IP OSPF Flood-reduction


OSPF flooding filters in hub-and-spoke environment
OSPF LSAs are refreshed every 1800 seconds(30mins) . In large stable OSPF networks, this can lead to large amounts of unnecessary LSA flooding from area to area, hish CPU and eventually can block one of your links. Technically, if an LSA has not changed, why reflood it every 1800 seconds?
By default, OSPF floods new LSAs over all interfaces in the same area, except the interface on which the LSA arrives.

FRAME SWITCH
!
hostname FRAME_SWITCH
!
frame-relay switching
!
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface Serial0/1 201
frame-relay route 103 interface Serial0/2 301
frame-relay route 104 interface Serial0/3 401
no shut
!
interface Serial0/1
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201 interface Serial0/0 102
no shut
!
interface Serial0/2
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 301 interface Serial0/0 103
no shut
!
interface Serial0/3
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 401 interface Serial0/0 104
no shut
!

R1
!
hostname R1
!
interface FastEthernet0/0
ip address 10.2.1.1 255.255.255.0
duplex auto
speed auto
no shut
!
interface Serial0/0
ip address 10.1.0.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
clock rate 2000000
no arp frame-relay
frame-relay map ip 10.1.0.11 102 broadcast
frame-relay map ip 10.1.0.12 103 broadcast
frame-relay map ip 10.1.0.13 104 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
no shut
!
router ospf 1
log-adjacency-changes
network 10.1.0.1 0.0.0.0 area 1
network 10.2.1.1 0.0.0.0 area 0
!

R2
!
hostname R2
!
interface FastEthernet0/0
ip address 10.2.11.11 255.255.255.0
duplex auto
speed auto
no shut
!
interface Serial0/0
ip address 10.1.0.11 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
clock rate 2000000
no arp frame-relay
frame-relay map ip 10.1.0.1 201 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
no shut
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 1
!

R3
!
hostname R3
!
interface FastEthernet0/0
ip address 10.2.12.12 255.255.255.0
duplex auto
speed auto
no shut
!
interface Serial0/0
ip address 10.1.0.12 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
clock rate 2000000
no arp frame-relay
frame-relay map ip 10.1.0.1 301 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
no shut
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 1
!

R4
!
hostname R4
!
interface FastEthernet0/0
ip address 10.2.13.13 255.255.255.0
duplex auto
speed auto
no shut
!
interface Serial0/0
ip address 10.1.0.13 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
clock rate 2000000
no arp frame-relay
frame-relay map ip 10.1.0.1 401 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
no shut
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 1
!

Let’s check OSPF database on R2 (it’ll look similar on R3 and R4)

R2(config)#do sh ip os dat

OSPF Router with ID (10.2.11.11) (Process ID 1)

Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.2.1.1        10.2.1.1        1207        0x8000000D 0x008FF2 4
10.2.11.11      10.2.11.11      1244        0x80000005 0x009B95 3
10.2.12.12      10.2.12.12      1908        0x80000005 0x00BE6B 3
10.2.13.13      10.2.13.13      1921        0x80000004 0x00E340 3

Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.2.1.0        10.2.1.1        380         0x80000003 0x00CC49
R2(config)#

Similarly, the IP routing table on the spoke routers contained all the routes within the area:

R2(config)#do sh ip route os
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O       10.2.12.0/24 [110/138] via 10.1.0.1, 00:19:45, Serial0/0
O       10.2.13.0/24 [110/138] via 10.1.0.1, 00:19:45, Serial0/0
O       10.1.0.13/32 [110/128] via 10.1.0.1, 00:19:45, Serial0/0
O       10.1.0.12/32 [110/128] via 10.1.0.1, 00:19:45, Serial0/0
O IA    10.2.1.0/24 [110/74] via 10.1.0.1, 00:19:45, Serial0/0
O       10.1.0.1/32 [110/64] via 10.1.0.1, 00:19:45, Serial0/0
R2(config)#

After the OSPF flood reduction is configured on the hub router, the OSPF database size on the spoke routers is reduced and they lose all OSPF routes

interface Serial0/0
ip address 10.1.0.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
ip ospf flood-reduction
 ip ospf database-filter all out
clock rate 2000000
no arp frame-relay
frame-relay map ip 10.1.0.11 102 broadcast
frame-relay map ip 10.1.0.12 103 broadcast
frame-relay map ip 10.1.0.13 104 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
end

Let’s check again OSPF database on R2 (it’ll look similar on R3 and R4)

R2(config)#do sh ip os dat

OSPF Router with ID (10.2.11.11) (Process ID 1)

Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.2.11.11      10.2.11.11      4           0x80000001 0x00A391 3

All OSPF adjacencies established over the selected interface are dropped when the OSPF flood reduction is configured or disabled. The LSAs in the spoke routers are flushed after they are aged out (up to one hour); you could accelerate this process with the clear ip ospf process command also ip ospf flood-reduction will make sure that the LSAs are only sent when there’s a change in topology.

Following the OSPF flood reduction configuration, the spoke routers no longer have connectivity to the hub router. You have to configure a static default route pointing to the hub router on the spoke routers

R2(config)#do sh ip route | be Ga
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets
C       10.2.11.0 is directly connected, FastEthernet0/0
C       10.1.0.0 is directly connected, Serial0/0

R2(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.1

R2(config)#do sh ip route | be Ga
Gateway of last resort is 10.1.0.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets
C       10.2.11.0 is directly connected, FastEthernet0/0
C       10.1.0.0 is directly connected, Serial0/0
S*   0.0.0.0/0 [1/0] via 10.1.0.1

R2(config)#do ping 10.2.1.1 so f 0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.2.11.11
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/30/64 ms

Enjoy !

Tom

Advertisements

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog https://ccie4all.wordpress.com/ information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to https://ccie4all.wordpress.com/ ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

3 Responses to IP OSPF Flood-reduction

  1. Mark says:

    Hi Tom,

    One comment on your statement above “OSPF LSAs are refreshed every 3600 seconds(30mins)” Correct me if I’m wrong and its rather late as I’m typing this but isn’t 30min*60secs = 1800 seconds not 3600 seconds which would equal 60 minutes.

    The 3600 seconds that you are referring to is the maxage time. Basically the time the LSAs will expire in the database if they are not received an LSA refresh.

    Per Cisco configuration guide:
    Each LSA has an age field that gets periodically incremented while it is contained in the database or as it gets flooded throughout the area. When an LSA reaches a Maxage it gets flushed from the database if that LSA is not on any neighbors retransmission list.

    Q. How often does OSPF send out link-state advertisements (LSAs)?

    A. OSPF sends out its self-originated LSAs when the LSA age reaches the link-state refresh time, which is 1800 seconds. For more information, refer to Link-State Advertisements.

    http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#q31

    -Mark

    • ccie4all says:

      Hi Mark,

      Good catch ! Of course they’re sent every 1800secs(30mins) and max age is 3600secs(60mins) to avoid them getting flushed off of OSPF domain.
      Sign of doing way too much OSPF performance tuning recently 🙂

      Just checking other posts to make sure there’s no errors there.

      Tom

      • Mark says:

        Tom,

        No worries, were all in this CCIE journey together and should be able to depend on one another.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: