Steelhead's OSPF Routing

Routing and Remote Access Service's OSPF gives you a powerful link-state routing protocol for TCP/IP networks.

Tao Zhou

July 31, 1997

17 Min Read
ITPro Today logo in a gray background | ITPro Today

In June,Microsoft launched a new version of its Multi-Protocol Routing (MPR), Routingand Remote Access Service (RRAS), formerly code-named Steelhead. Compared withthe earlier version of MPR, a built-in service in Windows NT Server 4.0, RRAShas a rich set of routing and internetworking features that enable NT servers toroute data over IP and IPX LANs and WANs. Some new MPR features in RRAS areRouting Information Protocol (RIP) 2.0 for IP, Open Shortest Path First (OSPF),IP and IPX packet filtering, and a dial-up router. In "Steelhead Swims intothe Mainstream,", Mark Minasi describes RRAS's features.

Probably the most significant feature of RRAS is OSPF, a recommended routingprotocol for TCP/IP networks. OSPF provides more efficient network convergenceof routing information and less­and better­use of network bandwidththan traditional RIP. OSPF, however, is sophisticated and difficult to configureand manage in a midsize or large network. To design, implement, and manage anOSPF network successfully, you need a good understanding of OSPF and itsarchitecture, and you must know how to configure it.

Some Routing Basics

Understanding and configuring Microsoft'spowerful link-state routing procotol for TCP/IP networks that's part ofthe new Routing and Remote Access Service

To move from one network to another, a packet needs an intermediateconnecting mechanism known as a router (or gateway in the IPliterature). Every router has a routing table, which specifies the next routeror network for the packet en route to a specific destination. When a routerreceives a packet, it checks its routing table for the packet's destinationaddress to determine which attached router or network to send the packet to.Through this procedure, routers deliver a packet from a source to a destination.

Routers use two methods to generate and maintain routing: static routingand dynamic routing. In static routing, you manually create a routing table.This method works for a small, stable network, but not for a large network. Ifthe network changes (e.g., if you add or remove a router or a link fails) youmust manually modify the routing table, which is an administrative burden. Indynamic routing, a router maintains its routing table through a routingprotocol. A routing protocol defines the way in which a group of routersexchanges routing information; a router chooses the best routing paths or routesto destination networks.

A group of routers and networks under the same administration using acommon routing protocol is an autonomous system (AS); examples of ASs arenetworks within a company, a university, or an Internet Service Provider (ISP).The size of a network in an AS is not limited; an AS can be a small LAN with onerouter or a large network with hundreds of routers. A routing protocol usedwithin an AS is an interior routing protocol (IRP), such as RIP and OSPF. Arouting protocol for ASs to exchange routing information is an exterior routingprotocol (ERP), such as exterior gateway protocol (EGP) and border gatewayprotocol (BGP).

A network interface in a router is attached to a network segment or link sothat the router can communicate with its neighboring routers. A networkinterface has a cost, which reflects the bandwidth, length, and priority of theattached link, and reachable neighboring routers. A routing protocol uses thecost to find the best routes.

Advantages of OSPF
An AS has two kinds of IRP: distance-vector and link-state. Adistance-vector routing protocol exemplifies a shortest-path algorithm; that is,it uses the total number of hops between a source and a destination as the costvariable in finding the best route. To continuously update their routing tables,routers using a distance-vector routing protocol exchange information in termsof distances from sources to destinations.

A link-state routing protocol, based on a link-state (orshortest-path-first) algorithm, works in a different way. Instead of exchangingdistance information, routers exchange link states, or information about therouter's network interfaces. A router maintains a link-state database, which isa map of the network. The router uses the link-state database to derive thenetwork topology and establish a routing table. A router using a link-staterouting protocol can compute a more accurate route than one using adistance-vector routing protocol. This process is like reading a detailed map tofind the best route from one city to another.

RIP is the most widely used distance-vector routing protocol. In an RIPnetwork, each router broadcasts its routing table to neighboring routers every30 seconds. When a router receives a neighboring router's routing table, itupdates its routing table and sends the updated table to neighboring routers.This procedure is repeated until all routers in the network have updated theirrouting tables and achieved network convergence.

RIP is simple but limited. You can easily implement an RIP network byenabling RIP on each router. However, RIP is not good for large networks orWANs. Broadcasting large routing tables in the network every 30 seconds consumesnetwork bandwidth quickly. RIP also limits a network to a maximum of 15 hops.

In comparison, the OSPF link-state routing protocol is powerful butcomplex. In an OSPF network, routers don't exchange routing information until achange occurs in the network. When a router detects a network change, itimmediately sends its changed link state (instead of an entire routing table) toits neighboring routers. The neighboring routers then forward their updatedlink-state information to their neighboring routers. Because routers propagatethe updated information immediately, they achieve network convergence morequickly in OSPF than in RIP. OSPF uses network bandwidth more efficiently thanRIP because it multicasts only the changed part of the link-state database.

OSPF doesn't limit the number of hops. OSPF balances the network loadbetter than RIP by using the actual cost of the link instead of the number ofhops. OSPF also supports other important routing features, such asauthentication, variable-length subnet masks (VLSMs), and route summarization.

OSPF is good for midsize and large networks because of its efficientnetwork convergence and better use of networks. In fact, the InternetArchitecture Board (IAB), an organization overseeing Internet development,recommends OSPF as a replacement for RIP in TCP/IP networks. However, anOSPF network is complex and not easily configured, especially when it containsmultiple areas in an AS.

The OSPF Working Group of the Internet Engineering Force Task (IEFT)developed OSPF 2.0 in 1994. IEFT Request for Comments (RFC) 1583 details OSPFspecifications. You can download the document from http://www.cis.ohiostate.edu/htbin/rfc/rfc1583.html. Bay Networks adapted OSPF for Microsoft.

Welcome to OSPF Areas
As I described previously, when a change occurs in a network, an OSPF routersends its affected link state to its neighboring routers, and the neighbors sendtheir updated link state to their neighbors. Link-state updates flood allrouters in the network until the network achieves convergence. This flood ofupdates degrades network performance. To resolve this problem, you can divide anOSPF AS into several contiguous areas. Each area has a boundary to limitflooding within the area. Routers in the area contain the same link-statedatabase, which reflects the topology of only that area. The routers don't needto know exact topologies of external areas; the routers view an external area asone node in the network. Using multiple areas in the network reduces the size ofthe link-state database in each area and therefore reduces the memoryrequirement and time needed to compute the best routes. Figure 1 shows asimplified OSPF network divided into four areas. (In Figure 1, a server iconrepresents a router to dispel the old image that a router is a closed box.)

Each area has a unique ID number. A four-dotted decimal number similar toan IP address usually represents a 32-bit area ID. For instance, the four areasin Figure 1 are 0.0.0.0, 0.0.0.1, 0.0.0.2, and 0.0.0.3.

Divide the Network into Areas
An OSPF network must have at least one area. If the network contains morethan 40 routers, divide the network into multiple areas for better performance.If the network has more than one area, the network must have a backbone areawith ID 0.0.0.0. A backbone area is the center of the network. All areas mustreport their routing information to the backbone, which distributes theinformation to all other areas. You can envision this relationship as a wheel:The backbone is the hub, and all other areas are spokes.

A router sitting on the border of two or more areas is an area borderrouter (ABR), which exchanges routing information between areas. For example,Router 1 in Figure 1 is an ABR. It has interface 120.10.8.1 in area 0.0.0.0 andinterface 192.10.20.1 in area 0.0.0.1; the ABR router connects the two areas.

When an area connects directly to the backbone, it exchanges routinginformation with the backbone via an ABR. For instance, in Figure 1, the area0.0.0.1 communicates with the backbone via Router 1. When an area does notdirectly connect to the backbone, the area exchanges routing information withthe backbone indirectly via intermediate areas. For instance, in Figure 1, area0.0.0.2 communicates with the backbone via the intermediate area 0.0.0.1. OSPF,refers to this intermediate area as a transit area.

For indirect connections, you have to establish a virtual link between thearea and the backbone. In the example in Figure 1, to set up the virtual linkbetween the area 0.0.0.2 and the backbone, you configure Router 6 to use transitarea 0.0.0.1 to reach the backbone 0.0.0.0, and you configure Router 1 to usethe transit area 0.0.0.1 to reach area 0.0.0.2. In OSPF, Microsoft refers to avirtual link as a virtual interface.

Use Area Routers
A router falls into one of three categories: ABR, internal router (IR), orAS border router (ASBR). Each type of router has a different function. An ABRhas its interfaces in different areas and handles interarea communications. Toreduce the amount of information sent, the ABR sends only the summarized routinginformation (route summarization or route summary) instead ofindividual routes. A route summary of an area is the network range that the areacovers. For example, if area 0.0.0.0 in Figure 1 contains 8 subnets with IPaddresses 120.10.8.0, 120.10.9.0, and so forth, using subnet mask 255.255.255.0,the route summary is IP address 120.10.8.0; and the route summary subnet mask is255.255.248.0. The route summary subnet mask differs from the subnet map used ina regular IP address. Subnet mask 255.255.255.0 means that the firstthree-dotted decimal numbers of an IP address are used as an IP network address.The route summary subnet mask 255.255.248.0 means that the IP addresses in theroute summary range from the fixed first 21 bits of IP address 120.10.8.0followed by the changeable last 11 bits. Therefore, this route summary coversthe subnets from 120.10.8.0 through 120.10.15.0.

An IR is a router that has all its interfaces in one area and handlesintra-area routing. In Figure 1, routers 4, 5, 7, 8, and 9 are IRs. An ASBR is arouter that acts as a gateway between two OSPF ASs or between an OSPF AS and adifferent routing protocol, such as RIP. When the ASBR exchanges routinginformation with an external network, the routes it receives are externalroutes. Router 3 in Figure 1 is an ASBR.

Use Stub Areas
You can import many external routes into an OSPF AS via an ASBR. To blockexternal routes from flooding into an area, you can use a stub area. A stub areaapplies default route 0.0.0.0 to keep the topology database size small. In OSPF,you can assume that any destination that you can't reach through an intra-areaor interarea route is reachable through the default route.

To implement a stub area, one or more of the stub area's ABRs mustadvertise default route 0.0.0.0 to the stub area, in addition to the routesummary. For example, in Figure1, if area 0.0.0.3 is a stub area, you mustconfigure Router 2 to advertise the default route to the area 0.0.0.3. When apacket in area 0.0.0.3 must travel to an external network, it goes to area0.0.0.0 using the default route first; then area 0.0.0.0 forwards the packet tothe destination via an external route.

Stub areas are useful when your OSPF network is connected to an externalnetwork, but stub areas have restrictions. The backbone area, a transit area,and an area having an ASBR can't be stub areas. For example, in Figure 1, area0.0.0.0 can't be a stub area because it is a backbone, and area 0.0.0.1 can't bea stub area because it is a transit area. If area 0.0.0.3 is a stub area, youmust configure routers 2, 8, and 9 as stub routers.

A stub area accepts the default route and route summary, but not externalroutes. An extension to a stub area is a totally stubby area, or a stubarea without a summary. The extension accepts the default route but notroute summary and external routes. The router uses the default route for anydestination that is not reachable through an intra-area route in a totallystubby area. Microsoft OSPF supports this extension.

Classify Networks
The three kinds of networks are broadcast, point-to-point, and nonbroadcastmultiaccess (NBMA). A broadcast network is a network in which a host can send apacket to any other host, all other hosts, or a group of hosts. Ethernet, TokenRing, and Fiber Distributed Data Interface (FDDI) are broadcast networks. Apoint-to-point network is generally a point-to-point serial line, such as aleased line of 56Kbps, T1, or T3. An NBMA network, such as asynchronous transfermode (ATM), frame relay, or X.25, is a cloud in which permanent virtual circuits(PVCs) or switched virtual circuits (SVCs) form a physical topology but lackbroadcast capabilities that OSPF requires. You must configure routers in anonbroadcast network to know each other so that they can exchange OSPF packets.For example, if the link between routers 2 and 8 is a frame relay PVC, youconfigure Router 2 to reach Router 8 via interface 195.10.20.8, and youconfigure Router 8 to reach Router 2 via interface 195.10.20.2.

Secure OSPF
OSPF supports authentication to secure the exchange of routing information.To use authentication, you must configure all interfaces in the same area withthe same password. A simple authentication uses a clear-text password, sosomeone with a network analyzer, such as a sniffer, can get the password off thewire. Some router vendors offer cryptographic authentication in addition tosimple authentication. For example, a Cisco router supports message-digestauthentication. This type of authentication uses an algorithm based on an OSPFpacket, an assigned key, and a key ID to generate a message digest that therouter appends to the packet for good security. Microsoft OSPF, however,supports only simple authentication.

Hello to Neighboring Routers
Routers can be neighboring routers when they are in the same area, areconnected to the same network segment, and use the same password forauthentication. A router periodically sends a hello packet to its neighbors tocheck whether they are still alive in the network and their links are stillactive. When the neighbors receive the hello message, they acknowledge theirexistence to the router on the segment. If the router doesn't receive anacknowledgment from a neighboring router in a certain amount of time, it assumesthat the neighboring router is dead or unreachable. Consequently, the link-statedatabase changes. The frequency with which a router sends a hello packet is ahello interval. The time that a router waits for an acknowledgment froma neighboring router before it declares the neighbor dead is a dead interval.Neighboring routers must have the same intervals. By default, the hello intervalis 10 seconds, and the dead interval is 40 seconds. Microsoft OSPF uses thesedefaults.

A router in a broadcast network sends the hello packet to the segment bymulticasting; that is, it sends one hello packet to a group of neighbors. Arouter in a nonbroadcast network sends the hello packet to neighbors byunicasting; that is, it sends a separate hello packet to each neighbor, at aless-frequent poll interval. The poll interval is 120 seconds by default.Microsoft OSPF uses this default, too.

Elect Designated Routers
When the network topology changes, neighboring routers start to exchangerouting information until their link-state databases become the same. If nrouters are in a segment, n *(n-1)/2 pairs of routers willexchange routing information. For example, Figure 1 shows 4 routers in thesubnet 120.10.8.0 in the area 0.0.0.0; therefore, 6 pairs of routers willexchange information. To minimize the amount of routing information exchanged,when the routers are powered on, OSPF elects a designated router (DR) on everysegment except point-to-point segments. All other routers in the same segmentestablish an adjacency with the designated router, exchange routing information,and synchronize the link-state database with the DR. If n routers are ina segment, only n-1 adjacencies or n-1 pairs of routersparticipate in routing information exchange. So, 4 routers require only 3adjacencies. In terms of efficiency, using a DR reduces the amount of routinginformation exchanged from order (n*n) to order (n).Routing information exchange between the DR and other routers uses multicastingin a broadcast network but unicasting in a nonbroadcast network.

Each interface in a router has a priority. The priority can range from 0(the lowest priority) to 255 (the highest priority); the default priority is 1.The network uses router priorities included in hello packets to elect a DR; therouter with the highest priority is the DR. If two or more routers have the samepriority, the router with the highest router ID will win the election. A routerwith priority 0 doesn't participate in the election. Therefore, if you want arouter to be a DR, you can simply assign the highest priority to it.

For redundancy, OSPF uses the same criteria to elect a backup designatedrouter (BDR). When the DR fails, the BDR becomes the new DR, and OSPF elects anew BDR.

Configure Microsoft OSPF
Familiarity with how OSPF works makes configuring a Microsoft OSPF routerstraightforward. Microsoft provides an intuitive administrative tool for routerconfiguration. You can also install this tool on an NT Workstation to managerouters remotely.

The following steps explain how to configure a Microsoft OSPF router. Youcan use the flowchart shown in Figure 2, as a quick guide.

  1. Prepare an NT server. You need an Intel- or Alpha-based serverwith NT Server 4.0 (with Service Pack 3 or later).

  2. Install NICS. Make sure that your NICs are in the NT 4.0Hardware Compatibility List (HCL--see http://www.microsoft.com/hwtest).Install NICs from the Network applet of Control Panel in the usual way. Youinstall WAN cards in the same way that you install a LAN card. Assign an IPaddress to each interface. OSPF supports VLSM, so you can use different subnetmasks in your network.

  3. Install RRAS. You can download RRAS fromhttp://www.microsoft.com/ntserver/info/routing&ras.htm. Microsoftoffers three options (RAS, routing, and demand-dial); you must install at leastthe routing option to get the OSPF function.

  4. Enable OSPF. Add OSPF to IP routing, and add each NIC to OSPF.

  5. Configure OSPF for the router. Screen 1 shows the initialinterface you use to define a router's properties and its areas.

  6. Further configure OSPF for the router. After you have definedthe basic properties of the router, including a router ID and the areas that therouter belongs to, you must configure OSPF further for the router and itsinterfaces. A router can be an IR, an ABR, or an ASBR. If the router is an IRand is in a stub area, you need to enable Stub area from the Areas tab.If the router is an ABR, you need to configure a route summary (the networkrange) for each area that the ABR belongs to. If the router is an ABR in a stubarea, you need to enable Stub area for the stub area from the Areas tab.You also need to enable Import summary advertisements if the area is anordinary stub area, and disable Import summary advertisement if the areais a totally stubby area.
    If the ABR is on a virtual link, you need to set up the ABR's virtualinterface by linking it to the other end via a transit area. If the router is anASBR, you need to choose which routing protocols the ASBR will talk to. You canuse RIP or static routing in the ASBR to communicate with an external network.You can even define which external routes the ASBR will accept.

  7. Configure OSPF for each interface. You need to configure OSPFfor the properties of each interface in the router. The properties include thearea that the interface belongs to, the priority for DR election, the cost basedon the bandwidth, the password for authentication, and the network type that theinterface is attached to. If the network type is NBMA, you must define NBMArouting to reach neighboring routers. You can change the defaults of hello,dead, and poll intervals; but if you do, make sure these intervals are the samein all neighboring routers.

Good Opportunities
Microsoft aims to offer its customers a midrange router withpacket-forwarding rates greater than 40,000 packets per second in regular use.Whether Microsoft's new RRAS can survive in or win today's highly competitiverouter market is questionable because Microsoft is still working on supportingquality of service, IP multicast routing protocols, and BGPs. RRAS, however, istightly integrated into the NT Server operating system. Using RRAS in an NTnetwork can reduce the cost of ownership because all NT services (file, print,applications, and routing) are in one box. RRAS offers a good cost-savingopportunity for companies that want to roll out NT to remote or branch offices.Using RRAS­ and the routing protocol for TCP/IP networks, OSPF­NTadministrators can keep on top of routing and internetworking technologies.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like