The OSI Model 7 Layers

Introduction

The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies in the early 1980s. The OSI Model is a conceptual framework used to describe the functions of a networking system. The OSI model characterizes computing functions into a universal set of rules and requirements in order to support interoperability between different products and software. 

The modern Internet is not based on OSI, but on the simpler TCP/IP model. However, the OSI 7-layer model is still widely used, as it helps visualize and communicate how networks operate, and helps isolate and troubleshoot networking problems.OSI was introduced in 1983 by representatives of the major computer and telecom companies, and was adopted by ISO as an international standard in 1984.

7 . Application Layer : 

The application layer is used by end-user software such as web browsers and email clients. It provides protocols that allow software to send and receive information and present meaningful data to users. A few examples of application layer protocols are the Hypertext transfer protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), and Domain Name System (DNS).

6. Presentation Layer : 

The Presentation layer formats or translates data for the application layer based on the syntax or semantics that the application accepts. Because of this, it is sometimes also called the syntax layer. This layer can also handle the encryption and decryption required by the application layer.

 5. Session Layer :

The session layer creates communication channels, called sessions, between devices. It is responsible for opening sessions, ensuring they remain open and functional while data is being transferred, and closing them when communication ends. The session layer can also set checkpoints during a data transfer—if the session is interrupted, devices can resume data transfer from the last checkpoint.

4. Transport Layer : 

The transport layer takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It is responsible for reassembling the segments on the receiving end, turning it back into data that can be used by the session layer. The transport layer carries out flow control, sending data at a rate that matches the connection speed of the receiving device, and error control, checking if data was received incorrectly and if not, requesting it again.

3. Network Layer : 

The network layer is responsible for receiving frames from the data link layer, and delivering them to their intended destinations based on the addresses contained inside the frame. The network layer finds the destination by using logical addresses, such as IP (internet protocol). At this layer, routers are a crucial component used to quite literally route information where it needs to go between networks.

2. Data Link Layer : 

The data link layer establishes and terminates a connection between two physically-connected nodes on a network. It breaks up packets into frames and sends them from source to destination. This layer is composed of two parts—Logical Link Control (LLC), which identifies network protocols, performs error checking and synchronizes frames, and Media Access Control (MAC) which uses MAC addresses to connect devices and define permissions to transmit and receive data.

 1. Physical Layer :

The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw unstructured data bits across the network from the physical layer of the sending device to the physical layer of the receiving device. It  is responsible for the physical cable or wireless connection between network nodes. It defines the connector, the electrical cable or wireless technology connecting the devices, and is responsible for transmission of the raw data.

 

Static & Dynamic Routing

Static Route:

In static routing we have to insert route manually in the routing table of each router and computer. A routing entry is an entry that specifies what the gateway that a packet must be forwarded, in order to reach a certain destination. On each router or computer routing table create that contains a number of routing entries.

To set a static network route on a Cisco Router the following command is used:

#ip route <destination network><Subnet Mask><Gateway IP address or exit interface name >

Default Route:

A default route tells the Router not to drop the packet but to forward any unknown destinations out of a particular interface.

To configured default route on a Cisco router with the following command:

#ip route<All Zero Destination><All Zero Subnet Mask><Gateway IP address or exit interface name > 

To check Routing table in a Cisco Router the command 

#show ip route 

To check all the Static Routes that are configured on a Cisco Router the command 

#show ip route static 

Advantage:

  • security
  • low CPU utilization
  • Efficient in small network
  • usually used in small network

Disadvantage:

  • Time consuming
  • Not good for large network
  • burden on an administrator

 

Dynamic Route:

If you want to build a large network then dynamic routing is best and allow the network to select the best path for getting and sending packets from source to destination. Its Routing table not managed manually. A dynamic routing table is created, maintained, and updated by a routing protocol running on the router. Dynamic Routing protocols help the network to find the best way of routing.

In many networks when more than one paths to the same destination. We need to define the best path from source to destination One of these paths may be more efficient than the other. Routers determine the best way on the basis of several criteria along with network quality, network traffic, link up and down, etc. One of the most important benefits of dynamic routing is Redundancy. If one path or one link on the network unavailable or because of hardware failure dynamic routing will help the router on Layer 3 how to route around that path.

Difference between Static Route and Dynamic Route:

 

Static Routing

Dynamic Routing

Static routing implemented in small network

Dynamic routing implemented in large network

Static routing is much secure as no advertisements are sent.

Dynamic routing, broadcasts and advertisements happens making it less secure.

In static routing, user defined routes are used in routing table.

In dynamic routing, routes are updated as per the changes in network.

Static routing does not use complex algorithms.

Dynamic routing uses complex routing algorithms.

There is no need of extra resources. Like CPU, Memory.

It required extra resources like CPU, Memory etc.

Route does not react on network change.

Route change and react on network change, like when link does down.

Static route does not follow any specific protocol.

Dynamic route follow protocol, like EIGRP, RIP, OSPF, BGP

 

POP vs IMAP

Introduction:

POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) are the protocols or technologies that you can use to download messages on your computer from mail servers. You can access them through mail clients such as Google Gmail, Microsoft Outlook, Mozilla Thunderbird, etc. In this article, we will discuss the difference between POP and IMAP in the mail.

What is POP?

POP is a one-way incoming mail protocol that downloads a copy of messages from an email server to a local machine. Once the post office protocol completes the process, it deletes the original data from the server’s inbox.

POP is a pull protocol.

POP is an application layer protocol.

POP uses TCP at the transport layer.

POP uses port number 110 and with SSL uses port number 995

POP uses TCP connections and it is a connection oriented protocol.

POP is an in-band protocol.

POP is a state full protocol until the mail is downloaded as well as stateless across sessions.

 

What is IMAP?

IMAP is a flexible mail protocol because it stores all of your messages on a remote mail server, called an IMAP server, and when you access mail in your email client, it only downloads a copy of those messages. Anything you do to the messages in your local mail client - reply, delete, forward, and so on - is synchronized with the copy on the IMAP server. This allows you to connect to your email account from multiple devices and allows your messages to always stay in sync.

It is an application layer protocol.

It also enables the clients to receive or download the emails from their remote mail server.

IMAP uses TCP at the transport layer.

IMAP uses port number 143 and with SSL uses port number 993.

IMAP uses TCP connections and it is a connection oriented protocol.

IMAP is an in-band protocol.

IMAP is a state full protocol.

IMAP distributes mail boxes across multiple servers.

 

Difference between POP and IMAP

 

POP

IMAP

POP downloads the mail first and then allows its users to read them.

You can partially read your emails before downloading them in the case of IMAP.

POP only allows a single device at a time to access the emails.

IMAP allows multiple devices at a time to access and read the available mails.

POP is very fast.

IMAP is slow as compared to POP.

It does not allow syncing of a user’s emails.

Users can sync their emails using this protocol.

The user cannot organize mails in the mail box of the mail server.

The user can organize mails on the server.

POP does not allow its users to alter or delete any email available on the mail server.

IMAP allows its users to use an email software or a web interface to alter or delete the available emails.

 

Which is better?

IMAP is much agile if you want to access your email from multiple devices, such as a work computer and a smartphone. POP performs well if you need using only a single device, but have a great number of emails. It is also more suitable if you have a poor internet connection and want to access your emails offline. However, in most cases, IMAP meets the business requirement much better.

IPv4 Header

Introduction:

IP protocol is layer 3 protocol of OSI it take a segment from layer 4 (Transport layer) and break in to packet which is a 1500 byte (20 Bytes of IP header and 1480 Bytes of segment). An IP header is a prefix to an IP packet that contains information about the IP version, length of the packet, source and destination IP addresses, etc.

Header:

IP header contains all the necessary information to deliver the packet at the other end. Here is a description of each field:

Version:  Version no. of Internet Protocol used. For IPv4, this field has a value of 4.

IHL: Length of entire IP header in 32 bit the minimum value is 20 bytes, and the maximum value is 60 bytes.

Types of Services: Quality of service, a network may choose how to handle the packets. Type of service is an 8 bits header field, each bit has a meaning for quality of service.

 The higher priority packet will pass first.

Routing – 0

Priority – 1

Immediate – 2

Flash – 3

Flash Override – 4

Critic/Ecp – 5

Internetwork Control – 6

Network Control – 7

 

Total Length: The length of the entire packet (header + data). The minimum length is 20 bytes

Identification:  If IP packet is fragmented during the transmission, all the fragments contain same identification number to identify original IP packet they belong to.

Flags:  IP Packet is too large to handle, these ‘flags’ tells if they can be fragmented or not.

The first bit is reserved.

The second bit is for fragmentation, also called Don’t fragment (DF). If the value is zero (0), the transit network can fragment the packet if requires.  If the value is one (1), the underlying network does not fragment the IP packet

The third bit of IP flags (More Fragment -MF) is for segment information. If the value is zero (0), means it is the last fragment. One (1) means a packet is fragmented and at least one frame will follow the current fragment. 

Fragment Offset: The fragment offset is a 13 bits field. This offset tells the exact position of the fragment in the original IP Packet.

TTL (Time to live): To avoid looping in the network, every packet is sent with some TTL value set, which tells the network how many routers (hops) this packet can cross. At each hop, its value is decremented by one and when the value reaches zero, the packet is discarded.

Protocol:  The protocol used in the data portion of the IP datagram. For example, TCP is represented by the number 6 and UDP by 17.

Header Checksum: This field is used to keep checksum value of entire header which is then used to check if the packet is received error-free.

Source IP Address:  The 32 bit of IP address of the host that sent the packet

Destination IP Address: The 32 bit of IP address of the host that receive the packet

Option: It is used for network testing, debugging, security, and more. This field is usually empty.

 

 

 

 


VTP - VLAN Trunking Protocol

Introduction:

It is used to transfer vlan information from one switch to another switch. It is a cisco proprietary protocol and works at layer2 on OSI model. It is used for centralized vlan management and uses multicast mac address 0100.OCCC.CCCC for VTP updates (CDP, VTP, UDLD)

VTP Modes:

  • Server Mode  
  • Client Mode
  • Transparent Mode

Server Mode:

In this mode we can add, remove and edit vlan. It is default mode of vtp on most of series of switches and it saves vlan information in vlan.dat file in flash memory. In this mode vtp can generate vtp update. It works as a relay agent and supports only normal range of vlan 1-1023

Client Mode:

In this mode we can't add, remove and edit vlan it also stores vlan information in vlan.dat file. It supports only normal range of vlan also works as a relay agent. It can receive vlan from another switch

Transparent Mode:

In this mode we can add, remove or edit vlan. It is default mode of vtp on some platforms it doesn't update its own vlan database based on received vtp updates from its neighbour switch and doesn't forward its own vlan information to any other switch also doesn't generate vtp updates. It supports normal range vlan as well as extended range of vlan. It stores vlan information in its vlan.dat file and also in running-config and also works as relay agent.

VTP requirement:

  • Trunking should be enable between two switch
  • VTP domain name must match
  • VTP password must match (optional)

 

Types of VTP update:

  • Triggered update
  • Periodic update

C.R. Number (configuration Revision):

It is in 32 bits this number is always represented in decimal by default, C.R. number is 0. It will always increment by one whenever any vlan is added or removed in vlan database

 

Types of VTP messages:

  • summary advertisement
  • subset advertisement
  • subset request from client

 

Summary advertisement:

VTP server generate summary advertisement message in every 300sec and every time when vlan database change occurs it checks only C.R. number

 

Contents of summary advertisement:

  • Domain name should be same.
  • Version should be same.
  • C.R. number
  • MD5 digest value  (domain, password, CR number)
  • Total number of subset advertisement msg.

Subset advertisement:

It contains actual information of vlan. It will be generated when vlan changes will occur or in the response of subset req.

Subset request from client:

Client switch might be reset and its vlan database have cleared, after that client generate an advertisement request from message and vtp server will respond with summary advertisement and subset advertisement to bring it up to date.

                                                          

 

Note: Server mode switch will not generate any vtp update if its domain name is Null md5 Digest value calculated with domain name, password, CR Number. Switch will recalculate its md5 digest value if any update received with higher CR number. CR number will become 0, when we will change domain name and CR number will increment by 1 if we will change version. VTP password not required on transparent mode switch.

VTP configuration:

  • switch(config)#vtp mode server/client/transparent
  • switch(config)#vtp domain cisco
  • switch(config)#vtp password ccie
  • switch #show vtp status
  • switch #show vtp counters
  • switch #debug SW-vlan vtp event

Types of VTP version:

  • version1: doesn't support GVRP and token ring
  • version2: support GVRP and token ring
  • version3

VTP version 3:

We can create extended vlan in server mode. We can create private vlan in server mode and can propagate private vlan to another switch. We can encrypt password. Modes:  1 server   2 client.  3 transparent   4 off mode.

Updater-ID

To find out that which switch is giving vtp update so we can create updater-id by creating SVI interface lower SVI ip address will become updater-id.

 

VTP Pruning:

It is used in local vlan design and used to stop unwanted broadcast to any switch if the vlan does not exist on that switch. Transparent switch does not support vtp pruning. Enable vtp pruning on server mode switch, client switch will automatically get enabled. Vlan 1 (native vlan) can't be prunes.

How to enable VTP pruning:

  • switch(config)#vtp pruning
  • switch #show int fa 0/24 pruning
  • switch(config-if)#switch port trunk pruning vlan remove 10 (on trunk for not prune to any vlan)

 

 

 

SYSLOG

Introduction:

Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review. It works on an extremely wide variety of different types of devices and applications, allowing them to send free text-formatted log messages to a central server. It is an application layer protocol and it user UDP port no 514. Syslog was developed in the 1980s by Eric Allman as part of the Send mail project.

Every device on your network—whether it’s a storage box or a server, a switch or a firewall—likely has a syslog agent you can use to send messages to a common central location.

Unlike SNMP Syslog can’t be used to “poll” devices to gather information.

SNMP has a complex hierarchical structure that allows a management station to ask a device for information on things like temperature data or available disk space.

That’s not possible with Syslog – it simply sends messages to a central location when specific events are triggered.

Syslog syntax:  

Timestamp%Facility-Severity-Mnemonic:Message-text

Syslog Severity:

Numerical Code
Severity
Meaning
0
Emergency
System is Usable
1
Alert
Action must be taken immediately
2
Critical
Critical Condition
3
Error
Error Condition
4
Warning
Warning Condition
5
Notice
Normal but significant condition
6
Information
Information Message
7
Debug
Debug Level Message

 

In practice, you don’t normally see emergency level messages because if the system is that badly broken, it probably can’t send a message. And you probably don’t want to see debugging messages in your log because there will be too many of them, and they’re rarely important for operational purposes. So typical production systems will normally be set to a logging level of 5 or 6. The sending system might keep a local copy of the less severe messages, but it won’t send them to the central server.

       DHCP

Introduction:

The DHCP stands for Dynamic Host Configuration Protocol. It is a network management protocol used for IP networks. A DHCP server is used to assign an IP address, subnet mask, or DNS server to the connected devices on the network to communicate with others.

DHCP server allows a system to request IP addresses and other networking parameters automatically from the internet service provided. It reduces the network administrator's work. When the DHCP server is absent, the IP address for a computer or other device needs to be manually assigned. But, later, these devices can not be connected outside the local subnet. A DHCP can be implemented on home networks to wide area networks and region ISP networks. Most of the home networks receive a globally unique id within the ISP ( Internet Service Provider) networks. For the local networks, DHCP assigns a local IP address to every connected device within the network. We can also use the routers as a DHCP server.There are millions of devices in the world, and each individual device needs a unique IP address. The TCP/IP protocol supports a built-in DHCP protocol. So, it automatically assigns a unique IP address to each connected device and keeps tabs of them. Almost all IP addresses are dynamic.

DHCP is based on a client-server model and based on discovery, offer, request, and ACK.

DHCP port number for server is 67 and for the client is 68. It is a Client server protocol which uses UDP services. IP address is assigned from a pool of addresses. In DHCP, the client and the server exchange mainly 4 DHCP messages in order to make a connection, also called DORA process, but there are 8 DHCP messages in the process.

Note All the messages can be unicast also by dhcp relay agent if the server is present in the different network.

These messages are given as below:

1. DHCP discover message -
This is the first message generated in the communication process between server and client. This message is generated by the Client in order to discover if there is any DHCP server present in a network or not. This message go broadcast.

2. DHCP offer message - 

The server will respond to host in this message specifying the unleashed IP address and other TCP configuration information. This message is broadcasted by server. If there are more than one DHCP servers present in the network then client host will accept the first DHCP OFFER message it receives. Also a server ID is specified in the packet in order to identify the server.

3. DHCP request message -

When a client receives an offer message, it responds by broadcasting to find if there is any other host present in the network with the same IP DHCP request message. The client will produce a gratuitous ARP in order to address. If there is no reply by another host, then there is no host with the same TCP configuration in the network and the message is broadcasted to server showing the acceptance of IP address .A Client ID is also added in this message.

4. DHCP acknowledge message -

In response to the request message received, the server will make an entry with specified client ID and bind the IP address offered with lease time. Now, the client will have the IP address provided by the server.

5. DHCP negative acknowledge message -

Whenever a DHCP server receives a request for an IP address that is invalid according to the scopes that it is configured with, it sends a DHCP Nak message to the client. Eg-when the server has no IP address unused or the pool is empty, then this message is sent by the server to the client.

6. DHCP Decline : 

If DHCP client determines the offered configuration parameters are different or invalid, it sends DHCP decline message to the server .When there is a reply to the gratuitous ARP by any host to the client, the client sends DHCP decline message to the server showing the offered IP address is already in use.

7. DHCP release –
A DHCP client sends DHCP release packet to server to release IP address and cancel any remaining lease time.

8. DHCP inform –
If a client address has obtained IP address manually then the client uses a DHCP inform to obtain other local configuration parameters, such as domain name. In reply to the dhcp inform message, DHCP server generates DHCP ack message with local configuration suitable for the client without allocating a new IP address. This DHCP ack message is unicast to the client.

Advantages – The advantages of using DHCP include:

1. Centralized management of IP addresses

2. Ease of adding new clients to a network

3. Reuse of IP addresses reduces the total number of IP addresses that are  required.

4. simple reconfiguration of the IP address space on the DHCP server without  needing to reconfigure each client

Disadvantages – Disadvantage of using DHCP is:

1. IP conflict can occur

 

 

 


 

EIGRP

Introduction:

EIGRP stand for Enhance Interior Gateway Routing Protocol is an advance distance routing protocol it was developed as a hybrid distance vector routing protocol that uses many of the same composite metrics it can determine the shortest path distance vector, and it works on the principle of Interior Gateway Routing Protocol (IGRP). The protocol uses the DUAL (Diffusing Update Algorithm) algorithm to calculate the shortest path. It was cisco proprietary protocol but after 2013 cisco decide to convert it in open standard.

DUAL (Diffusing update algorithm):

It is an algorithm used by EIGRP for select lowest cost loop free path for each possible destination also provide fast convergence. If in topology table multiple path available than it will run dual and it will select best route and put it in routing table. There are four terms of dual: 1) FD, 2) RD, 3) Successor, 4) Feasible Successor

FD: Feasible Distance

Total metric from source to destination or you can say that a calculated metric of successor is called FD.

RD: Reported Distance

A router's FD will be called RD to its neighbour

Successor:

A successor route is the best route to reach destination network. A successor route is lowest cost to reach destination. A successor route will stored in topology table as well as in routing table.

Feasible Successor

It is a backup path of successor which stored in topology table.

Successor EIGRP will keep up to 32 feasible in topology table in ios version 15.0

Types of EIGRP packets:

RTP: Reliable Transport Protocol

It is used for detecting packet loss and to ensure ordered delivery of the packets.

Hello

Hello packet is used for neighbour discovery and for keep alive.

Update:

Update message can be unicast or multicast. It used rtp protocol Contain (subnets/prefix length, delay, bandwidth, mtu, load, reliability, hop count.). Update packets are sent between neighbour to build the topology table and routing table. If there is static neighborship between router than update will be unicast.

Acknowledge:

Acknowledge message always sent as unicast. Acknowledge is not used in the case of hello. It is just for rtp packets.

Query:

Query packets are sent by a router when successor route fail and there is no feasible successors in the topology table. The routers places the route in active state and sent a query to its neighbours for an alternative route. Query message are sent as a multicast 224.0.0.10

Reply:

Reply packets are sent in response to query packets, the responding router has an alternative route. Reply packets are sent as a unicast to the querying router.

Stuck in active:

when a router notices that a route failure and there is no feasible successor that route move in active state from passive, that router sends a query message to its neighbour and it will wait for 3min for reply. If router does not receive a reply within active timer, that route will considered stuck-in-active state if router not receiving reply within 3min router will flap the neighborship with its neighbour

Types of table in EIGRP:

Neighbor Table:

It contains information about its neighbour.

Topology Table:

It contains all destination advertise routes by neighbour routers which come from the Neighbor routing table.

Routing Table:

It contain the best route to each remote network and this path called successor. It will contain three types of route: internal, external, summary.

Null 0:

It is a loop avoidance mechanism entry stored in routing table, null0 will be created only in case of summarization (auto & manual). If any traffic goes towards null0 then it will drop by EIGRP.

Unequal-cost Load-Balancing:

  • EIGRP automatically supports load balancing over four equal-cost routes. EIGRP support up to 32 equal-cost path with ios version 15.0, in previous ios 16path

Variance: It will multiply with successor when dual algorithm run on topology table

                    (default1, 1to128).

 

SNMP (Simple Network Management Protocol)

 

Introduction:

SNMP is a networking protocol used for the management and monitoring of network connection devices in internet protocol network. The SNMP protocol is embedded in multiple local devices such as router, switches, server, firewall and wireless access point accessible using this IP address. It is an application layer protocol in the OSI model.

The protocol designed at the application level can monitor the devices made by different manufacturers and installed on different physical networks. It is used in a heterogeneous network made of different LANs and WANs connected by routers or gateways. It uses UDP port on transport layer. SNMP agent uses port 161 when the agent wants to report something or respond to a command, an agent will send an "SNMP trap" on port 162 to the manager.

Network management station (NMS): The software which runs on the administrative computer. This software gathers SNMP data by requiring the devices on the network to disclose certain information.

Agent: The software which runs on managed devices and reports information via SNMP to the NMS.

Management Information Base (MIB): It is a collection of definitions that define the properties of the managed object within the device to be managed. MIB files are written in an independent format and the object information they contain is organized hierarchically. The various pieces of information can be accessed by SNMP.

SNMP Message:

SNMP have two types of message.

Solicited Message: It goes periodic (Network management station to Agent)

  1. Get Request: The Get Request message is sent from a manager (client) to the agent (server) to retrieve the value of a variable.
  2. Get Next Request: Sent by the SNMP manager to agent to find the value of the next record in the MIB hierarchy.
  3. Get Bulk Request: The Get Bulk operation is used to retrieve voluminous data from large MIB table.
  4. Set Request: The Set Request message is sent from a manager to the agent to set a value in a variable.

Unsolicited message: It goes triggered (Agent to Network management station)

  1. SNMP Trap: Unlike the above message which are initiated from the SNMP Manager, TRAPS are initiated by the Agents. It is a signal to the SNMP Manager by the Agent on the occurrence of an event.
  2. SNMP Inform: This command is similar to the TRAP initiated by the Agent, additionally Inform includes confirmation from the SNMP manager on receiving the message.

SNMP Version: Three types of version.

  1. SNMP Version 1: This is the first version of SNMP protocol, which is defined in RFCs 1157
  2. SNMP Version 2: This version was improved to support more efficient error handling and is described in RFC 1901.
  3. SNMP Version 3: SNMPv3 defines the secure version of the SNMP. SNMPv3 protocol also facilitates remote network monitoring configuration of the SNMP entities. It is defined by RFC 3410.

 

OSPF Open Shortest Path First

Introduction:

OSPF (open shortest path first) is an open standard protocol. It is a link state routing protocol that is used to find the best path between source and destination router with the help of shortest path first. It is an IGP Protocol. OSPF is developed by Internet Engineering Task Force (IETF) as one of the Interior Gateway Protocol (IGP) and uses the Dijkstra’s algorithms. It is a network layer protocol and protocol number is 89 and administrative distance is 110. OSPF multicast address 224.0.0.5 for normal communication and 224.0.0.6 for update to designated router/Backup Designated Router. In OSPF router send first time full update after that partial update and send an update with a sequence number starting from 0x80000001 to 0xffffffff. It is classless routing protocol and by default auto-summarization is disable

Types of packet in OSPF:

  • Type1  hello
  • Type2 DBD  Database description
  • Type3 LSR    Link state request
  • Type4 LSU    Link state update    (retransmission time out 5sec)
  •  Type5    LS Ack  Link state acknowledge

Note: OSPF header size is 32bytes but always remember that first 24bytes are always common in all packet

OSPF Design:

It reduce the memory and CPU utilization of router and easy to solve issues in smaller domain that is area

 

Area in OSPF:

Area is a logical group of devices within a single administration. Cisco recommend that in single area should not have more than 30 router. Area-id is a 32bit long ID and area-id can be represent in decimal number or ipv4 format

Note:  Inter area route cannot move to one area to another area without backbone area, but external route can move one area to another area without backbone area.

Types of Router in OSPF:

  • Backbone router
  • internal router
  • Area Border Router
  • Autonomous System Boundary router

Backbone router:

A router has all interfaces in Area 0 we can call it transit area 

Internal router:

A router which has all interfaces in regular Area

ABR Area Border Router:

A router which has at least one interface in backbone area and one in regular area. We create ABR for divide database in different area ABR will keep multiple area's database in memory. It can send routing information to different area but not send database

ASBR autonomous system border router:

It is used to connect different routing protocol with OSPF or redistribute RIP, EIGRP into OSPF. It is used to exchange routing information in OSPF and different protocol

Router-id:

Router id is a unique ID in an area to identify the database on every router.

OSPF neighborship states:

Down: In this state, no hello packet have been received on the interface.

Init: In this state hello packet receive from the other router.

Two Way: In this state both the router successfully exchange the hello packets with each other.

Ex-start: In this state router will exchange empty DBD for master and slave election. Router will negotiate the sequence number of DBD and MTU size.

Ex-change: In this state actual database exchange.

Loading: In this state link state request, link state update, link state acknowledge exchange.

Full State: In this state router synchronized database successfully and OSPF routing can perform after full state.

 

LSA: Link State Advertisement:

A router will always keep its route information in its database in the form of LSA, when any update will go from one device to another device it will go in the form of LSA

Types of LSA:

Type1 LSA:  Router LSA:

It is generate by every router within an area to represent itself, it will not cross its own area and within an area all routers have common 'Router LSA' information. One router LSA can keep multiple links information. After every 30min router will flood LSA, if any router receives higher sequence no. LSA than router will execute SPF algorithm. In router LSA link-id and advertising router-id will be same. Router LSA contain some special bits like 'V' end point of virtual link, 'E' it is ASBR, 'B' it is ABR.

Link-id= router id, advertise router-id= router-id

Type2 LSA: Network LSA:

It is generated by DR router within a segment to represent itself and it is having information that how many devices are connected in that multi-access link network in the form of router-id and also having the information of DR router's IP address. It send to all attached router between the same areas.

Link-id = IP address of DR, advertise router-id= router id of DR

Type3 LSA: summary LSA:

It is generated by ABR router for sending routing information from one area to another area it contain information about all inter area routes

Link-id=network id (prefix id), adv. router-id= router id of ABR

Type4 LSA: ASBR summary LSA:

It is generated by ABR to describe that who is doing redistribution means ASBR information and cost to reach an ASBR from ABR

Link-id= router-id of ASBR, Adv. router-id= router-id of ABR.

Type5 LSA: External LSA:

LSA generated by ASBR this LSA will keep the information of all routes of other routing domain

Link-id= external routes, Adv. router-id= router-id of ASBR.

Type7 LSA:  NSSA External LSA:

It is generated by ASBR within NSSA Area and it remain within the NSSA Area. LSA7 gets translate back into type5 LSA by the NSSA ABR router.

Link-id= external routes, adv. router-id= router-id of ASBR

 

Type of Area:

Standard Area:

By default all areas are standard area

Stub Area

It is used to filter Type5 LSA and Type4 LSA or to filter external routes after filtering type5 and type4 LSA It automatically generate default route. Default route is advertise by ABR. Stub are run on both sides means ABR and all other router of this area. We can’t configure area0 as stub area and it cannot allow virtual-link.  Stub area is not allowed ASBR router so we can’t configure stub area near ASBR router. We can’t make stub to that area which is attached with ASBR because it can’t do redistribution.

Totally stub:

It filter LSA3, 4, 5 or external as well as inter-area routes. It automatically generate Default route and it implement only on ABR router

NSSA Area

It stand for not-so-stub-area. It is used to allow an ASBR to send external routes through stub area with using type7 LSA. Filter LSA4, 5 but redistribution is allowed. ASBR router will generate type7 LSA after that ABR will convert type 7 LSA back to type5 LSA. Default route will be manually configured and run on both side like stub router.

 

 

 

Totally NSSA

It filter LSA3, 4, 5. Default route will automatically generated and implement only on ABR router. It allow redistribution and default route originate by ABR.