OSPF metrics and how it is determined

wilson_1234_2 · ‎08-05-2007

I have a lab setup with a router, layer three 3550 switch and a PIX firewall.

The router and the firewall are plugged into the switch in seperate VLANs and are using the switch as their default gateway.

All three devices are configured in the same OSPF area, I am using almost identical configs from a production network an I see the same results.

All interfaces are Fastethernet 100/full

I would like to understand how the OSPF metrics are determined for this setup.

For example:

The switch sees the PIX and router as Full/BDR state and the Router's loopback interface as 110/2. Is it 2 because it is considered not directly connected but 1 hop away?

The switch sees the firewall DMZ interface as the neibor ID and as 110/11.

Why is the metric 11?

The router sees the PIX inside interface as 110/2, and the PIX DMZ as 110/12. Because same as above, considered 1 hop away from the connected interface?

Firewall:

router ospf 2

network 10.1.3.0 255.255.255.0 area 0 (inside)

network 192.168.1.0 255.255.255.0 area 0 (DMZ1)

redistribute ospf 1 subnets match internal external 1 external 2

default-information originate

Switch:

router ospf 1

log-adjacency-changes

passive-interface Vlan1

passive-interface Vlan2

passive-interface Vlan3

passive-interface Vlan4

network 0.0.0.0 255.255.255.255 area 0

Router:

router ospf 1

router-id 10.5.7.1

log-adjacency-changes

passive-interface Loopback0

network 10.1.7.0 0.0.0.255 area 0 (Ethernet interface on inside)

network 172.16.0.1 0.0.0.0 area 0 (Loopback0)

Jon Marshall · ‎08-05-2007

Hi Wilson

OSPF does not use hop count as it's routng metric. It use the bandwidth of the interface.

The actual calucaltion is reference bandwidth / bandwidth of interface.

To key it simple the refernce bandwidth is 10 to the power 8. So

fast ethernet = 10 power 8 / 10 power 8 = 1

ethernet = 10 power 8 / 10 power 7 = 10

So the switch sees the cost ot the firewall DMZ interface as

1 ( for the cost of the link from the switch to the inside interface of the pix )

+

10 for the cost of the DMZ interface

This assumes that the firewall DMZ is running as normal ethernet ie. 10 rather than fast-ethernet ie. 100.

Is this the case ?

Jon

wilson_1234_2 · ‎08-05-2007

Thanks Jon,

The cost on the interfaces are as follows:

The cost on the PIX is 10

The cost on the router 1

This is what is calculated from the numbers you gave?:

Ethernet 10

Fastethernet 100

Also, on the bandwidth: suppose the bandwidth xxxx command has not been configured as part of the interface by the person configuring the router. How is it determined by OSPF on say a serial interface where you could have a DS1 or a DS3?

Also why does the PIX show the neighbor address as the DMZ interface and not the inside ethernet address?

Edison Ortiz · ‎08-05-2007

On a serial interface, the hardware determines the default bandwidth. If you have a DS1 card, the hardware will be shown as 1.5Mbps under the interface (type show interface s0/0 and you will see the bandwidth information).

Same goes for a DS3 card.

minumathur · ‎08-05-2007

Hi

OSPF Cost will be calculated based on 10 power 8 / Bandwidth.

-Minu

rajinikanth · ‎08-05-2007

Hi Wilson,

Firewalls ospf router-id is DMZ1 (192.168.1.0) because it is the highest configure ip address on firewall.

This is the reason you find in switch the neighbor id (192.168.1.0) instead of 10.1.3.0 inside ntw.

HTH,

Raj