Pages

Sunday, March 18, 2018

ospf documentation part 2

OSPF link state routing protocol.


rip = route resend every 30s. send full

routing table.



rip    = advertise hop count
eigrp  = advertise prefix, subnet mask,

metric. -> dicalculated oleh algorithm jadi

distance. ( penentu best path )

^ bandwidth delay reliability by directly

connected.
^ tau kondisi dari directly neighbor

adjacencies.
^ ketika sudah mencapai other side of

neighbor, information ga dikirim beda dengan

OSPF.



=======================


link state = send prefix but only for

specific time ( etc: 30 min ).
- ngirim LSA ( link state adv )
 lot of descriptive information on the link!

LSA => DETAIL visibility on interface.
cache on database and keep flooding it.

everybody on area see everything!!



==================
OSPF USE LINK state logic:
- neighbor discovery
- topology database exchange
- route computation



hello packet sent using multicast 224.0.0.5
ospf use IP protocol 89 ( bukan tcp / udp )
ospf use concept of AREA



=================
scenario 1.  menggunakan area 0

backbone = area 0


backbone area0

area 10 area 20 area

30


setiap area 10,20,30 ada 1 interface

connected ke area 0


dari area 1 ke area lainnya harus lewat area

0 baru dipermit lewat.
klo ada link direct dari area 10 ke area 20

-> ga bakal jalan. walopun di hubungkan

dengan
area number yg sama.




==================
scenario 2.   semua network dijadiin 1 area.

network 1---- network 2 ---- network

3


^ jadi 1 area. bisa pake area number berapa

aja.
etc:  area 23.


^ tp ada downsidenya. bakal send semua

information. loadnya bakal gede di tiap

router.
  cpu intensive!




- Type-1 Router LSA.
tiap network baru bakal diflood ke semua

area yang bersangkutan!!



====================


1 lsa dicollect stored di database
2 masukin semuanya dan bentuk tree   -> type

1 router LSA bakal beratin semua router

karena semua jadi 1 area
3 cari best path taro di routing table




- link state database



-======================

AREA BORDER ROUTER:

router yang terhubung ke router area 0
* connect non backbone area to backbone

area.


6 area connected to area border router = 6

tree.
^ router ABR work really hard.
=======================


- type-3 summary router LSA. ( di ABR )
network yg baru di area x akan di sent ke

area 0 supaya dikenali oleh area 0



=======================


#router ospf <process-id>   !! ga harus sama

di router tetangga.


=======================


router id ospf:
1. manually configured   !! ga perlu ada di

interface manapun
2. highest ip of any loopback interface
3. highest ip address of any non loopback

interface



=======================

TSHOOT COMMAND
show ip int bri
show ip ospf   !! check router-id
show ip ospf database  !! muncul area
show ip ospf neig


clear ip ospf process  !! restart ospf

process klo dibutuhkan.



=====================


ospf neighborship lbh complex.

- 2 way neighbors
- fully adjacent neighbors




===================

cara konfigurasi ospf pada interface. (

bukan pada router )

interface fastethernet0/0
ip address x.x.x.x y.y.y.y
ip ospf 1 area 1   -> config on

interface
duplex auto
speed auto


klo yang global:

router ospf 1
router-id 20.20.20.20
network 20.20.20.0 0.0.0.255 area 1

================


parameter yg harus match buat neighbor:

- hello interval
- dead interval
- area ID
- subnet mask
- authentication
- stub area flag



==============

hello message parameter depending on network

condition ( no need to match ):

- ospf router ID
- list of neighbors reachable on interface
- router priority
- DR ip address
- BDR ip address



=============

interval:

LAN
hello    10
dead     40



custom hello!
#conf t
#ip ospf hello-interval 5
#ip ospf dead-interval 20
#end



!!check config
#show ip ospf interface fa0/0



** hello and dead timer interval can be

modified to have faster convergen


#ip ospf dead-interval minimal hello-

multiplier multiplier



===========


** klo mo ganti router-id di router,
harus clear ospf process. ( soalnya bakal

ganti di semua database router lainnya ).

!! verify router-id
# show ip protocols
# show ip ospf
# show ip ospf database



==========

MTU issue.


default MTU = 1500 ( bytes of data )

^ default ip MTU + ETHERNET frame ( maximum

legal size )


^ if router need to forward packet larger

than outgoing
interface MTU, it either fragments the

packet or discard
it.


tergantung setting DF ( dont fragment ).
^ klo di set DF, packetnya di drop klo ga

difragment.


2 router yg terkoneksi di cable yang sama

harus punya
MTU yang sama. ( same data link )



^ tetep jadi neighbors tp nanti bakal jadi

issue
EXSTART state abis itu down.

^ di log messsage => " too many

retransmissions "
==========
!! cek via wireshark !!

conf t
int fa0/0
ip mtu 1000


show ip ospf neigh
^ state EXSTART/DR



^ klo mo ngecek processnya bisa pake

wireshark
ip-proto eq 89   !! port 89.
dapet hello packet -> bisa di inspect /

diliat detail ( bagian header )

area ID: 0.0.0.0
hello interval: 10s


sama DB description

OSPF DB Description
Interface MTU: 1000


=================
!! check via debug command di router !!

#debug ip ospf adj

^ OSPF: Nbr 19.19.199.19 has larger

interface MTU  !! ketauan errornya


================
!!OSPF Authentication part 1 !!


tujuan: prevent unauthorize router join

neighbor

2 step proces s:
- enable authentication & type
- authentication key must be configured per

interface


!! per interface
# ip ospf authentication [pass]



!! global conf
#area <area-id> authentication <pass> 


3 type of authen:
- type 0 :  no authentication
- type 1 : clear text authentication
- type 2 : MD5 AUTHEN**


^ capture hello packet klo ga pake md5

kebaca.


- suuport multiple key  on same interface.
but does not support key chain.
^ key yang berubah2 tiap selang interval

waktu.





================
!! configure authen to interface subcommand

#ip ospf authentication null  ( type 0 )




#ip ospf authentication  ( type 1 )
#ip ospf authentication-key <pass>    (

type1)



#ip ospf authentication message-digest  (

type 2)
#ip ospf message-digest-key <key-id> <pass>

(type 2)


!! same type of authen and same type of key

must be used for auth on both router !!




^ ketika implementasi authentikasi dan ospf

sudah berjalan harus nunggu dead timernya

selesai baru adjacenciesnya putus.



================
!! debug command !!

show ip ospf interface <int>
debug ip ospf hello
debug ip ospf adj


================
!! debug on wireshark !!

filter :
224.0.0.5  -> multicast
224.0.0.6

or unicast


89 -> port ospf


# int fast0/0
# ip ospf 1 area 1
# end



ospf header:
Auth Type:   ->  liad auth type pake

wireshark port 89

===============


Posted by at
Labels: , ,

2 comments:

Subscribe to: Post Comments (Atom)