How to configure OSPF Virtual Link

Hi Rene,
Hope you are doing well :slight_smile:
I have a question , why Virtual link is not allowed on STUB/Special Area . Need clear concept on it in your way .

br//zaman

Hello Mohammad

The purpose of a virtual link is to connect a discontiguous network to the backbone area 0. If you have a stub network, then you are by default automatically connected to the area 0.

A stub network is a network with only one point of exit. If you create a virtual link on a stub network, then you are creating a second link to area 0 which would make the stub network no longer a stub network. You would be receiving both summary LSAs and type 5 LSAs making the network NOT a stub.

I hope this has been helpful!

Laz

Hi Laz,
I think you can’t catch my question…
Visualize a topology like …

area0>> Area-1 stub/nssa >> Area-2
so upon on above scenario the Area-2 have to connect to Area-0 using Virtual link to make the area functioning. Technically Virtual link not possible over the Stub/nssa area why ?? Thx

br//zaman

Hello Mohammad

OK, using your topology:

Area 0—Area 1—Area 2

where Area 1 is a Stub/NSSA

It IS possible to create a virtual link to make Area 0 connect to Area 2. However, if you do this, then Area 1 will no longer be a stub network because it can now reach Area 0 from two points: the connection to Area 0 and the connection to Area 2.

I hope this has been helpful!

Laz

i created a virtual link it’s working fine but then i tried to configure authentication for virtual links i did plaintext authentication in one side of the virtual link and on the otherside i didn’t the neighborship is still up didin go down. weird

Hi Zeko,

If you enable authentication for virtual links, you have to enable it globally for area 0 and set the password on the virtual link command. Here’s an example:

R1#show run | begin ospf
router ospf 1
 area 0 authentication
 area 1 virtual-link 2.2.2.2 authentication-key NWL

Authentication is enabled for area 0, the virtual link goes through area 1 and has the password. You can see it works with this command:

R1#show ip ospf virtual-links 
Virtual Link OSPF_VL0 to router 192.168.23.2 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 1, via interface GigabitEthernet0/1
 Topology-MTID    Cost    Disabled     Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:04
    Adjacency State FULL (Hello suppressed)
    Index 1/1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
  Simple password authentication enabled

Note the last line that says simple password authentication enabled.

Hope this helps!

Rene

1 Like

Hello
what about if i have to go through more then one area ? what should i do ?
Please help
Sovandara

Hello Sovandara,

You can create more than one virtual link if needed. For example, let’s say you have a topology like this:

(area 0) R1 (area 1) R2 (area 2) R3 (area 3)

You can configure a virtual link between R1-R2 to get area 2 connected to area 0. The virtual link is like a tunnel that gives R2 access to area 0.

You can then configure a virtual link between R2 and R3 to connect area 3 to area 0.

Hope this helps!

Rene

1 Like

Hello Rene
It works now. so in this case if i want to enable authentication on virtual link that connect from area 0 to are 1 and from area 0 to area 3, do i have do enable authentication on all the area ?
Thank
Sovandara

Hello Heng

If you enable authentication on the virtual link you will only have to enable it for the specific area that you are linking. For example, if you have a discontiguous Area 0, you just have to activate it on Area 0 and not on the areas that you are traversing.

For more information about authentication and OSPF Virtual Links, take a look at this lesson.

I hope this has been helpful!

Laz

The notion of virtual links makes sense. However, how is this actually working under the hood. What is the virtual link actually doing? Is this tunneling the LSA’s ?

Hello Rick

LSAs that traverse a virtual link is not actually tunneled. It is routed via the available routing tables in the intervening routers just like any other packet. Virtual links can be described as an internal hack to the OSPF database to make the backbone area APPEAR continuous and to make all non-backbone areas APPEAR to be directly connected. This way two VIRTUALLY directly connected OSPF routers can sync their databases in a targeted OSPF adjacency session. The transit area (i.e. the area over which the virtual link is built) will contain routing information about all areas and external routes, and will therefore be capable of routing packets natively.

According to RFC 2328 which defines OSPFv2:

    Just as the virtual link's cost and viability are determined by
    the routing table build process (through construction of the
    routing table entry for the other endpoint), so are the IP
    interface address for the virtual interface and the virtual
    neighbor's IP address.  These are used when sending OSPF
    protocol packets over the virtual link.

So packets are actually routed normally over the transit area using the routing tables of the intervening routers. It is the information found within the LSAs themselves that inform the OSPF routers of how to handle and interpret the information found therein as that received from a virtual link.

I hope this has been helpful!

Laz

1 Like

Hi Laz,
Consider R1-(area0)-R2-(area1)-R3-(area2)-R4. If I set up virtual link to connect area2 , I set up them between R2 and R3. (Assume 192.168.34.3 is the router id of R3)
R2(config)#area 1 virtual-link 192.168.34.3
Since 192.168.34.3 is a link in area 2 on R3, How do R2 knows about ? It works, I tested it, but I am trying to understand how R2 knows about 192.168.34.3 , If I check my routing table I don’t have an entry in it. I can see that once I configure above, R2 starts sending unincast Hello to the link to R3(for ex. 192.168.23.3). How do R2 determines that to form neighbor-ship , it needs to send unicast hello to 192.168.23.3 ?

Thanks,
Madhu

Hello Madhu

Here we have to make the distinction between the Router ID and the IP addresses of the OSPF router interfaces. The command:

R2(config)#area 1 virtual-link 192.168.34.3

does not tell R2 the IP address of where to create the virtual link, but it is telling R2 the router ID of the router with which the virtual link will be created. Using the router ID, the routers will communicate with each other to negotiate and create the virtual link. This may mean that the destination IP of OSPF packets going over the virtual link will have a destination IP address of one of the router’s interfaces that exists in the routing table.

So you must view the “192.168.34.3” not as a destination IP address, but as a label that simply states to OSPF with which router the virtual link must be created, and it need not be in the routing table. The actual operation is taken care of internally by OSPF to route the packets appropriately.

I hope this has been helpful!

Laz

Hi Laz,
Thanks, I knew its the RID we are using, however what I am trying to understand probably this part

The actual operation is taken care of internally by OSPF to route the packets appropriately.
How is that taken care ? For example if I have multiple paths to the Router where I am trying to create virtual link to, how the decision is made as to which router interface I should originate the unicast OSPF hello :slight_smile:
Thanks,
Madhu

Hello Madhu

The OSPF database contains information about all destinations, and associates them with the source of that information (Router IDs). So each OSPF router knows which IP addresses correspond to interfaces of each OSPF router with a particular router ID. So if a router sees router ID 192.168.34.3 in the virtual link configuration, it will see what IP addresses correspond to that router ID, so it has several destination IP addresses to choose from for OSPF packets directed over the virtual link. At least one of those addresses should be in the routing table since both routers involved in the virtual link will have at least one interface in the same area.

In order to verify this, and to view this exchange in action, it may be beneficial to perform a lab where these packets will be captured using wireshark, and see all of the fields in the OSPF packet including the destination IP of each OSPF packet that is being exchanged over the virtual link.

I hope this has been helpful!

Laz

[quote=“lagapides, post:65, topic:942”]
In order to verify this, and to view this exchange in action, it may be beneficial to perform a lab where these packets will be captured using wireshark, and see all of the fields in the OSPF packet including the destination IP of each OSPF packet that is being exchanged over the virtual link.

I hope this has been helpful!
Yes, it is helpful , I probably imagined this could be the answer, as R2 in its area1 LSDB has information about 192.168.34.3 . I did packet capture in the lab, and I saw it randomly picks one of the address, I did not inspect it very well, I will try it later today and thanks again for your time.

Hello Madhu

You should find that it picks the address of an interface on the other router that is in the same OSPF area specified by the virtual link command. If OSPF is configured correctly, at least this IP address will be known via OSPF exchanges in the same area.

Glad I could be of help!

Laz

1 Like

As per the configuration, in Virtual link, establishing the connection between Area 0 and area 2 through area 1, However, unable to see or communicate between Area 1 and area 2. No routes in the routing table between Area 1 and Area 2.
How to establish the communication between Area 1 and Area 2?

Hello Krishna

Initially you should have no routes in the routing table due to the fact that there is no backbone area between area 1 and area 2. However, if the ABR (R2) is configured correctly, and if you create the virtual link between R1 and R2 (the two ABRs) then the routing between areas 1 and 2 should be established.

If you’re still having trouble, share some more information about your setup so that we can help in the troubleshooting process…

I hope this has been helpful!

Laz