Just another Cisco blog
Tutorials
OSPF Area Types: Totally Stubby
Jun 6th
This is the first post in a series about OSPF Area Types. Today we’ll go over Totally Stubby areas. We’ll be using the same topology as the Stub post. I’m also reposting the first portion of that here since it will be the same.
Quick refresher, OSPF Totally Stubby Areas allow only intra-area routes and a default route generated by the ABR (Type 2 LSAs – the default route comes through as a Type 3 LSA, but no other Type 3s are allowed). Inter-area and External routes (Type 5 LSAs) are not allowed in totally stubby areas.
(For more detailed information on LSAs and Area Types, check out this post.)
Here’s the topology:
OSPF Area Types: Stub
Jun 4th
This is the first post in a series about OSPF Area Types. Today we’ll go over Stub areas. This one will be somewhat short on config, but should have a good amount of show commands.
Quick refresher, OSPF Stub Areas allow inter- and intra-area routes (Type 2 and Type 3 LSAs). External routes (Type 5 LSAs) are not allowed in stub areas.
(For more detailed information on LSAs and Area Types, check out this post.)
We’ll be using the same topology we used for OSPF Authentication:
I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. I’ve also redistributed loopbacks on each router to give us some external routes, and I added 34.34.34.34/32 to Area 34 so we have an intra-area route to look at. Let’s look at some show commands BEFORE we make area 34 a stub:
OSPF Authentication
Jun 1st
This post is about the different OSPF authentication methods. It will be part of a series outlining OSPF commands/technologies.
We can configure OSPF to use authentication for an entire area, or just for a single interface. Today we’ll go over both. Here’s the topology:
First we’ll setup authentication for all of area 0:
R1(config)#interface FastEthernet0/0 R1(config-if)#ip ospf message-digest-key 1 md5 cisco R1(config-if)#ip ospf 100 area 0 R1(config-if)# R1(config-if)#router ospf 100 R1(config-router)#area 0 authentication message-digest R2(config)#interface FastEthernet0/0 R2(config-if)#ip ospf message-digest-key 1 md5 cisco R2(config-if)#ip ospf 100 area 0 R2(config-if)# R2(config-if)#router ospf 100 R2(config-router)#area 0 authentication message-digest R3(config)#interface FastEthernet0/0 R3(config-if)#ip ospf message-digest-key 1 md5 cisco R3(config-if)#ip ospf 100 area 0 R3(config-if)# R3(config-if)#router ospf 100 R3(config-router)#area 0 authentication message-digest |
Nothing crazy here, we configure OSPF and an MD5 key under our area 0 interfaces, then we specify that all of area 0 should use MD5 authentication. Note that the commands differ slightly if we want to use clear-text, it would be “ip ospf authentication-key [key]” and “area 0 authentication” under the OSPF 100 process.
Let’s verify:
R1#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:32 10.1.123.2 FastEthernet0/0
3.3.3.3 1 FULL/DROTHER 00:00:35 10.1.123.3 FastEthernet0/0
R1#sh ip ospf int fa0/0
...
Message digest authentication enabled
Youngest key id is 1 |
Everything is working, our neighbors are up and we see that authentication is enabled with the key we specifcied. Note, if we leave off a key, the neigbhors will still form and MD5 will still be enabled, but it will say key 0:
BGP Multipath-Relax
May 21st
So I learned a new command today. As usual I want to share with everyone. Today’s command is “bgp bestpath as-path multipath-relax”, which is actually hidden in IOS.
To give some background, BGP will not load balance across multiple paths by default. We can configure it to do so with the “maximum-paths n” command, which is pretty well known. The criteria of this command is that all attributes must match (Weight, LP, AS Path, etc). This is acceptable if we are multihomed to a single AS, but what if we are multihomed to different ASes? In that case we are not able to load balance across theoretically equal paths. Enter the “bgp bestpath as-path multipath-relax” command…
Here’s our first topology:
(click for fullsize)
Now the config:
R1(config)#router bgp 100 R1(config-router)#no synchronization R1(config-router)#neighbor 10.1.12.2 remote-as 200 R1(config-router)#neighbor 10.1.13.3 remote-as 200 R1(config-router)#no auto-summary |
Here we see the basic BGP config on R1. We will only be configuring R1 in this post.
Simple IPv6 Tutorial
Apr 20th
Today we’ll configure a basic IPv6 network. I’m not a big fan of IPv6. I’ve never used it in the real world, so it’s hard for me to keep it in my head, but I’ve been studying the hell out of it for the Written, so here goes.
We have a simple topology, only three routers. We will be running OSFPv3 on our serial links and loopbacks. Here’s our topology:
(Click image for fullsize)
First we’ll configure our IPv6 addresses:
R1: R1(config)#ipv6 unicast-routing R1(config)#int s0/0 R1(config-if)#ip add 10.1.12.1 255.255.255.0 R1(config-if)#ipv6 add 10:1:1:12::1/64 R1(config-if)#no shut R2: R2(config)#ipv6 unicast-routing R2(config)# int s0/0 R2(config-if)#ip add 10.1.12.2 255.255.255.0 R2(config-if)#ipv6 add 10:1:1:12::2/64 R2(config-if)#no shut R2(config-if)#exit R2(config)#int s0/1 R2(config-if)#ip add 10.1.23.2 255.255.255.0 R2(config-if)#ipv6 add 10:1:1:23::2/64 R2(config-if)#no shut R3: R3(config)#ipv6 unicast-routing R3(config-if)#int s0/1 R3(config-if)#ip add 10.1.23.3 255.255.255.0 R3(config-if)#ipv6 add 10:1:1:23::3/64 |
The first thing we do on each router is enable IPv6 routing. Then we give the interface an IPv4 address and finally an IPv6 address.
Let’s verify connectivity from R2:
Serial0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C001:71FF:FE12:0
Global unicast address(es):
10:1:1:12::2, subnet is 10:1:1:12::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF12:0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.
Serial0/1 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::C001:71FF:FE12:0 [TEN]
Global unicast address(es):
10:1:1:23::2, subnet is 10:1:1:23::/64 [TEN]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF12:0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.
R2#sh ipv int b
Serial0/0 [up/up]
FE80::C001:71FF:FE12:0
10:1:1:12::2
Serial0/1 [up/up]
FE80::C001:71FF:FE12:0
10:1:1:23::2
R2#ping 10:1:1:12::1
Sending 5, 100-byte ICMP Echos to 10:1:1:12::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
R2#ping 10:1:1:23::3
Sending 5, 100-byte ICMP Echos to 10:1:1:23::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/12 ms |
We have connectivity between interfaces on the same subnet.
Now we’ll configure our loopbacks and OSPFv3:
R1: R1(config-if)#int lo0 R1(config-if)#ipv6 add 1:1:1::1/64 R1(config-if)#ipv6 ospf 20 area 0 R1(config-if)#int s0/0 R1(config-if)#ipv6 ospf 20 area 0 R2: R2(config)#int lo0 R2(config-if)#ipv6 add 2:2:2::2/64 R2(config-if)#ipv6 ospf 20 area 0 R2(config-if)#int s0/0 R2(config-if)#ipv6 ospf 20 area 0 R2(config-if)#int s0/1 R2(config-if)#ipv6 ospf 20 area 0 R3: R3(config)#int lo0 R3(config-if)#ipv6 add 3:3:3::3/64 R3(config-if)#ipv6 ospf 20 area 0 R3(config-if)#int s0/1 R3(config-if)#ipv6 ospf 20 area 0 |
With v6 we enable OSPF directly under the interface on which it runs.
Recent Comments