Why OSPF paths aren’t always shortest
description
Transcript of Why OSPF paths aren’t always shortest
Why OSPF paths aren’t always shortest
David ApplegateCarsten LundAman ShaikhAT&T Labs (Research)
NANOG 54February 06, 2012
NANOG 54: OSPF Routing with Areas
IntroductionOSPF is widely used for intra-AS routingOSPF routes packets along shortest paths• In terms of weights configured on linksFor scalability, OSPF divides domains into areas• Areas are widely used as wellAreas make OSPF routing complicated• Paths are no longer shortest• Other tweaks to areas have increased complexity
– Multi-Area Adjacencies (RFC 5185)– Multi-Area Routers (RFC 3509)
2
NANOG 54: OSPF Routing with Areas
OutlineIntroduction to OSPF• Basics of OSPF routingAreas• How routes are computed with areasTweaks to areas• Multi-area adjacency (RFC 5185)• Multi-area routers (RFC 3509)AS Border Routers (ASBRs)Quiz
3
NANOG 54: OSPF Routing with Areas
OSPF as a Link-State ProtocolWith a link-state protocol, every router …• learns entire network topology– represents topology as a weighted graph
• computes Shortest Path Tree rooted at itself OSPF follows this with some tweaks• Nodes are of two types:–Transit: routers, subnets–Stub: prefixes advertized by routers – Example: /32 for loopbacks
• Path is computed from a source router to a stub–Via one or more transit nodes
4
NANOG 54: OSPF Routing with Areas
access4
5050
50
50
50
50
50
100
50
100
50
1
50
192.168.0.3
50
access1
350
1
350
192.168.0.7
375
access3
375
1
50
192.168.0.2
50
back2
1501
150
192.168.0.6
100
back4
100
1192.168.0.1back1
1192.168.0.5back3
1192.168.0.4access2
1192.168.0.8
50
Example
5
source
dest
RouterStub IP,weightLink,weights
1 151
51101
401451
451 451
NANOG 54: OSPF Routing with Areas
AreasFor scalability, OSPF domain is divided in areas• Areas are numbered 0, 1, 2, …• Conceptually a hub-and-spoke
– Area 0 is hub, non-zero areas are spokesEach link and stub is assigned to a single area• A router can have links in multiple areas–Such a router is called an area border router (ABR)–An ABR must have a link in area 0 (RFC 2328)
With areas, every router learns …• entire topology of areas it has links to• distance of from ABRs to stubs in remote areas
6
NANOG 54: OSPF Routing with Areas
access4
5050
50
50
50
50
50
100
50
100
50
1
50
192.168.0.3
50access1
350
1
350
192.168.0.7
375
access3
375
1
50
192.168.0.2
50
back2
1501
150
192.168.0.6
100
back4
100
1192.168.0.1back1
1192.168.0.5back3
1192.168.0.4access2
1192.168.0.8
50
Example of OSPF Areas
7
ABR
ABRABR
ABR
Color indicates area(Links and Stubs) Black is area 0
NANOG 54: OSPF Routing with Areas
Path Calculation with AreasA router ….• Calculates SPTs for all attached areas–Leads to intra-area paths to stubs
• Calculates paths to all remote stubs–Minimize the total distance from itself to the stub
• Total distance = dist(router, ABR) in an attached area + advertized dist(ABR, stub)
–Leads to inter-area paths to (remote) stubs
8
NANOG 54: OSPF Routing with Areas
access4
5050
50
50
50
50
50
100
50
100
50
1
50
192.168.0.3
50access1
350
1
350
192.168.0.7
375
access3
375
1
50
192.168.0.2
50
back2
1501
150
192.168.0.6
100
back4
100
1192.168.0.1back1
1192.168.0.5back3
1192.168.0.4access2
1192.168.0.8
50
Example: Path Calculation with Areas
9
source
destABRd=426 ABR
d=401
ABRd=51
ABRd=51
NANOG 54: OSPF Routing with Areas
Intra-area v/s Inter-area PathsWhen a router has to choose between intra-area and inter-area paths, it always chooses intra-area pathLeads to …• Sub-optimal paths (within an area)–Packet takes a longer intra-area path over a shorter
inter-area path• Area hijacking at ABRs–Actual path (and the distance) differs from the path
(and distance) calculated by the source router
10
NANOG 54: OSPF Routing with Areas
access4
5050
50
50
50
50
50
100
50
100
50
1
50
192.168.0.3
50access1
350
1
350
192.168.0.7
375
access3
375
1
50
192.168.0.2
50
back2
1501
150
192.168.0.6
100
back4
100
1192.168.0.1back1
1192.168.0.5back3
1192.168.0.4access2
1192.168.0.8
50
Area Hijacking Example
11
source
destABRd=426
ABRd=51
ABRd=451ABRd=401
ABRd=151ABRd=51
?
NANOG 54: OSPF Routing with Areas
Multi Area Adjacencies (MADJ)RFC 5185 allows a link to be in multiple areas• Stubs can only be in a single area• Links have a primary area for their interface stubsProtects against some hijacking cases, but not all
12
NANOG 54: OSPF Routing with Areas
access4
5050
50
50
50
50
50
50
50
50
50
100
350
100
3501375 192.168.0.3
375
access1
1
50
192.168.0.7access3
50
1
150
192.168.0.2
150
back2
1001
100
192.168.0.6back4
1192.168.0.1back1
1192.168.0.5back3
1192.168.0.4access2
1192.168.0.8
50
Area Hijacking Example with MADJ
13
source
destABRd=426
ABRd=51
ABRd=101
ABRd=451
NANOG 54: OSPF Routing with Areas
50
50
50
50
200
1
200
200
1
200
192.168.1.10
200
access2
200
192.168.1.9
200
access1
2001
agg1192.168.1.5 1
50
back1192.168.0.1 1 192.168.0.4
access3192.168.2.11 1
50
agg2192.168.1.6 1
back4192.168.0.2 1
50
agg3192.168.2.7 1
back2 back3192.168.0.3 1
50
50
50
50
50
1
50
50
50
192.168.2.8
50
200
50
agg4
50
200
50
50
agg4
50 50
50
50
200
50
50
200
50
200
50
200
50
200
50
200
50
1200
192.168.0.3back3 200
1
50
192.168.2.7
50
agg3
50
1
50
192.168.0.2
50
back2
50
1
10000
192.168.1.6
10000
agg2
200
1
200
192.168.2.11
50
access3
50
1192.168.0.1back1
1192.168.1.5agg1
1192.168.1.9access1
1192.168.1.10access2
1192.168.0.4back4
1192.168.2.8
50
Multi Area Routers
14
source
dest
ABR!!!
NANOG 54: OSPF Routing with Areas
Multi Area Routers (MAR)RFC 3509 allows a router to be in multiple non-zero areas without being in area 0• Protects against dropping traffic• Specifies subtly different behavior of Cisco and
IBM routers (only)Leads to more opportunities for area hijacking
15
NANOG 54: OSPF Routing with Areas
Area Hijacking Example with MAR
16
50
50
50
50
200
1
200
200
1
200
192.168.1.10
200
access2
200
192.168.1.9
200
access1
2001
agg1192.168.1.5 1
50
back1192.168.0.1 1 192.168.0.4
access3192.168.2.11 1
50
agg2192.168.1.6 1
back4192.168.0.2 1
50
agg3192.168.2.7 1
back2 back3192.168.0.3 1
50
50
50
50
50
1
50
50
50
192.168.2.8
50
200
50
agg4
50
200
50
50
agg4
50 50
50
50
200
50
50
200
50
200
50
200
50
200
50
200
50
1200
192.168.0.3back3 200
1
50
192.168.2.7
50
agg3
50
1
50
192.168.0.2
50
back2
50
1
10000
192.168.1.6
10000
agg2
200
1
200
192.168.2.11
50
access3
50
1192.168.0.1back1
1192.168.1.5agg1
1192.168.1.9access1
1192.168.1.10access2
1192.168.0.4back4
1192.168.2.8
50
source dest
MAR!!!
NANOG 54: OSPF Routing with Areas
1
50192.168.1.4
192.168.1.6access2
500
agg2
5001 192.168.0.2 1
350
agg1192.168.1.3 1
50
192.168.0.1back2
350
50
back1
5050
200
200
1
50
192.168.2.5
50
access1
50
50
501
More Area Hijacking(Stub Area Matters)
17
source
dest
ABRd=351
ABRd=251
d=501d=751?
NANOG 54: OSPF Routing with Areas
Importing External InformationExternal routes can be imported into OSPF• Example: static routesRouter importing external routes is called an ASBR (AS Border Router)• Route contains distance from ASBR to prefixA router ….• Calculates SPTs for all the attached areas• Calculates paths to all remote stubs• Calculates paths to all external stubs–Calculates path (and distance) to ASBR and
combines that with dist(ASBR, stub)18
NANOG 54: OSPF Routing with Areas
Routing to an ASBRUnusual, because ASBR is not in an area• ASBR could be reachable in multiple areasSo a router has to calculate per-area path to an
ASBR, and then choose the best path• Tie-breaking rules depend on whether
RFC1583compatibility is set to disabled– RFC 1583 is the older OSPF RFC
• Ties broken by– Least cost– Highest area number of the link
19
NANOG 54: OSPF Routing with Areas
back1 200
1
200
192.168.1.4
50
192.168.0.1 1
access2
back2192.168.0.2 1
50
192.168.1.3access1
1
50 50
50
50
5050
Example of ASBR routing
20
sourcedest (ASBR)dest (stub)dest
NANOG 54: OSPF Routing with Areas
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
Quiz: What’s the path from source to dest?
21
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3
NANOG 54: OSPF Routing with Areas
AnswerDepends on …• What ‘dest’ refers to…
– Choices: r5:192.168.5.0, r5:192.168.5.3 or r5:ASBR• Whether routers are RFC-3509 compliant or not
– i.e., can r1, r2, and r3 act as true MARs or not• When RFC-3509 compliant:
– Whether r3 advertises routes learned in green area into red and blue areas or not• Vendor dependent
– Cisco and Junipers behave differently
22
NANOG 54: OSPF Routing with Areas
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
Quiz: What’s the path from source to dest?dest 192.168.5.0, r1 not RFC3509
23
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3
NANOG 54: OSPF Routing with Areas
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3
Quiz: What’s the path from source to dest?dest 192.168.5.0, RFC3509
24
NANOG 54: OSPF Routing with Areas
Quiz: What’s the path from source to dest?dest 192.168.5.3, RFC3509, Cisco
25
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3
NANOG 54: OSPF Routing with Areas
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3
Quiz: What’s the path from source to dest?dest 192.168.5.3, RFC3509, Juniper
26
NANOG 54: OSPF Routing with Areas
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3
Quiz: What’s the path from source to dest?dest r5:ASBR, RFC3509, Cisco
27
NANOG 54: OSPF Routing with Areas
Quiz: What’s the path from source to dest?dest r5:ASBR, RFC3509, Juniper
28
5050
50150
50
150100
100
192.168.5.0 1192.168.5.3 1
100
r1192.168.1.1 1 1
r2192.168.2.1 1
100
r5
r3192.168.3.1 1
192.168.4.0
50
100
50
r450
100
50
source
dest
Black = area 0Red = area 1Blue = area 2Green = area 3