menu

OSPF and virtual links

Background;
Area 0 is the only backbone area in ospf, all areas needs to be connected via some ABR to Area 0 in order to be routed to another area. For example:

Area 1 —Router1—Area 0—Router2—Area 2—Router3—Area3

Here will all routers act as Area Border Routers, R1 will be the ABR for areas 1 and 0. Router 2 will be the ABR for areas 0 and 2.
Router3 will be the ABR between areas 2 and 3… ? 

The technical difference here is that the LSAs wont be flooded from a non-backbone area into another non-backbone area. Lets lab things up in gns.

R1 advertises its Lo1 and prefix 10.1.1.0/24 into area0. R2 picks up the LSA 1 and flushes it into Are2 as type3 where R3 picks it up:

What does it advertise ?

Only LSA 1 and 2 describing its own links to its neighbors in A2 and A3. Note how we can see how the summary LSA from R2 was received by R3, but never advertised further. This is ofcourse expected behaviour.

Virtual-link

Virtual link is the trick to patch together non-backbone areas. This function can let a router connect to area0, even if its not adjacent directly to the area. Its configured like a bidirectional tunnel under each of the peering routers ospf process pointing to the other routers router-id.

R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#area 2 virtual-link 3.3.3.3

Since the virtual-link is configured pointing to the other router’s router-id, its highly recommended to statically configure a router-id first!

On R3, we do the same thing but pointing to R2 which is adjacent to A0. After this is setup we can see some new things.

First we can see that both routers lists eachother as neighbors over a virtual interface:

What happened more is that R3 considers itself to be adjacent to A0, and therefore it starts to advertise new LSA type1 for Area 0:

And because of that, it also starts to advertise our summary LSA’s as if the router was adjacent to Area0, and because of that we also see new IA routes at R4.

That wasn’t so deep, lets turn things up a notch:

First we build another topology. Here we have a similar one. Area200 is far away, Area 100 is a transit-area to Area 0 through R1 and R3.
Virtual-Link was setup between R2 -> R1 in order to make Area 200 accessible from A0 and potentially other areas.

Now we have what is according to OSPF definition a transit-area – Area 100.

The criterias for transit areas is when the area has two or more ABR’s to A0 and a virtual-link passing over it. As soon as one ABR is removed, or if we’d remove the VL, the area no longer classifies as a transit area. That is of big interest and why i had some issues understanding the next part.

(No) Capabilit transit ?

Capability transit, its on by default from Cisco ios 12.3T and nothing we would care much about i guess. This capability lets routers in choose path from Area100 to Area0. First, lets look at what this gives us.

R2 has two equal cost paths to area0, nothing strange. And remember how the VL gives connectivity to Area 200? It lets R2 in this case generate LSA1 (lying) and telling the area200 that it is adjacent with Area0 which it is only through the virtual link. Which we can see as a virtual interface, placed in a tunnel to area0. With this logic R2 gives connectivity for A200 to A0 through itself. And it has two paths to A0 and this is were capability transit comes in.

Capability transit enables the Router R2 to choose ABR, either via the Virtual-Link over R1 or via R3! The traffic is not limited to use the Virtual-Link. If the cost is lower via R3, the traceroute would look like this from R5 to Lo interface at R4:

This is of course something we can manipulate just as any inter-area ospf routing. But lets not focus on that now, we already did that in a previous post.

What happens if we configure no capability transit for the Area100? Lets check, step by step. First I raised the cost to the path over R1. So we know that the traceroute from R5 to A0 goes via R3, that is not participating in the VL. The traceroute still looks like above.

Next step, we disable the capability transit for the area by adding:

To all the routers connecting to the area. Then like we expected the traceroute from R5 changed to this:

 

Since its now forbidden to use area 100 as a transit area, its only ok for the routers to use the path over the virtual-link.

Leave a Reply

Your email address will not be published. Required fields are marked *