because the normal NSSA does not automatically generate a default route; therefore, it is necessary to publish a default route to the NSSA region on the ABR between region 0 and NSSA region;

r3(config)#router ospf 1 
r3(config-router)#area 1 nssa default-information-originate 

The default value is N2 type 2; type 1 overlaps internal measures; type 2 does not stack;

r3(config-router)#Area 1 NSSA default information original metric type 1 modification type

(6) Appendix E (problems with the same link ID)

If an ABR imports two LSAS of class 3 into other regions, and the link IDs of the two LSAS are the same;
Suppose: the short mask network segment enters first, and the link ID is displayed normally; the long mask enters with the link ID plus the anti mask–link-id–link-id

If the long mask enters first and then the short mask enters, the information of the long mask is refreshed to the anti mask;

Published 16 original articles, won praise 1, visited 232
Private letter follow

Keywords: iOS less network

Added by mammy on Sun, 19 Jan 2020 14:13:15 +0200