Learning IOS and JUNOS

As everyone knows that OSPFv2 is a standard routing protocol (http://www.ietf.org/rfc/rfc2328.txt), but not all vendors device will implement it exactly the same. Especially when the network scenario was not follow the standard design, then it might have different exceptional behavior in different vendor devices. In order to compare the difference behavior between Cisco and Juniper. I designed a special OSPF topology just like below, so we can see Cisco and Juniper have different result of routing exchange behavior.

Type 9, 10, 11 (Opaque LSAs) may be used for distributing application-specific information through an OSPF domain. Type 9 LSAs are not flooded beyond the local network or subnetworks. A link-local "opaque" LSA (defined by RFC2370) in OSPFv2 and the Intra-Area-Prefix LSA in OSPFv3 . It is the OSPFv3 LSA that contains prefixes for stub and transit networks in the link-state ID. Type 10 LSAs are not flooded beyond the borders of their associated area. An area-local "opaque" LSA (defined by RFC2370). Opaque LSAs contain information which should be flooded by other routers even if the router is not able to understand the extended information itself. Typically type 10 LSAs are used for traffic engineering extensions to OSPF , flooding extra information about links beyond just their metric, such as link bandwidth and color. Type 11 LSAs are not flooded through the AS. An AS "opaque" LSA defined by RFC 5250 ,  which is flooded everywhere except stu...

第一次學習OSPF的同學遇到NBMA時總會覺得大腦不夠用，怎麼記都很容易搞混，到底什麼時候要設定Neighbor，什麼時候要選擇DR/BDR? (請參考下圖) 我在這邊提供兩個快速記憶法： 只要是OSPF Mode內含 nonbroadcast 字串(包含NBMA)皆需 手動設定Neighbor 因為不支持broadcast(multicast)無法傳送multicast hello，所以一定要設定Neighbor改用unicast 只要是OSPF Mode開頭為 Point-to-XXX 字串皆 不須選擇DR or BDR Point-to-XXX常見於WAN的環境，因此沒有DR/BDR這類代表multiaccess broadcast的需求 除了標準LAN( Broadcast )/WAN( Point-to-Point ) 之外 的OSPF Mode Hello Timer皆為30 secs 希望對各位在學習過程中可以有些幫助!

假設R1,R2都是MPLS PE Router，為了避免CE Router R3,R4走backdoor(直連interface)，要強迫R3走MPLS backbone到達R4必須使用OSPF Sham-link feature，建立類似tunnel的通道來導引packet flow。有一個很重要的trick，那就是用來建立sham-link的loopback絕對不能在ospf LSDB中，必須要使用BGP來交換這個loopback interface的network。最好是另外再建立新的專屬loopback interface。最後將兩個CE之間的Backdoor OSPF cost調大，使之成為較差的路由。 R1 R1(config)#int loopback 99 R1(config-if)#ip vrf forwarding VRFA R1(config-if)#ip address 1.1.1.1 255.255.255.255 R1(config)#router bgp 100 R1(config-router)#address-family ipv4 vrf VRFA R1(config-router-af)#redistribute connected metric 1 R1(config-router-af)#router ospf 100 vrf VRFA R1(config-router)#area 51 sham-link 1.1.1.1 2.2.2.2 R2(PE) R2(config)#int loopback 99 R2(config-if)#ip vrf forwarding VRFA R2(config-if)#ip address 2.2.2.2 255.255.255.255 R2(config)#router bgp 100 R2(config-router)#address-family ipv4 vrf VRFA R2(config-router-af)#redistribute connected metric 1 R2(config-router-af)#router ospf 100 vrf VRFA R2(config-router)#area 51 sham-link 2.2.2.2 1.1.1.1 R3(CE...

Introduction A common problem when using Open Shortest Path First (OSPF) is routes in the database don't appear in the routing table. In most cases OSPF finds a discrepancy in the database so it doesn't install the route in the routing table. Often, you can see the Adv Router is not-reachable message (which means that the router advertising the LSA is not reachable through OSPF) on top of the link-state advertisement (LSA) in the database when this problem occurs. Here is an example: Adv Router is not-reachable LS age: 418 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 172.16.32.2 Advertising Router: 172.16.32.2 LS Seq Number: 80000002 Checksum: 0xFA63 Length: 60 Number of Links: 3 There are several reasons for this problem, most of which deal with mis-configuration or a broken topology. When the configuration is corrected the OSPF database discrepancy goes away and the routes appear in the routing table. This document explains some of the more common rea...

Using OSPF in PE-CE Router Connections In an MPLS VPN configuration, the OSPF protocol is one way you can connect customer edge (CE) routers to service provider edge (PE) routers in the VPN backbone. OSPF is often used by customers that run OSPF as their intrasite routing protocol, subscribe to a VPN service, and want to exchange routing information between their sites using OSPF (during migration or on a permanent basis) over an MPLS VPN backbone. Figure 1 shows an example of how VPN client sites that run OSPF can connect over an MPLS VPN backbone. Figure 1 OSPF Connectivity Between VPN Client Sites and an MPLS VPN Backbone When OSPF is used to connect PE and CE routers, all routing information learned from a VPN site is placed in the VPN routing and forwarding (VRF) instance associated with the incoming interface. The PE routers that attach to the VPN use the Border Gateway Protocol (BGP) to distribute VPN routes to each other. A CE router can then learn the routes to other sites in ...

The OSPF Shortest Path First Throttling feature makes it possible to configure SPF scheduling in millisecond intervals and to potentially delay shortest path first (SPF) calculations during network instability. SPF is scheduled to calculate the Shortest Path Tree (SPT) when there is a change in topology. One SPF run may include multiple topology change events. The interval at which the SPF calculations occur is chosen dynamically and is based on the frequency of topology changes in the network. The chosen interval is within the boundary of the user-specified value ranges. If network topology is unstable, SPF throttling calculates SPF scheduling intervals to be longer until topology becomes stable. Shortest Path First Calculations SPF calculations occur at the interval set by the timers throttle spf command. The wait interval indicates the amount of time to wait until the next SPF calculation occurs. Each wait interval after that calculation is twice as long as the previous one until th...

Introduction This document provides a sample configuration for implementing traffic engineering (TE) on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF). Our example implements two dynamic tunnels (automatically set up by the ingress Label Switch Routers [LSR]) and two tunnels that use explicit paths. TE is a generic name corresponding to the use of different technologies to optimize the utilization of a given backbone capacity and topology. MPLS TE provides a way to integrate TE capabilities (such as those used on Layer 2 protocols like ATM) into Layer 3 protocols (IP). MPLS TE uses an extension to existing protocols (Intermediate System-to-Intermediate System (IS-IS), Resource Reservation Protocol (RSVP), OSPF) to calculate and establish unidirectional tunnels that are set according to the network constraint. Traffic flows are mapped on the different tunnels depending on their destination. Functional Components IP t...

在Link-State Routing Protocol兩兄弟OSPF, IS-IS之間，有很多地方相似及相異之處，我這次特別將OSPF Designated Router(DR)/Backup Designated Router(BDR)及IS-IS Designated Intermediate System(DIS)這兩個同為SPF algorithm中在MultiAccess網路中必須存在的角色分別說明它們之間的相異點，希望可以為大家省去一一比對的麻煩。(如附圖)

很多人在讀到BSCI OSPF LSA Sequence Number這個章節時，常常會在心中出現一個問號? Cisco的教材是不是又打錯字了(Cisco教材編輯校閱相關負責單位請好好反省…真的是錯字百出)，其實是沒錯的。OSPF LSA Sequence Number的起始值是0x80000001，結束值是0x7FFFFFFF，或許你可能會感到困惑，怎麼會一開始的數字比結束的數字還要大呢? 事實上，這是因為起始值中開頭的8是代表著負數，它的意思是-7FFFFFFF，請參考以下的說明，就會明白了: 在古早時期玩遊戲是一種電腦能力的自我修練與提昇，怎麼說呢? 如果十幾年前很喜歡玩電腦遊戲的朋友，一定曾經使用過種種遊戲修改工具，像是PCTOOLS、整人專家等，透過這些工具的輔助將遊戲中的夢想變為現實，只要是各種可能的數字上限與主角能力的極限都可以任意調整。 廢話不多說，來看看我們要談的東西。一個位元組(byte)資料可表示的範圍從0(0000 0000)到255(1111 1111)，那麼負數的話要怎麼表示呢? 在電腦系統中只有0與1，並沒有任何的額外符號可以用來表示所謂的正/負數，因此可以使用一種變通的方式，我們利用位元組中最左邊的數字來代表正或負，以0為正，以1為負。 比如說0111 1111轉換為十進位的話是127，1111 1111轉換為十進位的話則是-127，由此我們知道一個位元組的表示範圍可以從-127到127。 以上我們談的都是所謂的原碼表示法，但是在電腦中的資料都是以補數來存放的，只有這樣才能減輕CPU的負擔。提到了補數，我們就不得不提一下倒數了。在電腦中是這樣規定倒數的：如果是正數，則按照原碼表示法的表示方式維持不變，如127仍為0111 1111；而如果為負數，那麼第一個數字為1，其他數字則倒反過來(也就是0變1，1變0)，比如說二進位表示法-127(1111 1111)，倒數的表示法為1000 0000。 補數也是相同道理，如果是正數，則依照原碼表示法不變，如127仍為0111 1111；如果為負數，則是除了第一個數字為1之外，其他數字先取倒數再加1，如-127，先取倒數為1000 0000，然後再加1，則為1000 0001。但1000 0000比較特殊，我們可以用它來表示-128，由此可以補數可表示的範圍為-128到127。 ◎參考資料：原码、...

在Cisco CCNP BSCI 3.0教材中有一個章節(P.3-108)提到OSPF的新功能(Since Cisco IOS 12.3(T) and later)可以避免大量非本機產生的LSA交換導致本機路由器的資源被消耗殆盡，那就是 max-lsa 這個指令。建議各位對照課文中的解釋來參考本文，應該會比較容易了解這些參數所代表的意義，而且Cisco官網所提供的資訊看來是比教材中的內容來得詳盡些。 以下文字翻譯自Cisco官網： 使用OSPF LSDB超載保護的好處 OSPF LSDB超載保護功能提供了一個讓OSPF可以限制非自身產生LSA數量的機制。當網路中其他的路由器由於設定上的不適當，可以會產生大量的LSA，例如，透過不當的路由重製(redistribution)產生很大數量的路由網段出現。這個LSDB保護機制避免路由器接受過大數量的LSA而導致CPU及記憶體資源的短缺。 OSPF LSDB超載保護如何運作 當OSPF LSDB超載保護功能被啟用時，路由器會追蹤接收到(非自身產生)的LSAs數量。 當接受到的LSAs數量到達設定的LSAs門檻(threshold)數量時，會登錄(log)一個錯誤訊息。 當接受到的LSAs數量超過設定的最大LSAs數量時，路由器將會傳送一個通知(notification)。 如果接收到的LSAs數量持續高於設定的最大數量超過一分鐘的話，OSPF程序(process)將會終結所有鄰居關係(adjacencies)並且清空OSPF資料庫。在這個 ignore state 狀態下，所有屬於這個OSPF程序的任何介面所接受到所有OSPF封包都會被忽略而且沒有任何一個介面會產生OSPF的封包。 OSPF程序會根據 max-lsa 指令中設定的關鍵字 ignore-time 之後的時間參數來決定持續 ignore state 的時間。( ignore-time 預設為5分鐘) 每次當OSPF程序進入 ignore state 時，就會將一個計數器( ignore-count )加1。如果這個計數器超過關鍵字 ignore-count 所指定的次數(預設為5次)，OSPF程序將會永久地保持在相同的 ignore state 下，必須要有人工手動的介入才能讓OSPF程序脫離 ignore state 。 當OSPF程序持續處於正常運作狀態的時...