OPEN SHORTEST PATH FIRST (OSPF) – AN IGP PROTOCOL

December 8, 2011 By

KEYWORDS: OSPF , CCNA, CCNP , LSA, LSDB , Dijkstra , MPLS, DBD

 

Do you recall  Dijkstra’s algorithm, shortest path first algorithm in your engineering and CCNA preparation . Its time to know its one of the  interesting application .

OSPF is an interior gateway protocol that helps to facilitate the routing information in for the form of LSA (Link state Advertisement) within a single routing domain. It gathers LSA from available routers and constructs a topology map of the network.The same topology map is shared between all the devices with an Area .  OSPF was designed to support (VLSM) or (CIDR) addressing models.

OSPF senses changes in the state of the link , such as link failures, quickly and converges on a new loop-free routing structure. It uses the Dijkstra’s algorithm to find the shortest path tree for each route.

The link-state information is maintained on each router as a link-state database (LSDB) which is a tree-image of the entire network topology. Identical copies of the LSDB are periodically updated through flooding on all OSPF routers.

The best routes are selected by the OSPF by discovering the paths with the lowest cost to a destination. The route cost includes the cost which is configured on interface on which the Link State Advertisement is received by the OSPF and the cost configured on the outbound links operating between the destination network and the router.

A close look inside a OSPF packet suggests the field that constitutes the OSPF packet .

 

 

The fields on the OSPF header are as follows:

  • Version number – Version for IPv4 .I.E 2
  • Type –There are different types of ospsf packets (Hello, DBD, LSR, LSU, LSack)
  • Packet Length – length of the OSPF packet
  • Router ID – Router ID of source Router
  • Area ID – The OSPF area in which the packets originated
  • Check sum – Used in error detection.
  • Authentication Type – Describes either no authentication, cleartext passwords, or encrypted Message Digest 5 (MD5) for router authentication.
  • Authentication – Used with authentication type.
  • Data – Contains different information, depending on the OSPF packet type:
    • Hello – A list of known neighbors.
    • DBD – Summary of the LSDB, which includes all known router IDs and their last sequence number, among a number of other fields.
    • LSR - Contains the type of LSU needed and the router ID of the router that has the needed LSU
    • LSU – Contains the full LSA entries. Multiple LSA entries can fit in one OSPF update packet.
    • LSack – Empty.

 

 

How to Configure OSPF on Cisco Router?

Following commands should be entered in Router configuration mode on Cisco router to enable OSPF,

Router(config)# router ospf 1 (this command enables OSPF on router where 1 is the process ID)

Router(config-router)# network 10.1.1.1 0.0.0.255 area 0 (network specified in this command on which OSPF has to be enabled)

Router(config-router)# network 10.2.1.1 0.0.0.255 area 0 (network specified in this command on which OSPF has to be enabled)

OSPF Neighbor states in case of Adjacency

In order to determine the neighbor state of OSPF, you have to run the following command,

Rotuer# Show ip ospf neighbor

OSPF Multicast Address

OSPF routers sends and listens OSPF message on following multicast address .

  • 224.0.0.5 –all OSPF routers Multicast Address
  • 224.0.0.6 –the DR and BDR multicast Address

 

OSPF Challenges and Troueblshooting

Most of the engineers find it difficult to troubleshoot the OSPF if the goes down or is not coming up . Although from Practical expereince it is not difficult if you know how OSPF works and what happens of each stage.

 

 

OSPF Neighbor Adjacency States

  1. Down State An OSPF intial process before any exchange of information starts .The exchange process begins when router sending a hello out each interface that is configured for OSPF. The hello packet is sent out multicast address 224.0.0.5.
  2. Init State  An ospf speaking router receives a packet from another OSPF router . These routers will add the originating router to their list of neighbors. This state is the init state.
  3. Two-way State  When the originating router obtains the hello back from the neighbors as well, it notices that its ownRouter ID is included in the list of neighbors. At this point a two-way state is reached. They now have two way communication.
  4. On a broadcast link type, such as an Ethernet LAN and multi-access medium, a DR and BDR must be elected. The DR will form a bi-directional adjacency with each routers on the LAN link.
  • If a new router joins the broadcast network in which a DR and BDR already exist, it will get to the two-way state with all the routers, including the DR and BDR, and those that are DROTHER. The new router will form a bidirectional adjacency with only the DR and BDR.
  1. Every 10 seconds, the routers exchange hello packets to ensure there is still communication established.

 

  • The routers proceeds in the exstart state once the DR and BDR are elected. After that they exchange LSAs and populate the LSDBs.
  • Loading Stateif the router finds that the DBD contains a more updated information, it sends an LSR to the other router. The process of sending the LSR is called the loading state.
  • The routers are considered synchronized and in full state once all LSRs have been received and updated.

 

From troubleshooting perspective you can run the command “ Sh ip ospf nei “ . it will show the the neighbor states and their status.

 

Wish you a happy learning !!!

 

For more updates on the Data Center world,visit Data Center Talk.

 

 

Share on TwitterSubmit to StumbleUpon
Filed Under: Certifications, Networking / Security Tagged With: , , , , , , ,

AToM – Any Transport Over MPLS

November 29, 2011 By

AToM is something, if you know what it can do , you can create solutions that can save thousand of dollars that you might invest in additional links and network infrastructure.  From a engineer perspective , it is something you will love to know and admire . Its an application on MPLS and provides and evidence how MPLS has revolutionize the network world and provides solutions which will be used more and more in coming years . Time has gone when Service Provider/Telecoms provides pure layer 2 dedicated LL and customer has to pay a lots for a international Leased Circuit and he never uses it up to its full capacity . So its time to save your precious dollars by sharing a common infrastructure and enjoy same service Level Agreement.

What is it ?

-  Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets/frames over an Layer 3 MPLS backbone.

-  Think of it as a method of emulating a layer 2 circuit over an MPLS backbone similar to AAL1 on an ATM Backbone.

-  AToM Supports the following Services

  • Frame Relay
  • ATM AAL5
  • ATM Port Mode
  • Ethernet VLAN
  • PPP
  • HDLC
  • Sonet/SDH

You can imagine a scenario when you have a Layer 3 backbone and you need to provide L2 circuit to your client using that L3 infrastructure . The challenge is how you will transport Ethernet frames received on one leg of an router to another router leg on another side and you have multiple routers in between as well .  Sounds interesting ?

Why Use It ?

PROs

-          Savings in transmission costs by consolidating multiple lower speed circuits into a few high speed circuits.

-          Flexibility with available capacity, by having all physical capacity on a single IP/MPLS backbone we can utilize available capacity for the services that require it.

CONs

-          SPOF

-          More Overhead

-          Synchronization could be an issue.

How does it work ?

-      AToM uses a two-level (Inner for Service and outer for Transport) label stack similar to a L3VPN.

-      PE’s use targeted LDP sessions to exchange label information.

-      Traffic is received at the ingress PE (AToM start point) and the layer 2 headers are removed.

-      An MPLS label is added suggesting the remote end of the pseudo wire.

-      A second label may be added for the outbound interface.

-      For port mode ATM Without cell packing, the 53 bytes ATM Cell (minus the HEC) is encapsulated in a 64 bytes AToM MPLS Packet.

-      Cell packing is the feature used to conserve bandwidth on the backbone by sending multiple ATM cells in a single IP packet.

One of challenges that arises and  here is added overheads due to this encapsulation . All service providers who have implemented  have faced this challenge to make sure that their core backbone is supporting the MPLS packets with increased MTU .

Let see how much over head is added

Pitfall : Avoid exceeding the Core MTU
 

Transport Type Header Size
ATM ALL5 0-32 bytes
Ethernet VLAN 18 bytes
Ethernet Port 14 bytes
Frame Relay Dlci (Cisco Encapsulation) 2 bytes
Frame Relay Dlci (IETF Encapsulation) 8 bytes
HDLC 4 bytes
PPP 4 bytes
  • The AToM Header is 4 bytes but it’s required for ATM AAL5 and Frame-Relay. (optional for Ethernet, PPP and HDLC)
  • Label number is 2 if P routers are directly connected. 3 if not.
  • If FRR is requested, it will add another level of tag.
  • Rule: Always assume we need 4 labels.
  • The Label size if 4 bytes

ie. For FR IETF  MTU = 4470 – 8 – 4 – (4 x 4) = 4442 bytes

What is needed ?

-          An Operational MPLS network

-          Targeted LDP session between PE end point routers. (used for advertising Vc labels)

-          TE Tunnels between PE end points.. Question do we need the Tunnels ? If so why ?

-          ESR, exception to use TE Tunnel.

-          Pseudowire configuration.

-          MTU considerations

 

 

AToM,Any Transport Over MPLS, Data Center, power calculation, cooling system, fewer generator, Green Data Center, datacenter, data center services, data center management, about data centers, internet data centers, datacenter services, datacenter solutions Business continuity

 

The ingress PE router PE1 receives the packets and  attaches the VC label (label 33) onto the frame first. Then it pushes the tunnel/transport label which is 121. The tunnel/transport label is the one  that is  Interior Gateway Protocol (IGP) prefix of remote PE . This prefix is specified by the configuration of AToM. The MPLS packet is then forwarded to connected P router and then it is forwarded by same method , hop by hop, until the packet reaches the egress PE, PE2.

Notice that when the packet reaches the egress PE, the tunnel label has already been removed by PHP. This is because of the penultimate hop popping (PHP) behavior between the last P router and the egress PE. The egress PE then looks up the VC label in the label forwarding information base (LFIB), strips off the VC label, and forwards the frame onto the correct AC.

The P routers never need to look at the VC label; therefore, they do not need the intelligence to be able to do anything with the VC label, the best part is the P routers are completely unaware of the AToM solution.

Because the tunnel label is simply the LDP or RSVP-learned label, no special label distribution protocol has to be set up for AToM on the P routers. The MPLS backbone normally is already using either label distribution protocol. The VC label, however, needs to be associated with a certain AC and advertised to the remote PE. A targeted LDP session performs this job.

Its fun and interesting if you know how it works, the benefits of this technology are immense!

 

You can also keep up to date with current trends and technology by visiting Data Center Talk where we keep you informed on important changes as they occur.

Share on TwitterSubmit to StumbleUpon
Filed Under: Networking / Security, Technology, Virtualization Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , ,

Importance of Firewalls and Network Security

November 26, 2011 By

Networking security involves the use of various tools that serve the basic purpose of preventing harmful programs from entering a computer.

Importance of Firewalls, Network Security, Data Center, power calculation, cooling system, fewer generator, Green Data Center, datacenter, data center services, data center management, about data centers, internet data centers, datacenter services, datacenter solutions Business continuity

A firewall blocks programs that you do not want to access your computer. Firewalls and network security ensure that your computer is free from harm. The basic role that a firewall plays is disallowing unauthorized access while letting in everything else.

Exception in Windows Firewall

Each time you install a new program in Windows, it has to ask to make an exception in the Windows Firewall and this is especially the case if the program will be involved with the Internet. At certain times, the firewall is overprotective and it blocks the communication of legitimate programs. You can correct such an over protection by making an exception in the firewall options manually.

Firewall Network Security

The other form of protection that involves firewalls and networking security is known as Unified Threat Management (UTM). This is a form of network security that was introduced in the year 2004 and has been growing since then. It can fit the description of being part of the evolution of a firewall. UTM includes the function of a firewall and has other features such as network intrusion prevention, content filtering, load balancing, gateway antivirus and on-appliance reporting.

Software Firewall Workstation

A common sign displayed by a computer that lacks firewalls and network security is frequent freezing. Many viruses, hacking programs and spyware plague such a computer to slow it down until it freezes. Theoretically, it is a good idea to have a software firewall on every workstation. However, third generation software firewalls usually prevent networks from working normally causing problems that are hard to diagnose.

Default Port Blocking 135-139

Software firewalls are usually configured in a default manner to block ports such as 135-139 resulting in network disconnection and the lack of being able to access critical file shares. In the case of the firewalls becoming corrupted or if a virus infects them, it is usually very hard to restore the connection to the computer and this forces a re-image, repair install or reformat. In order to prevent such a situation, the software firewalls have to be configured.

 Security Breach Protection for Information and Credit Card

Network security and firewalls play an essential role in the network systems of companies that utilize electronic information or credit cards. They allow them to protect data in order to prevent security breaches, which can lead to loss of money, identity theft, stolen records, lawsuits and corrupted information among other things. In order to ensure that networks and firewalls keep threats down, you need to keep updating them.

Hackers and Criminals Attack to Bypass the Firewalls

This is important for the reason that hackers and other online criminals continue revising their tactics of bypassing or breaking through firewalls. There are numerous threats that firewalls and network security protects a computer from. One example is worms and viruses, which are malicious codes that spread when they are inserted into computer systems. Viruses usually come from attachments and worms are usually contained in emails.

Malware Embedding in Source Code

Firewalls and network security also protect computers from Trojan horses. These are malware that enter networks through files that seem harmless and that are usually embedded in a website. The other threats that firewalls and network security protect a computer from include spam, phishing, zombie computers and packet sniffing.

 

You can also keep up to date with current trends and technology by visiting Data Center Talk where we keep you informed on important changes as they occur.

 

Share on TwitterSubmit to StumbleUpon
Filed Under: Networking / Security Tagged With: , , , , , , , , , , , , , , , , , , , , ,

IPv6 is in!

November 21, 2011 By

IPv6 is the “next generation” protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 (IPv4).

Many of today’s Internet and our enterprise networks use IPv4, which is now more than 20 years old. IPv4 was a big success in networking world. In the seventies, when IPv4 was developed, the current size of the Internet was beyond thoughts. It is extraordinary, that this protocol is still able to be the ship for the Internet. But it hits the boundary since quite some time. The most understandable limitation is the address space which is short and running out soon. We have facilitated ourselves by using technologies like NAT, but this is not a long term resolution. By using the IPv6 address space of 128 bits (compared to 32 bits with IPv4), the boundary on addresses has been extended from a theoretical 4 billion to 340 trillion (3.4 x 10^38) – 2^32 compared to 2^128.

Motivation Towards IPv6

Limited address space is not the only motive to move toward IPv6. The inventors of IPv6 have become skilled from the many years of using IPv4. They reserved all the strong points from IPv4 and appended a lot of functionality which will be required in our prospect networks. Especially the advanced auto configuration characteristics will allow businesses to install a great array of new desktop, mobile and embedded network devices in a cost effective, controlled manner. Interesting Mobility improvements will present the foundation for new types of services that are build up these days.

Enhancement in IPv4

IPv6 also adds several enhancements to IPv4 in areas such as security, mobility, QOS, scalability of the network architecture and routing. IPv6 is therefore very much suited for scalable and converged networks. A number of transition and coexistence mechanisms have been developed and are steadyly improved in order to build the transition a smooth one. It is anticipated that IPv6 will gradually replace IPv4 in some years, with the two protocols coexisting for many years during a transition period.

Unlike the “old” IPv4 notation, IPv6 addresses are typed in hex format and look like this: 2001:08e0:7d83:7d86:4f81:4c72:1d81 or something like 2001:08e0::1.

We have different types of IPv6 addresses:

  • Unicast: Assigned to a single interface. One-to-one delivery to single interface,
  • Multicast: Assigned to a set of interfaces. One-to-many delivery to all interfaces in the set,
  • Anycast: One-to-one-of-many delivery to a single interface in the set that is closest.

There are no more broadcast addresses.

IPv6 unicast address  can be aggregated with prefixes of arbitrary bit-length similar to IPv4 addresses under CIDR.

There are a number of types/scopes of unicast addresses in IPv6, in particular global unicast, site-local unicast, and link-local unicast.

Global Unicast Addresses

  • Routable on Internet
  • Structured as a hierarchy to keep the aggregation

Unique-Local Addresses :

  • Local communications
  • Inter-site VPNs
  • Not routable on the Internet

Link-Local Addresses :

  • Address for Communication between two IPv6 device (like ARP but at Layer 3)
  • Automatically assigned by Router as soon as IPv6 is enabled
  • Also used for Next-Hop calculation in Routing Protocols
  • Only Link Specific scope
  • Remaining 54 bits could be Zero or any manual configured value

 

Interface identifiers in IPv6 unicast addresses are used to recognize interfaces on  link. They are required to be exclusive on that link. Interface IDs are required to be 64 bits long.

The new IPv6 header is simpler than the IPv4 header.

IPv6 is in!, Data Center Talk, Data Center, power calculation, cooling system, fewer generator, Green Data Center, datacenter, data center services, data center management, about data centers, internet data centers, datacenter services, datacenter solutions Business continuity The IPv6 header has 40 bytes instead of 20 bytes as in IPv4. In fact, half of the previous IPv4 header fields are eliminated. This enables much simpler processing of the packets, enhancing the performance and the routing effectiveness.

All fields are aligned to 64 bits, which enables direct storage and access in memory by fast lookups.

Checksum Removed Header of IPv6

The IPv6 header is also simpler due to the removal of the checksum. Not only is the space in the header reused, but more importantly, no recalculation is done by the routers in the path. This also provides routing efficiency. However, this doesn’t mean error detection is not handled – in most link layer technologies error detection is handled. In IPv4, TCP checksums are available and, optionally, UDP checksums. In IPv6, checksums are required for both transport protocols.

A new field is added to the IP header. The new flow label field enables per-flow processing by the routers during the path. This offers differentiation of the traffic at the IP layer without the requirement to perform other functions to identify the flows. With this label, a router need not open the transport inner packet to identify the flow, because it finds the information in the IP packet header itself.

For further details on IPv6 address format, Internet Protocol, Version 6 (IPv6) Specification (RFC 2460

 

You can also keep up to date with current trends and technology by visiting Data Center Talk where we keep you informed on important changes as they occur.

 

Share on TwitterSubmit to StumbleUpon
Filed Under: Networking / Security, Technology Tagged With: , , , , , , , , , , , , , , , , , , ,

What is MPLS and its Challenges

November 20, 2011 By

From some years customers are changing their legacy FR , ATM , X.25 , LL with Ethernet MPLS Point to Point and multipurpose circuits and MPLS IP VPN . Companies preference of WAN is decided by many factors like Applications , the number of sites , the amount of control on routing decisions , Capacity and one of most important factor is $$$ . Stats  from Telephotography Global Enterprise Networks Research Service propose that one of the main factor influencing an organization’s international network choice may simply be availability.

Biggest challenge to Deploying Right Strategies

One of the biggest challenges are deploying the right strategies and expertise to build , maintain and run an MPLS network . Ethernet VPN Circuits are cost effective than MPLS IP VPN circuits for capacity requirements above 100 Mbps. There is always a need for quick proactive and reactive approach whenever there is a problem in the MPLS network .

It is a good time to know how MPLS works and the troubleshooting . Its all mechanics and not magic , so we need to be good at logic and understanding . Lets help you out over here.

Mpls Ways of Working

Multiprotocol Label Switching (MPLS) mechanism is used in communication networks which deploys short labels instead of longest prefix match for switching network traffic, thus reducing switching delays. MPLS can be considered as layer 2.5 protocol of the standard OSI network model i.e., it operates below the IP layer and on top of the link layer. MPLS enables the transfer IP data over the non IP MPLS networks. Routers at the edges of the MPLS core are called Label Edge Router (LER) and the routers inside the MPLS network are called Label Switch Router (LSR). LERs are, ingress/egress (ingress refers to entrance into Label Switch Path (LSP) and egress refers to exit from the LSP) routers, responsible for attaching the labels to the packets entering the MPLS network and remove the label from the exiting packets. LSRs are the routers which do the traffic forwarding on the basis of label instead of logical 32 bit address.

MPLS, FR , ATM , X.25 , LL with Ethernet MPLS Point, multipurpose circuits, MPLS IP VPN, Data Center Auditing, data center, data center power, data center software, Data Center, power calculation, cooling system, fewer generator, Green Data Center, datacenter, data center services, data center management, about data centers, internet data centers, datacenter services, datacenter solutions Business continuity

In the following example R1 is ingress, R3 and R4 are egress LERs and R2 is LSR. In MPLS every router will share with its neighbor the label which has to be attached for a particular IP prefix. Following are the tables of the four routers shown in the figure. Routers R3 and R4 tell R2 that it has to attach a label of 27 for the traffic destined to reach 10.1.1 network and 33 for the traffic destined to reach 10.3.3 network. The “Interface” entry of the label in the forwarding tables shows the interface on which router will transmit the data. Likewise R2 also tells R1 to either append the label of 8 for 10.1.1 network bound traffic or the label of 9 for 10.3.3 network bound traffic. We notice that there is additional entry of “Remote Label” in the forwarding table of R2. Out of the two remote labels (27 & 33) one will be appended to the outgoing traffic depending upon the destination. Like wise R2 also advertises to R1 the labels (“Remote Label” entry in forwarding table of R1) which it should append to outgoing traffic depending upon the destination.

On R2

Label

Prefix

Interface

Remote Label

8

10.1.1

1

27

9

10.3.3

0

33

On R1

Prefix

Interface

Remote Label

10.1.1

0

8

10.3.3

0

9

On R3

Label

Prefix

Interface

27

10.1.1

0

On R4

Label

Prefix

Interface

33

10.3.3

0

 

So next time you face some issues in the forwarding be sure to check labels running in your Network .

You can also keep up to date with current trends and technology by visiting Data Center Talk where we keep you informed on important changes as they occur.

 

Share on TwitterSubmit to StumbleUpon
Filed Under: Certifications, Networking / Security, Technology Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , ,