OSPF Neighborship

OSPF Neighbor Relationship Process

In this post , We will see about OSPF neighborship process.

•  First you have to give the IP address to any interface of router which is going to participate in OSPF, As you type router ospf 1,it will choose ospf router id. The criteria is highest IP address will became ospf router id but loopback interface will beat the election process. You can manually configure in router id in ospf process: router-id syntax. This will override every dynamic process.

• After that configure network command in ospf routing process for particular interface with proper subnet mask, this will add that interface in ospf routing process, After that particular interface will send hello packets to 224.0.0.5

• Have a look on OSPF Packet format:

• Hello packet format: (Wireshark view) This is OSPF hello packet captured from tool,You can see the required fields in OSPF Hello packet.

Different States of OSPF neighborship,
There are different states of OSPF neighborship process, Which can be seen by show ip ospf neighbor command.

• Down State: In this state no hello packet is received from neighbor within last dead interval.

•   INIT State: Router A sent Hello packet to router B. Router B received the hello packet but can’t see own router id in hello packet.(the valid hello packet is, receiving router should see its router id in hello in sender’s hello packet) 

• 2 WAY State: This state means in both router bidirectional communication is happened, both router can see each other router id in hello packets. At this state Router decides the how to form the adjacency with other (on broadcast or NBMA) same time it will form full state only with DR and BDR and for other neighbors it will in 2-way state. For point to point link it will form full neighborship. In the stage DR and BDR are elected.

• EXSTART State: In this state master and slave negotiation happens between Router and DR/BDR, to start the communication first and exchange the LSA’s. In Point to Point link it negotiation happens between neighbors. 

• EXCHANGE State: In this state both will exchange DBD (Database descriptors) packets with sequence numbers. Router will send LSR and LSU to each other.'

• Loading State: In this state, both routers will compare DBD sent by each other and if some information is missing, Then again router sends LSR and receives LSU. After all process all database is compared, it should be same in both routers. Both should be properly synchronized. 

• Full State: In this state, routers are fully adjacent with each other. All the router and network LSAs are exchanged and the routers databases are fully synchronized. SPF algorithm is applied and best path is calculated and Routing table of neighbors are completed.

Now we completed the neighborship process. Let's have a look on OSPF packet types:

OSPF Packet Types:

•  Hello Packet
•  DBD – Database description
•  LSR – Link state Request
•  LSU – Link state Update
•  LSACK – Link state Acknowledgement.

Cisco ACL and Route Map

Today we will discuss about basics, Everybody is aware about ACL and Route-maps. But then also some confusion, Here in this post I will share some information about ACL and route-maps. Which can help you to understand these two terms more…

ACL :

The Cisco ACL  are used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the configured ACL, a packet is allowed or blocked from interface. Cisco ACLs are available for several types of routed protocols including IP, IPX, AppleTalk, XNS, DECnet, and others. Majorly we are using TCP/IP ACLs for TCP/IP traffic filtering are classified into two types: Standard Access Lists, and Extended Access Lists

Standard Access Control Lists: 

Standard IP ACLs range from 1 to 99. A Standard Access List  allows you to permit or deny traffic FROM specific IP address ( source). We can’t filter packet on destination basis.

Syntax: access-list access-list-number {permit|deny} {host|source source-wildcard|any}

Standard ACL example:

access-list 10 permit 10.1.1.0 0.0.0.255

This list allows traffic from all addresses in the range 10.1.1.0 to 10.1.1.255

There is an implicit deny added to every access list at last.

show access-list 10

The output looks like:

access-list 10 permit 10.1.1.0 0.0.0.255
access-list 10 deny any

Extended Access Control Lists:

 Extended IP ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements.

the access-list-number can be 101 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs begin to use additional numbers (2000 to 2699)

access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence]

Extended ACL example:

access-list 110 permit tcp 10.1.1.0 0.0.0.255 any eq 80

ACL 110 permits traffic originating from any address on the 10.1.1.0 network. The 'any' statement means that the traffic is allowed to have any destination address with the limitation of going to port 80.

Applying an ACL to a router interface:

After the ACL is defined, it must be applied to the interface (inbound or outbound). The syntax for applying an ACL to a router interface is given below:

interface
ip access-group {number|name} {in|out}

An Access List may be specified by a name or a number. "in" applies the ACL to the inbound traffic, and "out" applies the ACL on the outbound traffic.

Example:

To apply the standard ACL created in the previous example, use the following commands:

Rouer(config)#interface serial 0
Rouer(config-if)#ip access-group 10 out

Route-map

Route-maps have many features in common with widely known access control lists (ACLs). These are some of the traits common to both mechanisms:
They are an ordered sequence of individual statements; each has a permit or deny result. Evaluation of ACL or route-maps consists of a list scan, in  order, and an evaluation of the criteria of each statement that matches. A list scan is aborted once the first statement match is found and an action associated with the statement match is performed.
These are some of the differences between route-maps and ACLs:
Route-maps frequently use ACLs as matching criteria.
The result from an access list is a yes or no answer—an ACL either permits or denies input data. Applied to redistribution, an ACL determines if a particular route can (route matches ACLs permit statement) or cannot (matches deny statement) be redistributed.
Typical route-maps not only permit redistributed routes but also modify information associated with the route, when it is redistributed into another protocol.

route-map ospf-to-eigrp deny 10

 match tag 6

 match route-type external type-2

!

route-map ospf-to-eigrp permit 20

 match ip address 110

 set metric 20000 2000 255 1 1500

!

route-map ospf-to-eigrp permit 30

 set tag 8

!

router eigrp 1

 redistribute ospf 1 route-map ospf-to-eigrp

 default-metric 20000 2000 255 1 1500

Route-maps are more flexible than ACLs and can verify routes based
on criteria which ACLs can not verify. For example, a route-map can verify if
the type of route is internal or if it has a specific tag.

Each ACL ends with an implicit deny statement, there is no similar
convention for route-maps. If the end of a route-map is reached during matching
attempts, the result depends on the specific application of the route-map.Route-maps
that are applied to redistribution behave the same way as ACLs: if the route
does not match any clause in a route-map then the route redistribution is
denied, as if the route-map contained deny statement at the end

Route-maps is used in BGP, redistribution,etc.

In BGP :

• Route-map can match on:
• A network number and subnet mask match with an IP prefix list
• Route originator
• BGP next hop address
• BGP origin
• Tag attached to IGP route
• AS-path
• BGP community
• IGP route type (internal/external)
• Route-maps can also change the attributes of BGP routes
• Route-maps can set
• Origin
• BGP community
• BGP next hop
• Local preference
• Weight
• MED

Hope this information will help you.