Exercise: OSPF

Part 1: Learning routes via OSPF

The initial network topology is the same as for the static routing exercise

1. Reboot your Cisco to get back to the last saved config. Check that you have no static routes. If you do have some, remove them.

   t2-router1#reload
   ...
   t2-router1#show ip route
   The only routes you should see are (C)onnected routes for your own
   interfaces. If you have any (S)tatic routes, delete them like this:
   t2-router1#conf t
   t2-router1(config)#no ip route 137.158.218.8 255.255.255.248 137.158.218.130
   ...
   t2-router1#write mem
   

2. Check your router can still ping your own PC, and other Ciscos on the backbone.

   t2-router1#ping 137.158.218.1
   t2-router1#ping 137.158.218.130
   

   (Your PC won't be able to ping any other PCs though, because your router doesn't have the routes any more)

3. Enable OSPF on the backbone interface (only). We will use MD5 authentication, to ensure that we only listen to OSPF packets from machines which know the secret key; we will also set the link cost to 100.

   t2-router1#conf t
   t2-router1(config)#router ospf 1
   t2-router1(config-router)#network 137.158.218.128 0.0.0.31 area 0
   Note: 0.0.0.31 is a "wildmask", which is like a netmask but with 0 and 1
   exchanged. Easy way to calculate: subtract each netmask byte from 255
   t2-router1(config-router)#redistribute connected subnets
   t2-router1(config-router)#redistribute static subnets
   t2-router1(config-router)#area 0 authentication message-digest
   t2-router1(config-router)#int e1  (or int e0/1)
   t2-router1(config-if)#ip ospf message-digest-key 1 md5 t2@afnog
   t2-router1(config-if)#ip ospf cost 100
   t2-router1(config-if)#  [Hit ctrl-Z]
   

   In real life you should use an MD5 key which is different to your login, enable and SNMP strings

   You can also try an IOS 12.0 feature which explicitly disables OSPF on all interfaces except those you norminate:

   t2-router1(config)#router ospf 1
   t2-router1(config-router)#passive-interface default
   t2-router1(config-router)#no passive-interface e1  (or e0/1)
   

4. Look at OSPF status

   t2-router1#show ip ospf int
   t2-router1#show ip ospf neighbor
   

   To interpret the neighbor information:

   2WAY    =  we are neighbors (we have established 2-way exchange of hellos),
              but neither of us is a designated router
   FULL    =  we are neighbors and we exchange routes (one of us is DR or BDR)
   
   DR      =  we are the Designated Router for this network
   BDR     =  we are the Backup Designated Router for this network
   DROTHER =  we are neither DR nor BDR
   

   If you see other states, they are intermediate steps on the way to establishing the final relationship, and should change after a few seconds.

5. Question: who is the Designated Router (DR) and Backup Designated Router (BDR) on the backbone network?

   DR =                         BDR =
   

6. Once you have established a neighbor relationship with another router, you should automatically have learned some new routes:

   t2-router1#show ip route
   

   Routes learned through OSPF are tagged with O. Check that the next hop IP address for each route is correct

   Also, the far router should also have picked up your route. You can go over to the other desk and ask to see "show ip route"

7. Check that your PC can ping the PCs on other desks

   $ ping 137.158.218.9
   ...
   

8. Once all desks are running, the instructors will add a class router into the OSPF cloud, and get it to announce a default route.

   Don't type this - it goes on the class border router
   cape-border-1(config)#router ospf 1
   cape-border-1(config-router)#default-information originate metric 100
   

9. Check that you can see the new router as a neighbor, and that you have picked up a default route (0.0.0.0)

   This should be sufficient to establish connectivity to the outside Internet! Use ping, traceroute etc. to test this

10. Save your config

    t2-router1#write mem
    

11. If you want DNS, you'll have to create /etc/resolv.conf on your PC

    domain t2.ws.afnog.org
    nameserver 137.158.216.192
    nameserver 137.158.216.129
    

    You should then be able to ssh/telnet to the outside world.

Part 2: Loopback interfaces

A loopback interface is a single (/32) IP address which belongs to a device, independent of its physical interface addresses. It's very convenient when managing routers, because you can use the loopback address as a fixed address to telnet to, or monitor using SNMP, which will continue to work even if one or more of the interfaces has failed.

1. You have been allocated a loopback address in the addressing plan - now configure it into your router.

   t2-router1#conf t
   t2-router1(config)#int loopback0
   t2-router1(config-if)#ip address 137.158.218.112 255.255.255.255
   t2-router1(config-if)#  [Hit ctrl-Z]
   

2. Since your router has been configured to "redistribute connected" networks into OSPF, your loopback address will be learned by all the other routers in the class, and you will learn theirs. Look for them with "show ip route" and try pinging them.
3. NOW SAVE YOUR CONFIGURATION (write mem)

Part 3: Configuration storage via TFTP

For safety, at this point you will also store a copy of your router configuration on your Unix PC.

1. First, you need to set up your Unix PC as a TFTP server. TFTP is an insecure service, so you must restrict access to just your own router, to prevent other people overwriting your files.

   # vi /etc/inetd.conf
   Find the line for tftp. Uncomment it, by removing the # at the front
   Exit and save
   # killall -1 inetd
   
   # vi /etc/hosts.allow
   Add the following lines at or near the top: use your router's IP address
   tftpd : 137.158.218.6 : allow
   tftpd : ALL : deny
   Exit and save
   
   # mkdir /tftpboot
   # touch /tftpboot/t2-config
   # chmod 666 /tftpboot/t2-config
   

   (Note that the tftp daemon requires a file to already exist, and be publicly writable, before it will allow writes)

2. Transfer your current configuration

   t2-router1#copy running-config tftp
   Address or name of remote host? 137.158.218.1
   Destination filename [running-config]? t2-config
   !!
   774 bytes copied in 2.836 seconds (387 bytes/sec)
   t2-router1#
   

3. On your Unix PC, check that the config file is there

   $ more /tftpboot/t2-config
   

   (To return to a saved configuration: do "copy tftp startup-config" to download it into flash, then "reload").

Part 4: Dynamic changes in topology

Above you showed how OSPF can learn routes from the rest of your network, without having to manually insert static routes. Now you can show how OSPF can adapt to topology changes and choose better (lower cost) routes when they are available

Don't save your configuration when working in this section - this is so we can get back to the configuration you saved above.

1. Work in pairs with the neighboring station on your desk
2. Connect a DTE/DCE cable pair between Serial 0 (or Serial 0/0) on one router and the other.
3. Ask the instructors for a spare /30 subnet. Configure the two ends of the link.

   t2-router1#conf t
   t2-router1(config)#int s0  (or int s0/0)
   t2-router1(config-if)#description Serial link to desk 2
   t2-router1(config-if)#encap ppp
   t2-router1(config-if)#ip address 137.158.218.193 255.255.255.252
   t2-router1(config-if)#no shutdown
   

   Once this is done on both routers, "show int s0" should show that the Interface is up (layer 1), but Line protocol is down (layer 2).

4. On the router which has the DCE cable, set it to generate clock. If you can't tell which end is the DCE, just try it on both routers; the DTE end will refuse the command

   t2-router1(config-if)#clock rate 64000
   

   This is only because this is a back-to-back cable; normally you would use synchronous modems which generate clock

5. Line protocol should be up. Check you can ping the remote IP address. Because we have set the link to be only 64K, you should see a longer round-trip time reported by ping.

   t2-router1#ping 137.158.218.194
   

6. Enable OSPF on the serial line. We will use a larger cost of 500 to reflect the fact that this is a slower-speed link

   t2-router1#conf t
   t2-router1(config)#router ospf 1
   t2-router1(config-router)#network 137.158.218.192 0.0.0.3 area 0
   t2-router1(config-router)#no passive-interface s0   (or s0/0)
   t2-router1(config-router)#int s0  (or s0/0)
   t2-router1(config-if)#ip ospf message-digest-key 1 md5 t2@afnog
   t2-router1(config-if)#ip ospf cost 500
   t2-router1(config-if)#  [Hit ctrl-Z]
   

7. Both desks: look at your forwarding table

   t2-router1#show ip route
   

   Look carefully at the route to your neighbor's desk network, and your neighbor's router loopback interface, and make a note of it.

8. On one desk, unplug the ethernet connection into the backbone (E1 or E0/1), wait a few seconds, and look at the forwarding table again.

   Does the desk which had its ethernet unplugged still have connectivity to the Internet? When you traceroute, what route do the packets take?

9. Plug the ethernet back in. Set the cost of the serial link to 50.

   Look at the routes again. What has happened to the route to your neighbor's desk network, and to their loopback interface?

10. Try setting the cost of the serial link to 100

    Check the forwarding table ("show ip route"). Now what do you notice about the route to your neighboring desk's network?

11. There are cross ethernet cables available if you wish to try some more complex topologies linking to other desks.
12. Finally, remove the serial links and reboot your router to get back to the saved configuration.