OK so clearly I haven’t been updating a lot lately due to my very busy situation. I’m sorry for that but my former colleague Henri keeps nagging me for an update so I decided to write on some interesting tidbits of OSPF that I gathered in my notes recently.

We start with doing MD5 authentication to show something interesting.

R1#sh run int f0/0
Building configuration...

Current configuration : 151 bytes
!
interface FastEthernet0/0
 ip address 12.12.12.1 255.255.255.0
 ip ospf authentication message-digest
 ip ospf 1 area 0

The adjacency comes up even though no key has been configured, everything should be fine right? CCIE candidates don’t get off that easily, we need to verify.

%OSPF-5-ADJCHG: Process 1, Nbr 12.12.12.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
R1#sh ip ospf int f0/0 | be Message
  Message digest authentication enabled
      No key configured, using default key id 0

So we are using a default key even though we didn’t configure any key! What is the next step in verifying? Debug…

R1#debug ip ospf adj
OSPF adjacency events debugging is on
R1#
*Mar  1 00:08:11.327: OSPF: Send with youngest Key 0

Indeed, authentication is working without a key! Not that useful but still an interesting fact.

OSPF does not use key chains like EIGRP and RIP. What can we do if we want to change the key used without disrupting the adjacency? We start by defining a key with ID 3.

R1(config-if)#ip ospf message-digest-key 3 md5 cisco

Then we configure another key with ID 1.

R1(config-if)#ip ospf message-digest-key 1 md5 cisco1
R1#sh ip ospf int f0/0 | be Message
  Message digest authentication enabled
    Youngest key id is 1
    Rollover in progress, 1 neighbor(s) using the old key(s):
      key id 3

So the old key is using ID 3 and the router will accept that key until the other side is also configured for key with ID 1. Now what happens if we configure another key with ID 5?

R1#sh ip ospf int f0/0 | be Message
  Message digest authentication enabled
    Youngest key id is 5
    Rollover in progress, 1 neighbor(s) using the old key(s):
      key id 3
      key id 1

So now we have two old keys and the newest one is the one with ID 5. I just wanted to show that the ID itself does not decide which one is newer, the last one you enter is the youngest key. So if we want to do a rollover we simply configure one side with the newer key and then the other side and the adjacency won’t flap.

When the keys are matching the output will look like this:

R1#sh ip ospf int f0/0 | be Message
  Message digest authentication enabled
    Youngest key id is 5

You might have heard that OSPF is distance vector between areas, how can we prove this? Lets try a simple 3 router setup looking like this.

We configure OSPF according to the topology and check that R3 is receiving the loopback of R1.

R3#sh ip route 1.1.1.1
Routing entry for 1.1.1.1/32
  Known via "ospf 1", distance 110, metric 3, type inter area
  Last update from 23.23.23.2 on FastEthernet0/0, 00:00:02 ago
  Routing Descriptor Blocks:
  * 23.23.23.2, from 12.12.12.2, 00:00:02 ago, via FastEthernet0/0
      Route metric is 3, traffic share count is 1

Which it is. Now what happens if we use a distribute-list on R2? OSPF is link state and LSA should still be advertised?

R2(config)#ip prefix-list DENY_R1_LO deny 1.1.1.1/32
R2(config)#ip prefix-list DENY_R1_LO permit 0.0.0.0/0 le 32
R2(config)#router ospf 1
R2(config-router)#distribute-list prefix DENY_R1_LO in

Is the prefix still in R3s routing table?

R3#sh ip route 1.1.1.1
% Network not in table
R3#sh ip ospf data sum 1.1.1.1

            OSPF Router with ID (23.23.23.3) (Process ID 1)

There is not even a LSA there. What about R2?

R2#sh ip route 1.1.1.1
% Network not in table
R2#sh ip ospf data sum 1.1.1.1

            OSPF Router with ID (12.12.12.2) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 344
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 1.1.1.1 (summary Network Number)
  Advertising Router: 12.12.12.1
  LS Seq Number: 80000001
  Checksum: 0x3ED4
  Length: 28
  Network Mask: /32
        TOS: 0  Metric: 1

There is a type 3 LSA originating from R1 but R2 is not originating one for area 2. It is proven that OSPF is distance vector between areas!

Finally I want to show something that can be useful when you want to take a router out of service gracefully. Rather than just rebooting or shutting down links it can be down this way. First we announce loopback from R3 and verify that it is seen on R2.

R1#sh ip route 3.3.3.3
Routing entry for 3.3.3.3/32
  Known via "ospf 1", distance 110, metric 3, type inter area
  Last update from 12.12.12.2 on FastEthernet0/0, 00:00:00 ago
  Routing Descriptor Blocks:
  * 12.12.12.2, from 12.12.12.2, 00:00:00 ago, via FastEthernet0/0
      Route metric is 3, traffic share count is 1

OK, so the route is there. Now assume that we want to take R3 out of service. How can we do that? By setting the LSA to the maximum metric available. If there is any other path to reach the prefix that will be preferred.

R3(config-router)#max-metric router-lsa

Now we have a look at R2. All router LSAs from R3 now have a maximum metric of 65535. So the route is not installed in the RIB.

R2#sh ip ospf data router 23.23.23.3

            OSPF Router with ID (12.12.12.2) (Process ID 1)

                Router Link States (Area 2)

  Routing Bit Set on this LSA
  LS age: 30
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 23.23.23.3
  Advertising Router: 23.23.23.3
  LS Seq Number: 80000005
  Checksum: 0xEC21
  Length: 36
  Area Border Router
  Number of Links: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 23.23.23.3
     (Link Data) Router Interface address: 23.23.23.3
      Number of TOS metrics: 0
       TOS 0 Metrics: 65535

This means that we can do work on a router and announce all router LSAs with the maximum metric and when we are done we remove the maximum metric and traffic will once again flow through the router. It’s a good option for those planned maintenance windows.

That’s all for this time!

Some interesting facts of OSPF
Tagged on:             

6 thoughts on “Some interesting facts of OSPF

  • July 26, 2012 at 10:42 am
    Permalink

    hey Daniel,I sent you an email days ago,and looking forward to your reply.
    And,Have ever try INE’s mock lab?I am going to schedule their labs,but not sure if i should complete all the labs.If you have the experience with their mock labs,pls tell me your feedback.

    Reply
    • July 26, 2012 at 6:13 pm
      Permalink

      Hi Aaron,

      Sorry. I must have missed your mail. I will check. I didn’t try their mocks but they should be OK. From what I have heard Cisco 360 is best but it is also most expensive.

      Reply
      • July 27, 2012 at 5:59 am
        Permalink

        People at IEOC is saying the TS section difficulty of INE’s mock lab is under the real exam lab and Cis360.Its obvious though,they have nearly 30 routers in TS lab.

        Reply
  • July 27, 2012 at 5:15 am
    Permalink

    Interesting article. We normally place our OSPF interfaces into passive mode, and then traffic flows differently. But setting max metric might be even smoother. Thanks.

    Reply
  • July 27, 2012 at 7:53 am
    Permalink

    Aaron :

    People at IEOC is saying the TS section difficulty of INE’s mock lab is under the real exam lab and Cis360.Its obvious though,they have nearly 30 routers in TS lab.

    Yes, you need to be prepared for a big topology. That is what shocks most people. INE are releasing a new TS soon with 30 router topology.Cisco 360 has some mocks with that large topology and they are running on IOU which the real TS is also doing. That is why I recommended it.

    If you have a powerful PC you could build such a large topology yourself.

    Reply
  • October 23, 2020 at 12:31 pm
    Permalink

    I have a similar setup but get a constant log entry

    *Oct 23 10:30:17.892: OSPF-100 ADJ Vl800: Send with youngest Key 1
    *Oct 23 10:30:19.233: OSPF-110 ADJ Vl900: Send with youngest Key 2
    *Oct 23 10:30:27.049: OSPF-100 ADJ Vl800: Send with youngest Key 1
    *Oct 23 10:30:29.190: OSPF-110 ADJ Vl900: Send with youngest Key 2
    *Oct 23 10:30:36.641: OSPF-100 ADJ Vl800: Send with youngest Key 1
    *Oct 23 10:30:38.892: OSPF-110 ADJ Vl900: Send with youngest Key 2

    Reply

Leave a Reply to reaper81 Cancel reply

Your email address will not be published. Required fields are marked *