OK so clearly I haven’t been updating a lot lately due to my very busy situation. I’m sorry for that but my former colleague Henri keeps nagging me for an update so I decided to write on some interesting tidbits of OSPF that I gathered in my notes recently.

We start with doing MD5 authentication to show something interesting.

The adjacency comes up even though no key has been configured, everything should be fine right? CCIE candidates don’t get off that easily, we need to verify.

So we are using a default key even though we didn’t configure any key! What is the next step in verifying? Debug…

Indeed, authentication is working without a key! Not that useful but still an interesting fact.

OSPF does not use key chains like EIGRP and RIP. What can we do if we want to change the key used without disrupting the adjacency? We start by defining a key with ID 3.

Then we configure another key with ID 1.

So the old key is using ID 3 and the router will accept that key until the other side is also configured for key with ID 1. Now what happens if we configure another key with ID 5?

So now we have two old keys and the newest one is the one with ID 5. I just wanted to show that the ID itself does not decide which one is newer, the last one you enter is the youngest key. So if we want to do a rollover we simply configure one side with the newer key and then the other side and the adjacency won’t flap.

When the keys are matching the output will look like this:

You might have heard that OSPF is distance vector between areas, how can we prove this? Lets try a simple 3 router setup looking like this.

We configure OSPF according to the topology and check that R3 is receiving the loopback of R1.

Which it is. Now what happens if we use a distribute-list on R2? OSPF is link state and LSA should still be advertised?

Is the prefix still in R3s routing table?

There is not even a LSA there. What about R2?

There is a type 3 LSA originating from R1 but R2 is not originating one for area 2. It is proven that OSPF is distance vector between areas!

Finally I want to show something that can be useful when you want to take a router out of service gracefully. Rather than just rebooting or shutting down links it can be down this way. First we announce loopback from R3 and verify that it is seen on R2.

OK, so the route is there. Now assume that we want to take R3 out of service. How can we do that? By setting the LSA to the maximum metric available. If there is any other path to reach the prefix that will be preferred.

Now we have a look at R2. All router LSAs from R3 now have a maximum metric of 65535. So the route is not installed in the RIB.

This means that we can do work on a router and announce all router LSAs with the maximum metric and when we are done we remove the maximum metric and traffic will once again flow through the router. It’s a good option for those planned maintenance windows.

That’s all for this time!

Some interesting facts of OSPF
Tagged on:             

5 thoughts on “Some interesting facts of OSPF

  • July 26, 2012 at 10:42 am

    hey Daniel,I sent you an email days ago,and looking forward to your reply.
    And,Have ever try INE’s mock lab?I am going to schedule their labs,but not sure if i should complete all the labs.If you have the experience with their mock labs,pls tell me your feedback.

    • July 26, 2012 at 6:13 pm

      Hi Aaron,

      Sorry. I must have missed your mail. I will check. I didn’t try their mocks but they should be OK. From what I have heard Cisco 360 is best but it is also most expensive.

      • July 27, 2012 at 5:59 am

        People at IEOC is saying the TS section difficulty of INE’s mock lab is under the real exam lab and Cis360.Its obvious though,they have nearly 30 routers in TS lab.

  • July 27, 2012 at 5:15 am

    Interesting article. We normally place our OSPF interfaces into passive mode, and then traffic flows differently. But setting max metric might be even smoother. Thanks.

  • July 27, 2012 at 7:53 am

    Aaron :

    People at IEOC is saying the TS section difficulty of INE’s mock lab is under the real exam lab and Cis360.Its obvious though,they have nearly 30 routers in TS lab.

    Yes, you need to be prepared for a big topology. That is what shocks most people. INE are releasing a new TS soon with 30 router topology.Cisco 360 has some mocks with that large topology and they are running on IOU which the real TS is also doing. That is why I recommended it.

    If you have a powerful PC you could build such a large topology yourself.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: