《OSPF协议概述.ppt》由会员分享,可在线阅读,更多相关《OSPF协议概述.ppt(50页珍藏版)》请在三一文库上搜索。
1、OSPF Introduction,学习提纲,OSPF Features OSPF协议概述 OSPF区域介绍 OSPF网络类型 OSPF包的类型 配置OSPF路由协议 OSPF认证,OSPF Features,OSPF是一种公共开放标准路由选择协议; OSPF是一种链路状态路由选择协议; 它是属于无类路由选择协议,因此支持VLSM; 以较低的频率(每30分钟)发送定期更新,这被称为链路状态更新; 在网络发生变化时发送增量更新,这种更新叫做LSA; OSPF不支持自动汇总,但支持手工汇总。 OSPF是基于SPF ,Shortest Path First(最短路径优先)算法来计 算最佳路路径; O
2、SPF是通过划分区域来设计网络的,区域又分为:骨干区域和非骨 干区域,OSPF协议概述链路状态路由协议2-1,OSPF是链路状态路由协议,链路状态路由协议中的路由器了解OSPF网络内的链路状态信息,最初,RA只知道直连的3个网段10、20、30, RB、RC、RD也一样,链路状态路由协议中,直连的路由器之间建立邻接关系,互相“交流”链路信息,每一个路由器将它到周围邻居的链路状态向全网的其他路由器传递来“画”出完整的网络结构,OSPF协议概述链路状态路由协议2-2,为了标识链路信息是由谁发出的,用Router ID标识路由器,路由器学习到的链路信息,保存在链路状态数据库中,相邻路由器之间建立邻接
3、关系,保存在邻居列表中,链路状态路由协议中的数据库类型,邻居列表 记录每台路由器全部已经建立邻接关系的邻居路由器 链路状态数据库(LSDB) 包含在同一个区域或网络中的所有路由器以及它们的链路信息 同一个区域内所有路由器拥有一致的LSDB 路由表 列出通过SPF算法计算出的到达每个相连网络的最佳路径,A,B,C,D,E,F,以A为例,A的链路状态数据库中保存着OSPF网络的所有链路信息,A以自己为中心,计算到达每个路由器最近的链路,1,1,1,1,1,1,1.5,1.5,生成一个最短路径树,根据最短路径树,生成路由表,链路状态数据库,最短路径树,Djkstra算法,建立邻接关系,路由表,学习链
4、路状态信息,Benefits of Link-State Routing,链状态协议根据成本(cost)来选择最优路径 通过使用触发更新,链路状态协议能够将网络拓扑变化立刻发送给网络中受影响的所有路由器,从而缩短了收敛时间 由于每台路由器都有完整的网络描述信息,因此不容易形成路由选择环路 通过细心地设计网络,可最大限度地减少链路状态数据库的规模,从而减少SPF计算量,提高会聚速度,Drawbacks of Link-State Routing,链路状态协议有路由选择表、拓扑表和邻居表,如果在大型的网络中,可能需要占用大量的内存 SPF在计算最佳路径时需要占用CPU周期,如果网络较大或复杂,需要
5、占用大量的CPU资源 为了避免占用过多的内存和CPU资源,必须采用严格的层次型设计方案 启动时需要一定的时间才能转发数据包。(邻接),OSPF 区域介绍,思考:运行ospf的路由器都保存的一张完整的LSDB(拓扑表),但是随着OSPF路由器的不断的增加,LSDB就越来越大,SPF计算量也越来越大,有什么办法解决这个问题?,OSPF 区域介绍,Minimizes routing table entries(减少路由条目) Localizes the impact of a topology change within an area(影响限制在本地) Reduce lsas algorithm(
6、减少链路状态通告算法的计算量), 2004 Cisco Systems, Inc. All rights reserved.,OSPF 网络类型,OSPF的网络类型,路由器接口类型不同,在建立邻接关系的时候,OSPF路由器执行的操作也略有不同,OSPF defines five network types: Point-to-point Broadcast Multiaccess Nonbroadcast Multiaccess (NBMA) Point-to-multipoint V-link,点到点链路,网络连接一对路由器 通常情况下,一个串口运行 PPP 或 HDLC(高级数据链路控制)
7、,也可能是运行帧中继或 ATM 的点对点子接口 没有 DR 和 BDR 的选择 OSPF 自动侦测此类型网络接口 OSPF 数据包通过多播地址 224.0.0.5 发送,多路访问网络拓扑,广播多路访问网络,非广播多路访问网络,它们都需要DR BDR,广播多路访问网络,类似以太网网络结构 需要 DR 和 BDR DR作用: 所有邻居路由器只能通过 DR 和 BDR 来建立邻接关系,并且只将LSA通告给它们。 DR从邻居那里收到更新后,通过LSA通告给局域网上的所有邻居,确保同一个局域网的LSDB都相同。 发送给 DR 和 BDR 的数据包使用多播地址 224.0.0.6 从 DR 到所有路由器的
8、数据包使用多播地址 224.0.0.5,Multiaccess Networks,Solution to LSA flooding issue is the use of Designated router (DR) Backup designated router (BDR) DR & BDR selection Routers are elected to send & receive LSA Sending & Receiving LSA DRothers send LSAs via multicast 224.0.0.6 to DR & BDR DR forward LSA via m
9、ulticast address 224.0.0.5 to all other routers,选举 DR 和 BDR,Hello 数据包通过多播地址进行数据交换 含有 OSPF 最高优先级的路由器为 DR,次级为 BDR DR 的选举不存在抢占,Multiaccess Networks,Criteria for getting elected DR/BDR DR: Router with the highest OSPF interface priority. 2. BDR: Router with the second highest OSPF interface priority. 3.
10、 If OSPF interface priorities are equal, the highest router ID is used to break the tie.,建立邻接关系过程总结,发送Hello消息,接口类型为点到点,接口类型为点到多点,接口类型为广播,接口类型为NBMA,选择DR和BDR,发送DBD,请求/发送 LSU,生成完整的 LSDB,形成邻接关系,OSPF 包的类型,OSPF 包类型,OSPF的包类型总结,LSA(链路状态通告):报告路由器和链路的状态,它是LSU的重要内容。,OSPF 包头格式,邻居关系: Hello包,建立双向通信,此时路由器ID彼此出现在对方
11、的邻居表中,接着开始选举DR和BDR,发现网络路由,预启动,交换状态,主路由器和从路由器交换DBD分组,增加一个链路条目,加载状态,完全邻接关系,路由器要转发数据流,必须处于完全邻接关系,至此,区域内的所有路由器的LSDB都相同,Router A notifies all OSPF DRs on 224.0.0.6. DR notifies others on 224.0.0.5.,维持邻居信息,OSPF的邻接关系需满足的条件,邻居 两个路由器之间如果不满足下列条件,则他们就不能成为邻居: Area-id:两个路由器必须在共同的网段上,它们的端口必须属于该网段上的同一个区,且属于同一个子网 验
12、证(Authentication OSPF):同一区域路由器必须交换相同的验证密码,才能成为邻居 Hello Interval和Dead Interval: OSPF协议需要两个邻居路由器的这些时间间隔相同,否则就不能成为邻居路由器。 stub区域标记:两个路由器可以在Hello报文中通过协商Stub区域的标记来成为邻居,配置 OSPF,Configuring Single-Area OSPF,network address wildcard-mask area area-id,Assigns networks to a specific OSPF area,router ospf proce
13、ss-id,Defines OSPF as the IP routing protocol,RouterX(config)#,RouterX(config-router)#,Router ID,This is an IP address used to identify a router 3 criteria for deriving the router ID 1.Use IP address configured with OSPF router-id command -Takes precedence over loopback and physical interface addres
14、ses 2.If router-id command not used then router chooses highest IP address of any loopback interfaces 3.If no loopback interfaces are configured then the highest IP address on any active interface is used,OSPF Router ID,OSPF 通过路由器 ID 来辨认属于 OSPF 的路由器 LSDB 通过路由器 ID 来区分不同的路由器 默认情况下,路由器 ID 是 OSPF 协议启动时
15、IP 最高的活动接口 回环接口的优先级大于物理接口,如果存在回环接口则定义 IP 最高的活动接口为路由器 ID 可以使用 router-id 命令定义路由器 ID 推荐使用 router-id 命令或回环接口以获得更好的稳定性 如果 OSPF 已经运行,在新的回环接口启用前需重载路由器或移除现有进程并重设 OSPF Router#clear ip ospf process,Verifying the OSPF Configuration,RouterX# show ip protocols,Verifies that OSPF is configured,RouterX# show ip ro
16、ute,Displays all the routes learned by the router,RouterX# show ip route Codes: I - IGRP derived, R - RIP derived, O - OSPF derived, C - connected, S - static, E - EGP derived, B - BGP derived, E2 - OSPF external type 2 route, N1 - OSPF NSSA external type 1 route, N2 - OSPF NSSA external type 2 rout
17、e Gateway of last resort is 10.119.254.240 to network 10.140.0.0 O 10.110.0.0 110/5 via 10.119.254.6, 0:01:00, Ethernet2 O IA 10.67.10.0 110/10 via 10.119.254.244, 0:02:22, Ethernet2 O 10.68.132.0 110/5 via 10.119.254.6, 0:00:59, Ethernet2 O 10.130.0.0 110/5 via 10.119.254.6, 0:00:59, Ethernet2 O E2
18、 10.128.0.0 170/10 via 10.119.254.244, 0:02:22, Ethernet2 . . .,Verifying the OSPF Configuration (Cont.),RouterX# show ip ospf Routing Process “ospf 50“ with ID 10.64.0.2 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 Are
19、a BACKBONE(0) Area BACKBONE(0) Area has no authentication SPF algorithm last executed 00:01:25.028 ago SPF algorithm executed 7 times ,Displays the OSPF router ID, timers, and statistics,RouterX# show ip ospf,RouterX# show ip ospf interface ethernet 0 Ethernet 0 is up, line protocol is up Internet A
20、ddress 192.168.254.202, Mask 255.255.255.0, Area 0.0.0.0 AS 201, Router ID 192.168.99.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State OTHER, Priority 1 Designated Router id 192.168.254.10, Interface address 192.168.254.10 Backup Designated router id 192.168.254.28, Interface addr
21、192.168.254.28 Timer intervals configured, Hello 10, Dead 60, Wait 40, Retransmit 5 Hello due in 0:00:05 Neighbor Count is 8, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.254.28 (Backup Designated Router) Adjacent with neighbor 192.168.254.10 (Designated Router),RouterX# show ip ospf
22、interface,Verifying the OSPF Configuration (Cont.),Displays the area ID and adjacency information,RouterX# show ip ospf neighbor ID Pri State Dead Time Address Interface 10.199.199.137 1 FULL/DR 0:00:31 192.168.80.37 FastEthernet0/0 172.16.48.1 1 FULL/DROTHER 0:00:33 172.16.48.1 FastEthernet0/1 172.
23、16.48.200 1 FULL/DROTHER 0:00:33 172.16.48.200 FastEthernet0/1 10.199.199.137 5 FULL/DR 0:00:33 172.16.48.189 FastEthernet0/1,Verifying the OSPF Configuration (Cont.),RouterX# show ip ospf neighbor,Displays the OSPF neighbor information on a per-interface basis,RouterX# show ip ospf neighbor 10.199.
24、199.137 Neighbor 10.199.199.137, interface address 192.168.80.37 In the area 0.0.0.0 via interface Ethernet0 Neighbor priority is 1, State is FULL Options 2 Dead timer due in 0:00:32 Link State retransmission due in 0:00:04 Neighbor 10.199.199.137, interface address 172.16.48.189 In the area 0.0.0.0
25、 via interface Fddi0 Neighbor priority is 5, State is FULL Options 2 Dead timer due in 0:00:32 Link State retransmission due in 0:00:03,Verifying the OSPF Configuration (Cont.),OSPF LAB,OSPF 认证,OSPF Authentication,OSPF supports two types of authentication: Plaintext (or simple) password authenticati
26、on MD5 authentication OSPF路由器会对收到的每个路由选择更新分组的信源进行身份验证; 配置key(password)时,必须每台直连邻居路由器的密码要相同。,Configuring OSPF Plaintext Password Authentication,ip ospf authentication-key password,RouterX(config-if)#,Assigns a password to use with neighboring routers,RouterX(config-if)#,ip ospf authentication message-
27、digest | null,Specifies the authentication type for an interface (as of Cisco IOS Release 12.0),RouterX(config-router)#,area area-id authentication message-digest,Specifies the authentication type for an area,OR,Plaintext Password Authentication Configuration Example,Verifying Plaintext Password Aut
28、hentication,RouterX#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1 RouterX#show ip route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 110/782 via 192.168.1.102, 00:0
29、1:17, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 RouterX#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: ! Success rate is 100 perce
30、nt (5/5), round-trip min/avg/max = 28/29/32 ms,Components of Troubleshooting OSPF,Troubleshooting OSPF Neighbor Adjacencies,Troubleshooting OSPF Routing Tables,Troubleshooting Plaintext Password Authentication Problems,Plaintext authentication on routerX, no authentication on routerY,RouterX#debug i
31、p osp adj *Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - Clear Text RouterY#debug ip ospf adj *Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - Clear Text,Authentication on routerX and routerY, but
32、 different passwords,RouterX#debug ip ospf adj *Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1 RouterY#debug ip ospf adj *Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Aut
33、hentication type. Input packet specified type 1, we use type 0,Summary,OSPF is a classless, link-state routing protocol that uses an area hierarchy for fast convergence. OSPF exchanges hello packets to establish neighbor adjacencies between routers. The SPF algorithm uses a cost metric to determine
34、the best path. Lower costs indicate a better path. The router ospf process-id command is used to enable OSPF on the router. Use a loopback interface to keep the OSPF router ID consistent. The show ip ospf neighbor command displays OSPF neighbor information on a per-interface basis. The commands debug ip ospf events and debug ip ospf packets can be used to troubleshoot OSPF problems. OSPF will load-balance across up to four equal-cost metric paths by default. There are two types of OSPF authentication: Plaintext and MD5.,