Thursday, February 11, 2010

OSPF on Frame Relay

Hi all,
last week I've studied eigrp, now it's the turn of OSPF...

the first issue for me was using OSPF on frame-relay hub and spoke, I really have to keep in mind the various combinations of network ospf types and/or frame relay interface types.

So I hope this post will help anyone with my same problems.

The topology here is really a classic hub and spoke frame relay:


here the .net dynamips file:

autostart = False
[10.3.3.2:7200]
workingdir = /tmp
udp = 10000
[[3725]]
image = /opt/IOS/c3725-adventerprisek9-mz.124-15.T10.bin
ram = 128
ghostios = True
sparsemem = True
[[FRSW FR0]]
1:102 = 2:201
1:103 = 3:301
2:201 = 1:102
3:301 = 1:103
[[ROUTER R1]]
model = 3725
console = 20001
s0/0 = FR0 1
slot1 = NM-4T
[[ROUTER R2]]
model = 3725
console = 20002
s0/0 = FR0 2
[[ROUTER R3]]
model = 3725
console = 20003
s0/0 = FR0 3


Let's start with a simple initial config, using frame relay on physical interfaces with static dlci mapping:


!--- R1 initial config
ena
conf t

host R1

no ip domain-look
line con 0
loggin sync
no exec-time

int lo 0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0

int ser 0/0
ip address 10.0.0.1 255.255.255.0
encap frame
no frame inver
frame map ip 10.0.0.2 102 broad
frame map ip 10.0.0.3 103 broad
no shut
ip ospf 1 area 0
ip ospf priority 255

router ospf 1
router-id 1.1.1.1

!--- R2 initial config
ena
conf t

host R2

no ip domain-look
line con 0
loggin sync
no exec-time

int lo 0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0

int ser 0/0
ip address 10.0.0.2 255.255.255.0
encap frame
no frame inver
frame map ip 10.0.0.1 201 broad
no shut
ip ospf 1 area 0
ip ospf priority 0

router ospf 1
router-id 2.2.2.2

!--- R3 initial config
ena
conf t

host R3

no ip domain-look
line con 0
loggin sync
no exec-time

int lo 0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 0

int ser 0/0
ip address 10.0.0.3 255.255.255.0
encap frame
no frame inver
frame map ip 10.0.0.1 301 broad
no shut
ip ospf 1 area 0
ip ospf priority 0

router ospf 1
router-id 3.3.3.3


Some observation about the initial config:
-the router-id configuration is really optional here, since there's only one loopback
-it's really important in a hub and spoke ospf scenario to have the HUB acting as DR, mainly because only the hub has complete rechability of all spokes. It's better if the spokes are DROTHER (not DB nor BDR), just in case of failure of the DR, no spoke will be the new DR. That's the reason of the "ip ospf priority" commands in the initial config.

With this initial config, we can note that no neighbor are present on our hub

R1#sh ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Se0/0 1 0 10.0.0.1/24 64 DR 0/0
Lo0 1 0 1.1.1.1/32 1 LOOP 0/0

R1#sh ip ospf neighbor

R1#


but why? we have L3 reachability, we can ping from hub to both spokes, and we have mapped the ip to dlci using the "broadcast", that means multicast is enabled on our frame relay interfaces too.
So why we didn't see any neighbor?
If we look at the serial interface in more depth, we can see that ospf assigns to frame realy interfaces the "NON_BROADCAST" type by default:

R1#sh ip ospf interface ser 0/0
Serial0/0 is up, line protocol is up
Internet Address 10.0.0.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type NON_BROADCAST, Cost: 64
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State DR, Priority 255
Designated Router (ID) 1.1.1.1, Interface address 10.0.0.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:24
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)


So, even broadcast/multicast is enabled on the frame relay interfaces, ospf still thinking that they are NON_BROADCAST, and isn't sending multicasst hellos.
A simple way to solve this, without changing the default network type, is to configure ospf at least on one side with the neighbor command.
With the neighbor manually specified, ospf sends unicast hellos, and the other side will also respond unicast, so let's try at the hub side:


R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#neighbor 10.0.0.2
R1(config-router)#neighbor 10.0.0.3
R1(config-router)#end
R1#sh ip
*Mar 1 00:01:20.119: %SYS-5-CONFIG_I: Configured from console by console

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
N/A 0 ATTEMPT/DROTHER 00:01:51 10.0.0.2 Serial0/0
N/A 0 ATTEMPT/DROTHER 00:01:55 10.0.0.3 Serial0/0
R1#

After the neighbor command is entered, the neighbor is shown in state "ATTEMPT", but the process have to wait the interface "wait timer" before start the DR election. This wait timer is used to "listen" to hellos and try to determine if a DR/BDR already exists before starting a new election. It's equal to the dead timer.

Then it sends the unicast hello and forms adjacency:

R1#sh ip ospf int ser 0/0
Serial0/0 is up, line protocol is up
Internet Address 10.0.0.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type NON_BROADCAST, Cost: 64
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State WAITING, Priority 255
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:00
Wait time before Designated router selection 00:00:04
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)

*Mar 1 00:03:26.943: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from LOADING to FULL, Loading Done
*Mar 1 00:03:26.963: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from LOADING to FULL, Loading Done

R1#sh ip ospf int ser 0/0
Serial0/0 is up, line protocol is up
Internet Address 10.0.0.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type NON_BROADCAST, Cost: 64
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State DR, Priority 255
Designated Router (ID) 1.1.1.1, Interface address 10.0.0.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:11
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
R1#


ok, now we have the routes correctly learned, but really isn't enough in a frame relay environment, we have to ensure to have a correct L3 to L2 mapping, eg:

R2#sh ip route | beg Gate
Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.0.0.1, 00:05:01, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 10.0.0.3, 00:05:01, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Serial0/0
R2#ping 3.3.3.3 r 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)

R2#sh frame-relay map
Serial0/0 (up): ip 10.0.0.1 dlci 201(0xC9,0x3090), static,
broadcast,
CISCO, status defined, active

R2 has the route to R3's loopback, but it still unreachable due to the missing L2 mapping of the next hop on the serial interface.
To fix it, on Ser0/0 of R2: "frame-relay map ip 10.0.0.3 201"
on Ser 0/0 of R3: "frame-relay map ip 10.0.0.2 301"
Let's check it:

R2(config)#do sh frame map
Serial0/0 (up): ip 10.0.0.3 dlci 201(0xC9,0x3090), static,
CISCO, status defined, active
Serial0/0 (up): ip 10.0.0.1 dlci 201(0xC9,0x3090), static,
broadcast,
CISCO, status defined, active
R2(config)#do ping 10.0.0.3 r 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 12/20/28 ms
R2(config)#


But what we can do if we are not allowed to use a static frame relay map statement on serial interfaces of the spokes?
We have to find a way to modify the next hop, to instruct R2 to see R1 as next hop for the R3 loopback..
By the way, we can use the network type point-to-multipoint (broadcast|non-broadcast)
This network type threats the different neighbors as point-to-point connections, and modifies the next hop pointing to the hub:

!-- on R2 (spoke)
R2(config-router)#do sh ip route 3.3.3.3
Routing entry for 3.3.3.3/32
Known via "ospf 1", distance 110, metric 65, type intra area
Last update from 10.0.0.3 on Serial0/0, 05:10:04 ago
Routing Descriptor Blocks:
* 10.0.0.3, from 3.3.3.3, 05:10:04 ago, via Serial0/0
Route metric is 65, traffic share count is 1

!-- on R1 (hub)
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int ser 0/0
R1(config-if)#ip ospf network point-to-multipoint ?
non-broadcast Specify non-broadcast point-to-mpoint network


R1(config-if)#ip ospf network point-to-multipoint
R1(config-if)#
*Mar 1 05:18:24.318: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:18:24.318: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:18:24.398: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from LOADING to FULL, Loading Done
*Mar 1 05:18:24.442: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from LOADING to FULL, Loading Done
R1(config-if)#

... and don't forget to change the network type on R2 too! otherwise adjacency will form, but no routes will be installed, due to the "advertising neighbor unreachable" in the ospf database
(see: Document ID: 7112 "Why Are Some OSPF Routes in the Database but Not in the Routing Table?" )

R2#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 255 FULL/DR 00:01:46 10.0.0.1 Serial0/0
R2#sh ip route | beg Gate
Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Serial0/0

R2#sh ip ospf database

OSPF Router with ID (2.2.2.2) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 484 0x8000002E 0x007F97 4
2.2.2.2 2.2.2.2 632 0x80000011 0x00B2F0 2
3.3.3.3 3.3.3.3 1049 0x8000001C 0x00A4D1 3
R2#
R2# sh ip ospf database router 3.3.3.3

OSPF Router with ID (2.2.2.2) (Process ID 1)

Router Link States (Area 0)

Adv Router is not-reachable
LS age: 343
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 3.3.3.3
Advertising Router: 3.3.3.3
LS Seq Number: 80000031
Checksum: 0x7AE6
Length: 60
Number of Links: 3

Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 1.1.1.1
(Link Data) Router Interface address: 10.0.0.3
Number of TOS metrics: 0
TOS 0 Metrics: 64

Link connected to: a Stub Network
(Link ID) Network/subnet number: 10.0.0.3
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 0

Link connected to: a Stub Network
(Link ID) Network/subnet number: 3.3.3.3
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#
R2(config)#int ser 0/0
R2(config-if)#ip ospf network point-to-multipoint
R2(config-if)#
*Mar 1 13:20:30.300: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 13:20:30.424: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL, Loading Done
R2(config-if)#end
R2#sh ip route | beg Gate
Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.0.0.1, 00:00:12, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.0.0.1, 00:00:12, Serial0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.0.0.3/32 [110/128] via 10.0.0.1, 00:00:12, Serial0/0
C 10.0.0.0/24 is directly connected, Serial0/0
O 10.0.0.1/32 [110/64] via 10.0.0.1, 00:00:12, Serial0/0
R2#

Well done, now we have the 3.3.3.3/32 route with the next hop R1, we don't need the frame relay map statemnt for R3.
Note also that the point-to-multipoint interface type threats all neighbors as point-to-point links, even in a multi access interface, without elect DR/BDR:
R1(config-if)#do sh ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:01:46 10.0.0.3 Serial0/0
2.2.2.2 0 FULL/ - 00:01:54 10.0.0.2 Serial0/0
R1(config-if)#


More posts about ospf interface types will follow very soon... have fun!

Marco

2 comments:

itdualism said...

this is a great post, I'm working on my OSPF doing similar things (check my OSPF lab http://itdualism.wordpress.com/bsci-ospf-lab)
this is good though I do not like FR but it is part of life :)

Marco Rizzi said...

thanks Ofir, I've hated a lot Frame Relay in the past, but now I'm starting feel more confident on it, isn't so annoying like it appears :-)

congrats for you blog too, keep it up!
Marco