Never mix end user traffic with control and management traffic

Use VLAN 1 for all control and management traffic while placing end-user traffic in other
VLANs (VLANs 2–1000).

Use VLAN 1 for control traffic, another VLAN (such as VLAN 2) for management traffic,
and the remaining VLAN for end-user traffic (such as VLAN 3–1000).

Distance vector protocol (Bellman-Ford)

- Each router along a route plays a part in route calculation. This can easily be wrong if
one router is mistaken.
- A route can't update its neighbors about a route until it has performed its own route
calculation. This takes much time
- If a destination is not directly connected, all a router knows about the destination is
what a directly connected neighbor tells it.

This type of protocol is susceptible to incremental corruption of information, THis

include routing loops.

Split horizon dictate that updates can only be send downstream, away from the original
source, rather than upstream.

Holddown timer works by ignoring updates for a particular route (when the route has
infinite metric) UNLESS:
- Original neighbor (from which route was heard) announce other new information about
that route
- Another neighbor advertising a route to the destination with a distance equal or less
than distance of the original route.

OSPF passes the update to neighbors THEN perform route calculation. This means
routers can converge as fast as they can route.
Route Calculation is independent of each other and no router is altering the update in
any way.
Route update must be the same for each and every router inside the same area to
prevent disagreement in how the update is presented. However, note that during
calculation, not all routers have identical LSDB.

Each router must not only identify itself and its directly connected links, but must also
identify any directly connected neighboring routers on those links. Neighbors are easily
identified if every router transmits messages—Hello messages—on its links announcing
its presence, and listening for Hellos from neighboring routers on the links. As long as
the Hellos are never forwarded off of a local link, receiving routers can be sure Hellos
are from neighbors.

RID must be consistent.

Hello messages are not forwarded beyond the neighbor; this is done by TTL of 1
(which is not suitable for loopback address) or use a multicast frame.
OSPF never broadcast a message.
OSPF messages have a high priority value to ensure they function correctly during
congested times. IS-IS has more problem identifying its messages with high priority. It
usually needs to utilize an internal system to do so. IS-IS has a potential problem when
used with ATM.
OSPF is subject to various type of DoS attacks, therefore, filtering and security is
important. IS-IS, on the other hand, need a direct link for an attack to occur.
OSPF messages are constraint in pre-defined, set-length fields, and therefore, is very
difficult to extend. Opaque LSA is used to solve this problem.
Upon receipt of Hello message, if the network is point-to-point or virtual link, the
network mask field is ignored, while for other types of network, this field must match.
An ASBR can be located anywhere in the routing domain.
The most important thing you should know about link state protocol is that itʼs only link
state within an area, inter-area behavior still remain distance vector.
Always start with area 0, then expand further.
A good implementation practice is to have all areas touch area 0, but this is not
necessarily the absolute truth.
The design suggestion is that OSPF should utilize less than 5% of the bandwidth, with
a normal range of less than 1%
A design is only considered redundant when 2 link failures doesnʼt segregate an area
or corrupt the design.

The number of routers within an OSPF area is determined by the router with the least
memory or processing power.
Stability is another factor
Low-bandwidth link limit the amount of LSA you can send to that router.
Manageability is one the most difficult decision. Too many routers can be complicated
and difficult to predict.
Determining how to present the external interfaces can be challenging, most use either
passive interface (use T1 LSA) or redistribute connected (T5 LSA). Passive interface
provide less stability, while redistribute connected takes a large amount of memory due
to its policy calculation.
The most likely reason of long delay in OSPF processing is the excessive number of
T5 LSA. This may not be coincidental, the culprit can be
- A faulty routing policy that redistributed prefixes from BGP to IGP
- Redistribution of a large number of static routes into the IGP
- Redistribution of a large number of directly connected prefixes into IGP
 Two routers are neighbors if they should be exchanging route information using a
common routing protocol. If two routers have identified each other as neighbors, each
has verified that the other is aware of this neighborship, and both have verified that no
condition exists that would prevent the exchange of route information, the neighbors are
adjacent.

Router A know Router B is aware of it by seeing Aʼs RID on the Bʼs Hello message.
Both sides must have this done, and this is known as three-way handshaking.

3 mechanisms ensure a reliable flooding process:

- Aging field that include a value for which an LSA/P is invalid; itʼs not a timer. When the
time is up, LSA/P can be safely deleted. If router distributing this LSA/P is up, it should
send out a refresh before current LSA/P expires. The timer can be counting up (0 to
max) or counting down (max to 0), with latter more flexible.
- Sequence number to indicate the update is new or old. Note there is a limit, for which
the sequence number wrap back to its original starting point, 1. At this point, the router
may assume the 1-LSA/P is actually less accurate than the highest sequence number.
There are a few solutions: 1) simply wait for the old LSA/P to age out, 2) issue another
copy of the same LSA/P with Aging = 0 or MaxAge (depending on timer) to age out the
LSA/P, 3) preventing an end by using a circular sequence number. But this caused
1980 ARPANET meltdown and therefore, is not employed.
Note: another caveat happens when an OSPF router restarts, meaning it will now
distribute LSA/P starting with sequence number 1. The old LSA/P is now clearly more
recent (to routerʼs logic), but itʼs not. The solution here is for the recipient router to send
back the LSA/P it think is the most recent and the originating router now start using a
sequence number greater than that.
- Checksum allow the entire frame except age field to be valid.

Route cost is determined by adding all the interface cost along the downstream side of
the route. Note that the costs on both ends of a link doesnʼt have to be equal, meaning
you can create an asymmetric network.

Link state protocol calculate destination based on step-by-step tree that has no loop in
the process.

IS-IS have message subtypes for L1 and L2, it has 3 message types, but 9 subtypes:
- L1 LAN IIH (used for both L1 and L2 hello)
- L2 LAN IIH
- PtP IIH
- L1 CSNP
- L2 CSNP
- L1 PSNP
- L2 PSNP
- L1 LSP
- L2 LSP

OSPF Message IS-IS Message Function

Hello Hello Neighbor discovery Adjacency
negotiation Adjacency keepalive
Database Description Complete Sequence Number PDU Database synchronization
(CSNP)
Link State Request Partial Sequence Number PDU Database synchronization
(PSNP)
Link State Acknowledgement No equivalent message, although Database synchronization
PSNPs are used as ACKs in some
cases
Link State Update Link State PDU Database synchronization and flooding

IS-IS functions has been classified into one of 2 categories by ISO: subnetwork
dependent and subnetwork independent functions.

Subnetwork dependent functions are functions between 2 neighboring router that can
differ depending on the particular data link protocol connecting the routers:
- Link demultiplexing: ability to recognize both ISO and IP packets
- Multiple IP address per interface: unlike OSPF, IS-IS can have many or no IP address
assigned to an interface
- LAN, DR and pseudonodes
- Maintaining router adjacencies
- Forwarding to incompatible router: incompatible here may refer to different types of IP
address or different unsupported feature

Subnetwork independent functions refer to the same actions taken regardless of type
of subnetwork:
- Addresses and addressing routers in IS-IS packets refer to how routers are identified
- Decision process
- Update process
- Forwarding process
- Exchange of routing information is the action of including necessary IP routing
information in IS-IS messages
- Routing parameter
- Hierarchical abbreviation of IP reachability information is the ability of summarizing
reachability information in a lower-level area to a higher-level area
- External links refer to the process of understanding redistributed routes
- ToS routing
- IP-only operation apply to IS-IS routers and deal with TLV that doesnʼt operate with IP
routing.
- Encapsulation
- Authentication
- Order of preference of routes / Dijkstra computation deals with selection of routes
 For OSPF to start, it must have an up interface. If current RID (of a physical interface)
is shut down, there are 2 possibilities of what will happen:
- Ignore the shutdown and continue to use the address. However, this poses a problem
if the address was intentionally removed to be assigned to another router. Then, these
routers may have a duplicated RID problem
- Another approach is force the router to pick out a new RID and advertise all LSA with
that RID, causing SPF to be rerun in all routers (within the domain).

Misconfiguring routers with duplicated RID in OSPF causes route flapping. A good
practice is to configure RID using the command. Try to use an IP address that usually
wouldnʼt appear in your domain, such as the broadcast subnet or something like 0.0.0.0.

RID is can be expressed in decimal or dotted-decimal format. JUNOS convert the

number to IP address (dotted-decimal) format whereas Cisco keep it the way youʼve
entered it.

In IS-IS, MAC address or IP address can be used as System ID, but there is no limit to
what addressing method you can use.

DR and and BDR are not created due to large amount of adjacencies, but a mean to
become more efficient. A pseudonode is used so that each router advertising the
attached broadcast network and its adjacent neighbor on the link, a single
advertisement can be flooded that specifies the link and lists the nodes attached to the
links. The attached routers then advertise just an adjacency to the pseudonode rather
than adjacencies to the other attached routers.
The pseudonode shows a cost of 0, and maintain no extra hop because itʼs a virtual
router, it doesnʼt really exist, it just makes STP easier.

DR is the router responsible for faking the pseudonode, itʼs not the pseudonode, it just
advertise (T2) LSA that is suppose to belong to the pseudonode.
A DR is only elected at broadcast and NMBA networks. Since NMBA doesnʼt support
multicast and broadcast, DR has to send LSA to neighbors using unicast. There are 2
solutions:
- Manually specify how to reach each router. In frame relay, use mapping on multipoint
interface.
- If supported on router software, convert the interface to broadcast network type.
Remember to add ʻbroadcastʼ keyword to mapping as well.

When an OSPF router becomes first become active, it sets its DR and BDR field to
0.0.0.0 and start a wait timer (equal to dead interval in value). Hellos are send, if
neighbors reply with DR/BDR field set, accept the values and wait timer is stopped.
If no DR/BDR field is heard before wait timer expires, DR election starts.
 When you have a group of routers, OSPF first elect the BDR based on priority and IP
address, then check if any router claim they WERE the DR, if not, BDR becomes DR
and a new BDR is elected.
Always remember that DR and BDR canʼt be preempted unless one of them fail.

OSPF support unnumbered interface on PtP network types.

NMBA network type include Frame Relay, ATM, and X.25, or any network using virtual
circuits whether itʼs PVC or SVC. Routers connect to this network should be in the same
IP subnet. Non-broadcast means a packet send by a router is probably not seen by all
other connected routers, given that topology is not full mesh.
One caveat about NMBA is that DR or BDR must have a direct PVC to every other
router, other routers should be ineligible to become B/DR (set priority = 0)

OSPF has 2 primary database, LSDB and interface database for which interface data
structures are recorded.
One feature can be found in the interface database is InfTransDelay, which the
estimated number of seconds to transmit LSU to over the interface. Default to 1 second,
every time a LSA pass through a router, its Age field is incremented by InfTransDelay.
Another feature is RxmtInterval, which is 5 seconds by default, specify the amount of
time a router waits before retransmitting an LSA (or wait for an acknowledgement).
An interface can be one of the following state:
- Down: lower layers unusable. No packet send or received. All parameters are
disabled, no timers, and no adjacencies
- Loopback: for maintenance purpose, whether in hardware or software. No packet
transmitted, include interface address in Router LSA.
- Waiting: when the LSA still has an available wait timer
- Point-to-point: for point-to-point and point-to-multipoint network type. Packets are send
and received, if neighbor is available, try to form adjacency
- DR Other: Packets are send and received, try to form adjacency with DR and
synchronize database with DR
- Backup: if the router is BDR for the network. Establish adjacency with all other routers
but not performing database synchronization with them
- DR: if the router is DR for the network. Establish adjacency with all other routers,
perform database synchronization with them, and create Network LSA
Note: only NMBA and point-to-multipoint are standard, all other network types are Cisco
proprietary.

An interface status change (event) can be:

- InterfaceUp: indicate an interface has come alive, or if a virtual link interface, SPF
calculation is done
- WaitTimer: wait timer has expired
- BackupSeen: Hello from neighbor with itself as the BDR or empty BDR field (filled DR
field).
- NeighborChange: can be caused by 1) neighbor has heard local router, 2) local router
lost neighbor, 3) neighbor is declaring itself as B/DR, 4) neighbor is no longer B/DR, 5)
this event has triggered a B/DR election, or 6) neighborʼs priority has changed
- LoopInd: this interface is looped back
- UnLoopInd: interface loopback has been dropped
- InterfaceDown: lower layers unusable

An LSA is send when:

- A new, unknown LSA is received from a neighbor
- A more recent (higher sequence number) copy of an LSA is received
- The refresh timer of a locally originated LSA expire
- Adjacency or link changes state
- Route metric or IP address changes
- Router RID changes
- Router is elected or removed as DR
- Area ID is associated with one of the routerʼs interface changes
- LSR is received from a neighbor asking for a known copy of LSA

Whenever a LSU is send, the LSA it contains must be acknowledged by the receiving
neighbors to ensure reliable flooding. So when a LSA is send, itʼs added to a retransmit
list along with a configurable retransmit timer that defaults to 5 seconds. If a neighbor
fails to acknowledge too many times, the LSA is removed and an error log is entered.

Know that the acknowledgement can be explicit or implicit, delayed or direct.

Explicit acknowledgement involves the sending of LSAck message, while implicit
acknowledgement means simply sending back the same LSA to the originator. Implicit
acknowledgement are most likely to be used during database synchronization (LSU are
flooded to neighbors simultaneously), or flooding where 2 neighbors each receive a
copy of the LSA from other neighbors and then send LSU to each other more or less
simultaneously.
A delayed acknowledgement means that an OSPF router waited for some time before
sending the acknowledgement. There are several benefits to this, but this delay should
be no more than the retransmission timer:
- Allow more LSAs to be acknowledged, thus reducing traffic
- A single LSAck can acknowledge LSAs from different routers in a broadcast network
- Help randomize transmission of message on multi-access network
A direct acknowledgement means acknowledgement is received immediately and itʼs
send unicastly to the sender. This type of acknowledgement is preferred, but there are 2
cases for which it should ALWAYS be used:
- Duplicate LSA is received from a neighbor
- Received an LSA with Age field set to maximum to age out the LSA

Here is a summary of LSA and its LSID

Type Number LSA Link State ID
1 Router LSA Originating router’s RID
2 Network LSA
3 Network Summary LSA
4 ASBR Summary LSA
5 AS-External LSA
6 Group Membership LSA
7 NSSA External LSA
8 External Attributes LSA
9 Opaque LSA (link-local scope)
10 Opaque LSA (area-local scope)
11 Opaque LSA (AS scope)
IP interface address of the network’s DR
Destination network’s IP address
RID of the described AS boundary router
Destination network’s IP address
Destination multicast group address
Destination network’s IP address
Encoded BGP path attributes
8-bit opaque type + 24-bit opaque ID
8-bit opaque type + 24-bit Opaque ID
8-bit opaque type + 24-bit Opaque ID

OSPF internal route metric are expressed using 16 bits, and external route metric is
expressed using 24 bits. Note about E1 and E2:
- E1 routes are always preferred over E2 routes, regardless of metric
- If 2 ASBRs advertise the same prefix with same E2 cost, the cost of the internal paths
to the ASBR is considered and the router through the lowest-cost ASBR is chosen.

MaxAge in OSPF can be different because the same copy arrives at the router through
different routes. To prevent the router make false judgements about LSA with different
MaxAge, a constant called MaxAgeDiff is used to solve the problem. Itʼs 15 minutes,
this means if copies of the same LSA have a MaxAge difference less than 15 minutes,
itʼs considered the same LSA.

To compare which LSA is more recent:

- Latest sequence number
- If sequence number equal, greater checksum is newer
- LSA with a MaxAge is newer
- If all criteria above are equal, shorter MaxAge is newer
- If the sequence numbers and checksums are the same and neither age is MaxAge,
and the ages differ by less than MaxAgeDiff, the LSAs are considered identical.

LSA is flooded out the same interface from which it comes from if connected network is
LAN or NMBA and router is DR, otherwise, itʼs not flooded out the same interface (from
which itʼs received from).

Non-backbone area arenʼt allowed to exchange routing information directly.

LSDB consistency depends on an unbroken series of adjacencies connecting all

routers within an area. A database that is consistent mean all routers in an area share
the same view, through database synchronization between neighbors.

OSPF database synchronization:

Message Name/number Description
Hello (1) Used to discover neighbors, supply information used to confirm two
routers should be allowed to become neighbors, to bring a neighbor
relationship to a 2-way state, and to monitor a neighbor’s
responsiveness in case it fails
Database Description (DD Used to exchange LSA headers to let neighbor know what LSA a router
or DBD) (2) has. Contain interface MTU to perform check
Link-State Request (LSR) A packet that lists the LSIDs of LSAs the sender of the LSR would like
(3) the receiver of the LSR to supply during database exchange; more than
one can be used if there are many LSAs to request
Link-State Update (LSU) A packet that contains fully detailed LSAs, typically sent in response to
(4) an LSR message. Retransmit in 5 second if not acknowledged.
Link-State Acknowledgment Sent to confirm receipt of an LSU message. Contain common OSPF
(LSAck) (5) header + list of LSA header

The ʻoptionʼ field of the DD packet include:

- O, on indicate support for opaque LSA, used to extend OSPF by routers supporting it
- DC, on indicate a support for Demand Circuit and associated DNA LSA. Both router
has to agree whether they can support DNA LSA or not.
- EA, on indicate support for external attribute or T8 LSA; considered obsolete
- N/P, on indicate support for NSSA. This bit canʼt be on with E bit at the same time, one
has to be off. If routers disagree with bits, no adjacency can form
- MC, on indicate support for Multicast OSPF to flood T6 LSA to MOSPF-capable
routers
- E, on indicate originating router support external routing capability or T5 LSA. If this bit
is not agreed in Hello message, adjacency canʼt be formed
- T bit indicate support for ToS; obsolete.

DD packet contains several bits after the ʻoptionʼ field:

- I (init) and M (more) work together to indicate sequence of DD packets. If only one DD
packet, I = 1; M = 0. First DD packet of a flow has I = 1; M = 1, subsequent packet has
I = 0; M = 1, the last DD packet of the flow has I = 0, M = 0.
- MS bit is used to indicate the role of sending router. 1 means router is the Master,
while 0 is the Slave
- DD Sequence number

During database synchronization, 3 lists of LSAs are populated:

- Link State Transmission List contains list of LSAs transmitted, but not acknowledged
yet. Will be retransmitted every RxmtInterval
- Database Summary List contains a list of all the LSAs in the LSDB for the area in
which the neighbor is in. This list compiles what is to be transmitted in DD packets.
Once transmitted, the LSA can be deleted from the list
- LSR list contains a list of LSAs the local router doesnʼt know about but its neighbor
know about. Removed from the list if LSR for the LSA is send

Master is the router with higher RID, it should

- Send the first DD packet
- Increment (by 1) the sequence number for DD packets, slave canʼt do this
- Ensure that only one DD packet at a time is outstanding
- Retransmit DD packet if not acknowledged, slave canʼt do this

The higher RID router will send the first DD packet, which has no LSA header. The
neighbor receiving the packet checks to confirm itʼs the slave, then send a DD packet
listing its LSAs to begin the exchange process. This packet has the same sequence
number as the first DD packet send by the master.
However, if the neighbor disagree (neighbor think it should be the master), neighbor
send back an empty DD packet with its own sequence number

An OSPF router uses one of the following state to describe its relationship with its
neighbor:
- Down: no Hellos are heard. For NMBA networks, if a neighbor is down, local router still
send Hello to it, but at PollInterval, by default, is 2 minutes.
- Attempt: only occur in NMBA network for which neighbor have been manually
configured to aggressively send Hellos every HelloInterval
- Init: Hello have been received from the neighbor, but local routerʼs RID is not on
neighbor list
- 2-Way: bidirectional communication is established with the presence of both RID on
other routerʼs neighbor list. Must be in this state or higher to participate in B/DR
- ExStart: start of database synchronization process. Elect Master, and exchange first
DD packet and reply. All state above include this are considered adjacent
- Exchange: sending DD packets. Can also send LSR
- Loading: finished loading the database but not yet finished requesting LSA, this means
LSR list is not yet empty
- Full: neighbor are fully adjacent and this adjacency will appear in T1 and T2 LSA.

These are the events that causes a state change:

- HelloReceived— A Hello has been received from the neighbor.
- Start— Hellos should be sent to neighbors at the Hello interval. This event is only
generated for neighbors on NBMA networks.
- 2-WayReceived— The router sees its RID in the neighborʼs Hello, indicating that
bidirectional communication is established.
- NegotiationDone— The master/slave negotiation is done.
- ExchangeDone— Both routers have finished describing their databases in DD
packets.
- BadLSRequest— A Link State Request packet has been received requesting an LSA
that is not in the database, indicating an error in the database exchange process.
- LoadingDone— The Link State Request list is emptied after database exchange
process.
- AdjOK?— This is a decision point for whether an adjacency should be established
and maintained with the neighbor.
- SeqNumberMismatch— A DD packet has been received that either has an
unexpected (nonsequential) sequence number, an improperly set I bit, or an Options
 field value that is different from the Options field in the last received DD packet. This
event causes the database exchange process to be abandoned and restarted at the
ExStart state.
- 1-Way— Bidirectional communication with the neighbor is lost, as indicated by the
reception of a Hello from the neighbor in which the receiving routerʼs RID is not in the
Neighbor list. If the neighbor state is 2-Way or greater, the neighbor state is changed
to Init.
- KillNbr— Communication with the neighbor is impossible, and results in a change of
the neighbor state to Down.
- InactivityTimer— No Hellos have been seen from the neighbor in the last Router-
DeadInterval; the state of the neighbor is changed to Down.
- LLDown— A lower-level protocol indicates that the neighbor is unreachable, resulting
in a change of the neighbor state to Down.

The most obvious way an area will fail is through the failure of routers, therefore,
redundancy is important, especially for router that connects an area together and the
ABR.
 Stub area:
- Canʼt have any ASBR in the area since T5 LSA is prohibited
- ABR advertise a default route
- All routers in the area has to agree that they are stub and the specific type of stub
- Area 0 canʼt be stub
- Virtual link canʼt be configured over a stub area
- E bit = 0, means doesnʼt support external routing. If disagree, then adjacency canʼt
form.
- Block T4, and T5 LSA

Totally stubby eliminate all other T3 LSA except default route to ABR, so all traffic is
directly toward ABR

NSSA:
- Allow (multiple) ASBR to reside within an area = allow redistributed routes as T7 LSA
- Prevent ABR from distributing T5 LSA
- T7 LSA has the same format as T5 LSA except Type = 7. T7 has area-flooding scope,
meaning they are not permitted outside the area from which they are originated.
- Forwarding address must be 1) external peerʼs interface address, or 2) ASBRʼs
interface address
- N/P (N in T5 and P in T7) bit for NSSA is on by default, if P bit of T7 LSA is not on, itʼs
not translated into a T5 LSA by the ABR. If on, and there are multiple ABRs, the ABR
with highest RID will perform 7 to 5 translation.
- When ASR receives T7 LSA, it translates it into a T5 LSA, which has an AS flooding
scope, meaning the prefix is advertised throughout the domain.
- All routes from other areas are advertised as T3 LSA into this area
- ASBR can advertise a default route so if none of T3 LSA generated by ABR match, the
packet can go through ASBR.
- ABR can also advertise a default route, but this must be using T7 LSA because T3
LSA is internal, which means it will be preferred over T7 LSA. The P bit = 0 in this case
because, if translated into a T5 LSA, this LSA might be translated by another ABR
attached to the area back and set preference over current T7 LSA, causing inaccurate
routing and probably loops
- E bit = 0, doesnʼt support external routing
- Block T5 and T4 LSA, but allow T3 LSA
- Default route using ʻarea X nssa default-information-originateʼ command. 1) default
route must be in the routing table for ASBR, but from non-OSPF protocol, 2) default
route doesnʼt have to be in the routing table for ABR.

Note T5 LSA can have forwarding address of

- 0.0.0.0, the packet to the advertised prefix should be send to the originating ASBR
- External neighborʼs interface if the connecting link is advertised into OSPF an internal
route

Totally NSSA:
- Allow only default route (T3 LSA) and filter everything else (T3, T4, T5, T7 LSA).

An internal router canʼt summarize prefixes in the same area to prevent confusion. ABR
should summarize the routes contained in their individual area to reduce the LSDB for
backbone routers. Ideally, there should be as many T3 LSA in the backbone as the
number of ABR in the network.
However, remember there is a price for the reduced memory, inaccurate routing. This
is especially true when you have multiple ABR between that area and area 0. When this
happens, routes to the same destination have multiple paths with no good indicator
which path should be preferred. Only path with closer ABR is chosen.

When virtual link is configured between ABRs, these routers attempt to form a virtual
adjacency. When established, the network type is unnumbered point-to-point link. The
link is included in backbone T1 LSA.
Note:
- Virtual link must configure through a single area, this means the 2 ABRs must share a
common area, which canʼt be area 0 even though the link is considered a backbone
link
- Cost of the virtual link is not configurable, itʼs always the cost of the intra-area path
between the 2 ABR endpoints
- The common area canʼt be a stub area
- The ABR describes the neighboring ABR at the other end of a virtual link in its
neighbor table by the neighborʼs RID
- ABR then have at least one T1 LSA with V bit on (virtual link)
- T5 LSA are never flooded over virtual links
- Interface MTU in DD packet is always set to 0
- Thereʼs no network address mask, therefore, the field is equal to 0.0.0.0
- Hellos are send in unicast
- Area ID in packets is equal to 0; this is the only situation in which an internal router can
receive a packet of AID other than the area all of its interfaces are in
- LSID in T1 LSA is the RID of neighbor ABR
- Data Link field in T1 LSA is the IP address of the originating routerʼs interface
associated with the virtual link
- ABR gives the virtual link a Link Type 4 in T1 LSA
- OSPF packet over the virtual link are routed within the linkʼs transit area as intra-area
packets. This is the only time OSPF packets are not limited to directly connected
neighbors.
Warning: virtual link is no permanent solution to the network and add complexity to it as
well.

By default, SPF algorithm doesnʼt load balance, itʼs the vendor fixes that create such
feature, whose name is equal-cost multipath (ECMP).
 ECMP can occur in a per-packet basis, however, this approach doesn't count in for
delay, link propagation and router latency, buffering, and link MTU. These factors can
affect how TCP works and may cause reduced performance because TCP would requet
re-transmits.
A better approach is per-destination ECMP. It assigns different next-hop for all packets
to different destination, allowing each destination to be routed differently. This differs
from per-packet ECMP, which sets one next hop for each packet randomly or round-
robin-based. The disadvantage in this solution is that if a destination has heavy traffic,
one route can be utilized more often than another.
Per-flow load balancing distribute traffic based on source and destination IP address,
but further features can be examined, such as port number, ToS value, etc.

A peculiar case of multi-path load balancing can occur when 2 nodes are connected
both by PtP links and Broadcast links. One of two things can happen depending on how
SPF select the route:
- Only the PtP link is used, no efficiency
- Both links are used

To favor the latter situation, a simple rule is added to SPF algorithm: If there are
multiple entries in the candidate database with equally low cost, and if at least one link
is to a pseudonode and at least one link is to a router, always select the link to the
pseudonode first rather than randomly selecting among the links.

Incremental SPF is the partial influence of SPF when a topology change occur, such
as that in the stub router or a remote link failure. In these cases, SPF is not run on all
routers, just those that are affected by the change.

Partial route calculation (PRC), prevent running SPF algorithm when an interface
modifies, add or delete an IP address by simply recording the address, this saves
processing power because interface prefixes are of little importance except indicating
the destination.
In OSPF, only T3, 4, 5, and 7 LSA carrying a different destination will trigger PRC, T1
LSA with different destination will trigger full SPF calculation as well as changing the
RID of an OSPF process (you have to do it manually).

Another feature that increased the efficiency of SPF is SPF delay. Itʼs a timer that
indicate the minimum amount of time before the last SPF and the next SPF calculation;
this is known as SPF holddown or SPF throttling.
When large amount of different LSAs are flooded during current calculation, they are
buffered in LSDB until the holddown timer expires and SPF reruns. This increases the
convergence time
Cisco has taken this approach to SPF delays by using an exponential backoff
algorithm. Initial delay, delay increment, and maximum delay periods are configured.
The router waits the initial delay period before first running SPF. After the first run, the
delay is increased by doubling the delay increment every time SPF runs. So for
example, if the initial delay is 100ms and the delay increment is 1000ms, the router
delays the first SPF run by 100ms, the second by 1000ms, the third by 2000ms, the
fourth by 4000ms, and so on. The maximum delay value specifies in seconds the
largest value to which the delay can be incremented—an obvious necessity to prevent
an unstable network from causing the SPF delay to increase so much that SPF does
not run at all. When SPF has not run for twice the time specified by the maximum delay
period, the router switches back to “fast” mode in which the initial delay period is used.
This timer can be configured using ʻ(config-router)#timers throttle spfʼ command.

Delay, pacing, throttling, whichever itʼs called, delays the transmission of LSAs
(whether locally generated, or forwarded) to prevent it from overwhelm a neighbor.
Ciscoʼs default LSA pacing timer is 4 minutes, but it can be changed between 10 - 1800
seconds using ʻ(config-router)#timers pacing lsa-groupʼ command.
This timer also applies to checksumming and aging.

This feature has the greatest affect during LSA flapping, the timer can cause the LSA
to buffer, and when the timer is over, only the latest LSA is used.

OSPF defines 2 constants: new instance of a given LSA canʼt be generated more
frequently than 5 seconds (MinLSInterval) and new instance of a give LSA canʼt be
received more frequently than 1 second (MinLSArrival).

An OSPF router can also control the rate at which it floods neighborʼs LSA using
ʻ(config-router)#timers pacing floodʼ command, default to 33 ms and can be change
between 5 and 100 ms. 33 ms of flooding time means in one second, at most 33 Update
packets can be flooded.

Retransmission is another problem that, if a heavy flow of LSAs are flooded, the router
might not be able to respond within the retransmission timer, causing the LSA to be
retransmitted. Adjusting a bigger retransmission timer can solve the problem by “ip ospf
retransmit-intervalʼ command.

Another possible flooding problem occur in full mesh topology with no DR present,
multiple copies of the same LSA can be received and cause excessive traffic. Itʼs not a
very big problem for OSPF, because you can create different areas to deal with it.

If the memory allocated to LSDB is not enough, the OL bit is set for LSAs, this indicate
that LSDB for a router has been overloaded. The router can still be used to reach other
links, but no longer used as a transit router, essentially turning it into a stub router.

Nowadays, no worry exist over such problem, but OL bit now serves another function:
prevent unintentional blackholing of packets in BGP transit network.
 In an AS, edge routers usually form iBGP neighbor adjacencies even though they are
multiple routers away, they need to know: 1) how to reach iBGP peer, 2) how to reach
the external AS connected to the iBGP peer.

Even if the routers find a route to each other, the transit routers of that AS donʼt
understand BGP and therefore drop BGP packets. All these transit routers must be
BGP enabled to be able to transit BGP packets, and full mesh is necessary between
them.

OSPF can create T1 LSA with metric of 0xFFFF (maximum) This metric indicates that
the links are unreachable, so that the router is not included as a transit node on the SPF
tree. Stub links connected to the router are advertised with their normal metrics, so that
they are still reachable when the router is in overload.

When OSPF packets have to pass links with low MTU, one of 3 things can relieve this:
- Fragmentation
- Perform path MTU discovery and adjust transmitted unit sizes; add complexity
- Limit information units used to ensure it canʼt exceed any MTU size; not practical

OSPF packets are encapsulated in IP packet, and therefore, by default, is fragmented

appropriately.

Demand circuit is the type of connection that can stop transmitting when itʼs not
necessary. An extension of OSPF makes this following modification:
- Hellos are only send initially to bring up the circuit for initial database synchronization.
After LSDB is the same, no Hellos are send
- LSAs are flooded across the demand circuit during synchronization, but not
periodically refreshed. Only changes to LSAs will trigger new LSAs to be flooded.

This means DNA bit (highest bit of Age field) of the (Hello or DD) packet must be set,
to show a router is capable of accepting DNA packets, a router sets the DC bit in its
packets. If one router in the area doesnʼt support DNA packets, all DNA LSAs are
flushed from all LSDB in the area and the originating router has to reissue a new copy
without the DNA bit set and continue to refresh it.
DNA bit in a LSA means the LSA will not reach MaxAge, but it will still get incremented
on its way to the destination, itʼs just not incremented anymore at the destination.

Having no Hello means the link canʼt detect neighbor failure. An extension of OSPF
can detect failure of a neighbor using neighbor probing, which only occur when the link
has already being brought up for other functions.

LSAs are only flooded if:

- LSAʼs Option field changes
- Length field in LSA header changes
- New instance of LSA is received which has an age of MaxAge or DNA + MaxAge
- Contents of LSA has changed, excluding 20-byte header (since sequence number and
checksum can change frequently, they are not considered topology change)

Running demand circuit in a modern network is not a very good option because a
variety of problems can be created. One use of demand circuit is to limit overall
flooding, using ʻip ospf flood-reductionʼ command.

Security refers to systemʼs resistance to intentional harm and reliability concerns to a

systemʼs resistance to unintentional harm. Although the most common attacked protocol
is BGP because itʼs external, that doesnʼt mean your IGP is safe. In a sense, IGP may
be more vulnerable because it trusts every router it peers with and trust all routers in the
routing domain.

An attack attempt to alter the normal behavior of a protocol in one of 4 ways:

- Disclosure: obtain protocol data to study exploits in the systemʼs weakness
- Deception: target protocol is tricked to accept routing message from attacker and
believe itʼs from a legitimate peer
- Disruption: preventing target protocol from functioning correctly by launching a DoS
attack with flood of attacks
- Usurpation: attacker gain control over the routing protocol in one or more routers.
Above methods can be used to direct traffic to illegitimate device or creating a
blockhole

The attack can aim at one of the components:

- Hello protocol: bogus Hello message pretending to come from legit peer with
incompatible information, causing adjacency to fail
- Flooding process: sending spoofed LSAs claiming to come from legitimate routers to
trigger heavy flooding
- LSDB: sending spoofed LSA and cause incorrect routing or memory overflow
- Aging: flushing LSAs from LSDB by sending spoofed aged LSAs
- Sequence number: spoofed LSAs with maximum sequence number value, causing
sequence number to rollover
- DR process: bogus Hello with null or illegitimate DR/BDR field, to cause normal
routers to be out of sync with DR, accepting illegitimate information from DR, or cause
link failure
- Options flag: incompatible setting can cause adjacency to fail or allow illegitimate
routers to inject misleading information

Non-malicious threat are result of either misconfiguration or implementation problem.

Here are some practices you can do to secure your network, but most important things
are those that you practice everyday:
- Redundancy in system components: power supply, route process module, cooling
system, router
- Redundancy in network links, and network nodes
- When connecting to a router outside of your administrative control, use either static
route or BGP, never IGP.
- Use unicast reverse path forwarding (uRPF) to ensure source address of incoming
packets with unicast routing table to ensure packet is not spoofed.
- Use packet filtering
- Use rate limiting to keep router from getting bursted

When OSPF receive unknown LSA, itʼs dropped. However, when you want to
implement optional LSAs, you can either make sure that all routers support it, or
carefully design your network so that optional LSAs never need to be flooded through
non-supportive router.

Opaque LSAs are intended to add flexibility to OSPF by creating generalized LSA that
can disseminate undefined data from router to router. Opaque LSAs provide
information, using OSPF as a transport protocol, that is not available at time OSPF was
defined and those features that are relevant to OSPF route calculation.
There are 3 flooding scope for which an Opaque LSA can have:
- Link-local scope is limited to a single link and never forwarded by routers, T9 LSA
- Area-local scope is limited to a single area for which the ABR doesnʼt forward to other
areas, T10 LSA
- AS scope is limited to the AS local router reside in, not permitted in stub area, T11 LSA

Opaque LSA has Type field for which a decimal number denote the feature information
contained in the LSA.
Type Type Description
Value
1 Traffic Engineering LSA Used for MPLS-TE
2 Sycamore Optical Used to communicate details of optical topologies such as switch
Topology Descriptions capabilities and traffic engineering parameters for optical trunk
groups and hybrid mesh-ring optical networks. Not discussed in this
book.
3 Grace LSA Used for OSPF graceful restart
4 Router Information LSA Used for advertising optional capabilities
5–127 Unassigned Can be allocated by the IANA through the OSPF working group for
future Opaque LSA types.
128–255 Reserved Set aside for private and experimental use.
Opaque ID field uses 24 bits to present an unique ID for the specific LSA type.

Opaque LSA is only flooded to neighbors that support it, indicated by O bit in Options
field.

Router Information or RI Opaque LSA has been proposed to replace Opaque LSA
using O bit and TLV added after the message to support for up to 32 capabilities. These
capabilities are indicated in TLVʼs Capabilities field that can be easily expanded
Bit Capability
0–3 Reserved
4 OSPF graceful restart capable
5 OSPF graceful restart helper
6 Stub router support
7 Traffic engineering support
8 OSPF point-to-point over LAN
9 OSPF path computation server discovery
10–31 Future assignments

Route tag field is present in T5 and T7 LSAs using 32 bits

Multiprotocol label switching (MPLS) is the application of separating intelligence to

forward packet and actual packet forwarding. Currently, MPLS is used to provide WAN
access without the need of special infrastructure such as Frame Relay or ATM.

A virtual circuit here refers to the series of forwarding table entries that switched a
given packet across a path from an ingress point to an egress point. MPLS virtual circuit
is called LSP or label-switched paths.
MPLS is multiprotocol in that it can be used over any type of L2 and/or L3 protocols
because MPLS resides between these layers.

MPLS uses label, a 20-bit address to identify themselves, these labels have local
significance, and are represented in decimal format. When using MPLS with ATM, VPI
and VCI fields are used as label

Routers using MPLS are called label-switching routers (LSR). These routers have
switching tables (depending on implementation, it may be a separate table or part of
RIB) that map incoming labels with outgoing label/interfaces. Label of incoming packets
are changed if the destination is not router itself.
The router originating MPLS packet is known as ingress LSR and PUSH the label onto
an IP packet by encapsulating it in MPLS header. The last router receiving the MPLS
packet is known as egress LSR, which decapsulate, or POP MPLS header and forward
packet inside it as normal packets. Routers that SWAP labels are known as transit LSR.

A router can only be either ingress, egress, or transit LSR for a given unidirectional
LSP. It can take different roles for a different LSP. So for 2 distant routers to
communicate to each other, 2 LSPs are needed, one going to the destination, and one
coming back to the source.

When packets are forwarded in the same way (using the same label meaning going
out the same interface, being in the same queue, have the same policy, etc) are said to
be in the same forwarding equivalence class (FEC).
In MPLS, the label is used to define the outgoing interface. Using the same label
means a set of packets will be forwarded with the same manner, therefore, this label is
bound to a particular FEC describing how the packets should be forwarded.
 A signaling protocol is used to establish LSP from ingress LSR to egress LSR. The
ingress LSR first send “path request” to address (usually loopback) of the egress LSR,
which then issue “path setup” messages that are passed from the egress LSR to every
hop on the path back to ingress LSR.
Every transit LSR on the way dynamically assign an available label from its label pool
to set up the incoming and outgoing label for the LSP. Eventually, when the “path setup”
message reaches ingress LSR, the entire LSP should be set up, from the egress LSR to
the ingress LSR.

There are 3 signaling protocol:

- LDP is a simple protocol used with MPLS-based VPN services and follow the shortest
path provided by IGP routing protocol. Allow peer relationship with router that is or isnʼt
a neighbor. Establish a session, exchange prefix/FEC and label information.
- CR-LDP allow traffic engineering and is used by Nortel
- RSVP-TE perform same function as CR-LDP but adapted by Cisco and Juniper. Label
requests are sent in PATH messages and binding is down with RESV messages.
EXPLICIT-ROUTE defines path over which setup messages should be routed.

A tag distribution protocol (TDP) is cisco proprietary used for cisco tag switching. Uses
the same label but different message format than LDP. LDP and TDP can be supported
on the same device.

MPLS header is 4-byte and inserted between network and data link headers. It has:
- Label (20 bits)
- EXP (3 bits), experimental field is used as CoS or ToS field in IPv4 headers
- S (1 bit), stack bit is used for label stacking, encapsulating one MPLS packet within
another. Allow tunneling. If 0, this packet is stacked. If 1, this header is the only MPLS
header
- TTL (8 bits) works like TTL field in IPv4. Copied from IPv4 header when IPv4 packet
enters ingress LSR, the value is updated with the TTL field in IPv4 header when Ipv4
packet leaves egress LSR.
Note: TTL field can be disabled so that it only get decremented only at the ingress
router and again at the egress. This prevents the customers from seeing the cloud hops

Traffic engineering allow more flexible choice of routes between the ingress and
egress LSR. LSP can be manipulated using:
- Maximum bandwidth is the bandwidth of the interface. It can be the actual bandwidth
of configured with ʻbandwidthʼ
- Maximum reservable bandwidth specify the amount of available bandwidth a LSP can
reserve
- Unreserved bandwidth is the amount of remaining bandwidth
- TE metric: same as IGP metric, 24 bit
- Administrative group: maximum 32 groups for which links can belong to. Usually
named after colors, it can set the (constraint) accessibility of a link with the LSP.

MPLS packets have a priority field used to contend bandwidth. There are 8 levels, 0 to
7, with 0 being the highest. If link has being assign more load than it can handle
(oversubscription), and all LSPs would like to use the link, some of them just canʼt.
LSPs with lower priority canʼt win LSPs with higher priority and therefore, must seek an
alternative path to the egress LSR.

OSPF and IS-IS can transport and collect TE parameters and store them on local
database called TED. Best MPLS paths are then worked out using a modified version of
SPF called CSPF, C stand for constrained. This specification is then fed to the signaling
protocol to establish the wanted LSP.

TE parameters are carried using OSPF T10 LSA, which basically performs the same
function as T1 LSA: identify originating router, routerʼs neighbors, and TE parameters.
T10 LSA has area flooding scope, meaning all routers in that area has to accept
Opaque LSA. Itʼs used along with local T2 LSA in CSPF. Opaque Type = 1

There are 2 types of TLV which T10 LSA can carry:

- Router address TLV (TLV type 1) carries in its value field an always-reachable IPv4
loopback address of the originating router. This address is normally also the RID of the
originator, but of more importance here is that the address serves as the endpoint of
any LSP egressing the originator.
- Link TLV (TLV type 2) describes the TE parameters of a single link. The value of this
TLV is a set of sub-TLVs. The format of a sub-TLV is the same as any other TLV; it is a
sub-TLV only by virtue of the fact that it is in the value field of another TLV.

The sub-TLVs of the Link TLV, and their types, are as follows:
- Link Type (type 1) carries as its value a 1-byte field that specifies the type of link being
described: point to point (link type 1) or multi-access (link type 2).
- Link ID (type 2) serves the same purpose, and uses the same semantics, as the Link
ID in Router LSAs: It identifies the LSR at the other end of the link. If the link type is 1
(point-to-point link), the link ID is the RID of the neighbor. If the link type is 2 (multi-
access), the Link ID is the interface address of the DR.
- Local Interface IP Address (type 3) specifies the IP address of the originatorʼs
interface to the link. This sub-TLV can carry multiple IP addresses if the interface has
more than one address.
- Remote Interface IP Address (type 4) specifies the IP address or IP addresses of the
neighborʼs interface to the link, if the link is point to point. If the link is multiaccess, the
value of this sub-TLV is 0.0.0.0 or, alternatively, the sub-TLV is not included at all.
- Traffic Engineering Metric (type 5) carries a 4-byte TE metric
- Maximum Bandwidth (type 6) carries the maximum bandwidth. This is a 4-byte value
specifying the bandwidth in bytes (not bits) per second.
- Maximum Reservable Bandwidth (type 7) carries the maximum reservable
bandwidth. This is also a 4-byte value specifying the bandwidth in bytes per second.
- Unreserved Bandwidth (type 8) carries the unreserved bandwidth for each of the
eight setup priority levels 0 through 7, listed in the sub-TLV in order from 0 to 7.
Because each bandwidth size is described by a 4-byte number (again in bytes per
second), the total length of the value field of this sub-TLV is 32 bytes.
- Administrative Group (type 9) specifies the administrative group (link color) or
groups to which the link is assigned. The value is a 32-bit field, with each of the bits
representing one of 32 possible administrative groups. If a bit is set, the link belongs to
the group corresponding to that bit position. The most significant bit corresponds to
administrative group 31, and the least significant bit to group 0. In Figure 11.7, the
value of that linkʼs affinity bit (yet another name for administrative group) is 0x3, so the
link belongs to administrative groups 1 and 0 (and hence to whatever “colors” the
network administrator has associated with those two numbers). In Figure 11.8, this
same TLV value is labeled as “color,” and the value of 0 indicates that the links in the
database do not belong to any administrative groups.

Every Link TLV must have type 1 and 2 sub-TLV, other sub-TLVs are optional.

Multi-topology routing is an efficient way to create multi-services. When you want to

separate the processes, you can choose to use different instances to represent them,
then segregate the different instances using different authentication for each separate
instance.
However, this is very inefficient in that multiple databases have to be created and
multiple adjacencies may form across a single link.

Extensions of OSPF support multiple topologies (MT):

- Each logical topology is assigned a MT ID tagged onto the LSA
- A separate SPF algorithm is ran for each topology
- Each OSPF interface is assigned one or more MT ID to designate the route topology
ran on that interface
- Adjacency is established like only one instance of OSPF (as adjacency is not specific
to any topology) is ran and Hello are send to neighbors regardless of the MT it belongs
to. B/DR election is independent of individual topologies
- Appropriate LSA must be flooded even though it may not be relevant to current MT the
router runs. In other words, topology changes affect the default topology, therefore,
routers using that topology (all routers) must acknowledge the change.
- Route information for different MT is stored in different RIB.

RFC propose to use obsolete ToS field in LSA presenting the use of MT OSPF.

T1 LSA originated by MT-OSPF router indicate the links that router has and which MT
it belongs to. T3, 4, 5, 7 LSA also indicate the MT the prefix it carries.
 The default topology, MT ID 0, consists of all routers and links. Non-MT-OSPF routers
doesnʼt understand MT OSPF interpret MT ID = 0 as ToS = 0, which is the default
behavior, therefore, only use MT OSPF with routers that understand it.
MT ID can range from 1 to 127, and use Link Metric field to display the MT metrics
instead. T1 LSA uses 16 bits metric, T4, T5 and T7 uses 24 bits metric.

An exception can be made so a link can be exempted for SPF calculation in the default
topology. All routers in the area has to support MT OSPF.
This is done by turning on the MT bit in Hello, which is really just the old ToS bit. Then,
this router can only form adjacency with routers that supports MT OSPF and has MT bit
enabled, if not, that Hello is dropped. If disabled, this router can form adjacencies with
any other OSPF router.
Link wishing to be exempted from default topology also have the default Metric field
set to infinity (0xFFFF) to be ignored in default topology.