📒
cybersecurity notes
  • Welcome
  • Memory Forensics
    • Resources
    • autovol
    • Memory Forensics - 13cubed
      • Intro to Memory Forensics
      • Windows Memory Analysis
      • Windows Process Genealogy
      • Pulling threads
      • Persistence in Memory
      • Memory Forensics Baselines
      • Extracting Prefetch
      • Shellbag forensics
    • Challenges
      • BTLO
        • Memory Analysis - Ransomware
      • Memlabs
        • Lab 1 - Beginner's Luck
    • Analysis
      • Stuxnet
      • Zeusbot
      • Darkcomet RAT
      • ZeroAccess Rootkit
  • Linux
    • Linux commands
  • Malware Analysis
    • Triaging
    • Malware Analysis - 13cubed
    • gdb
  • Networking
    • CCNA notes
      • Network devices
      • Interfaces and cables
      • OSI model & TCP-IP suite
      • Intro to CLI
      • Ethernet LAN switching (1)
      • Ethernet LAN switching (2)
      • IPv4 addressing (1)
      • IPv4 addressing (2)
      • Switch Interfaces
      • IPv4 Header
      • Static routing
      • Life of a Packet
      • Subnetting (1)
      • Subnetting (2)
      • Subnetting (3)
      • VLAN (1)
      • VLAN (2)
      • VLAN (3)
      • DTP & VTP
      • Spanning Tree Protocol (1)
      • Spanning Tree Protocol (2)
      • RSTP
      • Etherchannel
      • Dynamic routing
      • RIP & EIGRP
      • OSPF (1)
      • Others (gdrive)
Powered by GitBook
On this page
  • Review
  • Intro
  • LSA flooding
  • OSPF areas
  • Terms
  • Rules
  • Configuration
  • Quiz
  1. Networking
  2. CCNA notes

OSPF (1)

PreviousRIP & EIGRP

Last updated 1 year ago

Review

  • OSPF is a Link State dynamic routing protocol.

  • [[Dynamic routing#Types#Distance vector]]

    • Use ‘routing by rumor’ in which each router shares information about the routes they know and their metric cost to reach each destination.

    • Routers don’t have a complete map of the network, they just use the information their neighboring routers tell them to determine the best route to each destination.

  • [[Dynamic routing#Types#Link state]]

    • Every router creates a ‘connectivity map’ of the network.

    • To allow this, each router advertises information about its interfaces (its connected networks) to its neighbors.

    • These advertisements are passed along to other routers, until all routers in the network develop the same map of the network.

    • Then, each router independently uses this map to calculate the best routes to each destination.

    • Link state protocols use more resources on the router, because more information is shared.

    • Link state protocols tend to be faster in reacting to changes in the network.

Intro

  • Open Shortest Path First.

  • The OSPF protocol uses the ‘shortest path first’ algorithm, created by Dutch computer scientist Edsger Dijkstra.

  • Another name for the algorithm is ‘Dijsktra’s algorithm’

  • 3 versions :

    • OSPF v1 (1989) : old & not in use

    • OSPF v2 (1998) : used for IPv4 (in CCNA)

    • OSPF v3 (2008) : used for IPv6

  • Routers store information about the network in LSA (Link State Advertisements), which are organized in a structure called the LSDB (Link State Database).

  • Routers will flood LSAs until all routers in the OSPF area develop the same map of the network, meaning the same LSDB.

  • 3 main steps:

    • Become neighbors with other routers connected to the same segment.

    • Exchange LSAs with neighbor routers.

    • Calculate the best routes to each destination and insert them into the routing table.

LSA flooding

![[lsa flooding.png]]

Say this network of four routers is running OSPF. All of these routers are OSPF neighbors, they have the same link state database and the network is stable.

  • Then, OSPF is enabled on R4’s G1/0 interface.

  • So, R4 needs to tell the other routers about this new network segment.

  • So, R4 creates an LSA to tell its neighbors about the network on g1/0. Some basic info in LSA :

    • RID (router ID). R4’s router ID is 4.4.4.4, either manually configured or one of its loopback interfaces, since there is no physical interface with that IP.

    • IP : 198.168.4.0/24, network on the g1/0 interface.

    • Cost : 1 (OSPF's metric).

  • Each individual LSA has an aging timer, which is 30 minutes by default.

  • The LSA is then flooded throughout the network (blue arrows) until all routers receive a copy.

  • The LSA will be flooded again after the timer expires (once every 30 minutes by default).

  • This results in all routers in the OSPF area having the same LSDB.

  • The LSDB contains LSAs for all of the different links in the network.

  • Now that OSPF has been activated on R4’s G1/0 interface, that new LSA is added to the LSDB.

LSDB is identical for all routers in the OSPF area.

  • Each router then uses the SPF algorithm, Dijkstra’s algorithm, to calculate its best route to 192.168.4.0/24.

  • Each of these routers has a complete map of the network. For example, R2 is basically looking at the same diagram. so it can calculate that sending traffic via g1/0 is the best route (red arrow).

OSPF areas

  • OSPF uses areas to divide up the network.

  • Small networks can be single-area without any negative effects on network performance.

  • In larger networks (network with 500 routers with over 1000 subnets), a single-area design can have some negative effects.

    • SPF algorithm takes more time to calculate routes in a large network.

    • Requires exponentially more processing power on each router to make calculations.

    • Each router sharing a single, huge link state database also takes up more memory on the routers.

    • Every small change on the network, for example a new interface being activated, would caused LSAs to be flooded to all 500 routers, and all of those routers would have to do the SPF calculation again.

  • By dividing a large OSPF network into several smaller areas, you can avoid the above negative effects.

Terms

![[ospf areas.png]]

  • An area is a set of routers and links that share the same LSDB.

    • There are four areas in the above diagram.

    • Each of these areas maintains a unique LSDB.

  • The backbone area (area 0) is a special area, that all other areas must connect to.

    • Notice that area 1, area 2, and area 3 all connect to area 0, the backbone area.

    • Say, area 1 is not connected to area 0 (backbone area) and only connected to area 2. This network design will not be allowed in OSPF.

![[ospf internal routes.png]]

  • Routers with all interfaces in the same area are called internal routers.

![[ospf abr.png]]

  • Routers with interfaces in multiple areas are called area border routers (ABR).

    • ABRs maintain a separate LSDB for each area they are connected to.

    • It is recommend that you connect an ABR to a maximum of 2 areas.

    • Connecting an ABR to 3+ areas can overburden the router.

    • Shown above is good OSPF network design, with each ABR only connected to 2 areas.

![[ospf backbone routers.png]]

  • Routers with atleast one interface connected to the backbone area (area 0) are called backbone routers (also includes area border routers).

  • Intra-area route is a route to a destination inside the same OSPF area.

    • Destination is in the same area as the router.

    • Router in area 1 to a destination that is also in area 1.

  • Interarea route is a route to a destination in a different OSPF area.

    • Router in area 1 learns a route to a destination in area 2.

    • Router and the destination are in two different OSPF areas.

Rules

![[ospf non contiguous.png]]

  1. OSPF areas should be contiguous.

    • It means that each individual area should be connected, not divided up.

    • The network design above is not allowed in OSPF and will cause problems.

    • So, instead of having area 1 split up and non-contiguous, you should make the section on the right a separate area, area 3.

![[ospf abr to backbone.png]]

  1. All OSPF areas must have at least one ABR connected to the backbone area.

    • Area 1 does not have an ABR connected to the backbone area, area 0 -> not allowed and will cause problems.

    • Area 2 has an ABR connected to area 2 and 0, and Area 3 also has an ABR connected to area 3 and 0 -> good network design.

![[ospf subnet.png]]

  1. OSPF interfaces in the same subnet must be in the same area.

    • If they’re not in the same area, they won’t become OSPF neighbors and won’t exchange information about the networks.

    • Even though all 4 interfaces are in the same subnet and OSPF is enabled on them, area 1 router will not become OSPF neighbors with the others.

    • Area 1 router also has an interface in the 192.168.1.0/29 subnet, but the interface is in area 1, not area 0.

    • To make it an OSPF neighbor, configure ABR’s interface in the 192.168.1.0/29 subnet in area 0.

Configuration

![[ospf config.png]]

All of these router interfaces are in OSPF area 0.

R1(config)# router ospf process id R1(config)# router ospf 1

  • Enter OSPF configuration mode you use the command ROUTER OSPF, followed by a process ID.

    • A router can run multiple OSPF processes at once, and this ID is used in the router to identify each of them.

    • Typically you’ll just use a single OSPF process.

  • For EIGRP routers to become neighbors, their AS number has to match.

  • The OSPF process ID is locally significant.

  • Routers with different process IDs can become OSPF neighbors. You could use process ID 1 on R1 and process ID 2 on R2, and they would still become OSPF neighbors and exchange LSAs.

R1(config-router)# network 10.0.12.0 0.0.0.3 area 0

  • The network commands tells OSPF to look for any interfaces with an IP address in the range specified, and then activate OSPF on the interface in the specified area.

  • OSPF also uses wildcard masks like in EIGRP.

  • For single area OSPF it’s actually possible to use any area number, but it’s considered best practice to use area 0.

  • When OSPF is activated on the interface, the router will try to become OSPF neighbors with other OSPF-activated neighbor routers (R1 will become OSPF neighbors with R2 and R3).

R1(config-router)# passive-interface g2/0

  • The passive-interface command tells the router to stop sending OSPF ‘hello’ messages out of the interface.

  • However, the router will continue to send LSAs informing its neighbors about the subnet configured on the interface.

  • So, although R1 won’t send hellos out of g2/0 and try to find OSPF neighbors, it will still tell its other neighbors about the 172.16.1.0/28 network.

  • Routers will send OSPF hello messages on loopback interfaces, even though they are connected to nothing. So make the loopback interface a passive interface too.

  • Always use this command on interfaces which don’t have any OSPF neighbors.

R1(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.2

  • Configured a default route on R1, and the next hop is the ISP’s IP address.

R1(config-router)# default-information originate

  • This will cause the router to create a new LSA and flood it.

  • You can see R2, R3, R4 added the default route via R1 to its route table.

  • Configuring a default route and then advertising it into OSPF using this command will make R1 an OSPF ASBR (Autonomous System Boundary Router).

R1(config-router)# router-id ID in IP format R1(config-router)# router-id 1.1.1.1

  • In EIGRP the command is 'eigrp router-id', in OSPF it's just 'routere-id'.

  • After you enter this, the router says to reload or use ‘clear ip ospf process’ command, for this to take effect.

R1# clear ip ospf process Reset ALL OSPF processes? {no} : yes

  • This basically resets OSPF on the router.

  • Bad idea in a real network, and the router will lose all of its OSPF routes for a short time and won’t be able to forward traffic.

  • 'no' in square brackets indicates the default choice. If you press 'enter' the router will assume 'no'.

R1(config-router)# maximum-paths <1-32>

  • Default value is 4.

R1(config-router)# distance <1-225>

  • If you change it to 85, OSPF routes are preferred over EIGRP routes on this router.

R1# show ip protocols

  • At the top it says ‘routing protocol is ospf 1’. 1 is the process ID configured earlier.

  • Then the router ID. Same as EIGRP. Order of priority :

    • Manual configuration

    • Highest IP address on a loopback interface

    • Highest IP address on a physical interface

  • Then it shows ‘It is an autonomous system boundary router’.

    • ASBR is an OSPF router that connects the OSPF network to an external network.

    • R1 is connected to the Internet. By using the 'default-information originate' command, R1 becomes an ASBR, it connects the OSPF network to the Internet.

    • You won't see this in other routers as they are not connected to external networks.

  • Next, 'number of areas in this router is 1. 1 normal 0 stub 0 nssa'.

    • These are three different types of OSPF areas.

    • Number of areas this router is in, is one, because this is single-area OSPF.

  • Next, maximum paths is 4.

    • Unlike EIGRP, OSPF doesn’t support unequal-cost load-balancing.

    • It does support ECMP load-balancing over a maximum of 4 paths by default and can be changed.

  • The ‘routing for networks’ section shows the network commands entered.

    • This only determines which interfaces OSPF will be activated on, it doesn’t tell OSPF to flood LSAs for these specific networks.

  • Passive interfaces.

  • R1's neighbors.

  • OSPF’s AD (default 110).

Quiz

![[ospf 1 quiz.png]]

  • OSPF will advertise RouterA's gateway of last resort, that is the default route.

  • An ASBR is an OSPF router that is connected to an external network, outside of the OSPF domain and it shares information into the OSPF domain about those external networks.