IP Routing and Switching: OSPFv2 Paranoid Updates

In a stable OSPF domain the routers will periodically sync their Link-State Databases (LSDBs) with each other. This ensures that all routers in an area has the same view of the network by getting a refreshed view of their neighbors LSDBs. This is a feature commonly referred to as Paranoid Update or Paranoid Flooding. Cisco implements OSPFv2 in a way that they reflood LSAs after half the MaxAge time. The MaxAge time defaults to 3600 seconds (60 minutes) and therefore the LSAs will be reflooded after 1800 seconds (30 minutes).

The below diagram shows the network topology used in the following example.

OSPFv2 Two Node Topology

So, the way to turn the periodic LSA flooding off (if for some reason you would want that) is by going under the interface and issuing the command ip ospf flood-reduction. Below is the output of a show ip ospf interface command on router R1, which shows an interface before turning flood-reduction on.

R1#show ip ospf interface
Loopback0 is up, line protocol is up
Internet Address 140.1.255.1/32, Area 0, Attached via Network Statement
Process ID 1, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Loopback interface is treated as a stub Host
GigabitEthernet1.255 is up, line protocol is up
Internet Address 130.1.255.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Can be protected by per-prefix Loop-Free FastReroute
Can be used for per-prefix Loop-Free FastReroute repair paths
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 1 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2
Suppress hello for 0 neighbor(s)

Below is also shown the contents of the LSDB using the show ip ospf database command - the age and sequence number can be compared after the flood-reduction changes have been made to verify the effects of the command.

R1#sh ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 493 0x80000006 0x002244 3
2.2.2.2 2.2.2.2 482 0x80000005 0x00A9B7 3

The flooding-reduction command is then entered on R1, as shown below, and the neighbor adjacency bounces quickly up and down - note that the interfaces are point-to-point to reduce the contents of the OSPF database for this example. Subsequently the command was entered on R2's interface as well (not shown).

R1(config)#interface gigabitethernet1.255
R1(config-subif)#ip ospf flood-reduction
R1(config-subif)#
*Nov 30 15:53:46.875: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet1.255 from FULL to DOWN, Neighbor Down: Interface down or detached
*Nov 30 15:53:46.878: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet1.255 from LOADING to FULL, Loading Done

Then, another output of the show ip ospf interface command to verify the command has taken effect on the interface.

R1#show ip ospf interface gi1.255
GigabitEthernet1.255 is up, line protocol is up
Internet Address 130.1.255.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Reduce LSA flooding.
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Can be protected by per-prefix Loop-Free FastReroute
Can be used for per-prefix Loop-Free FastReroute repair paths
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 1 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2
Suppress hello for 0 neighbor(s)

So, it says it is reducing the LSA flooding. Lets check that out in the LSDB on R1.

R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1116 0x80000006 0x002244 3
2.2.2.2 2.2.2.2 1104 0x80000005 0x00A9B7 3

Sequence number have not changed, but the age is higher than before as would be expected.

After waiting some time the LSDBs of R1 and R2 should now show some differences as a result of them no longer sending periodic LSA updates to each other. The results of the outputs are shown below. Notice the incremented sequence numbers of the LSA for router 1.1.1.1 on R1, but the LSA for 2.2.2.2 has not increased its value. To see the change in full effect the output of the LSDB is shown for R2 as well.

R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1034 0x80000007 0x002045 3
2.2.2.2 2.2.2.2 3030 0x80000005 0x00A9B7 3

R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 3055 0x80000006 0x002244 3
2.2.2.2 2.2.2.2 1085 0x80000006 0x00A7B8 3

The sequence numbers are now out of sync because the router updates its LSA locally and thus increments the sequence number, but omits to send it to its neighbor unless a change occurs.

IP Routing and Switching

Wednesday, December 3, 2014

OSPFv2 Paranoid Updates

No comments:

Post a Comment