Section 4.1. Router and Area IDs | OSPF and IS-IS: Choosing an IGP for Large-Scale Networks: Choosing an IGP for Large-Scale Networks

4.1. Router and Area IDs

An essential requirement for the proper functioning of a link state protocol, as you saw in Chapter 2, is that each router must be able to uniquely identify itself within the routing domain. This is the purpose of the OSPF router ID (RID) and the IS-IS system ID (SysID). In addition, the router must be able to identify its general position within the routing domain. This is the purpose of the area ID (AID).

4.1.1. OSPF Router IDs

OSPF uses a 32-bit number for its RID, represented in the same dotted-decimal format as an IP address. A router can find its RID in one of two ways: The RID can be administratively specified in the OSPF configuration, or an IP address configured on one of the router's interfaces can be used as the RID. The second option is made possible because the RID format is the same as the IP address format, and because there is an assumption that an interface address is unique within the routing domain.

Which option is used to acquire a RID depends on the particular OSPF implementation. And in some cases, both options are available. For example, both Juniper Networks' and Cisco Systems' OSPF implementations have a prioritized RID selection process:

If a RID is administratively configured, that value is used.
If no RID is administratively configured, an IP address configured on a loopback interface is used.
If no IP address is configured on a loopback interface, an address is taken from a physical interface.
If no IP address is configured on any interface and no RID is administratively configured, OSPF cannot start.

The original logic behind Step 2, taking an address from a loopback interface, was that because a loopback interface is a logical interfaceit exists only in software and has no physical presence on the routerit is not susceptible to physical failures. So, there is no risk that an interface failure or shutdown on a router could force OSPF to find a new RID and re-advertise its LSAs using the new RID, which in turn causes SPF runs on routers throughout the area and contributes to network instability.

There are two approaches by which a particular OSPF implementation could handle the loss of a RID. One approach is that the failure of an interface will have no effect on the RID. After all, the OSPF process just needs to know some 32-bit value, with some confidence that the value is unique within the OSPF routing domain, to use as its RID at start-up. Once the value is known, it can be remembered, and the subsequent failure of the interface from which the RID was derived is irrelevant. The problem with this approach is that the loss of an IP address on an interface might not have been accidental. What if the IP address is intentionally removed from an interface and is reused on another router, and that router selects that IP address as its own RID? If the first router retains the same address as its RID, you now have duplicate RIDs in your network.

The second approach avoids the problem just described and is therefore the lesser of two evils. This approach to the loss of an IP address from which the RID is derived is to force the router to acquire a new RID from its remaining IP addresses.

4.1.2. Troubleshooting: Duplicate Router IDs

Allowing more than one router in a network to use the same RID results in serious network outages, and the symptoms can be misleading. For example, in Figure 4.1, two routersR4 and R7have both been configured with the RID 192.168.254.7. The physical interfaces for R6 are shown, as are the interface addresses for R6 and its neighbors. We will observe the results of the duplicate RIDs from that router.

Figure 4.1. R4 and R7 are using the same RID.

Figures 4.2 through 4.6 show the OSPF entries in the routing table of R6, observed within a time span of just a few minutes. The differences are obvious. The OSPF entries in Figure 4.2 look normal. The network diagram in Figure 4.1 does not show the larger network, so we do not know where most of the destination networks are actually located; we can only assume the entries in Figure 4.2 are correct. (In fact, some of the entries have the correct next hop and some do not.)

Figure 4.2. The first display of the OSPF route entries appears normal.

[View full width]
jeff@R6> show route protocol ospf inet.0: 19 destinations, 19 routes (18 active, 0  holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 192.168.1.0/24     *[OSPF/10] 00:00:00, metric 3                     > to 192.168.5.2 via fe-0/0/3.0 192.168.2.0/24     *[OSPF/10] 00:00:00, metric 2                     > to 192.168.3.2 via fe-0/0/1.0 192.168.4.0/24     *[OSPF/10] 00:00:00, metric 2                     > to 192.168.5.2 via fe-0/0/3.0 192.168.6.0/24     *[OSPF/10] 00:00:00, metric 2                     > to 192.168.5.2 via fe-0/0/3.0 192.168.100.0/24   *[OSPF/150] 00:00:00, metric 0,  tag 0                     > to 192.168.5.2 via fe-0/0/3.0 192.168.200.0/24   *[OSPF/150] 00:00:00, metric 0,  tag 0                     > to 192.168.5.2 via fe-0/0/3.0 192.168.254.2/32   *[OSPF/10] 00:00:00, metric 2                     > to 192.168.5.2 via fe-0/0/3.0 192.168.254.5/32   *[OSPF/10] 00:16:27, metric 1                     > to 192.168.3.2 via fe-0/0/1.0 192.168.254.7/32   *[OSPF/10] 00:00:00, metric 1                     > to 192.168.5.2 via fe-0/0/3.0 224.0.0.5/32       *[OSPF/10] 2w3d 06:59:07, metric 1

Figure 4.3 shows our first indication of trouble (aside from the complaints of network users). This display of the OSPF entries in the routing table was taken just moments after the display in Figure 4.2, but most of the route entries have disappeared. After a few more moments, some but not all of the route entries have returned, as Figure 4.4 shows. But then, in Figure 4.5, most of the entries have again disappeared. This fluctuation continues, with the routing table changing almost as fast as it can be repeatedly displayed.

Figure 4.3. Here, most of the OSPF entries have disappeared from the route table.

[View full width]
jeff@R6> show route protocol ospf inet.0: 11 destinations, 11 routes (10 active, 0  holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 192.168.254.5/32   *[OSPF/10] 00:16:36, metric 1                     > to 192.168.3.2 via fe-0/0/1.0 224.0.0.5/32       *[OSPF/10] 2w3d 06:59:16, metric 1

Figure 4.4. Some of the entries have returned, but not all.

[View full width]
jeff@R6> show route protocol ospf inet.0: 15 destinations, 15 routes (14 active, 0  holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 192.168.4.0/24     *[OSPF/10] 00:00:02, metric 2                     > to 192.168.5.2 via fe-0/0/3.0 192.168.100.0/24   *[OSPF/150] 00:00:02, metric 0,  tag 0                     > to 192.168.5.2 via fe-0/0/3.0 192.168.200.0/24   *[OSPF/150] 00:00:02, metric 0,  tag 0                     > to 192.168.5.2 via fe-0/0/3.0 192.168.254.5/32   *[OSPF/10] 00:16:49, metric 1                     > to 192.168.3.2 via fe-0/0/1.0 192.168.254.7/32   *[OSPF/10] 00:00:02, metric 1                     > to 192.168.5.2 via fe-0/0/3.0 224.0.0.5/32       *[OSPF/10] 2w3d 06:59:29, metric 1

Figure 4.5. Most of the entries have disappeared again.

[View full width]
jeff@R6> show route protocol ospf inet.0: 11 destinations, 11 routes (10 active, 0  holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 192.168.254.5/32   *[OSPF/10] 00:16:55, metric 1                     > to 192.168.3.2 via fe-0/0/1.0 224.0.0.5/32       *[OSPF/10] 2w3d 06:59:35, metric 1

Such fluctuations in the routing table might be interpreted by a troubleshooter as a symptom of a flapping link somewhere in the network. But among the many changes observed in the routing table is the one shown in Figure 4.6. Here, some of the entries have again reappeared in the table, but this time the next-hop addresses have changed. The next hop of all the prefixes in Figure 4.6 is 192.168.3.2, or router R5 in Figure 4.1. In the routing tables of Figures 4.2 and 4.4, several of the prefixes indicated 192.168.5.2, router R7, as the next hop. This behavior might lead you to suspect a routing loop.

Figure 4.6. Some of the entries have returned again, but with a different next-hop address.

[View full width]
jeff@R6> show route protocol ospf inet.0: 17 destinations, 17 routes (16 active, 0  holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 192.168.1.0/24     *[OSPF/10] 00:00:00, metric 4                     > to 192.168.3.2 via fe-0/0/1.0 192.168.2.0/24     *[OSPF/10] 00:00:15, metric 2                     > to 192.168.3.2 via fe-0/0/1.0 192.168.6.0/24     *[OSPF/10] 00:00:00, metric 3                     > to 192.168.3.2 via fe-0/0/1.0 192.168.254.2/32   *[OSPF/10] 00:00:00, metric 3                     > to 192.168.3.2 via fe-0/0/1.0 192.168.254.4/32   *[OSPF/10] 00:00:00, metric 2                     > to 192.168.3.2 via fe-0/0/1.0 192.168.254.5/32   *[OSPF/10] 00:22:08, metric 1                     > to 192.168.3.2 via fe-0/0/1.00 192.168.254.7/32   *[OSPF/10] 00:00:00, metric 2                     > to 192.168.3.2 via fe-0/0/1.0 224.0.0.5/32       *[OSPF/10] 2w3d 07:04:48, metric 1

As this example demonstrates, the impact of duplicate RIDs on a network is severe, and the symptoms can be misleading. Quickly finding the true cause of the problem depends on how well you know your network and usually involves careful analysis of the OSPF link state database. Therefore, exercise extreme care to ensure that such a problem never arises through misconfiguration or use of unreliable OSPF code.

RID Configuration Tips

Although it is common practice to configure the RID on a loopback interface, my own preference is to administratively configure the RIDeven if it is the same number as the loopback interface address. This ensures beyond a doubt that the RID is exactly what you intend it to be, and anyone else reading the router's configuration file can quickly determine the RID. Other network architects can and do disagree. What is important is not so much how you do it, but that you do it consistently. That is, you must have an established and well-documented network standard for setting the RID. The standard should be part of your addressing plan, and ensures that the same RID is not assigned to more than one router.

Another practice I like to stress is making certain that the RID is visibly different from any IP address used in the domain. For example, some octet of the RID might be 255, such as 192.168.255.X or 10.255.X.Y. Setting leading octets to 0, such as 0.0.0.X, is also useful. All that is important is that it is consistent and that it is understood by your operations personnel. With such a standard, a RID is readily recognized and easily distinguished from IP addresses during troubleshooting. Obviously, such an approach eliminates the use of IP addresses as RIDs that are otherwise legitimate within the domain.

4.1.3. OSPF Area IDs

The OSPF area ID (AID) is also a 32-bit number. It can be expressed in dotted-decimal format or, with most implementations, as a simple decimal number such as 1, 55, 218, and so on. If the OSPF implementation supports the latter case, the router just fills in the leading bits with 0s. Some implementations will fill in the leading 0s in configuration displays, whereas others display the configuration exactly as typed. In Figure 4.7, for example, the entry of the same OSPF area configuration is shown for Juniper Networks' JUNOS and for Cisco Systems' IOS. Notice that the resulting JUNOS configuration has filled in the leading 0s, but the IOS configuration shows the area IDs as typed. Do not let this fool you, however. The OSPF messages created by both the Juniper and Cisco routers contain the exact same area ID.

Figure 4.7. The router automatically expresses the AID in dotted-decimal format and fills in the leading 0s when a single decimal number is specified for the AID.

[View full width]
JUNOS CONFIGURATION: [edit] jeff@Juniper6# set protocols ospf area 145  interface fe-0/0/0 [edit] jeff@Juniper6# set protocols ospf area 0 interface  so-1/2/0 [edit] jeff@Juniper6# set protocols ospf area 1547  interface fe-1/0/0 [edit] jeff@Juniper6# show protocols ospf area 0.0.0.145 {     interface fe-0/0/0.0; } area 0.0.0.0 {     interface so-1/2/0.0; } area 0.0.6.11 {     interface fe-1/0/0.0; } IOS CONFIGURATION WITH SAME AREA IDs: Cisco5#conf t Enter configuration commands, one per line. End  with CNTL/Z. Cisco5(config)#router ospf 1 Cisco5(config-router)#network 192.168.1.254 0.0.0 .0 area 145 Cisco5(config-router)#network 192.168.2.1 0.0.0.0  area 0 Cisco5(config-router)#network 192.168.3.0.0.0.0  area 1547 Cisco5(config-router)#^Z Cisco5# Cisco5#wr t Current configuration: ! [Non-OSPF portions of configuration not shown] ! router ospf 1  network 192.168.1.254 0.0.0.0 area 145  network 192.168.2.1 0.0.0.0 area 0  network 192.168.3.150 0.0.0.0 area 1547 ! Cisco5#

If the decimal number entered for the AID is greater than 255, JUNOS expresses the binary equivalent of the number in dotted-decimal format. The third entry in Figure 4.7, for instance, specifies an AID of 1547. 1547 in binary is 11000001011, which converts to the dotted-decimal number 0.0.6.11.

The OSPF backbone area is always represented with an ID of all 0s (0.0.0.0). No other configuration is necessary to designate the backbone area, because this ID is reserved and recognized by OSPF. As with other AIDs, and as shown in Figure 4.7, the backbone AID can also be expressed simply as 0.

AID Configuration Tip

If you have a well-designed IP address architecture, in which a single prefix represents all the IP addresses in an area, it is convenient and useful to use the prefix as the AID. For example, if all IP addresses in an area come from the prefix 10.1.8.0/21, the AID can be 10.1.8.0. This is a common practice and contributes to a tidy, easily understood network design.

4.1.4. IS-IS System and Area IDs

In contrast to the OSPF AID and RID, which are expressed separately, the IS-IS AID and SysID are specified together in the Network Entity Title (NET). The NET is a special version of an ISO network service access point (NSAP) address, familiar to anyone who has worked with ISO protocols or with ATM. Figure 4.8 shows the basic format of a NET.

Figure 4.8. The format of a Network Entity Title.

As Figure 4.8 indicates, there are a few rules for configuring a NET:

The AFI must be 1 byte.
The remaining Area ID can be from 0 to 12 bytes.
The SysID must be 6 bytes.
The SEL must be 1 byte.

The NET is always specified in hexadecimal.

The Authority and Format Identifier (AFI) is actually a part of the Area ID, but is identified separately because of its special configuration rule. In ISO addresses, the AFI identifies the assigning authority of the address and the format of most of the rest of the address. But when the NET is assigned to a router in an IP-only network, the AFI has no real meaning separate from the rest of the AID.

The last byte, the NSAP Selector (SEL), is used in ISO protocols to identify an upper-layer function to which the address pointssomething like a port number in IP protocols. The SEL value 0x00 specifies the router itself. In an IP-only network, where there are no upper ISO protocol layers, a router never examines the SEL, which therefore can be set to any 1-byte value. Nonetheless, common practice is to always set the SEL to 0x00.

NET Configuration Tips

Unlike some OSPF implementations, there are no automatic selection mechanisms for the NETit is always manually configured. Although the NSAP format provides the possibility of some complex NET configurations,^[1] it is best in IP-only networks to keep it as simple as possible.

The simplest approach to configuring an area ID is to use only the AFI field for the AID. For example, the following NET specifies an AID of 05, a SysID of 00d0.b775.ff31 and a SEL of 00:

05.00d0.b775.ff31.00

Alternatively, many network operators prefer to stay in compliance with NSAP format standards by specifying an AFI of 49, which is the NSAP AFI indicating a locally assigned address, and then specifying the AID after the AFI. The following NET uses an AFI of 49, and an AID of 0005, with the SysID and SEL the same as the last example:

49.0005.00d0.b775.ff31.00

There are several frequently used approaches to specifying a SysID. The first is to select the MAC address of an interface on the router the NET is to be configured on. Because both the MAC address and the SysID are 48 bits, the MAC address is perfectly adaptable as the SysID. And because the interface MAC is globally unique, you are guaranteed that the SysID based on it meets the requirements of being unique within the IS-IS domain. A possible liability of this approach is if the interface that the SysID is taken from is removed from the router and reused on another router. In this case, the MAC address of the same interface could be used inadvertently as the SysID on more than one router. Another problem with this approach is that some routers might not have any broadcast interfaces and so no MAC addresses to use.

Another common approach to configuring the SysID is to encode the 32-bit, IP-based loopback address or RID into a 48-bit SysID. For example, the loopback address 192.168.255.15 might be used as the SysID:

1921.6825.5150

The IP address 192.168.255.15 could also be expressed in hexadecimal:

c0a8.ff0f.0000

or perhaps:

0000.c0a8.ff0f

However, changing the dotted-decimal address to hex adds an unnecessary complexity to the NET configuration, and can make record keeping and troubleshooting more difficult.

The simplest of all techniques is to assign SysID values sequentially, starting with 1:

0000.0000.0001 0000.0000.0002 0000.0000.0003          .          .          . 0000.0000.0157          .          .          .

Assuming that you document and assign the SysIDs in your network as carefully as you do IP addresses and 32-bit RIDs, the potential of assigning duplicate SysIDs is minimized. The consequences of duplicate SysIDs is the same as with the OSPF example in Section 4.1.2: thrashing routes and rapidly increasing LSP sequence numbers.

Some would argue that during troubleshooting the utility of having the IP-based RID encoded in the SysID outweighs the simplicity of sequential numbering. Dynamic Hostname Exchange, described later in this chapter, also eases troubleshooting. Only you can determine the right scheme for your network.

^[1] R. Colella, E. Gardner, and R. Callon, "Guidelines for OSI NSAP Allocation in the Internet," RFC 1237, July 1991, gives you some examples of complex NSAP addresses. Such complexity is seldom if ever necessary for NETs.