Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
Load balancing is a standard functionality of Cisco IOS Software that is available across all router
platforms. It is inherent to the forwarding process in the router, and it enables a router to use
multiple paths to a destination when it forwards packets. The number of paths used is limited by
the number of entries that the routing protocol puts in the routing table. Four entries is the default
in Cisco IOS Software for IP routing protocols except for BGP. BGP has a default of one entry.
The maximum number of paths you can configure is 16.
Figure 4-6 shows an example of configuring an OSPF router to load balance across six equal-cost
paths.
Table 4-5 debug ip ospf packet Fields
Field Description
v: OSPF version
t: OSPF packet type; possible packet types are as follows:
• Hello
• Data description
• Link-state request
• Link-state update
• Link-state acknowledgment
l: OSPF packet length in bytes
rid: OSPF router ID
aid: OSPF area ID
chk: OSPF checksum
aut: OSPF authentication type; possible authentication types are as follows:
0: No authentication
1: Simple password
2: MD5
auk: OSPF authentication key
keyid: MD5 key ID
seq: Sequence number
Introducing OSPF 155
Figure 4-6 OSPF Equal-Cost Load Balancing
The cost (or metric) of an interface in OSPF indicates the overhead that is required to send packets
across a certain interface. The cost of an interface is inversely proportional to its bandwidth. A
higher bandwidth indicates a lower cost. By default, Cisco routers calculate the cost of an interface
based on the bandwidth. However, you can force the cost of an interface with the command ip ospf
cost {value} in interface configuration mode.
If equal-cost paths exist to the same destination, the Cisco implementation of OSPF can keep track
of up to 16 next hops to the same destination in the routing table (which is called load balancing).
By default, the Cisco router supports up to four equal-cost paths to a destination for OSPF. Use
the maximum-paths command under the OSPF router process configuration mode to set the
number of equal-cost paths in the routing table, as shown in Example 4-8.
Example 4-8 Setting the Number of Equal-Cost Paths in the Routing Table
RouterX(config)#router ospf 1
RouterX(config-router)#maximum-paths ?
<1-16> Number of paths
RouterX(config-router)#maximum-paths 3
Network
172.16.0.0
config#
router ospf 100
config-router#
maximum-paths 6
config#
interface range fa0/1 – 6
config-if# ip ospf cost 5
156 Chapter 4: Single-Area OSPF Implementation
You can use the show ip route command to find equal-cost routes. Following is an example of the
show ip route command output for a specific subnet that has multiple routes available in the
routing table. Example 4-9 shows three equal-cost paths to the 194.168.20.0 network.
Notice the three routing descriptor blocks. Each block is one available route. Also note the asterisk
(*) next to one of the block entries. The asterisk corresponds to the active route that is used for
new traffic. The term “new traffic” corresponds to a single packet or an entire flow to a destination,
depending on whether the router is performing per-destination or per-packet load balancing.
OSPF Authentication
OSPF neighbor authentication (also called neighbor router authentication or route authentication)
can be configured such that routers can participate in routing based on predefined passwords.
When you configure neighbor authentication on a router, the router authenticates the source of
each routing update packet that it receives. This authentication is accomplished by the exchange
of an authenticating key (sometimes referred to as a password) that is known to both the sending
and receiving router.
Types of Authentication
By default, OSPF uses null authentication (Type 0), which means that routing exchanges over a
network are not authenticated. OSPF supports two other authentication methods:
■ Plaintext (or simple) password authentication (Type 1)
■ MD5 authentication (Type 2)
OSPF MD5 authentication includes an increasing sequence number in each OSPF packet to
protect against replay attacks.
Example 4-9 Finding Equal-Cost Routes with the show ip route Command
RouterX#show ip route 194.168.20.0
Routing entry for 194.168.20.0/24
Known via “ospf 1", distance 110, metric 74, type intra area
Redistributing via ospf 1
Last update from 10.10.10.1 on Serial1, 00:00:01 ago
Routing Descriptor Blocks:
* 20.20.20.1, from 204.204.204.1, 00:00:01 ago, via Serial2
Route metric is 74, traffic share count is 1
30.30.30.1, from 204.204.204.1, 00:00:01 ago, via Serial3
Route metric is 74, traffic share count is 1
10.10.10.1, from 204.204.204.1, 00:00:01 ago, via Serial1
Route metric is 74, traffic share count is 1
Introducing OSPF 157
Configuring Plaintext Password Authentication
To configure OSPF plaintext password authentication, complete the following steps:
Step 1 Use the interface level ip ospf authentication-key password command to
assign a password to use with neighboring routers that use the OSPF simple
password authentication. The password can be any continuous string of
characters that can be entered from the keyboard, up to eight characters in
length.
The password that is created by this command is used as a “key” that is
inserted directly into the OSPF header when Cisco IOS Software originates
routing protocol packets. A separate password can be assigned to each
network on a per-interface basis. All neighboring routers on the same
network must have the same password to be able to exchange OSPF
information.
Step 2 Specify the authentication type using the interface level ip ospf
authentication command. Table 4-6 explains the parameters for this
command.
For plaintext password authentication, use the ip ospf authentication
command with no parameters. Before using this command, configure a
password for the interface using the ip ospf authentication-key command.
NOTE In Cisco IOS Release 12.4, the router gives a warning message if you try to configure
a password longer than eight characters; only the first eight characters are used. Some earlier
Cisco IOS Software releases did not provide this warning.
NOTE If you do not use the service password-encryption command when configuring
OSPF authentication, the key is stored as plaintext in the router configuration. If you configure
the global service password-encryption command, the key is stored and displayed in an
encrypted form; when it is displayed, an encryption type of 7 is specified before the encrypted
key.
Table 4-6 ip ospf authentication Command Parameters
Parameter Description
message-digest (Optional) Specifies that MD5 authentication will be used.
null (Optional) No authentication is used. This option is useful for overriding
password or MD5 authentication if configured for an area.
158 Chapter 4: Single-Area OSPF Implementation
The ip ospf authentication command was introduced in Cisco IOS
Release 12.0. For backward compatibility, the authentication type for an
area is still supported. If the authentication type is not specified for an
interface, the authentication type for the area is used. (The area default is
null authentication.) To enable authentication for an OSPF area, use the
area area-id authentication [message-digest] router configuration
command. Table 4-7 explains the parameters for this command.
Example: Plaintext Password Authentication Configuration
Figure 4-7 shows the network that is used to illustrate the configuration, verification, and
troubleshooting of plaintext password authentication.
Figure 4-7 Plaintext Password Authentication
Plaintext password authentication is configured on interface serial 0/0/1 with the ip ospf
authentication command. The interface is configured with an authentication key of “plainpas.”
Notice that the connecting interfaces on both Router 1 and Router 2 are configured for the same
type of authentication with the same authentication key.
Table 4-7 area authentication Parameters
Parameter Description
area-id Identifier of the area for which authentication is to be enabled. The identifier can be
specified as either a decimal value or an IP address.
message-digest (Optional) Enables MD5 authentication on the area specified by the area-id
argument.
R1 192.168.1.101
S0/0/1
S0/0/1
192.168.1.102
Loopback 0
10.1.1.1
Loopback 0
10.2.2.2
Area 0
R2
interface s0/0/1
ip address 192.168.1.101 255.255.255.224
ip ospf authentication
ip ospf authenication-key plainpas
interface s0/0/1
ip address 192.168.1.102 255.255.255.224
ip ospf authentication
ip ospf authenication-key plainpas
Introducing OSPF 159
Verifying Plaintext Password Authentication
Example 4-10 shows output from the show ip ospf neighbor and show ip route commands for a
router that was configured with authentication.
Notice that the neighbor state is FULL, indicating that the two routers have successfully formed
an OSPF adjacency. The routing table verifies that the 10.2.2.2 address has been learned via OSPF
over the serial connection.
The results of a ping to the Router Y loopback interface address are also displayed to illustrate that
the link is working, as shown in Example 4-11.
Summary of OSPF Introduction
The following summarizes the key points that were discussed in this section:
■ OSPF is a classless, link-state routing protocol that uses an area hierarchy for fast
convergence.
■ OSPF exchanges hello packets to establish neighbor adjacencies between routers.
■ The SPF algorithm uses a cost metric to determine the best path. Lower costs indicate a better
path.
■ The router ospf process-id command is used to enable OSPF on the router.
Example 4-10 Verifying Authentication with the show ip ospf neighbor and show ip route Commands
RouterX#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ 00:00:32 192.168.1.102 Serial0/0/1
RouterX#show ip route
<output omitted>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1
C 10.1.1.0/24 is directly connected, Loopback0
192.168.1.0/27 is subnetted, 1 subnets
C 192.168.1.96 is directly connected, Serial0/0/1
Example 4-11 Using ping Output to Verify Link Operation
RouterX#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
160 Chapter 4: Single-Area OSPF Implementation
■ Use a loopback interface to keep the OSPF router ID consistent.
■ The show ip ospf neighbor command displays OSPF neighbor information on a per-interface
basis.
■ The commands debug ip ospf events and debug ip ospf packets can be used to troubleshoot
OSPF problems.
■ OSPF will load-balance across up to four equal-cost metric paths by default.
■ OSPF authentication can be two types: plaintext and MD5.
No comments:
Post a Comment