why ospf paths aren’t always shortest

Why OSPF paths aren’t always shortest

David ApplegateCarsten LundAman ShaikhAT&T Labs (Research)

NANOG 54February 06, 2012

NANOG 54: OSPF Routing with Areas

IntroductionOSPF is widely used for intra-AS routingOSPF routes packets along shortest paths• In terms of weights configured on linksFor scalability, OSPF divides domains into areas• Areas are widely used as wellAreas make OSPF routing complicated• Paths are no longer shortest• Other tweaks to areas have increased complexity

– Multi-Area Adjacencies (RFC 5185)– Multi-Area Routers (RFC 3509)

2


OutlineIntroduction to OSPF• Basics of OSPF routingAreas• How routes are computed with areasTweaks to areas• Multi-area adjacency (RFC 5185)• Multi-area routers (RFC 3509)AS Border Routers (ASBRs)Quiz

3


OSPF as a Link-State ProtocolWith a link-state protocol, every router …• learns entire network topology– represents topology as a weighted graph

• computes Shortest Path Tree rooted at itself OSPF follows this with some tweaks• Nodes are of two types:–Transit: routers, subnets–Stub: prefixes advertized by routers – Example: /32 for loopbacks

• Path is computed from a source router to a stub–Via one or more transit nodes

4


access4

5050

50

50

50

50

50

100

50

100

50

1

50

192.168.0.3

50

access1

350

1

350

192.168.0.7

375

access3

375

1

50

192.168.0.2

50

back2

1501

150

192.168.0.6

100

back4

100

1192.168.0.1back1

1192.168.0.5back3

1192.168.0.4access2

1192.168.0.8

50

Example

5

source

dest

RouterStub IP,weightLink,weights

1 151

51101

401451

451 451


AreasFor scalability, OSPF domain is divided in areas• Areas are numbered 0, 1, 2, …• Conceptually a hub-and-spoke

– Area 0 is hub, non-zero areas are spokesEach link and stub is assigned to a single area• A router can have links in multiple areas–Such a router is called an area border router (ABR)–An ABR must have a link in area 0 (RFC 2328)

With areas, every router learns …• entire topology of areas it has links to• distance of from ABRs to stubs in remote areas

6


access4

5050

50

50

50

50

50

100

50

100

50

1

50

192.168.0.3

50access1

350

1

350

192.168.0.7

375

access3

375

1

50

192.168.0.2

50

back2

1501

150

192.168.0.6

100

back4

100

1192.168.0.1back1

1192.168.0.5back3

1192.168.0.4access2

1192.168.0.8

50

Example of OSPF Areas

7

ABR

ABRABR

ABR

Color indicates area(Links and Stubs) Black is area 0


Path Calculation with AreasA router ….• Calculates SPTs for all attached areas–Leads to intra-area paths to stubs

• Calculates paths to all remote stubs–Minimize the total distance from itself to the stub

• Total distance = dist(router, ABR) in an attached area + advertized dist(ABR, stub)

–Leads to inter-area paths to (remote) stubs

8


access4

5050

50

50

50

50

50

100

50

100

50

1

50

192.168.0.3

50access1

350

1

350

192.168.0.7

375

access3

375

1

50

192.168.0.2

50

back2

1501

150

192.168.0.6

100

back4

100

1192.168.0.1back1

1192.168.0.5back3

1192.168.0.4access2

1192.168.0.8

50

Example: Path Calculation with Areas

9

source

destABRd=426 ABR

d=401

ABRd=51

ABRd=51


Intra-area v/s Inter-area PathsWhen a router has to choose between intra-area and inter-area paths, it always chooses intra-area pathLeads to …• Sub-optimal paths (within an area)–Packet takes a longer intra-area path over a shorter

inter-area path• Area hijacking at ABRs–Actual path (and the distance) differs from the path

(and distance) calculated by the source router

10


access4

5050

50

50

50

50

50

100

50

100

50

1

50

192.168.0.3

50access1

350

1

350

192.168.0.7

375

access3

375

1

50

192.168.0.2

50

back2

1501

150

192.168.0.6

100

back4

100

1192.168.0.1back1

1192.168.0.5back3

1192.168.0.4access2

1192.168.0.8

50

Area Hijacking Example

11

source

destABRd=426

ABRd=51

ABRd=451ABRd=401

ABRd=151ABRd=51

?


Multi Area Adjacencies (MADJ)RFC 5185 allows a link to be in multiple areas• Stubs can only be in a single area• Links have a primary area for their interface stubsProtects against some hijacking cases, but not all

12


access4

5050

50

50

50

50

50

50

50

50

50

100

350

100

3501375 192.168.0.3

375

access1

1

50

192.168.0.7access3

50

1

150

192.168.0.2

150

back2

1001

100

192.168.0.6back4

1192.168.0.1back1

1192.168.0.5back3

1192.168.0.4access2

1192.168.0.8

50

Area Hijacking Example with MADJ

13

source

destABRd=426

ABRd=51

ABRd=101

ABRd=451


50

50

50

50

200

1

200

200

1

200

192.168.1.10

200

access2

200

192.168.1.9

200

access1

2001

agg1192.168.1.5 1

50

back1192.168.0.1 1 192.168.0.4

access3192.168.2.11 1

50

agg2192.168.1.6 1

back4192.168.0.2 1

50

agg3192.168.2.7 1

back2 back3192.168.0.3 1

50

50

50

50

50

1

50

50

50

192.168.2.8

50

200

50

agg4

50

200

50

50

agg4

50 50

50

50

200

50

50

200

50

200

50

200

50

200

50

200

50

1200

192.168.0.3back3 200

1

50

192.168.2.7

50

agg3

50

1

50

192.168.0.2

50

back2

50

1

10000

192.168.1.6

10000

agg2

200

1

200

192.168.2.11

50

access3

50

1192.168.0.1back1

1192.168.1.5agg1

1192.168.1.9access1

1192.168.1.10access2

1192.168.0.4back4

1192.168.2.8

50

Multi Area Routers

14

source

dest

ABR!!!


Multi Area Routers (MAR)RFC 3509 allows a router to be in multiple non-zero areas without being in area 0• Protects against dropping traffic• Specifies subtly different behavior of Cisco and

IBM routers (only)Leads to more opportunities for area hijacking

15


Area Hijacking Example with MAR

16

50

50

50

50

200

1

200

200

1

200

192.168.1.10

200

access2

200

192.168.1.9

200

access1

2001

agg1192.168.1.5 1

50

back1192.168.0.1 1 192.168.0.4

access3192.168.2.11 1

50

agg2192.168.1.6 1

back4192.168.0.2 1

50

agg3192.168.2.7 1

back2 back3192.168.0.3 1

50

50

50

50

50

1

50

50

50

192.168.2.8

50

200

50

agg4

50

200

50

50

agg4

50 50

50

50

200

50

50

200

50

200

50

200

50

200

50

200

50

1200

192.168.0.3back3 200

1

50

192.168.2.7

50

agg3

50

1

50

192.168.0.2

50

back2

50

1

10000

192.168.1.6

10000

agg2

200

1

200

192.168.2.11

50

access3

50

1192.168.0.1back1

1192.168.1.5agg1

1192.168.1.9access1

1192.168.1.10access2

1192.168.0.4back4

1192.168.2.8

50

source dest

MAR!!!


1

50192.168.1.4

192.168.1.6access2

500

agg2

5001 192.168.0.2 1

350

agg1192.168.1.3 1

50

192.168.0.1back2

350

50

back1

5050

200

200

1

50

192.168.2.5

50

access1

50

50

501

More Area Hijacking(Stub Area Matters)

17

source

dest

ABRd=351

ABRd=251

d=501d=751?


Importing External InformationExternal routes can be imported into OSPF• Example: static routesRouter importing external routes is called an ASBR (AS Border Router)• Route contains distance from ASBR to prefixA router ….• Calculates SPTs for all the attached areas• Calculates paths to all remote stubs• Calculates paths to all external stubs–Calculates path (and distance) to ASBR and

combines that with dist(ASBR, stub)18


Routing to an ASBRUnusual, because ASBR is not in an area• ASBR could be reachable in multiple areasSo a router has to calculate per-area path to an

ASBR, and then choose the best path• Tie-breaking rules depend on whether

RFC1583compatibility is set to disabled– RFC 1583 is the older OSPF RFC

• Ties broken by– Least cost– Highest area number of the link

19


back1 200

1

200

192.168.1.4

50

192.168.0.1 1

access2

back2192.168.0.2 1

50

192.168.1.3access1

1

50 50

50

50

5050

Example of ASBR routing

20

sourcedest (ASBR)dest (stub)dest


5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

Quiz: What’s the path from source to dest?

21

source

dest

Black = area 0Red = area 1Blue = area 2Green = area 3


AnswerDepends on …• What ‘dest’ refers to…

– Choices: r5:192.168.5.0, r5:192.168.5.3 or r5:ASBR• Whether routers are RFC-3509 compliant or not

– i.e., can r1, r2, and r3 act as true MARs or not• When RFC-3509 compliant:

– Whether r3 advertises routes learned in green area into red and blue areas or not• Vendor dependent

– Cisco and Junipers behave differently

22


5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

Quiz: What’s the path from source to dest?dest 192.168.5.0, r1 not RFC3509

23

source

dest



5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

source

dest


Quiz: What’s the path from source to dest?dest 192.168.5.0, RFC3509

24


Quiz: What’s the path from source to dest?dest 192.168.5.3, RFC3509, Cisco

25

5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

source

dest



5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

source

dest


Quiz: What’s the path from source to dest?dest 192.168.5.3, RFC3509, Juniper

26


5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

source

dest


Quiz: What’s the path from source to dest?dest r5:ASBR, RFC3509, Cisco

27


Quiz: What’s the path from source to dest?dest r5:ASBR, RFC3509, Juniper

28

5050

50150

50

150100

100

192.168.5.0 1192.168.5.3 1

100

r1192.168.1.1 1 1

r2192.168.2.1 1

100

r5

r3192.168.3.1 1

192.168.4.0

50

100

50

r450

100

50

source

dest


why ospf paths aren’t always shortest

Documents

intraarea paths

ospf routing complicatedpaths

ospf domain

intraarea pathleads

ospf paths arent

multiarea routers rfc

areasmultiarea adjacency

area border router abran