ICND1 100-105

ICND1 100-105

Configuring Single Area OSPF

All right folks, here is the moment, the majority of us have been waiting for, configuring a dynamic routing protocol, Open Shortest Path First, or OSPF. Where do we go first? Global configuration mode, we type in router, and we specify ospf, and now there is this number just sitting there, a 1 in this case. What is the significance of that number 1?

OSPF Configuration Example

Branch(config)#router ospf 1
Branch(config-router)#network 10.0.0.0 0.255.255.255.255 area 0

HQ(config)#router ospf 1
HQ(config-router)#network 172.16.1.0 0.0.0.255 area 0
HQ(config-router)#network 192.168.1.2 0.0.0.0 area 0

Well it's not really significant to other routers but it is significant to this router in terms of a local identifier for what we call, the process ID. Now do not confuse this with router ID; router ID was extracted from typically an IP address on the chassis, higher is better, but loopback wins. Yeah, this is different, it's a different identifier, it's process ID. And the reason why we have this feature is, so that we can run multiple OSPF processes. Now I want you to understand that you are not typically going to want to do that. In service provider arenas, we might have a point of presence meaning, it connects to multiple different customers, different organizations, and they could peer with their customers with a different OSPF process to compartmentalize the routing. But on our routers, in our autonomous system, it's almost never a good idea to run multiple processes. And there is a danger with this command. The danger is you forgot the process that you had worked with because you mix-and-match this. You are not consistent and then you type in router ospf 1 on this router. But if there was 100 before, now you have a second process, and good luck trying to sort through that mess because it is going to be pretty confusing to you. Okay, so keep it consistent. I really do like the process ID of 1 and then we're launched into config-router mode. And anytime we see config-router that means we are in a dynamic routing protocol configuration mode. If this were Enhanced Interior Gateway Routing Protocol, or EIGRP, or RIP, or Border Gateway Protocol, or BGP, it would also have the same prompt. So, router ospf 1, Enter. I'm now in a place where I can talk to my dynamic routing protocol and indicate how it should run. What's the most important command that I might do inside of this mode for OSPF?

That would be the network command, and I'd like everybody to slow things down here. We're going to spend some time on this network command. We have to understand the intricate details about it. First and foremost, what does the network command do? What's its whole purpose? I want you to think about that right now. I'm going to give you a few moments to do that.

What is the purpose of the network command?

Oh, okay it advertises networks.

No it doesn't, that is the worst answer you can possibly come up with. All right, so what does the network command do? The purpose of the network command is to enable the routing process on interfaces. Let's repeat that for everybody. What does the network command do?

There is one word you have to pick up there; it enables the routing process on interfaces. Which word do you think is important there?

Hmm, there are a lot of words there, but let's give everybody a moment. What do they feel is the most important word? It's not obvious. What is it?

Interfaces. And if you chose that, you chose correctly, and if you didn't, then you're like the rest of us who struggled with this command when you first started learning it. So let's drill down, and see what we are telling us here. This command says to the router, OSPF is running on this interface, in this interface, but maybe not a different interface. And by doing that we've used the term autonomous system before. If you include an interface inside of the OSPF process via the network command, you are including it in OSPF's autonomous system. That's the best way to think of it and your default goal is to include all interfaces that are up/up, and have IP addresses, and play inside of your routing domain. Your default strategy should be to include them all, okay. Unless you know, "Oh, I got to remove that because it's an extranet link. It's going to your partner. I don't want to have that be part of the domain, or that's a laboratory network, I don't want to route for that." Okay, so there are all reasons why you might not want to. But your default posture should be, all interfaces on the chassis should be included, okay? So, now, the problem is I don't see any indication that interfaces somehow play inside when I look at the syntax.

Well it is hidden. Once you understand what this network command is doing, you'll see how it relates to the interfaces. Look at the very first address we have there, 10.0.0.0. All right, what is that? It's just an address folks, that's all it is. But now we're going to couple that address with something else. What is that? Look beside it, what do you see? What do you see folks? We had an in-depth discussion about that earlier. Very, very in-depth discussion.

Where did we see something like that, that started off with 0s and ends with 255s, something that is mask. It's a type of mask. It's a wildcard mask. And remember boy, we gave you some powerful tools we really did. What that says is, "I'm going to include any interfaces inside of that range." Because remember, the wildcard mask is a range operator.

Range, that's the keyword right there folks. It's a range of values. So what do these values refer to? The IP addresses that are on interfaces, that's what we're pointing out here.

Now, another devil's advocate student emulation question coming from me: "I don't want all of my networks to be advertised with an 8-bit mask, it looks like it's an 8-bit mask here. Does this network command indicate the mask of advertised networks?"

I'll let everybody ponder that for just a moment. We said, "Does that wildcard mask tell us what the advertised subnet mask will be?" No, no, not at all! Remember, it's just the range operator here. The first value we see is 10.0.0.0 coupled with this wildcard mask. It's telling us the starting range of our IP addresses and the ending range of our IP addresses, just like with our access control list. And we saw that earlier.

So where does the mask come from if it doesn't come from this command?

The mask is going to be generated by us to produce that range of values that we need.

The mask of the advertised networks, where does that come from?

That's going to come from our subnet mask that we have assigned to our IP address on our interface.

Okay, so it comes from the interface level. And so that's another thing we're, okay, we're indicating the interface. And whatever subnet mask happens to live on that interface that's what gets advertised. So these are common misconceptions that we wanted to spell for you. Anything else we need to understand about that combination of IP and wildcard mask?

Well let's just keep focusing on this example here and let's just remind you of how the range works. Starting will be, 10.0.0.0. That's the first value, just like the access control list. Nothing different here. Take that wildcard mask put it underneath. 10 plus 0 is 10, 0 plus 255 is 255, 0, 255 etc. So what do we have here? We have starting rate of 10.0.0.0 and an ending range of 10.255.255.255. So what is this state? This state enables the OSPF process on any interface. There is the keyword that has an IP address from 10.0.0.0 through 10.255.255.255.

Let's look at the topology now. Let's see how that plays out because that's the configuration to the branch router, upper left, and what do we see? Well look at that config, look at that topology. And I want you to tell us, what kind of configuration that is? You see the branch router but the cloud next to it. Look at that collection of networks that were including inside of that network command. What kind of interfaces do those look like?

I see a lot of dots, .1, .10, .20. Does anybody remember what type of interfaces those are?

Those are subinterfaces. Any time you see inside of a Cisco router or an adaptive security appliance (ASA), you see the dot annotation. That's a subinterface. That's a logical interface under the same physical interface. So it's all on gigabit 0/0 and so what kind of configuration is that? What does that do for us? If you said inter virtual LAN, or VLAN, or router-on-a-stick, or router-on-a-trunk, it's all right. So what we're doing is, in fact, advertising the subnets of the VLANs that the branch router is routing for. Where am I coming up with VLANs? Well that's what the .1, .10, .20 is doing. It's terminating the VLANs that live inside of that space. There are subnets there. We want the rest of the network to know about those subnets. So this network command enables the OSPF process on all of those subinterfaces, every single one of them. But there's something else to this command - area. We are configuring OSPF right now for a single area. Does anybody remember the name of area 0? What do we call that? What do we call that within our OSPF hierarchy?

It is the backbone area. And what is the number associated with that? It is area 0. So we're focusing on just area 0 here right now. And does that have to match when we are configuring an interface to be part of OSPF? Does the peer on the other end of that particular link have to be in the same area? Think back to that hello packet. Does it have to match?

There's an asterisk beside a few things: hello timer, dead interval, area ID. Yeah, we do have to match the area.

So we'll put these interfaces in area 0, because that's our focus right now. So just a recap. Network command enable OSPF on all those interface that fall within that range and put them in area 0. If you can learn to read it like that we'll be able to troubleshoot the network command very, very easily. If you are thinking, "I want to get ready for the certification and that's why I'm here", okay, this page is critical. Understanding how to configure OSPF is critical. So you want to have full mastery of this, you want to have confidence. If you're asked to ever configure OSPF, you want to be able to slap in a complex network command, that gets the job done for the tasks that are described to you, and it can demand some complex wildcard masking. So take advantage of the extra skills we've given you for wildcard masking which we're not going to do any extra review of but we did spend extra time there. You would want to be able to apply that here as well. But there is a new modern way of doing things, okay. So in this case, the history is quite lengthy. But around the year 2002 – 2003, somewhere around there, Cisco said, "You know what? So many people have struggled with the network command that, we're going to give a different option, and we're going to give people an interface level option to do the same thing." Remember, what the network command does? It plugs an interface into the OSPF process. Well we could just give people an interface level command that does the same thing and avoids the complexity of the wildcard masking. And so, how is that being utilized here on gigabit 0/1?

Well once we're in interface configuration mode, we typed in ip ospf 1, what does 1 refer to? The process ID. Remember, that doesn't have to match amongst our neighbors, it's only locally significant. But typically in our environment, we'll set it the same on everybody. And then which area will we place this interface in? Area 0 in this example.

Branch(config)#interface GigabitEthernet 0/1
Branch(config-if)#ip ospf 1 area 0

So a much simpler way to enable OSPF. Don't have to worry about crafting the perfect address in wildcard mask as we do with the network command. We can just go straight to the interface and turn it on with the ip ospf command.

Let's take a moment to look at HQ now. We have some examples with the network command. But, you know, let's read these together. And let's go through this and see, you know, what are the differences here and how we could figure out what is going on.

I'm glad we have two routers here because otherwise it's like that, one router running OSPF is the sound of one hand clapping. So we go to other routers that we want to be part of the OSPF autonomous system, okay. And remember, we want all interfaces to be part of that autonomous system to strategies. But really the key strategy that I personally want you to know is the network command, okay. That's the one where you can, it could be proved disastrous if you're like, "I'm just going to do interface level config" and avoid the network command and studying that.

Okay, so, I do router ospf 1 on HQ. Now here's what people maybe thinking. Do I have to match those two up? Do I have to match the process ID up between the two routers here?

Folks, what did we say earlier? No, they don't have to match. Is it recommended? It would be a good idea. That way there, you don't have process ID of 1 on 1 router, 10 on another router, 5 on another router, and then you don't know which process ID is what on a router and you make a mistake while you're configuring. But let's look at these network statements here and notice how that wildcard mask gives us the ability to be creative and specify exactly what interfaces we want OSPF to be enabled on.

First network statement, 172.16.1.0 with a wildcard mask of 0.0.0.255. What is that stating? Well if you learned how to read these network statements, it would be saying, enable OSPF on those interfaces that have an IP address from 172.16.1.0 through 172.16.1.255.

So we're just plugging that into area 0, and so that means you might think, well why, why would I include that? Well because we're pulling in, we're bringing that interface into the routing domain, into the autonomous system. That does mean we will route for that network. So we will relay advertisements pertaining to that. So even though we don't necessarily expect to see a downstream router of that, by enabling the routing process for that interface, say, we can send and receive hellos to form adjacencies. But we also advertise the subnet of that into the routing domain letting other routers know. Now I want everybody to just read the last line, the network command that starts off with 192. I don't want a /32 mask for that, I don't want a /32 mask. I know that may be /27, /24. So why are they doing in all 0's mask when that may not be the mask of that network as an inverse?

We have to remember this is a wildcard mask that will specify a range. It's not used to advertise the subnet mask that will be utilized. So think of it as the range operator. Let's just do the math for 192.168.1.2 over all 0's. What's your starting and what's your ending? 192 plus 0 is 192, 168 plus 0 is 168, 1 plus 0 is 1, and 2 plus 0 is 2, starting address of 192.168.1.2, ending address of 192.168.1.2.

Those sound like the same IP addresses to me, starting and ending.

It's right. So if the starting IP address is the same as the ending IP address, how many IP addresses do we have?

Well it's just one.

So it's telling OSPF, "Look for an interface with this specific IP address." When you find it, turn OSPF on, on that interface. So this is as specific as you can get with your wildcard mask. And this is also Cisco's best practices. Why might Cisco recommend this as their best practices in the real world when using the network command?

We don't want to be surprised as engineers, that's my reason. And we could be surprised if we were overly inclusive. Let's say we do network of all 0s and then all 255s. I do that and what that says, "Every IP address on my chassis is going to be part of the OSPF process." It's great, okay. I love it in laboratories. But in the real world if you did that, any new interface would automatically be included in the process once it gets an IP address. And then you just start, you know, chucking new things in and you might be like, "Well wait a minute, I didn't fully prepare that network, and I don't want to advertise that. It may not be ready. I was just doing some preparatory work." So being very, very specific allows you to have more control over the environment and not be surprised with newly advertised networks that you did not intend.

So, let's look at the topology in our configuration. We already indicated that every subinterface was enabled for OSPF with a top command, Gigabit Ethernet 0/1 we enabled on branch using these specific interface command. And down below on HQ, what interface is now? Well the interface that goes the 172.16, and then the interface that is part of 192.168. It's looking good to me. We've set up OSPF and all the interfaces we wanted.