CCIE LAB 06 OSPF Flashcards
Master the OSPF Lab scenarios
6.3 OSPF DR/BDR Election Manipulation
• Configure R6 to be elected the OSPF Designated Router for VLANs 67 and 146.
• If R6 goes down R1 should take over the DR status for VLAN 146.
• When R6 comes back up it should become the BDR.
• Modify the DR/BDR election on the Frame Relay network to ensure that if
R5’s connection to the Frame Relay network goes down and comes back
up, full reachability is still maintained.
R6: interface FastEthernet0/0.67 ip ospf priority 255 ! interface FastEthernet0/0.146 ip ospf priority 255
All other devices:
interface Serial0/0
ip ospf priority 0
6.7 OSPF Network Loopback
• Modify the network type of a loopback interface so that the links are not advertised as host routes.
interface Loopback0
ip ospf network point-to-point
6.8 OSPF Path Selection with Auto-Cost
• Modify the global OSPF cost calculation of all devices so that a Ten Gigabit Ethernet interface has a cost of 3, and an OC-3 link has a cost of 193.
router ospf 1
auto-cost reference-bandwidth 30000
6.9 OSPF Path Selection with Cost
• Using the interface level ip ospf cost command modify the OSPF domain so that traffic from SW4 going to the Loopback 0 network of R6 uses the point-to-point Serial link between R4 and R5.
R5:
interface Serial0/1/0
ip ospf cost 10000
6.10 OSPF Path Selection with Bandwidth
• Using the interface level bandwidth keyword modify the OSPF domain so that traffic from R6 to the Loopback 0 network of SW2 is first sent to R1.
R1:
interface Serial0/0
bandwidth 10000
6.11 OSPF Path Selection with Per-Neighbor Cost
• The Frame Relay PVC between R1 & R5 has been provisioned with 512Kbps of bandwidth by the service provider, while the PVC between R4 & R5 has been provisioned at 768Kbps. Configure per-neighbor cost values on R5 to reflect the underlying bandwidth of the Frame Relay circuits connecting it to R1 and R4.
R5:
router ospf 1
neighbor 155.1.0.1 cost 58593
neighbor 155.1.0.4 cost 39062
6.12 Repairing Discontiguous OSPF Areas with Virtual-Links
• Configure the network so that full reachability is maintained if R3’s connection to SW1 goes down.
• Do not apply any configuration onto R4 to solve this task.
R1:
router ospf 1
area 1 virtual-link 150.1.6.6
R6:
router ospf 1
area 1 virtual-link 150.1.1.1
6.13 OSPF Path Selection with Non-Backbone Transit Areas
• Configure R4’s Frame Relay and point-to-point Serial links connecting to R5 to have an OSPF cost of 1.
• Modify the SPF calculation in the OSPF domain so that R6 cannot use R4 to reach area 0 by transiting area 1.
R1:
router ospf 1
no capability transit
R4: interface Serial0/0/0 ip ospf cost 1 ! interface Serial0/1/0 ip ospf cost 1
R6:
router ospf 1
no capability transit
6.14 OSPF Path Selection with Virtual-Links
• Configure the OSPF domain so that traffic from SW3 going to OSPF area 51 transits the point-to-point Serial link between R3 and R2.
R2:
router ospf 1
area 5 virtual-link 150.1.3.3
R3: interface Serial1/3 ip ospf cost 1 ! router ospf 1 area 5 virtual-link 150.1.2.2
6.15 OSPF Demand Circuit
• The point-to-point connection between R4 and R5 is a low-speed Serial link. Configure the OSPF demand circuit feature on this link to reduce periodic OSPF hello transmission and paranoid update flooding.
R4:
interface Serial0/1/0
ip ospf demand-circuit
6.16 OSPF Flooding Reduction
• Configure interfaces so that links in OSPF area 3 do not participate in periodic paranoid update LSA flooding.
interface Vlan8
ip ospf flood-reduction
6.17 OSPF Clear Text Authentication
• Configure clear-text OSPF authentication for all adjacencies in area 2 using the password CLEARKEY. Enable authentication on all interfaces in area 2 with one single command.
interface _ ip ospf authentication-key CLEARKEY ! router ospf 1 area 2 authentication
6.17 OSPF Clear Text Authentication
• R3, R6, and SW3 should only enable authentication on their links connecting to SW1.
interface FastEthernet0/0 (Vlan79)
ip ospf authentication
ip ospf authentication-key CLEARKEY
6.18 OSPF MD5 Authentication
• Configure MD5 based OSPF authentication for all adjacencies in area 0, including the Virtual-Links, using the password MD5KEY with a single command.
interface Serial0/0 ip ospf message-digest-key 1 md5 MD5KEY ! router ospf 1 area 0 authentication message-digest area 1 virtual-link 150.1.6.6 message-digest-key 1 md5 MD5KEY
6.18 OSPF MD5 Authentication
Configure MD5 based OSPF authentication and enable MD5 authentication on a per interface basis.
interface Serial0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 MD5KEY
!
router ospf 1
area 5 virtual-link 150.1.3.3 authentication message-digest
area 5 virtual-link 150.1.3.3 message-digest-key 1 md5 MD5KEY
6.19 OSPF Null Authentication
• Modify SW1 so that if a new router is added to area 2 on VLAN 7 it does not require authentication.
interface Vlan7
ip ospf authentication null
6.20 OSPF MD5 Authentication with Multiple Keys
• Enable MD5 authentication in OSPF area 1.
• R1 should authenticate R6 using the password R1R6KEY.
• R4 should authenticate R6 using the password R4R6KEY.
R1:
interface FastEthernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 16 md5 R1R6KEY
R4:
interface FastEthernet0/1
ip ospf authentication message-digest
ip ospf message-digest-key 46 md5 R4R6KEY
R6:
interface FastEthernet0/0.146
ip ospf authentication message-digest
ip ospf message-digest-key 16 md5 R1R6KEY
ip ospf message-digest-key 46 md5 R4R6KEY
6.21 OSPF Internal Summarization
• Configure R5 to advertise a summary route for the VLAN 8 and 10 prefixes as they are sent into area 0.
• This summary should be as specific as possible while still encompassing all addresses in both subnets.
router ospf 1
area 3 range 155.1.8.0 255.255.252.0
6.22 OSPF Path Selection with Summarization
• Configure R3 to originate the summary route 155.1.6.0/23 in order to force traffic destined to VLAN 7 to transit R6.
• If R6’s connection to VLAN 146 is down, traffic for VLAN 7 should transit R3.
R3:
router ospf 1
area 2 range 155.1.6.0 255.255.254.0
6.23 OSPF External Summarization
• Redistribute between RIPv2 and OSPF on R4.
• R4 should advertise two summary routes that have a cost of 50 into OSPF for the prefixes learned from BB3.
router ospf 1 summary-address 30.0.0.0 255.252.0.0 summary-address 31.0.0.0 255.252.0.0 redistribute rip metric 50 subnets ! router rip redistribute ospf 1 metric 1
6.23 OSPF External Summarization
• Redistribute between EIGRP and OSPF on R6.
• R6 should advertise a single summary route into OSPF for the prefixes learned from BB1 that has a cost of 100, and includes the cost needed to reach R6.
router eigrp 10
redistribute ospf 1 metric 10000 1000 255 1 1500
!
router ospf 1
summary-address 200.0.0.0 255.255.252.0
redistribute eigrp 10 metric 100 metric-type 1 subnets
6.24 OSPF Stub Areas
• Configure OSPF area 3 so that R5 filters External routes out as they are
sent from area 0 to area 3.
• Devices in area 3 should still have reachability to routes external to the
OSPF domain.
All devices in Area 3:
router ospf 1
area 3 stub
6.25 OSPF Totally Stubby Areas
• Configure OSPF area 3 so that R5 filters Inter-Area and External routes as
they are sent from area 0 to area 3.
• Devices in area 3 should still have reachability to routes external to the
OSPF domain.
Only on R5:
router ospf 1
area 3 stub no-summary
6.26 OSPF Not-So-Stubby Areas
• Configure OSPF area 2 so that R3 filters External routes out as they are
sent from area 0 to area 2.
• R6 should still be allowed to redistribute EIGRP into OSPF.
All devices in Area 2:
router ospf 1
area 2 nssa
6.27 OSPF Not-So-Stubby Areas and Default Routing
• Configure R3 to advertise a default route into area 2.
• This default route should have a cost of 500.
router ospf 1
area 2 nssa default-information-originate
area 2 default-cost 500
6.28 OSPF Not-So-Totally-Stubby Areas
• Modify the area 2 configuration so that R3 filters Inter-Area and External routes as they are sent from area 0 to area 2.
• R6 should still be allowed to redistribute EIGRP into OSPF.
R3:
router ospf 1
no area 2 nssa
area 2 nssa no-summary
6.29 OSPF Stub Areas with Multiple Exit Points
• Modify area 2 in such a way that traffic from devices in area 2 going to area 3 uses R6 as the exit point, while traffic from area 2 going to the RIP
routes learned from BB3 uses R3.
• If R3 loses its connection to area 2, traffic for External destinations should be rerouted to R6.
• If R6 loses its connection to area 2, traffic for Inter-Area destinations should be rerouted to R3.
• Do not modify the cost of any links in area 2 to accomplish this.
R3:
router ospf 1
area 2 nssa no-summary
R6:
router ospf 1
area 2 nssa default-information-originate
6.30 OSPF NSSA Type-7 to Type-5 Translator Election
• Create a new Loopback 9 interface on SW3 with the IP address
9.9.9.9/32, and redistribute it into OSPF.
• Modify the OSPF domain so that only R3 advertises this route into area 0,
but traffic from R5 going to this destination transits R6.
• If R6 is down this traffic should be rerouted to R3.
R3: interface FastEthernet0/0 ip ospf cost 1000 ! router ospf 1 router-id 150.1.30.30
SW3: interface Loopback9 ip address 9.9.9.9 255.255.255.255 ! router ospf 1 redistribute connected subnets
6.31 OSPF NSSA Redistribution Filtering
• Configure area 3 as an NSSA so R5 blocks all LSA types 3, 4, and 5 and replaces them with a default route.
• Modify area 3 so that R5’s redistributed Loopback is injected into area 0 as LSA Type-5, but is not injected into area 3 as LSA Type-7.
R5:
router ospf 1
redistribute connected subnets
area 3 nssa no-redistribution no-summary
6.32 OSPF LSA Type-3 Filtering
• Configure LSA Type-3 Filtering on R5 so that devices in area 0 do not have reachability information about the layer 3 EtherChannel link between SW2 and SW4 or SW4’s Loopback 0 interface.
• Configure LSA Type-3 Filtering on R2 so that devices in area 51 do not have reachability information about the Loopback 0 interface of R5; this should not affect devices in area 5.
R2:
ip prefix-list R5_LOOPBACK deny 150.1.5.5/32
ip prefix-list R5_LOOPBACK permit 0.0.0.0/0 le 32
!
router ospf 1
area 51 filter-list prefix R5_LOOPBACK in
R5:
ip prefix-list AREA_3_ROUTES deny 150.1.10.10/32
ip prefix-list AREA_3_ROUTES deny 155.1.108.0/24
ip prefix-list AREA_3_ROUTES permit 0.0.0.0/0 le 32
!
router ospf 1
area 3 filter-list prefix AREA_3_ROUTES out
6.33 OSPF Forwarding Address Suppression
• Modify R5’s NSSA configuration so that devices outside of area 3 maintain connectivity to SW4’s redistributed Loopback 10.10.10.10/32.
R5:
router ospf 1
area 3 nssa no-redistribution no-summary translate type7 suppress-fa
6.34 OSPF Default Routing
• Configure R6 with a static default route pointing to BB1.
• Configure R6 to originate an external type-2 default route with a metric of 60 into OSPF as long as the static default route is installed in the routing table.
• Do not use a route-map to accomplish this.
• Configure R4 to originate an external type-1 default route with a metric of 40 regardless of whether it has a default route already installed in the routing table.
R4:
router ospf 1
default-information originate always metric 40 metric-type 1
R6: ip route 0.0.0.0 0.0.0.0 54.1.1.254 ! router ospf 1 default-information originate metric 60
6.35 OSPF Conditional Default Routing
• Configure R6 to originate a default route into OSPF, but only if the local Serial interface connecting to BB1 is up.
R6: router ospf 1 default-information originate always route-map TRACK_LINK_TO_BB1 ! ip prefix-list LINK_TO_BB1 seq 5 permit 54.1.1.0/24 ! route-map TRACK_LINK_TO_BB1 permit 10 match ip address prefix-list LINK_TO_BB1
6.36 OSPF Reliable Conditional Default Routing
• Remove the previous default route advertisement on R4.
• Configure an IP SLA instance on R4 to check ICMP reachability to BB3 every five seconds.
• R4 should advertise a default route into OSPF, but only if the SLA monitoring reports its status as OK.
R4: ip sla 1 icmp-echo 204.12.30.254 timeout 2000 frequency 5 ip sla schedule 1 life forever start-time now ! track 1 rtr 1 ! ip route 169.254.0.1 255.255.255.255 Null0 track 1 ! ip prefix-list PLACEHOLDER seq 5 permit 169.254.0.1/32 ! route-map TRACK_PLACEHOLDER permit 10 match ip address prefix-list PLACEHOLDER ! router ospf 1 default-information originate always route-map TRACK_PLACEHOLDER
6.37 OSPF Filtering with Distribute-Lists
• Configure distribute-list filtering on R5 that it does not install routes to the Loopback 0 networks of R1 and R2.
R5: router ospf 1 distribute-list 1 in ! access-list 1 deny 150.1.1.1 access-list 1 deny 150.1.2.2 access-list 1 permit any
6.38 OSPF Summarization and Discard Routes
• Configure R5 to advertise the summary 150.1.0.0/22 into area 3.
• Ensure that R5, SW2, and SW4 can still reach the Loopback 0 networks of R1 and R2, even with the previously configured distribute-list filter applied.
R5:
router ospf 1
no discard-route internal
area 0 range 150.1.0.0 255.255.252.0
6.39 OSPF Filtering with Administrative Distance
• Configure administrative distance filtering on R5 so that traffic going towards the VLAN 67 network is sent towards R3.
R5: router ospf 1 distance 255 150.1.6.6 0.0.0.0 67 ! access-list 67 permit 155.1.67.0
6.40 OSPF Filtering with Route-Maps
• Configure route-map filtering on R6 so that traffic going towards the Loopback 0 network of R3 is sent towards R1.
R6: router ospf 1 distribute-list route-map DENY_R3_LOOPBACK_FROM_R4 in ! access-list 3 permit 150.1.3.3 access-list 4 permit 155.1.146.4 ! route-map DENY_R3_LOOPBACK_FROM_R4 deny 10 match ip address 3 match ip next-hop 4 ! route-map DENY_R3_LOOPBACK_FROM_R4 permit 20
6.41 OSPF NSSA ABR External Prefix Filtering
• Configure area 2 as an NSSA.
• Configure summarization on R3 so that devices outside of area 2 do not have a route to the network 200.0.0.0/24.
• This filter should not affect any other prefixes.
R3:
router ospf 1
area 2 nssa
summary-address 200.0.0.0 255.255.255.0 not-advertise
6.42 OSPF Database Filtering
• Configure SW1 so that SW3 cannot learn any OSPF routes from SW1, but SW1 can still learn OSPF routes from SW3.
• Use an interface level command to accomplish this.
SW1:
interface Vlan79
ip ospf database-filter all out
- Configure R5 so that R2 cannot learn from R5, but R5 can still learn OSPF routes from R2.
- Do not use an interface level command to accomplish this
R5:
router ospf 1
neighbor 155.1.0.2 database-filter all out
6.43 OSPF Stub Router Advertisement
• Configure R4 to advertise the maximum metric value to all neighbors inside its Type-1 Router LSA.
R4:
router ospf 1
max-metric router-lsa
6.44 OSPF Interface Timers
• Configure R5 to send OSPF hello packets out its link to the Frame Relay
network every five seconds, and wait for seven seconds before declaring a neighbor down.
R5:
interface Serial0/0/0
ip ospf hello-interval 5
ip ospf dead-interval 7
6.44 OSPF Interface Timers
• Configure R4 to send OSPF hello packets every 250ms on the point-to-point link to R5.
interface Serial0/1/0
ip ospf dead-interval minimal hello-multiplier 4
6.45 OSPF Global Timers
• Configure SPF throttling to start new re-calculation at least 100ms after a new LSA arrives. The second SPF calculation should occur in no less than 1s after the first one, and the maximum wait time should be no more than 10 seconds.
router ospf 1
timers throttle spf 100 1000 10000
6.45 OSPF Global Timers
o Configure LSA pacing to wait at least 50ms between consecutive link-state updates. LSA retransmissions should be paced at least 75ms apart.
router ospf 1
timers pacing flood 50
timers pacing retransmission 75
6.45 OSPF Global Timers
o Configure LSA throttling to generate subsequent LSAs after 10ms, to wait at least 4 seconds to generate the next LSA, and no more than 6 seconds between generation of the same LSA.
router ospf 1
timers throttle lsa all 10 4000 6000
6.45 OSPF Global Timers
o Configure LSA arrival throttling to wait 2 seconds between reception of the same LSA from a neighbor.
router ospf 1
timers lsa arrival 2000
6.46 OSPF Resource Limiting
• Configure R4 so that no more than 5000 LSAs can exist in the database.
• No more than 500 of these routes should be originated through redistribution.
• R4’s OSPF process should be allowed to use up to 20% CPU utilization before allowing interrupts from higher priority processes.
R4: router ospf 1 max-lsa 5000 redistribute maximum-prefix 500 process-min-time percent 20
6.47 Miscellaneous OSPF Features
• Configure SW4 so that it goes not generate a log message upon receipt of a Type-6 LSA advertisement.
router ospf 1
ignore lsa mospf
6.47 Miscellaneous OSPF Features
• Configure SW4 so that it does not take the MTU value into account when establishing adjacencies on its Port-Channel1 interface.
interface Port-channel1
ip ospf mtu-ignore
6.47 Miscellaneous OSPF Features
• Configure SW4 to reflect the following output:
Rack1SW4#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
Rack1SW2 1 FULL/BDR 00:00:38 155.1.108.8 Portchannel1
SW4:
ip host Rack1SW2 150.1.8.8
!
ip ospf name-lookup
