Sunday, January 1, 2012

OSPF CONVERGENCE TIMERS

OSPF Convergence TIMERS
--------------------------
Convergence is base on hello & dead timer
- ospf supports sub second timers

we by default have different timers for different network types
do sh ip ospf int - view timers

Changing the hello time in ospf automatically adjust the dead time the dead time is 4 times the hello
ip ospf hello-interval "seconds"
ip ospf dead-interval "seconds"

There can be situation where we have the interface up but the remote peer is down for example when we run a switch in between
the two devices.  We are then relying on ospf to pick up the failure. In standard ospf timers the dead is usually
40 seconds so it could take up to 40 seconds to declare a neighbor down. We could lower the timers to sub second so it picks up
the failure quicker but be casreful it will affect your processor very negatively
ANother solution is BFD (biderectional forwarding detection) this very low processor intensive keep alive that we can integrate into
higher level protocols to work in conjuction for exactly the issue above. BFD will start keepalives with ospf neighbors in the case of
ospf BFD needs to be enabled both sides if a failure occurs bdf will notify ospf to start reconverging this can be set to sub second
and is much less processor intensive
we can enable bfd with the commands on the interface level
int fa0/0
ip ospf bfd

LAB
----
BFD is not supported on the switches in the lab so  I will look at the different timers for different int types

FastEthernet0/3 is up, line protocol is up (connected)
  Internet Address 13.13.13.7/24, Area 0
  Process ID 1, Router ID 33.33.33.33, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 33.33.33.33, Interface address 13.13.13.7
  Backup Designated router (ID) 3.3.3.3, Interface address 13.13.13.1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04

network type of broadcase has defaul hello of 10 and it will wait 40 seconds before declaring a neighbor down it will wait 40 before neighbor election of dr

FastEthernet0/3 is up, line protocol is up (connected)
  Internet Address 13.13.13.7/24, Area 0
  Process ID 1, Router ID 33.33.33.33, Network Type NON_BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State WAITING, Priority 1
  No designated router on this network
  No backup designated router on this network
  Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
    oob-resync timeout 120
    Hello due in 00:00:19
    Wait time before Designated router selection 00:01:49

Non broadcase has a default of 30 second hello dead of 120 and wait of 120
FastEthernet0/3 is up, line protocol is up (connected)
  Internet Address 13.13.13.7/24, Area 0
  Process ID 1, Router ID 33.33.33.33, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:09
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
point-to-point is 10 hello 40 dead and wait 40

FastEthernet0/3 is up, line protocol is up (connected)
  Internet Address 13.13.13.7/24, Area 0
  Process ID 1, Router ID 33.33.33.33, Network Type POINT_TO_MULTIPOINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
  Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
    oob-resync timeout 120
    Hello due in 00:00:26
point-to-mulipoint is hello of 30 dead 120 and wait 120

FastEthernet0/3 is up, line protocol is up (connected)
  Internet Address 13.13.13.7/24, Area 0
  Process ID 1, Router ID 33.33.33.33, Network Type POINT_TO_MULTIPOINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
  Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
    oob-resync timeout 120
    Hello due in 00:00:17
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
has the same 30 120 and 120

Ok we will look at editing the timers

so basically r2 and sw2 have point-to-point connection so default is 10 hello 40 dead 40 wait

sw2
=====
FastEthernet0/2 is up, line protocol is up (connected)
  Internet Address 172.25.13.2/24, Area 1
  Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:02
  Supports Link-local Signaling (LLS)
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 9
  Last flood scan time is 0 msec, maximum is 9 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 222.222.222.222
  Suppress hello for 0 neighbor(s)

switch2(config)#int fa0/2
switch2(config-if)#ip ospf hello 1
switch2(config-if)#
01:37:00: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/2 from FULL to DOWN, Neighbor Down: Dead ti
neighbor relation ship has gone down with r2 (222.222.222.222)

FastEthernet0/2 is up, line protocol is up (connected)
  Internet Address 172.25.13.2/24, Area 1
  Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 1, Dead 4, Wait 4, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
although i only changed the hello the dead is automatically changed
if i change the dead it just changes the dead interval not the hello

i will do a debug ip ospf events + adj to see why our neighbor relationship is failing

switch2#debug ip ospf
01:41:33: OSPF: rcv. v:2 t:1 l:48 rid:4.4.4.4
      aid:0.0.0.1 chk:CEBC aut:0 auk: from Port-channel4event
OSPF events debugging is on
01:43:40: OSPF: Rcv hello from 222.222.222.222 area 1 from FastEthernet0/2 172.25.13.1
01:43:40: OSPF: Mismatched hello parameters from 172.25.13.1
01:43:40: OSPF: Dead R 40 C 4, Hello R 10 C 1
01:43:40: OSPF: Send hello to 224.0.0.5 area 1 on FastEthernet0/2 from 172.25.13.2
01:43:41: OSPF: Send hello to 224.0.0.5 area 1 on FastEthernet
we can see on s2 we have mismatched hello paramtes with r2. R2 is sending us dead
of 40 (dead r= dead recieved) vs our dead of 4 (Connected 4) and we are recieving a hello 10 and our is set to 1 so we will change on r2 the parameters

r2(config)#int fa0/0
r2(config-if)#ip ospf dead 4
notice if you change the dead it just changes the dead & wait interval not the hello if you change the hello it will change the dead to four times the value
r2(config-if)#do sh ip ospf int
Loopback0 is up, line protocol is up
  Internet Address 222.222.222.222/32, Area 1
  Process ID 1, Router ID 222.222.222.222, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
FastEthernet0/0 is up, line protocol is up
  Internet Address 172.25.13.1/24, Area 1
  Process ID 1, Router ID 222.222.222.222, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 4, Wait 4, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:03
  Supports Link-local Signaling (LLS)

r2(config)#int fa0/0
r2(config-if)#ip ospf hello 1
r2(config-if)#

FastEthernet0/0 is up, line protocol is up
  Internet Address 172.25.13.1/24, Area 1
  Process ID 1, Router ID 222.222.222.222, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 1, Dead 4, Wait 4, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 2/2, flood queue length 0

r2#sh ip ospf neig
Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/  -        00:00:03    172.25.13.2     FastEthernet0/0
44.44.44.44       0   FULL/  -        00:00:34    10.229.254.2    Serial0/0.1
r2#
the neighbor relationship has come back up

what i will do to test this is i will deny incoming ospf packets with an access list on r2
switch2(config)#access-list 101 deny ospf any any
switch2(config)#access-list 101 permit ip any any
switch2(config)#int fa0/2
switch2(config-if)#ip access-group 101 in
so i am denying any ospf traffic and
02:01:09: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/2 from FULL to DOWN, Neighbor Down: Dead timer expired
is down this was after 4 seconds so working as expected


to specify subsecond use the command

switch2(config-if)#ip ospf dead minimal hello-multi ?
  <3-20>  Number of Hellos sent within 1 second
switch2(config-if)#ip ospf dead minimal hello-multi 4

FastEthernet0/2 is up, line protocol is up (connected)
  Internet Address 172.25.13.2/24, Area 1
  Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 250 msec, Dead 1, Wait 1, Retransmit 5
    oob-resync timeout 40
    Hello due in 24 msec
  Supports Link-local Signaling (LLS)
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 9
  Last flood scan time is 0 msec, maximum is 9 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
 --More--
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)