RE: Why must all areas connect to Area 0?

From: Scott Vermillion (scott_ccie_list@it-ag.com)
Date: Tue Oct 30 2007 - 05:11:14 ART

Hey CCIEin2006,

LOL, I got caught up in one of those domestic "some assembly required"
projects after dinner and here I am all these hours later. So it took me
until now to come back to this. After drafting my response, I realized it
was mere opinion, so I tore down what I was working on and built the exact
topology you describe below. Thus, I am now going through and updating
certain areas of the below message with hard results. If at times this
sounds a little strange, bear in mind it was written once as an "I think"
and then re-written as an "I know" (and BTW, I my opinions generally turned
out to be fact ;~) ).

.......

I love these discussions because they reveal to me how much I don't know
about something I previously thought I knew quite well. I've always felt I
was strong on OSPF, but perhaps not so much.

As far as I can tell, the below topology is broken. You've got R5 attached
to A1 and A2. Note that this makes R5 an ABR wannabe, yet it has no Area 0
connectivity. Sans Area 0 connectivity, it cannot become a true ABR. Thus,
R5 will not somehow be blissfully advertising its A2 topology to R4 and its
A1 topology to R6. In order to advertise a network in one area (A2 in this
case) into another area (A1 in this case), R5 would be required to have a
connection to the backbone, as that's how it would originate its Network
Summary LSAs to be flooded to other ABRs of other areas. In your below
topology, R5 will be able to successfully establish adjacencies with both R4
and R6 (to my surprise, I wasn't really sure what was going to happen
there), but again, it will not somehow be sharing the A2 topology with R4.
It can only do that by way of introducing Type 3 LSAs into the backbone, and
sans a VL, it obviously can't do that. And trying to anticipate another
possible question you might have, what R6 is introducing into the backbone
regarding A2 would not allow R4 to somehow know that R5 is on a physically
shorter path to A2; this is all distance vector stuff once we go inter-area,
so R6 is simply saying "to get to so-and-so, route to me" ("Advertising
Router" field in the Type 3 LSA).

But I understand the spirit of your question, so let's assume just for the
sake of argument that there's yet a third R5 interface and yet another area,
say A3, "lollipopped" off of R5. Again, in such a case, you need a virtual
link to the backbone via either A1 or A2. This changes the *OSPF* topology
to something different than what the physical topology would suggest.
Assuming the VL was through A1 to R4...

According to Doyle Vol I (pg 374 of second printing), "the virtual link is a
tunnel through which packets may be routed on the optimal path from one
endpoint to the other." However, he also states elsewhere in the book (or
perhaps I read it on the DocCD) that only OSPF packets are tunneled; traffic
is sent "natively" (hence the restriction that a transit area cannot be a
stub area, as routers in these have no knowledge of how to route external
traffic). In this case, R4 would shoot traffic bound for A3 "down the VL"
(again, it's my understanding that it will actually be sent natively through
the transit area) directly to R5. Now the question of traffic bound for A2
is interesting, because we basically have both R5 and R6 "attached" to the
backbone and introducing Type 3 LSAs for these networks. So here again, R4
sends traffic down the VL directly to R5, one of two ABRs for A2. Now, were
you to establish the VL via R6...

Then R4 would in fact route traffic to both A2 and A3 via the longer A0
path, as R5 would be introducing Type 3 LSAs for A2 and A3 into this OSPF
topology from the VL into A0 via R6 and then across to R4 (and R5 would also
send an A0 router LSA in this same way, etc). While R4 will definitely know
it can reach R5 via A1, it will basically see a "distance vector" route to
those A2 and A3 networks via A0 (where they were learned from). I think
this all makes sense from a loop avoidance standpoint, as this essentially
is distance vector behavior once we go inter-area. We only know that to
reach a given destination outside of our area, we follow a particular
vector; we have no direct knowledge of the topology beyond. Thus, we need a
"root" in this here spanning tree of sorts, and that will always necessarily
be Area 0.

Now for some lab results! My addressing scheme follows the IEWB (and
presumably other vendor's) scheme of blending the router numbers together.
Thus, the link between R1 and R2 will have addresses 10.0.12.1 and
10.0.12.2, respectively. So on and so on. Remember that my topology is
yours below plus that extra A3 hanging off of R5 (and I just randomly gave
that the 10.0.50.0 network). So this is with the VL via A1:

R4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static
route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 7 subnets
C 10.0.14.0 is directly connected, FastEthernet0/0
O 10.0.12.0 [110/2] via 10.0.14.1, 00:00:14, FastEthernet0/0
O 10.0.23.0 [110/3] via 10.0.14.1, 00:00:14, FastEthernet0/0
C 10.0.45.0 is directly connected, FastEthernet0/1
O 10.0.36.0 [110/4] via 10.0.14.1, 00:00:14, FastEthernet0/0
O IA 10.0.56.0 [110/2] via 10.0.45.5, 00:00:14, FastEthernet0/1
O IA 10.0.50.0 [110/2] via 10.0.45.5, 00:00:14, FastEthernet0/1

R4#trace 10.0.50.1

Type escape sequence to abort.
Tracing the route to 10.0.50.1

  1 10.0.45.5 8 msec * 28 msec

R4#trace 10.0.56.6

Type escape sequence to abort.
Tracing the route to 10.0.56.6

  1 10.0.45.5 12 msec 20 msec 20 msec
  2 10.0.56.6 60 msec * 56 msec

So you can see here that R4 is, not all that surprisingly, routing through
A1 to get to A50. Also note that it is following this same path to get to
A2. Now for the VL via A2:

R4# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static
route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 7 subnets
C 10.0.14.0 is directly connected, FastEthernet0/0
O 10.0.12.0 [110/2] via 10.0.14.1, 00:21:16, FastEthernet0/0
O 10.0.23.0 [110/3] via 10.0.14.1, 00:21:16, FastEthernet0/0
C 10.0.45.0 is directly connected, FastEthernet0/1
O 10.0.36.0 [110/4] via 10.0.14.1, 00:21:16, FastEthernet0/0
O IA 10.0.56.0 [110/5] via 10.0.14.1, 00:21:16, FastEthernet0/0
O IA 10.0.50.0 [110/6] via 10.0.14.1, 00:21:16, FastEthernet0/0

R4#trace 10.0.50.1

Type escape sequence to abort.
Tracing the route to 10.0.50.1

  1 10.0.14.1 8 msec 12 msec 8 msec
  2 10.0.12.2 8 msec 16 msec 16 msec
  3 10.0.23.3 20 msec 24 msec 32 msec
  4 10.0.36.6 60 msec 44 msec 48 msec
  5 10.0.56.5 84 msec * 64 msec

R4#trace 10.0.56.6

Type escape sequence to abort.
Tracing the route to 10.0.56.6

  1 10.0.14.1 8 msec 20 msec 20 msec
  2 10.0.12.2 16 msec 56 msec 12 msec
  3 10.0.23.3 48 msec 56 msec 60 msec
  4 10.0.36.6 80 msec * 84 msec

We now see R4 following the circuitous route via A0 to get to A2 and A50.

OK, it's just hours from show time for an important client tomorrow (this
morning at this point), gotta run...

Regards,

Scott

  

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
CCIEin2006
Sent: Monday, October 29, 2007 5:19 PM
To: Scott Vermillion
Cc: Narbik Kocharians; Cisco certification
Subject: Re: Why must all areas connect to Area 0?

You're right,

That was a bad example because R2 and R3 were in same area. Here is more
what I intended:

R4-A1-R5-A2-R6
 | |
A0 A0
 | |
R1-A0-R2-A0-R3

For R4 to get to the segment between R5 and R6, will it take the shorter
path through area 1 and area 2 or will it take the longer path through area
0?

P.S. - I hate virtual links too - they're like the duct tape of OSPF. You
never have these problems with EIGRP :-)

In this setup will R2 use

On 10/29/07, Scott Vermillion <scott_ccie_list@it-ag.com> wrote:
>
> Hi CCIEin2006,
>
>
>
> The ASCII art worked out great.
>
>
>
> Narbik has me questioning myself at this point (which is a good thing),
> since I don't really know what that transit thing is all about. But
> generically speaking, the "rules" of OSPF state that your R2 and R3 ABRs
> would need at least one connection to the backbone, so from that
> perspective, I think that yes, you are correct that you would need a
virtual
> links to maintain a "proper" OSPF design. Having said that, assuming that
> the basic hello parameters matched up between R2 and R3 for Area 3, it
seems
> that they would attempt to form an adjacency. But in attempting to
> synchronize their databases, I would expect some trouble (sans the
> aforementioned virtual links). They are ABRs, yet they have no Area 0
> connectivity. Now that you've got me thinking about this, it's something
> I'm interested to see the debug of in the lab. However, I have several
more
> hours of work to do in the lab I'm presently building, so I can't try it
> until later this evening.
>
>
>
> It just dawned on me that I may still be missing your question. Are you
> asking how traffic would flow if you **did** build the virtual links?
> Would a packet entering into R2 bound for a network attached to R3 transit
> A1 and A2 or would it directly transit A3? If that's the question, I
think
> it simply transits A3, as your OSPF topology at that point does not mirror
> the topology as drawn below. At that point you basically have A0 in the
> center, to which R1 is attached and is acting as ABR for A1 and A2, and
you
> also have R2 and R3 "attached" to the backbone, both serving as ABR for A3
> only. In that case the traffic in question would not be inter-area
traffic
> at all; it would be intra-area A3-only traffic. Seemingly?
>
> "Have I ever mentioned that virtual links are my least favorite aspect of
> OSPF?!"
>
> Narbik's link was to the command reference; perhaps I can find more
> information about this on the Config Guide side of the house once I've
> wrapped up what I'm working on at the moment. Some context and picture
> would likely be illuminating
>
>
>
> Regards,
>
> Scott
>
>
>
>
>
>
>
> *From:* CCIEin2006 [mailto:ciscocciein2006@gmail.com]
> *Sent:* Monday, October 29, 2007 2:14 PM
> *To:* Scott Vermillion
> *Cc:* Narbik Kocharians; Cisco certification
> *Subject:* Re: Why must all areas connect to Area 0?
>
>
>
> Here's a scenario for you to try Scott (hope the ASCII art comes out
> clearly):
>
>
>
> R2--A3--R3
> \ /
> A1 A2
>
> \ /
>
> R1
>
> |
>
> A0
>
>
> R1 is connected to Area 0 and connects to R2 and R3 via area 1 and 2
> respectively.
>
> R2 and R3 have a direct connection to each other via area 3.
>
>
>
> 1. I am assuming for this to work I would need a virtual link between
> R1 and R2 and another virtual link between R1 and R3 - is that correct?
>
>
>
> 2. Considering transit capability is enabled by default, would R2 and R3
> sent traffic directly to each other via area 3?
>
>
> Thanks in advance.
>
>
>
> On 10/29/07, *Scott Vermillion* <scott_ccie_list@it-ag.com> wrote:
>
> Hey Narbik,
>
>
>
> Don't educate me too much before your upcoming bootcamp! But I couldn't
> really decipher the context of this:
>
>
>
> "OSPF area capability transit is enabled by default, allowing the OSPF
> Area Border Router to install better-cost routes to the backbone area
> through the transit area instead of the virtual links. If you want to
retain
> a traffic pattern through the virtual-link path, you can disable
capability
> transit by entering the *no capability transit* command. If paths through
> the transit area are discovered, they are most likely to be more optimal
> paths, or at least equal to, the virtual-link path. To reenable capability
> transit, enter the *capability transit* command."
>
>
>
> Have I ever mentioned that virtual links are my least favorite aspect of
> OSPF?!
>
>
>
> I just happen to have an active OSPF component in the lab I'm currently
> working if anyone has suggestions as to how to see this in action (and
come
> to understand how it applies to the discussion at hand  I'm near 100%
sure
> Narbik is suggesting I'm incorrect in my below statement, but it's not
> exactly jumping out at me)
>
>
>
> Regards,
>
> Scott
>
>
>
>
>
> *From:* Narbik Kocharians [mailto:narbikk@gmail.com ]
> *Sent:* Monday, October 29, 2007 1:38 PM
> *To:* Scott Vermillion
> *Cc:* CCIEin2006; Cisco certification
>
>
> *Subject:* Re: Why must all areas connect to Area 0?
>
>
>
> Look at the "capability transit" command
>
>
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r
/
rte_osph.htm#wp999437
>
>
>
>
> On 10/29/07, *Scott Vermillion* <scott_ccie_list@it-ag.com> wrote:
>
> It must flow to Area 0. You cannot build a virtual link directly between
> Areas 1 and 2; all virtual links either connect two pieces of Area0 or
> they
> connect a non-0 area to Area 0. In other words, all virtual links involve
>
> Area 0!
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On Behalf Of
> CCIEin2006
> Sent: Monday, October 29, 2007 12:42 PM
> To: Cisco certification
> Subject: Re: Why must all areas connect to Area 0?
>
> So in this scenario
>
> Area1-Area2
> \ /
> Area0
>
> Area 1 and 2 are directly connected. Would the data need to flow to area0
> or
> can the traffic flow directly?
>
> What if we configured a virtual link between them?
>
> On 10/29/07, CCIEin2006 < ciscocciein2006@gmail.com> wrote:
> >
> > Hi folks,
> >
> > I was reading over Jeff Doyle's blog and came across his favorite
> > interview question:
> > Why does OSPF require all traffic between non-backbone areas to pass
> > through a backbone area (area 0)?
> >
> > Answer:
> > Because inter-area OSPF is distance vector, it is vulnerable to routing
> > loops. It avoids loops by mandating a loop-free inter-area topology, in
> > which traffic from one area can only reach another area through area 0.
> >
> > Can someone elaborate on that answer a little bit? Exactly how does
> having
> > a connection to Area0 prevent routing loops? Is it similar to spanning
> tree
> > in the area 0 is the root of the spanning tree?
> >
> > Also this answer does not take into consideration redistribution from
> > another routing protocol right?
> >
> > Thank You
> >
> > Here is the article:
> > http://www.networkworld.com/community/node/19293
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> www.Net-WorkBooks.com <http://www.net-workbooks.com/>

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:19 ART