OSPF
OSPF(Open Shortest Path First)
- Cisco 전용 라우팅 프로토콜
- Advanced Distance Vector
라우팅 업데이트 및 관리 방식 / 라우팅 업데이트시 목적지 네트워크, 넥스트-홉, 메트릭 정보 포함
- Classless Routing Protocol
서브넷 처리 방식 / 네트워크을 서브넷 마스크를 확인후 서브넷 처리 / 라우팅 업데이트 정보에 서브넷 마스크 포함
- VLSM, CIDR
VLSM:서브넷팅된 서브넷을 또 다시 서브넷팅하는 계산 작업
- IGP
사용하는 지역 / 컨버전스가 빨라 라우팅 업데이트가 빠르다 / 대용량 라우팅 업데이트 X / 특정 네트워크 구간, AS 안에서 사용
- SPF 알고리즘을 사용하는 개방된 라우팅 프로토콜
1. 라우터 아이디(Router-ID)
- OSPF 라우터를 구분하기 위한 식별자
- 형식 : IPv4 주소 형식
1) 물리적인 인터페이스만 있을 경우, 그 중에 IP 주소가 가장 높은 IP 주소로 선출
F0/0 : 13.13.10.1
S1/0 : 13.13.12.1 <- 라우터 아이디 선출
2) Loopback 인터페이스가 있을 경우, Loopback 중에 IP 주소가 가장 높은 IP 주소로 선출
F0/0 : 13.13.10.1
S1/0 : 13.13.12.1
Lo172 : 172.16.1.1 <- 라우터 아이디 선출
- 단, Down 상태인 인터페이스 IP 주소로는 선출하지 않는다.
3) 'router-id' 명령어를 이용한 수동 선출
R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1 ←형식이 IPv4랑 같을 뿐 의미 없음
2. OSPF 설정
Router(config)# router ospf [1~65535 Process-ID]
Router(config-router)# router-id x.x.x.x
Router(config-router)# network [로컬 네트워크] [와일드카드 마스크] area [area 주소] ←OSPF망 설계시 정해짐
Router(config-router)# passive-interface [Interface Name]
와일드카드 마스크 : 서브넷마스크랑 반대로
e.g
서브넷 마스크 와일드카드 마스크: 공통비트는 0 다른비트는 1
255.255.255.255 0.0.0.0
255.255.255.0 0.0.0.255
255.255.0.0 0.0.255.255
255.0.0.0 0.25.255.255
0.0.0.0 255.255.255.255
@ R1
router ospf 1
router-id 1.1.1.1
network 13.13.10.0 0.0.0.255 area 0
network 13.13.12.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
passive-interface fa0/0
passive-interface lo172
@ R2
router ospf 1
router-id 2.2.2.2
network 13.13.20.0 0.0.0.255 area 0
network 13.13.12.0 0.0.0.255 area 0
network 13.13.23.0 0.0.0.255 area 0
passive-interface fa0/0
@ R3
router ospf 1
router-id 3.3.3.3
network 13.13.30.0 0.0.0.255 area 0
network 13.13.23.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.255 area 0
passive-interface fa0/0
passive-interface lo172
R1,R2,R3#show run
R1,R2,R3#show ip ospf neighbor
R1,R2,R3#show ip route
R1#ping 13.13.20.1 source fa0/0
R1#ping 13.13.30.1 source fa0/0
R1#ping 172.16.3.1 source lo172
R2#ping 13.13.10.1 source fa0/0
R2#ping 172.16.1.1 source fa0/0
R2#ping 13.13.30.1 source fa0/0
R2#ping 172.16.3.1 source fa0/0
R3#ping 13.13.20.1 source fa0/0
R3#ping 13.13.10.1 source fa0/0
R3#ping 172.16.1.1 source lo172
3. Loopback /32 라우팅 업데이트 동작
R2#sh ip route ospf
172.16.0.0/32 is subnetted, 2 subnets
O 172.16.1.1 [110/65] via 13.13.12.1, 00:00:50, Serial1/1
O 172.16.3.1 [110/65] via 13.13.23.3, 00:00:50, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.10.0 [110/74] via 13.13.12.1, 00:00:50, Serial1/1
O 13.13.30.0 [110/74] via 13.13.23.3, 00:00:50, Serial1/0
R1#show ip ospf int lo 172
Loopback172 is up, line protocol is up
Internet Address 172.16.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
--------------- IP 1개 네트워크(255.255.255.255 = /32)
R1(config)#int lo 172
R1(config-if)#ip ospf network point-to-point
R1(config-if)#end
R1#show ip ospf int lo 172
Loopback172 is up, line protocol is up
Internet Address 172.16.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
~ 중간 생략 ~
R2#sh ip route ospf
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
O 172.16.1.0/24 [110/65] via 13.13.12.1, 00:00:55, Serial1/1
O 172.16.3.1/32 [110/65] via 13.13.23.3, 00:00:55, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.10.0 [110/74] via 13.13.12.1, 00:00:55, Serial1/1
O 13.13.30.0 [110/74] via 13.13.23.3, 00:00:55, Serial1/0
R3(config)#int lo 172
R3(config-if)#ip ospf network point-to-point
R3(config-if)#end
R2#sh ip route ospf
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.1.0 [110/65] via 13.13.12.1, 00:00:01, Serial1/1
O 172.16.3.0 [110/65] via 13.13.23.3, 00:00:01, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.10.0 [110/74] via 13.13.12.1, 00:00:01, Serial1/1
O 13.13.30.0 [110/74] via 13.13.23.3, 00:00:01, Serial1/0
4. OSPF 메트릭
- Cost = 10^8 / Bandwidth
Ex) R1에서 '13.13.30.0/24'까지 OSPF 메트릭(Cost)은 얼마인가?
1544k 1544k 10M
R1---------------------------R2--------------------------R3-----------------| 13.13.30.0/24
cost = 64 cost = 64 cost = 10
64 + 64 + 10 = 138
R1#show ip ospf int s1/0
R2#show ip ospf int s1/0
R3#show ip ospf int fa0/0
R1#show ip route 13.13.30.0
Routing entry for 13.13.30.0/24
Known via "ospf 1", distance 110, metric 138, type intra area
Last update from 13.13.12.2 on Serial1/0, 00:06:14 ago
Routing Descriptor Blocks:
* 13.13.12.2, from 3.3.3.3, 00:06:14 ago, via Serial1/0
Route metric is 138, traffic share count is 1
5. OSPF 신뢰도
R1#show ip route ospf
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.3.0 [110/129] via 13.13.12.2, 00:06:43, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.20.0 [110/74] via 13.13.12.2, 00:06:43, Serial1/0
O 13.13.23.0 [110/128] via 13.13.12.2, 00:06:43, Serial1/0
O 13.13.30.0 [110/138] via 13.13.12.2, 00:06:43, Serial1/0
[참고] 경로 신뢰도
Connected 0
Static 1
EIGRP 90
OSPF 110
RIP 120
EIGRP External 170
6. OSPF 동작 과정
- '@ OSPF 동작 과정.ppt' 참조
- Down state -> Init state -> Two-Way state -> Exstart state -> Exchange state -> Loading state - Full state
Down state:Hello 보냄 ACK
Init state: ACK/SNK
Two-Way state:ACK
→→→→→→→→→→→→→→→→→→→→→→→→→TCP처럼 본론 전 준비 단계
Exstart state Router ID 높은애가 Master 낮은애가 Slave
Exchange state: LinkStateDataBase
Loading state: Slave Router가 없는 정보를 LSR을 통해 Mater Router에게 정보를 요청함
Full state:정보를 받으면 ACK를 보냄
R1#debug ip ospf adj
OSPF adjacency events debugging is on
R1#
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 00:49:57.903: OSPF: Interface Loopback172 going Down
*Mar 1 00:49:57.903: OSPF: 1.1.1.1 address 172.16.1.1 on Loopback172 is dead, state DOWN
*Mar 1 00:49:57.907: OSPF: Interface FastEthernet0/0 going Down
*Mar 1 00:49:57.911: OSPF: 1.1.1.1 address 13.13.10.1 on FastEthernet0/0 is dead, state DOWN
*Mar 1 00:49:57.911: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar 1 00:49:57.915: OSPF: DR/BDR election on FastEthernet0/0
*Mar 1 00:49:57.915: OSPF: Elect BDR 0.0.0.0
*Mar 1 00:49:57.915: OSPF: Elect DR 0.0.0.0
*Mar 1 00:49:57.919: OSPF: Elect BDR 0.0.0.0
*Mar 1 00:49:57.919: OSPF: Elect DR 0.0.0.0
*Mar 1 00:49:57.923: DR: none BDR: none
*Mar 1 00:49:57.923: OSPF: Flush network LSA immediately
*Mar 1 00:49:57.927: OSPF: Remember old DR 1.1.1.1 (id)
*Mar 1 00:49:57.927: OSPF: Interface Serial1/0 going Down
*Mar 1 00:49:57.931: OSPF: 1.1.1.1 address 13.13.12.1 on Serial1/0 is dead, state DOWN
*Mar 1 00:49:57.931: OSPF: 2.2.2
R1#.2 address 13.13.12.2 on Serial1/0 is dead, state DOWN
*Mar 1 00:49:57.935: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:49:58.571: OSPF: Interface Loopback172 going Up
*Mar 1 00:49:58.575: OSPF: Interface FastEthernet0/0 going Up
*Mar 1 00:49:58.575: OSPF: Interface Serial1/0 going Up
*Mar 1 00:49:58.591: OSPF: Build router LSA for area 0, router ID 1.1.1.1, seq 0x80000001, process 1
*Mar 1 00:49:58.595: OSPF: We are not DR to build Net Lsa for interface FastEthernet0/0
*Mar 1 00:49:58.603: OSPF: 2 Way Communication to 2.2.2.2 on Serial1/0, state 2WAY
*Mar 1 00:49:58.603: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x2A2 opt 0x52 flag 0x7 len 32
*Mar 1 00:49:58.627: OSPF: Rcv DBD from 2.2.2.2 on Serial1/0 seq 0x26DD opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
*Mar 1 00:49:58.631: OSPF: NBR Negotiation Done. We are the SLAVE
*Mar 1 00:49:58.635: OSPF: Send DBD to 2.2.2.2 on Serial1/
R1#0 seq 0x26DD opt 0x52 flag 0x2 len 52
*Mar 1 00:49:58.675: OSPF: Rcv DBD from 2.2.2.2 on Serial1/0 seq 0x26DE opt 0x52 flag 0x3 len 72 mtu 1500 state EXCHANGE
*Mar 1 00:49:58.679: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x26DE opt 0x52 flag 0x0 len 32
*Mar 1 00:49:58.739: OSPF: Rcv DBD from 2.2.2.2 on Serial1/0 seq 0x26DF opt 0x52 flag 0x1 len 32 mtu 1500 state EXCHANGE
*Mar 1 00:49:58.743: OSPF: Exchange Done with 2.2.2.2 on Serial1/0
*Mar 1 00:49:58.747: OSPF: Send LS REQ to 2.2.2.2 length 24 LSA count 2
*Mar 1 00:49:58.747: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x26DF opt 0x52 flag 0x0 len 32
*Mar 1 00:49:58.815: OSPF: Rcv LS UPD from 2.2.2.2 on Serial1/0 length 184 LSA count 2
*Mar 1 00:49:58.819: OSPF: Synchronized with 2.2.2.2 on Serial1/0, state FULL
*Mar 1 00:49:58.823: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial1/0 from LOADING to FULL, Loading Done
R1#
*Mar 1 00:50:03.971: OSPF: Rcv LS UPD from 2.2.2.2 on Serial1/0 length 100 LSA count 1
*Mar 1 00:50:04.327: OSPF: Build router LSA for area 0, router ID 1.1.1.1, seq 0x80000005, process 1
R1#
R1#undebug all
All possible debugging has been turned off
R1#
7. OSPF 라우팅 업데이트 및 변경 사항
- 네트워크 추가 및 삭제될 경우, LSU 패켓을 통해서 업데이트 실시
8. Area 설계
- OSPF 광고양을 최소화하기 위해서 Area 설계를 실시한다.
- 같은 Area 안에서는 전체 광고되지만, 다른 Area로는 추가/삭제된 부분만 광고한다.
- Area 설계 방법 : 모든 Area는 Area 0을 경유하도록 설계해야 한다.
- Area 0 = Backbone Area (모든 Area가 경유하는 Area)
- ABR = Area 0과 Area X 사이에 있는 라우터
- ASBR = 외부 네트워크 정보를 OSPF 환경으로 라우팅 업데이트하는 라우터
9. OSPF 테이블 유형
1) 네이버 테이블
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 0 FULL/ - 00:00:30 13.13.12.2 Serial1/0
2) 데이터베이스 테이블(Link-State Database = LSDB)
R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 50 0x80000006 0x00E351 4
2.2.2.2 2.2.2.2 51 0x80000007 0x008064 5
3.3.3.3 3.3.3.3 840 0x80000004 0x007682 4
@ R3 Area 0 링크 - 4개
13.13.23.0/24
13.13.30.0/24
172.16.3.0/24
R2와 연결된 S1/1 주소 13.13.23.3
@ R2 Area 0 링크 - 5개
13.13.12.0/24
13.13.20.0/24
13.13.23.0/24
R3와 연결된 S1/0 주소 13.13.23.2
R1과 연결된 S1/1 주소 13.13.12.2
@ R1 Area 0 링크 - 4개
13.13.10.0/24
13.13.12.0/24
172.16.1.0/24
R2와 연결된 S1/0 주소 13.13.12.1
R1#show ip ospf database router
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
LS age: 271
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 1.1.1.1
Advertising Router: 1.1.1.1
LS Seq Number: 80000006
Checksum: 0xE351
Length: 72
Number of Links: 4
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.16.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 2.2.2.2
(Link Data) Router Interface address: 13.13.12.1
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.12.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.10.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 10
LS age: 273
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 2.2.2.2
Advertising Router: 2.2.2.2
LS Seq Number: 80000007
Checksum: 0x8064
Length: 84
Number of Links: 5
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 1.1.1.1
(Link Data) Router Interface address: 13.13.12.2
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.12.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.20.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 10
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 3.3.3.3
(Link Data) Router Interface address: 13.13.23.2
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.23.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
LS age: 1063
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 3.3.3.3
Advertising Router: 3.3.3.3
LS Seq Number: 80000004
Checksum: 0x7682
Length: 72
Number of Links: 4
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.16.3.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.30.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 10
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 2.2.2.2
(Link Data) Router Interface address: 13.13.23.3
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 13.13.23.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
3) 라우팅 테이블
R1#show ip route ospf
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.3.0 [110/129] via 13.13.12.2, 00:10:32, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.20.0 [110/74] via 13.13.12.2, 00:10:33, Serial1/0
O 13.13.23.0 [110/128] via 13.13.12.2, 00:10:33, Serial1/0
O 13.13.30.0 [110/138] via 13.13.12.2, 00:10:33, Serial1/0
10. OSPF 경로 유형
- O : Intra-Area 경로, 같은 Area 네트워크
- O IA : Inter-Area 경로, 다른 Area 네트워크
- O E2 : External 경로, 외부 네트워크
R3(config)#int lo 100
R3(config-if)#ip address 100.100.1.1 255.255.255.0
R3(config-if)#ip address 100.100.2.1 255.255.255.0 secondary
R3(config-if)#ip address 100.100.3.1 255.255.255.0 secondary
R3(config-if)#
R3(config-if)#int lo 200
R3(config-if)#ip address 200.200.1.1 255.255.255.0
R3(config-if)#ip address 200.200.2.1 255.255.255.0 secondary
R3(config-if)#ip address 200.200.3.1 255.255.255.0 secondary
R3(config-if)#ip ospf network point-to-point
R3(config-if)#
R3(config-if)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 100.0.0.0
R3(config-router)#
R3(config-router)#router ospf 1
R3(config-router)#network 200.200.0.0 0.0.255.255 area 13
R3(config-router)#redistribute rip subnets
R1#show ip route ospf
100.0.0.0/24 is subnetted, 3 subnets
O E2 100.100.1.0 [110/20] via 13.13.12.2, 00:04:11, Serial1/0
O E2 100.100.2.0 [110/20] via 13.13.12.2, 00:04:11, Serial1/0
O E2 100.100.3.0 [110/20] via 13.13.12.2, 00:04:11, Serial1/0
O IA 200.200.1.0/24 [110/129] via 13.13.12.2, 00:04:11, Serial1/0
O IA 200.200.2.0/24 [110/129] via 13.13.12.2, 00:04:11, Serial1/0
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.3.0 [110/129] via 13.13.12.2, 00:04:11, Serial1/0
O IA 200.200.3.0/24 [110/129] via 13.13.12.2, 00:04:11, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.20.0 [110/74] via 13.13.12.2, 00:04:11, Serial1/0
O 13.13.23.0 [110/128] via 13.13.12.2, 00:04:11, Serial1/0
O 13.13.30.0 [110/138] via 13.13.12.2, 00:04:11, Serial1/0
11. ABR, ASBR 라우터 확인
- ABR : Area 0과 Area X 사이에 있는 라우터
- ASBR : 외부 네트워크 정보를 OSPF 환경으로 라우팅 업데이트하는 라우터
R3#show ip ospf
Routing Process "ospf 1" with ID 3.3.3.3
Start time: 00:14:19.748, Time elapsed: 01:11:19.772
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border and autonomous system boundary router
Redistributing External Routes from,
rip, includes subnets in redistribution
~ 중간 생략 ~
12. DR/BDR
- '@ OSPF DR&BDR 관련 예제.pkt' 참조
- Multi Access 환경에서 DR/BDR을 선출한다. (단, Point-to-Point 환경은 선출 X) e.g.학교 실습실
- Multi Access 환경 : Ethenet 환경
- DR을 통해서 OSPF 광고를 실시하여, OSPF 광고양을 최소화시킨다.
- DR 선출 과정
① OSPF 우선 순위가 높은 라우터가 DR, 두번째가 BDR / 우선순위가 0이면 절대 DR과 BDR을 안하고 무조건 DROTHER
② 우선순위가 동일할경우OSPF 라우터 아이디가 높은 라우터가 DR, 두번째가 BDR
- DR/BDR 아닌 라우터들은 'DROTHER'라고 한다.
- DR/BDR은 우선 순위를 조정하여 수동 선출하는 것을 권장한다.
- DST IP가 224.0.0.6 일 경우 DR,BDR만 수신
Router(config-if)# ip ospf priority [0~255]
- 우선 순위의 기본값은 '1'이며, 우선 순위가 '0'이면 무조건 DROTHER로 동작한다.
→ AREA 설계는 광고 크기를 줄인다면 DR/BDR은 Multi Access 환경에서 광고 횟수를 줄임 / P2P환경에선 필요없음
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 2WAY/DROTHER 00:00:37 13.13.100.1 FastEthernet0/1
2.2.2.2 1 2WAY/DROTHER 00:00:37 13.13.100.2 FastEthernet0/1
4.4.4.4 1 FULL/BDR 00:00:37 13.13.100.4 FastEthernet0/1
5.5.5.5 1 FULL/DR 00:00:37 13.13.100.5 FastEthernet0/1
R1>en
R1#conf t
R1(config)#int fa0/1
R1(config-if)#ip ospf priority 255
R2>en
R2#conf t
R2(config)#int fa0/1
R2(config-if)#ip ospf priority 254
@ R3, R4, R5 <- DR/BDR X, 무조건 DROTHER 동작함
int fa0/1
ip ospf priority 0
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 255 FULL/DR 00:00:35 13.13.100.1 FastEthernet0/1
2.2.2.2 254 FULL/BDR 00:00:35 13.13.100.2 FastEthernet0/1
4.4.4.4 0 2WAY/DROTHER 00:00:35 13.13.100.4 FastEthernet0/1
5.5.5.5 0 2WAY/DROTHER 00:00:35 13.13.100.5 FastEthernet0/1
13. OSPF 인증
- OSPF 패켓 변조 방지
→대부분 인증 함.
Ex) Area 0 구간에 인증을 실시하여라.
R1(config)#router ospf 1
R1(config-router)#area 0 authentication message-digest
R1(config-router)#
R1(config-router)#int s1/0
R1(config-if)#ip ospf message-digest-key 13 md5 cisco
R2(config)#router ospf 1
R2(config-router)#area 0 authentication message-digest
R2(config-router)#
R2(config-router)#int s1/0
R2(config-if)#ip ospf message-digest-key 13 md5 cisco
R2(config-if)#
R2(config-if)#int s1/1
R2(config-if)#ip ospf message-digest-key 13 md5 cisco
R3(config)#router ospf 1
R3(config-router)#area 0 authentication message-digest
R3(config-router)#
R3(config-router)#int s1/1
R3(config-if)#ip ospf message-digest-key 13 md5 cisco
R1,R2,R3#show run
R1,R2,R3#show ip ospf neighbor
R1,R2,R3#show ip route
- 다음 실습을 위해서 OSPF 및 인증 설정을 삭제하도록 한다.
R1(config)#no router ospf 1
R1(config)#int s1/0
R1(config-if)#no ip ospf message-digest-key 13 md5 cisco
R1(config-if)#exit
R2(config)#no router ospf 1
R2(config)#int s1/0
R2(config-if)#no ip ospf message-digest-key 13 md5 cisco
R2(config-if)#
R2(config-if)#int s1/1
R2(config-if)#no ip ospf message-digest-key 13 md5 cisco
R2(config-if)#exit
R3(config)#no router ospf 1
R3(config)#int s1/1
R3(config-if)#no ip ospf message-digest-key 13 md5 cisco
R3(config-if)#exit
- 그림을 참고하여 OSPF Area 0, Area 13, Area 113을 구성한다.
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 13.13.10.0 0.0.0.255 area 0
R1(config-router)#network 13.13.12.0 0.0.0.255 area 0
R1(config-router)#network 172.16.1.0 0.0.0.255 area 0
R1(config-router)#passive-interface fa0/0
R1(config-router)#passive-interface lo172
R1(config-router)#end
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 13.13.12.0 0.0.0.255 area 0
R2(config-router)#network 13.13.20.0 0.0.0.255 area 13
R2(config-router)#network 13.13.23.0 0.0.0.255 area 13
R2(config-router)#passive-interface fa0/0
R2(config-router)#end
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 13.13.23.0 0.0.0.255 area 13
R3(config-router)#network 13.13.30.0 0.0.0.255 area 13
R3(config-router)#network 172.16.3.0 0.0.0.255 area 113
R3(config-router)#passive-interface fa0/0
R3(config-router)#passive-interface lo172
R3(config-router)#end
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 0 FULL/ - 00:00:30 13.13.12.2 Serial1/0
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 0 FULL/ - 00:00:30 13.13.12.1 Serial1/1
3.3.3.3 0 FULL/ - 00:00:32 13.13.23.3 Serial1/0
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 0 FULL/ - 00:00:30 13.13.23.2 Serial1/1
14. Virtual-Link 설정
- Area 0을 경유하지 못하는 Area가 발생할 경우, 사용하는 기능
- R2에서 R3의 Area 113 '172.16.3.0/24' 네트워크 정보가 라우팅 업데이트 됬는지 확인한다.
R2#show ip route ospf
172.16.0.0/24 is subnetted, 1 subnets
O 172.16.1.0 [110/65] via 13.13.12.1, 00:02:01, Serial1/1
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.10.0 [110/74] via 13.13.12.1, 00:02:02, Serial1/1
O 13.13.30.0 [110/74] via 13.13.23.3, 00:00:41, Serial1/0
- 해결 방법 : 버추얼 링크를 이용하여 ABR R2가 갖고 있는 Area 0 정보를 R3에게 동기화 시킴
R2(config)#router ospf 1
R2(config-router)#area 13 virtual-link 3.3.3.3
R2(config-router)#end
R3(config)#router ospf 1
R3(config-router)#area 13 virtual-link 2.2.2.2
R3(config-router)#end
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - - 13.13.23.3 OSPF_VL0
1.1.1.1 0 FULL/ - 00:00:37 13.13.12.1 Serial1/1
3.3.3.3 0 FULL/ - 00:00:34 13.13.23.3 Serial1/0
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 0 FULL/ - - 13.13.23.2 OSPF_VL0
2.2.2.2 0 FULL/ - 00:00:30 13.13.23.2 Serial1/1
R3#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 13, via interface Serial1/1, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
R3#show ip ospf
Routing Process "ospf 1" with ID 3.3.3.3
Start time: 00:49:27.332, Time elapsed: 00:04:22.676
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
~ 중간 생략 ~
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:20.880 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 10. Checksum Sum 0x055D60
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 5
Flood list length 0
Area 13
Number of interfaces in this area is 2
This area has transit capability: Virtual Link Endpoint
Area has no authentication
SPF algorithm last executed 00:00:20.912 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 6. Checksum Sum 0x0210BE
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 113
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:31.280 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 7. Checksum Sum 0x03C8F2
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R2#show ip route ospf
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.1.0 [110/65] via 13.13.12.1, 00:00:33, Serial1/1
O IA 172.16.3.0 [110/65] via 13.13.23.3, 00:00:33, Serial1/0
13.0.0.0/24 is subnetted, 5 subnets
O 13.13.10.0 [110/74] via 13.13.12.1, 00:00:33, Serial1/1
O 13.13.30.0 [110/74] via 13.13.23.3, 00:00:33, Serial1/0
15. OSPF 네이버 성립 조건
- 같은 네트워크은 동일한 Area에 포함되어야 한다.
- 같은 네트워크은 OSPF Hello/Dead 주기 시간이 동일해야 한다.
- 같은 네트워크은 MTU 사이즈가 동일해야 한다.
- 라우터 아이디가 중복되면 안된다.
R1#show ip ospf int s1/0
Serial1/0 is up, line protocol is up
Internet Address 13.13.12.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
~ 중간 생략 ~
R1#show int s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 13.13.12.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
~ 중간 생략 ~