evilrouters.net

In this lab, we have three routers at multiple locations that are connected through a switch, as shown in the diagram below:

We have been tasked with setting up OSPF on this network, with a few specific requirements:

• We must ensure that the ISP router is the designated router (DR)
• We must ensure that the Remote1 router is the backup designated router (BDR)
• We must ensure that the Remote2 router never participates in the election process
• Each router’s OSPF router ID should be the IP address of its FastEthernet 0/0 interface
• The ISP router should use its Loopback 0 interface as its default route and should advertise this default route through OSPF

The IP addresses that we will be using are as follows:

The Dynagen .net file that we’re using for this lab is as follows:

autostart = False

[localhost:7200]

        workingdir = /home/jlgaddis/dynamips/working/ospf-lab

        [[3640]]
                image = /home/jlgaddis/dynamips/ios/c3640-js-mz.124-17.img
                idlepc = 0x604c37fc
                ram = 128
                disk0 = 8
                disk1 = 0
                mmap = true
                ghostios = true

        [[router ISP]]
                model = 3640
                console = 2000
                slot0 = NM-1FE-TX
                fa0/0 = SW 10

        [[router Remote1]]
                model = 3640
                console = 2001
                slot0 = NM-1FE-TX
                fa0/0 = SW 1

        [[router Remote2]]
                model = 3640
                console = 2002
                slot0 = NM-1FE-TX
                fa0/0 = SW 24

        [[ethsw SW]]
                1 = access 1
                10 = access 1
                24 = access 1

With all necessary information in hand and our lab configured, let’s get started!

Configuring the interfaces

Our first step will be to configure the interfaces on all three routers with the IP addressing information in the table above. This should be fairly straightforward.

ISP# configure terminal
ISP(config)# interface fastethernet 0/0
ISP(config-if)# ip address 10.10.10.1 255.255.255.248
ISP(config-if)# no shutdown
ISP(config-if)# interface loopback 0
ISP(config-if)# ip address 188.46.37.254 255.255.255.252
ISP(config-if)# end
ISP#

Remote1# configure terminal
Remote1(config)# interface fastethernet 0/0
Remote1(config-if)# ip address 10.10.10.3 255.255.255.248
Remote1(config-if)# no shutdown
Remote1(config-if)# interface loopback 0
Remote1(config-if)# ip address 192.168.1.1 255.255.255.192
Remote1(config-if)# interface loopback 1
Remote1(config-if)# ip address 192.168.1.161 255.255.255.240
Remote1(config-if)# end
Remote1#

Remote2# configure terminal
Remote2(config)# interface fastethernet 0/0
Remote2(config-if)# ip address 10.10.10.2 255.255.255.248
Remote2(config-if)# no shutdown
Remote2(config-if)# interface loopback 0
Remote2(config-if)# ip address 192.168.1.65 255.255.255.192
Remote2(config-if)# interface loopback 1
Remote2(config-if)# ip address 192.168.1.129 255.255.255.224
Remote2(config-if)# end
Remote2#

Verifying connectivity

From the ISP router, we should now be able to ping the Remote1 and Remote2 routers:

ISP# ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/42/96 ms
ISP# ping 10.10.10.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/33/84 ms
ISP#

Configuring basic OSPF

Let’s get started with the OSPF configuration. For now, we won’t worry about the DR/BDR or router-id requirements, we just want to get our OSPF adjacencies up. We DO want to advertise all networks, including the Loopback interfaces, into the backbone area (“Area 0″):

ISP# configure terminal
ISP(config)# router ospf 1
ISP(config-router)# network 188.46.37.252 0.0.0.3 area 0
ISP(config-router)# network 10.10.10.0 0.0.0.7 area 0
ISP(config-router)# end
ISP#

Remote1# configure terminal
Remote1(config)# router ospf 1
Remote1(config-router)# network 192.168.1.0 0.0.0.63 area 0
Remote1(config-router)# network 192.168.1.160 0.0.0.15 area 0
Remote1(config-router)# network 10.10.10.0 0.0.0.7 area 0
Remote1(config-router)# end
Remote1#

Remote2# configure terminal
Remote2(config)# router ospf 1
Remote2(config-router)# network 192.168.1.64 0.0.0.63 area 0
Remote2(config-router)# network 192.168.1.128 0.0.0.31 area 0
Remote2(config-router)# network 10.10.10.0 0.0.0.7 area 0
Remote2(config-router)# end
Remote2#

Verifying OSPF adjacencies

Shortly after configuring OSPF as above, we should have seen log messages on our console, letting us know that the OSPF adjacencies had been established. Each router should have established an adjacency with the other two. Let’s take a look:

ISP# show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.1.129     1   FULL/DROTHER    00:00:38    10.10.10.2      FastEthernet0/0
192.168.1.161     1   FULL/BDR        00:00:36    10.10.10.3      FastEthernet0/0
ISP#

Remote1# show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
188.46.37.254     1   FULL/DR         00:00:32    10.10.10.1      FastEthernet0/0
192.168.1.129     1   FULL/DROTHER    00:00:38    10.10.10.2      FastEthernet0/0
Remote1#

Remote2# show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
188.46.37.254     1   FULL/DR         00:00:32    10.10.10.1      FastEthernet0/0
192.168.1.161     1   FULL/BDR        00:00:36    10.10.10.3      FastEthernet0/0
Remote2#

Looks like our adjacencies have formed just as we intended.

Configuring OSPF Router IDs

As mentioned in our requirements:

“Each router’s OSPF router ID should be the IP address of its FastEthernet 0/0 interface”

Because we are 1) in a Cisco environment and 2) using loopback interfaces, this will definitely not be the case. According to Cisco (see page three):

“The OSPF router ID is a 32-bit IP address selected at the start of the OSPF process. The highest IP address configured on the router is the router ID. If a loopback address is configured, it is the router ID. In the case of multiple loopback addresses, the highest loopback address is the router ID. Once the router ID is elected, it does not change unless OSPF restarts or is manually changed with the router-id command.”

Since each router has at least one loopback interface, the default router ID chosen will not be the one that our requirements dictate. Let’s configure them manually:

ISP# configure terminal
ISP(config)# router ospf 1
ISP(config-router)# router-id 10.10.10.1
Reload or use "clear ip ospf process" command, for this to take effect
ISP(config-router)# end
ISP#

Remote1# configure terminal
Remote1(config)# router ospf 1
Remote1(config-router)# router-id 10.10.10.3
Reload or use "clear ip ospf process" command, for this to take effect
Remote1(config-router)# end
Remote1#

Remote2# configure terminal
Remote2(config)# router ospf 1
Remote2(config-router)# router-id 10.10.10.2
Reload or use "clear ip ospf process" command, for this to take effect
Remote2(config-router)# end
Remote2#

Note that IOS warned us that the router ID will not change until the OSPF process restarts (either manually or via a router reload). We’ll hold off on that for now.

Meeting the designated router (DR)/backup designated router (BDR) requirements

From the output of “show ip ospf neighbor” above, we can tell that the ISP router has been elected as our DR and that the Remote1 router has been elected as our BDR. This is merely a result of the order in which we configured the routers (and, subsequently, the order in which the adjacencies formed). To fully meet the requirements, we must ensure that, under normal circumstances, the ISP router will be the DR, the Remote1 router will be the BDR, and that the Remote2 will never even attempt to participate in the election process.

This is actually pretty easy to configure and can be done by setting OSPF priorities.

First, to ensure that the ISP router will be the DR, we’ll give it the highest possible OSPF priority (note that this is configured under the appropriate interface):

ISP# configure terminal
ISP(config)# interface fastethernet 0/0
ISP(config-if)# ip ospf priority 255
ISP(config-if)# end
ISP#

Next, to ensure that the Remote2 router never participates in the election process we can set its OSPF priority to zero:

Remote2# configure terminal
Remote2(config)# interface fastethernet 0/0
Remote2(config-if)# ip ospf priority 0
Remote2(config-if)# end
Remote2#

With our current configuration, the Remote1 router will always end up as the BDR. What if, however, we later added another router to the network. Because it would, by default, also have an OSPF priority of 1, it is possible that it could take over the role of BDR. While, according to our requirements, changing Remote1’s OSPF priority is not needed, let’s set it to 254 just for good measure:

Remote1# configure terminal
Remote1(config)# interface fastethernet 0/0
Remote1(config-if)# ip ospf priority 254
Remote1(config-if)# end
Remote1#

Restarting the OSPF process

At this point, we should be in good shape and have met all requirements except one. Let’s go ahead and restart the OSPF process on each router to have our changes (OSPF priorities and router IDs) take effect. I’ll restart them in the following order to ensure the elections result in our desired configuration: ISP, Remote1, Remote2.

ISP# clear ip ospf process
Reset OSPF process? [no]: yes
ISP#

Remote1# clear ip ospf process
Reset OSPF process? [no]: yes
Remote1#

Remote2# clear ip ospf process
Reset OSPF process? [no]: yes
Remote2#

We should see our adjacencies go down and new adjacencies form using the new OSPF router IDs. From the ISP router, we can verify that the new router IDs are being used and also see which routers have our DR and BDR roles:

ISP# show ip ospf interface fastethernet 0/0
FastEthernet0/0 is up, line protocol is up 
  Internet Address 10.10.10.1/29, Area 0 
  Process ID 1, Router ID 10.10.10.1, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 255 
  Designated Router (ID) 10.10.10.1, Interface address 10.10.10.1
  Backup Designated router (ID) 10.10.10.3, Interface address 10.10.10.3
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:08
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 2, Adjacent neighbor count is 2 
    Adjacent with neighbor 10.10.10.2
    Adjacent with neighbor 10.10.10.3  (Backup Designated Router)
  Suppress hello for 0 neighbor(s)
ISP#

Verifying advertisement of OSPF routes:

Let’s take a look at the routing table on each router to ensure that our routes are being advertised throughout the OSPF area:

ISP# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     188.46.0.0/30 is subnetted, 1 subnets
C       188.46.37.252 is directly connected, Loopback0
     10.0.0.0/29 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
     192.168.1.0/32 is subnetted, 4 subnets
O       192.168.1.65 [110/2] via 10.10.10.2, 00:01:53, FastEthernet0/0
O       192.168.1.1 [110/2] via 10.10.10.3, 00:01:53, FastEthernet0/0
O       192.168.1.161 [110/2] via 10.10.10.3, 00:01:53, FastEthernet0/0
O       192.168.1.129 [110/2] via 10.10.10.2, 00:01:53, FastEthernet0/0
ISP#

Remote1# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     188.46.0.0/32 is subnetted, 1 subnets
O       188.46.37.254 [110/2] via 10.10.10.1, 00:01:53, FastEthernet0/0
     10.0.0.0/29 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
     192.168.1.0/24 is variably subnetted, 4 subnets, 3 masks
O       192.168.1.65/32 [110/2] via 10.10.10.2, 00:01:53, FastEthernet0/0
C       192.168.1.0/26 is directly connected, Loopback0
C       192.168.1.160/28 is directly connected, Loopback1
O       192.168.1.129/32 [110/2] via 10.10.10.2, 00:01:53, FastEthernet0/0
Remote1#

Remote2# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     188.46.0.0/32 is subnetted, 1 subnets
O       188.46.37.254 [110/2] via 10.10.10.1, 00:01:53, FastEthernet0/0
     10.0.0.0/29 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
     192.168.1.0/24 is variably subnetted, 4 subnets, 3 masks
C       192.168.1.64/26 is directly connected, Loopback0
O       192.168.1.1/32 [110/2] via 10.10.10.3, 00:01:53, FastEthernet0/0
O       192.168.1.161/32 [110/2] via 10.10.10.3, 00:01:53, FastEthernet0/0
C       192.168.1.128/27 is directly connected, Loopback1
Remote2#

Okay, our routing tables look good; all networks are being advertised and we should have full connectivity.

Default route requirement

Our last requirement states:

“The ISP router should use its Loopback 0 interface as its default route and should advertise this default route through OSPF”

Easy enough, right? Let’s do it:

ISP# configure terminal
ISP(config)# ip route 0.0.0.0 0.0.0.0 loopback 0
ISP(config)# router ospf 1
ISP(config-router)# default-information originate
ISP(config-router)# end
ISP#

Verify default route on ISP router

First, let’s make sure the default route made it into the routing table on the ISP router:

ISP# show ip route | include 0.0.0.0/0
S*   0.0.0.0/0 is directly connected, Loopback0
ISP#

Excellent! A default route has been configured. Let’s make sure it’s being propagated to the other two routers:

Remote1# show ip route | include 0.0.0.0/0
O*E2 0.0.0.0/0 [110/1] via 10.10.10.1, 00:03:23, FastEthernet0/0
Remote1#

Remote2# show ip route | include 0.0.0.0/0
O*E2 0.0.0.0/0 [110/1] via 10.10.10.1, 00:03:23, FastEthernet0/0
Remote2#

Awesome! The default route on ISP router is being advertised into OSPF and picked up by the Remote1 and Remote2 routers.

We’ve now met all the requirements of the lab — our work here is done.

Be sure and save your configurations, next time we add OSPF authentication to prevent unauthorized routing updates.

See you next time!