Vsem privet and Hello everybody,
This blog post is a very important one. I've promised once to write something in English... So, it's a good time to fulfill it. Some kind of Christmas mystery, you know.
This blog post is a very important one. I've promised once to write something in English... So, it's a good time to fulfill it. Some kind of Christmas mystery, you know.
This year was tough and I'm pretty tired to be honest. I want something funny and a little bit mind-blowing. It's time to go crazy... The subject says it all. )
What is the purpose of an area0?
What, indeed! We
all know that every area in OSPF domain must be connected with the backbone
area. It could be physical or logical connection. It's the how the OSPF
is ensured that the route between different areas is loop free. OSPF is a
link-state protocol, but it uses the distance-vector approach between
the areas. The internal router has no idea about topology in other
areas. It has only the way through ABR to reach the destination. And it
suppose to be loop free because every area is going to be connected to the backbone
area. This forms a star topology.
But, what if... what if there is no backbone area configured? Guess what happens next?
There is some differences between Cisco and Juniper in how the OSPF works on these platforms. Let's start with Juniper.
Juniper
Ok. Let's grab four Juniper SRX boxes and interconnect them like this...
The topology is pretty simple except of one nuance... There is no backbone are. Here we have four areas which forms some kind of ring.
It's time to configure it. First of all, we need to set hostname and turn the firewall to the router.
delete security
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
commit and-quit
request system reload
Next step is to set up basic interface parameters along with OSPF configuration.
O1
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.0.12.1/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.14.1/30;
}
}
}
}
routing-options {
router-id 1.1.1.1;
}
protocols {
ospf {
area 0.0.0.12 {
interface ge-0/0/0.0 {
interface-type p2p;
}
}
area 0.0.0.14 {
interface ge-0/0/1.0 {
interface-type p2p;
}
}
}
}
O2
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.0.12.2/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.23.1/30;
}
}
}
}
routing-options {
router-id 2.2.2.2;
}
protocols {
ospf {
area 0.0.0.12 {
interface ge-0/0/0.0 {
interface-type p2p;
}
}
area 0.0.0.23 {
interface ge-0/0/1.0 {
interface-type p2p;
}
}
}
}
O3
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.0.23.2/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.34.1/30;
}
}
}
}
routing-options {
router-id 3.3.3.3;
}
protocols {
ospf {
area 0.0.0.23 {
interface ge-0/0/0.0 {
interface-type p2p;
}
}
area 0.0.0.34 {
interface ge-0/0/1.0 {
interface-type p2p;
}
}
}
}
O4
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.0.34.2/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.14.2/30;
}
}
}
}
routing-options {
router-id 4.4.4.4;
}
protocols {
ospf {
area 0.0.0.34 {
interface ge-0/0/0.0 {
interface-type p2p;
}
}
area 0.0.0.14 {
interface ge-0/0/1.0 {
interface-type p2p;
}
}
}
}
Checking the neighbors table on O4. Everything is fine.
Then database table on O1... Oh my goodness, seems it works. We have all necessary LSAs on this box. O2 (RID 2.2.2.2) is kindly informing us about 10.0.23.0/30 network by generating Summary LSA into area 12.
Can we ping it? Sure enough.
Great. Hold on a second. Why is the O2 spreading Summary LSA across the areas? The answer is simple. Because the O2 is the Area border router. Every router in this topology has an ABR role.
This is the remarkable difference between Juniper and Cisco platforms.
A Juniper box considers itself as an ABR if it has interfaces belonging to two or more areas.
Back to our example. O2 generate LSA Type3 for area 12. O2 behaves as a typical ABR.
How about Cisco?
A typical Cisco router considers itself as an ABR if it has interfaces belonging to two or more areas, but it also must have at least one interface towards backbone area.
We'll prove it a little bit later.
Is our design good?
No way. Yes, it works, but we have at least a couple of problem.
O1 knows that it can reach 10.0.23.0 via O2. Is it a loop free path? It suppose to be, but we cannot guarantee it. I've tried to schematized it. Regarding the picture below, the O1 knows about two networks. It also knows how to reach them, through which ABRs. But it has no idea what is going on inside of that clouds.
Actually, I've made up this very topology on purpose. I had known it would work.
The O2 generate the LSA Type3 for area 12. O1 receive it.
But if we add complexity for this topology like this...
O1 will never reach 10.0.39.0/30. O3 will generate the LSA Type3 for that network and pass it to area23. O2 definitively will be able to reach it. But the thing is O2 will not "regenerate" Type3 LSA for 10.0.39.0/30 to area 12. Simply because OSPF doesn't work like that. Type3 LSA is not a Type5. It doesn't spread across the autonomous system. Type3 LSA can reach the neighboring area nothing more. Because, every area in OSPF must have a connection to area0. )
But at least we tried...
Cisco
Here we have similar story with four XR routers. I've forgotten to set up the backbone area again...
Initial configuration is listed below. Shortly, we're going to do the same thing for Cisco.
hostname O5
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.56.1/30
no shut
!
interface GigabitEthernet0/0/0/1
ipv4 address 10.0.58.1/30
no shut
!
router ospf 110
router-id 5.5.5.5
area 56
interface GigabitEthernet0/0/0/0
network point-to-point
!
!
area 58
interface GigabitEthernet0/0/0/1
network point-to-point
!
!
!
hostname O6
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.56.2/30
no shut
!
interface GigabitEthernet0/0/0/1
ipv4 address 10.0.67.1/30
no shut
!
router ospf 110
router-id 6.6.6.6
area 56
interface GigabitEthernet0/0/0/0
network point-to-point
!
!
area 67
interface GigabitEthernet0/0/0/1
network point-to-point
!
!
!
hostname O7
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.67.2/30
no shut
!
interface GigabitEthernet0/0/0/1
ipv4 address 10.0.78.1/30
no shut
!
router ospf 110
router-id 7.7.7.7
area 67
interface GigabitEthernet0/0/0/0
network point-to-point
!
!
area 78
interface GigabitEthernet0/0/0/1
network point-to-point
!
!
!
hostname O8
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.78.2/30
no shut
!
interface GigabitEthernet0/0/0/1
ipv4 address 10.0.58.1/30
no shut
!
router ospf 110
router-id 8.8.8.8
area 78
interface GigabitEthernet0/0/0/0
network point-to-point
!
!
area 58
interface GigabitEthernet0/0/0/1
network point-to-point
!
!
!
Let's check the neighbors table. Ok, great.
Topology table... not so funny... There is no LSA Type3 here.
Like I mentioned before, we have a chance to see the typical approach for Cisco routers. 'I have no interfaces in the backbone area so I'm not an ABR.' For example, O5 is not considering itself as an ABR. It can be seen at the output below.
Let's go crazy here by creating lo0 interface in area0. It should force the router to become an ABR. It's too weird what I'm doing here...
interface Loopback0
ipv4 address X.X.X.X 255.255.255.255
!
router ospf 110
area 0
interface Loopback0
network point-to-point
I'd like to make it very clear. I've just created four separated backbone areas.
Is it going to work? Let me check it... and yes, we are an ABR.
Seems like we've just reached our "goal", but actually it's an illusion. Not only we have four separated area 0 in the network, but also we have a reachability issue again. The O5 will not be able to reach O7's lo0. We've already faced with this issue with Juniper topology. O7 generate Type3 LSA for area 67. O6 receive it and do nothing. It won't regenerate it for area 56. As a result O5 doesn't have a route for 7.7.7.7.
Wait a little... four separated areas... It's time to gone completely crazy... I'm going to stitch them. Why don't I create four virtual links? No sooner said than done.
area XX
virtual-link X.X.X.X
Check it out. We have all expected routes on O5 now.
What we've got?
We have an OSPF network with four non-backbone areas. We also have a backbone area up and running. Every non-backbone area have at least one connection to the area0. We have four ABR routers in the topology. There is no issues noticed except one... The backbone area is based on Virtual Links only.
So, these "what if" games are very useful for education purposes. I use this technique from time to time to improve my understanding of the particular technology. I think we all know there is a huge gap between using the technology in vanilla environment and dealing with the production non-best-practises-based solutions. "What if" can help us in this case.
Merry Christmas and Happy New year y'all.
I wish you will never be faced with such a network in real life. )
See you,
Do vstrechi.
Комментариев нет:
Отправить комментарий