The following sample configuration provides deployment guidelines for implement OSPF routing protocol in OSPF backbone area:
Core
cr23-VSS-Core(config)#router ospf 100
cr23-VSS-Core(config-router)#router-id 10.125.200.254
cr23-VSS-Core(config-router)#network 10.125.0.0 0.0.255.255 area 0 !All connected interfaces configured in OSPF backbone area 0
Distributution
cr22-6500-LB(config)#router ospf 100
cr22-6500-LB(config-router)# router-id 10.125.200.6
cr22-6500-LB(config-router)#network 10.125.200.6 0.0.0.0 area 0 cr22-6500-LB(config-router)#network 10.125.0.13 0.0.0.0 area 0
!Loopback and interface connected to Core router configured in OSPF backbone area 0
OSPF – Area 20 Totally-Stub OSPF – Area 0 OSPF – Area 10 Totally-Stub Access Distribution Core Edge PSTN
Edge InternetEdge
229885 WAN Edge Data Center Service Block QFP OSPF – Area 30 Totally-Stub
!OSPF adjacency between Distribution and Core successfully established Neighbor ID Pri State Dead Time Address Interface 10.125.200.254 1 FULL/DR 00:00:38 10.125.0.12 Port-channel101
…..
• OSPF adjacency protection—Like EIGRP routing security, this best practices increases network
infrastructure efficiency and protection by securing the OSPF adjacencies with internal systems. This task involves two subset implementation tasks on each OSPF-enabled network device:
– Increases system efficiency—Blocks OSPF processing with passive-mode configuration on
physical or logical interfaces connected to non-OSPF devices in the network, such as PCs. The best practice helps reduce CPU utilization and secures the network with unprotected OSPF adjacencies with untrusted neigbors. The following sample configuration provides guidelines to explicitly enable OSPF protocol communication on trusted interface and block on all other interfaces. This recommended best practice must be enabled on all the OSPF Layer 3 systems in the network:
cr22-6500-LB(config)#router ospf 100
cr22-6500-LB(config-router)# passive-interface default
cr22-6500-LB(config-router)# no passive-interface Port-channel101
– Network security—Each OSPF neighbor in the LAN/WAN network must be trusted by
implementing and validating the Message-Digest algorithm 5 (MD5) authentication methods on each OSPF-enabled system in the network. Following recommended OSPF MD5 adjacency authentication configuration must be in the OSPF backbone and each non-backbone area to establish secure communication with remote neighbors. This recommended best practice must be enabled on all the OSPF Layer 3 systems in the network:
cr22-6500-LB(config)#router ospf 100
cr22-6500-LB (config-router)#area 0 authentication message-digest cr22-6500-LB (config-router)#area 10 authentication message-digest
cr22-6500-LB(config)#interface Port-Channel 101
cr22-6500-LB(config-if-range)# ip ospf message-digest-key 1 <password>
cr22-6500-LB#show ip ospf interface Port-channel101 | inc authen|key
Message digest authentication enabled
Youngest key id is 1
• Optimizing OSPF topology—Depending on the network design, OSPF protocol may be required to
be fine-tuned in several aspects. Building borderless enterprise campus networks with Cisco VSS and with the recommended best practices inherently optimizes several routing components. Leveraging the underlying virtualized campus network benefits, this design guide recommends two fine-tuning parameters to be applied on OSPF-enabled systems:
– Route Aggregation—OSPF route summarization must be performed at the area border routers
(ABR) that connect the OSPF backbone and several aggregated non-backbone; typically ABR routers are the campus distribution or WAN aggregation systems. Route summarization helps network administrators to summarize multiple individual and contiguous networks into a single summary network before advertising into the OSPF backbone area. Route summarization helps improve network performance, stability, and convergence by hiding the fault of an individual network that requires each router in the network to synchronize the routing topology. Refer to
Figure 2-21 for an example of OSPF route aggregation topology in enterprise campus design. !Route Aggregation on distribution layer OSPF ABR router
cr22-6500-LB(config)#router ospf 100
– Network Type—OSPF supports several types of network types, each designed to operate optimally in various type of network connectivity and designs. The default network type for the OSPF protocol running over an Ethernet-based network is broadcast. Ethernet is a multi-acccess network that provides the flexibility to interconnect several OSPF neighbors deployed in a single Layer 2 broadcast domain. In a best practice campus network design, two Layer 3 systems interconnect directly to each other, thus forming point-to-point communication. Cisco recommends modifying the default OSPF network type from broadcast to point-to-point which optimizes adjacencies by eliminating DR/BDR processing and reducing routing complexities between all OSPF-enabled systems:
cr22-6500-LB #show ip ospf interface Port-channel 101 | inc Network Process ID 100, Router ID 10.125.100.2, Network Type BROADCAST, Cost: 1 cr22-6500-LB#show ip ospf neighbor
!OSPF negotiates DR/BDR processing on Broadcast network Neighbor ID Pri State Dead Time Address Interface 10.125.200.254 1 FULL/DR 00:00:38 10.125.0.12 Port-channel101 cr22-6500-LB (config)#interface Port-channel 101
cr22-6500-LB (config-if)#ip ospf network point-to-point cr22-6500-LB#show ip ospf neighbor
!OSPF point-to-point network optimizes adjacency processing Neighbor ID Pri State Dead Time Address Interface 10.125.200.254 1 FULL/ - 00:00:32 10.125.0.12 Port-channel101
• OSPF Timers—By default, OSPF routers transmit Hello packets every 10 seconds and terminate
OSPF adjacency if the neighbor fails to receive it within four intervals or 40 seconds of dead time. In this optimized and best practice network design, Cisco recommends to retain default OSPF Hello and Hold timers on all OSPF-enabled platforms. Implementing aggressive Hello processing timers may create adverse impact during graceful recovery processes on any of the redundant campus layer systems.