OSPF Deep Dive

This is a self-study, lab based tutorial using Juniper Networks routers. Although this was developed on some old J2300 routers, any Junos based router should work for purposes of this tutorial. If Junos based routers are unavailable, the Junosphere virtual environment can definately be used. This assumes that the reader has some working knowledge of Junos operation and configuration.

OSPF Overview

Precursors and Rationality

OSPF History

OSPF Operation

The Link State Database (LSDB)

Viewing the LSDB on Junos
admin@J2300-1> show ospf database summary      
Area 0.0.0.0:
   7 Router LSAs
   8 Network LSAs
Externals:
Interface fe-0/0/1.12:
Area 0.0.0.0:
Interface fe-0/0/1.13:
Area 0.0.0.0:
Interface lo0.0:
Area 0.0.0.0:
Checking which Interfaces are contributing to the LSDB
admin@J2300-1> show ospf interface brief       
Interface           State   Area            DR ID           BDR ID          Nbrs
fe-0/0/1.12             DR      0.0.0.0         10.0.0.1        10.0.0.2           1
fe-0/0/1.13             BDR     0.0.0.0         10.0.0.3        10.0.0.1           1
lo0.0               DR      0.0.0.0         10.0.0.1        0.0.0.0            0
Clearing the LSDB Viewing the effects of the LSDB on the Routing Table
admin@J2300-1> show ospf route             
Topology default Route Table:

Prefix             Path  Route      NH       Metric NextHop       Nexthop      
                   Type  Type       Type            Interface     Address/LSP
10.0.0.2           Intra Router     IP           10 fe-0/0/1.12   10.0.12.2
10.0.0.3           Intra Router     IP           10 fe-0/0/1.13   10.0.13.3
10.0.0.4           Intra Router     IP           20 fe-0/0/1.12   10.0.12.2
                                                    fe-0/0/1.13   10.0.13.3
10.0.0.5           Intra Router     IP           20 fe-0/0/1.13   10.0.13.3
10.0.0.6           Intra Router     IP           30 fe-0/0/1.12   10.0.12.2
                                                    fe-0/0/1.13   10.0.13.3
10.0.0.1/32        Intra Network    IP            0 lo0.0
10.0.0.2/32        Intra Network    IP           10 fe-0/0/1.12   10.0.12.2
10.0.0.3/32        Intra Network    IP           10 fe-0/0/1.13   10.0.13.3
10.0.0.4/32        Intra Network    IP           20 fe-0/0/1.12   10.0.12.2
                                                    fe-0/0/1.13   10.0.13.3
10.0.0.5/32        Intra Network    IP           20 fe-0/0/1.13   10.0.13.3
10.0.0.6/32        Intra Network    IP           30 fe-0/0/1.12   10.0.12.2
                                                    fe-0/0/1.13   10.0.13.3
10.0.12.0/24       Intra Network    IP           10 fe-0/0/1.12
10.0.13.0/24       Intra Network    IP           10 fe-0/0/1.13
10.0.24.0/24       Intra Network    IP           20 fe-0/0/1.12   10.0.12.2
10.0.34.0/24       Intra Network    IP           20 fe-0/0/1.13   10.0.13.3
10.0.35.0/24       Intra Network    IP           20 fe-0/0/1.13   10.0.13.3
10.0.46.0/24       Intra Network    IP           30 fe-0/0/1.12   10.0.12.2
                                                    fe-0/0/1.13   10.0.13.3
10.0.56.0/24       Intra Network    IP           30 fe0/0/1.13    10.0.13.3

admin@J2300-1> 
admin@J2300-1> show route protocol ospf             

inet.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.2/32        *[OSPF/10] 00:50:13, metric 10
                    > to 10.0.12.2 via fe-0/0/1.12
10.0.0.3/32        *[OSPF/10] 00:58:22, metric 10
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.0.4/32        *[OSPF/10] 00:50:13, metric 20
                      to 10.0.12.2 via fe-0/0/1.12
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.0.5/32        *[OSPF/10] 00:45:17, metric 20
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.0.6/32        *[OSPF/10] 00:43:01, metric 30
                      to 10.0.12.2 via fe-0/0/1.12
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.24.0/24       *[OSPF/10] 00:50:13, metric 20
                    > to 10.0.12.2 via fe-0/0/1.12
10.0.34.0/24       *[OSPF/10] 00:58:22, metric 20
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.35.0/24       *[OSPF/10] 00:58:22, metric 20
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.46.0/24       *[OSPF/10] 00:50:13, metric 30
                      to 10.0.12.2 via fe-0/0/1.12
                    > to 10.0.13.3 via fe-0/0/1.13
10.0.56.0/24       *[OSPF/10] 00:45:17, metric 30
                    > to 10.0.13.3 via fe-0/0/1.13
224.0.0.5/32       *[OSPF/10] 01:03:15, metric 1
                      MultiRecv

admin@J2300-1> 

Basic OSPF Configuration on Junos

SPF Tuning and Troubleshooting

OSPF Cost

OSPF Packets

This section examines the OSPF packet structure. It's boring, but necessary.

Adjacency Formation

This section examines the how OSPF neighbors form adjacencies.

OSPF Authentication

  • Troubleshooting Authentication Issues
  • Junos also supports IPSEC authentication for OSPF
  • Exercise:OSPF Authentication

    Tuning Interfaces

    This section examines changing parameters on interfaces running OSPF to change their behavior.

    Troubleshooting Adjacencies

    This section examines the how to troubleshoot OSPF adjacencies.

    Router ID

    Link State Advertisements (LSAs)


    Type 1 LSA - The Router LSA

    Flooding scope:Area


    Type 2 LSA - The Network LSA

    Flooding scope:Area


    Type 3 LSA - The Network Summary LSA

    Flooding scope:Area


    Type 4 LSA - The Autonomous System Border Router Summary LSARouter

    Flooding scope:Area

  • Type 4 ASBR LSAs are originated by Area Border Routers (ABR)

  • Type 5 LSA - The AS-external LSA

    Flooding scope:OSPF Domain

    Summarizing Type 5 External LSAs

  • Needs to be done on the ASBR when the route is redistributed
  • Controlling Type 5 External LSAs

  • Junos can apply import policies to external routes received via External LSAs to block routes from entering a local routers routing table
  • Can limit the number of external prefixes an ASBR will generate with set protocols ospf prefix-export-limit where the number ranges from 0 to 4294967295
  • Exercise:External LSAs

    OSPF Route Preference

    This section discusses the preference of routes within the OSPF itself.

  • Junos is compatible with the path selection alogritim in RFC 1583 by default
    1. OSPF intra-area paths
      • OSPF routes that originate from Type 1 and Type 2 LSAs
    2. OSPF inter-area paths through
      • Routes that originate from Type 3 LSAs
    3. OSPF external paths
      • OSPF External Type 1 paths are prefered over Type 2 paths
        • RFC 2328 added that intra-area paths through non-backbone areas to an ASBR are preferred over paths though the backbone area.
        • Can enable this functionality with the knob set protocols ospf no-rfc-1583

    Equal Cost Multipath (ECMP)

  • OSPF supports ECMP by design
  • Junos selects one potential path based on a hashing algorithm to install in the forwarding table
  • Example: Route with more than one next-hop, and it's forwarding entry

    admin@J2300-1> show route 7.7.7.0 
    
    inet.0: 49 destinations, 49 routes (49 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    7.7.7.0/24         *[OSPF/150] 15:56:46, metric 1000, tag 7
                          to 10.0.12.2 via fe-0/0/1.12
                        > to 10.0.13.3 via fe-0/0/1.13
    
    admin@J2300-1> show route forwarding-table destination 7.7.7.0 
    Routing table: default.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index NhRef Netif
    7.7.7.0/24         user     0 10.0.13.3          ucst   574    13 fe-0/0/1.13
    
    Routing table: __master.anon__.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index NhRef Netif
    default            perm     0                    rjct   525     1
    
    admin@J2300-1> 
    

    Example: Enabling flow based load balancing in Junos with an export policy

    admin@J2300-1> edit 
    Entering configuration mode
    The configuration has been changed but not committed
    
    [edit]
    admin@J2300-1# edit policy-options policy-statement LOAD-BALANCE 
    
    [edit policy-options policy-statement LOAD-BALANCE]
    admin@J2300-1# set then load-balance per-packet 
    
    [edit policy-options policy-statement LOAD-BALANCE]
    admin@J2300-1# top 
    
    [edit]
    admin@J2300-1# set routing-options forwarding-table export LOAD-BALANCE 
    
    [edit]
    admin@J2300-1# commit and-quit 
    commit complete
    Exiting configuration mode
    

    Example: ECMP route with micro-flow based load balancing applied. Note two potential next hops appear in the forwarding table

    admin@J2300-1> show route forwarding-table destination 7.7.7.0    
    Routing table: default.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index NhRef Netif
    7.7.7.0/24         user     0                    ulst 131070     6
                                  10.0.12.2          ucst   575     8 fe-0/0/1.12
                                  10.0.13.3          ucst   574    11 fe-0/0/1.13
    
    Routing table: __master.anon__.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index NhRef Netif
    default            perm     0                    rjct   525     1
    
    admin@J2300-1> 
    

    Junos Route Preference

  • Junos assigns different preferences to Internal and External Routes
  • Multi-area Adjacencies

    Since intra-area paths are always considered better than inter-area paths, this can introduce some routing inefficiences.

    Example: For the network below, the best path from R1 to R5 is over the slow T1 links through Area 1.1.1.1 even though some nice fast Gigabit links exist

  • To eliminate some routing inefficiencies, it is permissible to have a link in more than one area
  • Configure an interface to participate in multiple areas with set protocols ospf area interface secondary
  • Passive Interfaces

  • Eliminate External LSAs for connected interfaces by marking them passive
  • Exercise:OSPF Route Preference

    Stub Areas

    Stub area definition

  • Exit point taken from the area is not dependent on any external destinations
  • Stub area operation

  • Disable support of Type 5 LSAs (External LSAs)
  • External LSAs are not flooded into the area (by the ABRs)
  • External LSAs are not flooded out of the area either by the ABRs
  • Internal routers in a stub area do not support Type 5 LSAs
  • A default route can be flooded into a stub area from the ABRs instead (if needed) as a Type 3 LSA, Network Summary LSA
  • Configuring Stub Areas in Junos

  • To define an area as a stub area, add the stub keyword underneath the area definition with set protocols area stub
  • Troubleshooting Stub Areas

  • An interface configured for inclusion in a stub area will be visible with show ospf interface with the detail flag set
  • Example: Interface participating in a stub area

    admin@J2300-1> show ospf interface fe-0/0/1.1001 detail 
    Interface           State   Area            DR ID           BDR ID          Nbrs
    fe-0/0/1.1001       DRother 0.0.0.1         0.0.0.0         0.0.0.0            0
      Type: LAN, Address: 10.1.111.1, Mask: 255.255.255.0, MTU: 1496, Cost: 2500
      Priority: 0
      Adj count: 0
      Hello: 1, Dead: 11, ReXmit: 3, Stub
      Auth type: None
      Protection type: None
      Topology default (ID 0) -> Cost: 2500
    
    admin@J2300-1>
    
  • An area configured as a stub will be displayed in the Router LSA as well
  • Example: Router LSA for a stub area

    admin@J2300-1> show ospf database area 1 detail       
    
        OSPF database, Area 0.0.0.1
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    Router  *10.0.0.1         10.0.0.1         0x80000001   314  0x20 0xc510  36
      bits 0x1, link count 1
      id 10.1.111.0, data 255.255.255.0, Type Stub (3)
        Topology count: 0, Default metric: 2500
    Summary *10.0.0.1         10.0.0.1         0x80000001   313  0x20 0xba6e  28
      mask 255.255.255.255
      Topology default (ID 0) -> Metric: 0
    
  • An adjacency will not form if routers on both ends do not agree that the link is a stub area
  • Sep  1 13:54:46.684118 OSPF packet ignored: area stubness mismatch from 10.1.111.101 on intf fe-0/0/1.1001 area 0.0.0.1
    
  • If a default route is being injected into an area, it will show up as a Type 3 Network Summary LSA with a Link ID of 0.0.0.0
  • Example: Viewing a default route injected into a stub area by an ABR

    admin@J2300-1> show ospf database lsa-id 0.0.0.0 area 1 detail 
    
        OSPF database, Area 0.0.0.1
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    Summary *0.0.0.0          10.0.0.1         0x80000001   111  0x20 0xa123  28
      mask 0.0.0.0
      Topology default (ID 0) -> Metric: 111
    
    

    Totally Stubby Areas

  • In some cases it may not even be necessary to flood all of the Type 3 LSAs into a stub area
  • ABR can be instructed not to inject any Type 3 LSAs
  • As this functionality is dependent solely on the behavior of the ABRs it only needs to be configured there
  • Configuring a Totally Stubby Area

  • Simply add the no-summaries flag to the stub directive: set protocols ospf area stub no-summaries
  • Scaling with Stub Areas

  • Stub areas are a great way to scale OSPF!
  • Good to protect older routers with limited memory resources
  • Beware of the limitations
  • Exercise:Stub Areas

    Type 7 LSAs - Not So Stubby Areas (NSSA)

    Flooding scope:Only within the NSSA

  • Not So Stubby Area is a stub area with the ability to support external routes
  • Prime motivation: Remote areas separated from the backbone by low-speed links
  • Operates in much the same way as a stub area
  • As No Type 5 External LSAs are allowed in a NSSA, need to make up a new LSA - Type 7 NSSA LSA
  • Type-7 LSA Options Field

                   +--------------------------------------+
                   | DN | O | DC | EA | N/P | MC | E | MT |
                   +--------------------------------------+
    
  • New bit defined in the options field of the standard OSPF packet header - N/P bit
  • Type 7 - NSSA LSAIncluding the common LSA header

            0                   1                   2                   3
           0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |            LS age             |     Options   |      7        |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                        Link State ID                          |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                     Advertising Router                        |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                     LS sequence number                        |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |         LS checksum           |             length            |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                         Network Mask                          |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |E|     0       |                  metric                       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                      Forwarding address                       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                      External Route Tag                       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |E|    TOS      |                TOS  metric                    |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                      Forwarding address                       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                      External Route Tag                       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                              ...                              |
    
    
    The Fields are defined and populated as follows: Most everything is the same as a Type 5 External LSA

    Options Field
    Sets the P bit as described above
    Forwarding address
    Traffic for the advertised destination will be forwarded to
      • If the P bit is set, the address is set an address on the NSSA router injecting the External route
        • Prefers to use an internal loopback address, but will use an active physical address in the NSSA if no loopback is available
      • If set to 0.0.0.0, traffic is forwarded to the NSSA router injecting the External route

    Examining NSSA LSAs in Junos

  • Use the operational mode command show ospf database nssa
  • Example: Viewing a specific NSSA LSAs in detail

     admin@J2300-1> show ospf database nssa lsa-id 5.1.3.0 detail    
        OSPF database, Area 0.0.0.1
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    NSSA     5.1.3.0          10.0.0.3         0x80000002  2243  0x20 0xc1d7  36
      mask 255.255.255.128
      Topology default (ID 0)
        Type: 1, Metric: 1, Fwd addr: 0.0.0.0, Tag: 0.0.0.1
    
    
  • By default in Junos, no NSSA LSAs are generated
  • Translating Type 7 LSAs to Type 5 LSAs

  • NSSA ABRs can translate a Type 7 LSA from an NSSA to a Type 5 LSA and flood it to the rest of the OSPF domain as a Type 7 LSA
  • Junos by default translates all Type 7 LSAs to Type 5 LSAs
  • Changes with the Router LSA

  • Changes are in the options field
  • Not-so-Totally-Stubby Areas

  • Instruct the NSSA ABRs not to flood Type 3 LSAs into the area
  • Configuring NSSAs in Junos

  • To define an area as a NSSA, add the nssa keyword underneath the area definition with set protocols area nssa
  • >
  • To disable flooding Type-3 LSAs into the NSSA by the ABR, include the no-summaries keyword
  • Can summarize or block Type-7 to Type-5 LSA translation by the ABR with the area-range command for the NSSA
  • On an NSSA ABR with muliple NSSAs attached, if an ABR is originating any external routes it will send a separate NSSA LSA into each NSSA it serves by default
  • Troubleshooting NSSAs

  • An interface configured for inclusion in a NSSA will be visible with show ospf interface with the detail flag set
  • admin@J2300-1> show ospf interface fe-0/0/1.1001 detail 
    Interface           State   Area            DR ID           BDR ID          Nbrs
    fe-0/0/1.1001       DRother 0.0.0.1         10.1.0.1        0.0.0.0            1
      Type: LAN, Address: 10.1.111.1, Mask: 255.255.255.0, MTU: 1496, Cost: 2500
      DR addr: 10.1.111.101, Priority: 0
      Adj count: 1
      Hello: 1, Dead: 11, ReXmit: 3, Stub NSSA
      Auth type: None
      Protection type: None
      Topology default (ID 0) -> Cost: 2500
    
    admin@J2300-1> 
    
  • An adjacency will not form if routers on both ends do not agree that the link is a NSSA area
  • 	
    Sep  1 13:54:46.684118 OSPF packet ignored: area stubness mismatch from 10.1.111.101 on intf fe-0/0/1.1001 area 0.0.0.1
    
    Sep  5 10:16:31.272796 OSPF packet ignored: area nssaness mismatch from 10.1.111.101 on intf fe-0/0/1.1001 area 0.0.0.1
    	
  • If a default route is being injected into an area, it will show up as a Type 3 Network Summary LSA or a Type 7 NSSA LSA with a Link ID of 0.0.0.0
  • Example: Viewing a default route injected into a stub area by an ABR as a Type 7 LSA

    admin@J2300-1> show ospf database lsa-id 0.0.0.0 area 1 detail    
    
        OSPF database, Area 0.0.0.1
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    NSSA    *0.0.0.0          10.0.0.1         0x80000001    11  0x20 0x53e8  36
      mask 0.0.0.0
      Topology default (ID 0)
        Type: 1, Metric: 1000, Fwd addr: 0.0.0.0, Tag: 0.0.0.0
    
    admin@J2300-1> 
    
  • LSAs that are translated will show up having a NSSA LSA in the originating area, and a Type 5 LSA in all other areas (except for stub areas)
  • Example: Type-7 LSA and it's Tranlation to an External LSA

    admin@J2300-1> show ospf database lsa-id 3.3.3.0 detail 
    
        OSPF database, Area 0.0.0.1
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    NSSA     3.3.3.0          10.1.0.3         0x80000003  1046  0x28 0xe8b3  36
      mask 255.255.255.0
      Topology default (ID 0)
        Type: 1, Metric: 100, Fwd addr: 10.1.0.3, Tag: 0.0.0.3
        OSPF AS SCOPE link state database
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    Extern   3.3.3.0          10.0.0.3         0x80000002  1034  0x22 0x693d  36
      mask 255.255.255.0
      Topology default (ID 0)
        Type: 1, Metric: 100, Fwd addr: 10.1.0.3, Tag: 0.0.0.3
    
    admin@J2300-1> 
    
  • Junos NSSA ABRs will create a Type 4 ASBR Summary LSA for every NSSA ASBR that it performs a NSSA to External Translation for
  • Example: ASBR Summary LSA created because of a NSSA to External LSA Translation

    admin@J2300-1> show ospf database asbrsummary lsa-id 10.1.0.3 detail    
    
        OSPF database, Area 0.0.0.0
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    ASBRSum *10.1.0.3         10.0.0.1         0x80000004   378  0x22 0xcdac  28
      mask 0.0.0.0
      Topology default (ID 0) -> Metric: 5010
    ASBRSum  10.1.0.3         10.0.0.3         0x80000005   181  0x22 0xbf85  28
      mask 0.0.0.0
      Topology default (ID 0) -> Metric: 2510
    ...
    ..
    .
    
    
  • If an NSSA ABR creates is the originator of a "unique" External LSA (one that is summarized or created on the ABR) the forwarding address will be set to 0.0.0.0
  • Example: NSSA LSA and matching External LSA created by an NSSA ABR

    admin@J2300-1> show ospf database lsa-id 5.1.1.0 detail 
    
        OSPF database, Area 0.0.0.1
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    NSSA    *5.1.1.0          10.0.0.1         0x80000004  2684  0x20 0xdfbb  36
      mask 255.255.255.128
      Topology default (ID 0)
        Type: 1, Metric: 1, Fwd addr: 0.0.0.0, Tag: 0.0.0.1
        OSPF AS SCOPE link state database
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    Extern  *5.1.1.0          10.0.0.1         0x80000008   113  0x22 0xd5c1  36
      mask 255.255.255.128
      Topology default (ID 0)
        Type: 1, Metric: 1, Fwd addr: 0.0.0.0, Tag: 0.0.0.1
    
    admin@J2300-1> 
    
    Exercise: NSSA Areas

    Opaque LSAs

  • Original OSPF developers thought it would be best to hard code all of the types, options, etc for the OSPF protocol
  • With a few extentions, OSPF started to quickly run out of space for new options and new types
  • Opaque LSAs were envisioned to be a generalized type of advertisement
  • First defined in RFC 2370
  • Three Types of Opaque LSAs defined -- each with a defined flooding scope
  • Adjacency Formation
  • Options Field

                   +--------------------------------------+
                   | DN | O | DC | EA | N/P | MC | E | MT |
                   +--------------------------------------+
    
  • Opaque LSAs vary in size, but are aligned to 32 bit boundaries
  • Link-state ID has redefined
  • Opaque LSAsIncluding the common LSA header

           0                   1                   2                   3
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |            LS age             |     Options   |  9, 10, or 11 |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |  Opaque Type  |               Opaque ID                       |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |                      Advertising Router                       |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |                      LS Sequence Number                       |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |         LS checksum           |           Length              |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |                                                               |
         +                                                               +
         |                      Opaque Information                       |
         +                                                               +
         |                              ...                              |
    
    The Fields are defined and populated as follows:

    Options Field
    Sets the O bit as described above, along with other options as necessary
    Type
    Set to 9, 10 or 11 depending on the flooding scope
    Opaque Type
    8 bit field
    Opaque ID
    a 24 bit ID field

    Examining Opaque LSAs in Junos

  • Most of the information in any Opaque LSAs is going to be application specific
  • Use the operational mode command show ospf database opaque-area
  • Troubleshooting

  • Can trace opaque LSA operations like any other LSA in the context of OSPF
  • Need to troubleshoot within the context of the application that is using opaque LSAs to convey information
  • Junos does not support any applications that use Type 11 - Domain Scope Opaque LSAs

  • Type 9 LSAs - Link Scope Opaque LSA

    Flooding scope:Local Link

    Applications:OSPF Graceful Restart

    Graceful Restart in a Nutshell

  • Many routers have a forwarding plane that operates separately from the control plane
  • M, T and MX series routers from Juniper have total separation of the control plane and forwarding plane
  • When the control plane restarts after a service impacting event:
  • Graceful Restart is a concept that allows a lot of these ripples to be avoided if the following conditions are met:
    1. A router is capable of forwarding packets without a fully operational control plane
    2. The forwarding plane operation isn't interrupted
    3. The interfaces and path between adjacent routers remains operational
    4. No other topology changes occur on the network anywhere else
  • For Graceful Restart to take place routers must agree between them that they help each other out in case of a catastrophe
  • Graceful Restart Operation

  • Three modes of operation for Graceful Restart
    1. Possible Helper
      A router that is capable of helping a neighbor reestablish itself in the network
    2. Helper
      A router that is assisting a restarting router
      • By hiding the occurance from neighbors
      • By helping the restarting router rebuild it's routing topologies
    3. Restart Candidate
      A router that is about to restart, and has informed it's neighbors, or one that is undergoing a restart event
  • During a restart event:
  • Graceful Restart for OSPF

  • Defined in RFC 3623
  • Grace LSA

  • Uses a Type 9 link-local Opaque LSA
  • Grace LSA requests that the router's neighbors aid it's restart
  • Configuring OSPF Graceful Restart in Junos

  • Graceful restart is a global option in Junos
  • Enable by setting set routing-options graceful-restart
  • OSPF specific items for graceful restart are in protocols ospf graceful-restart
  • Troubleshooting

  • Can tell if the router supports graceful restart for the OSPF process with opertional command show ospf overveiw
  • Example: OSPF router with Graceful Restart enabled for OSPF

    admin@J2300-1> show ospf overview            
    Instance: master
      Router ID: 10.0.0.1
      Route table index: 0
      Area border router, AS boundary router, NSSA router
      LSA refresh time: 50 minutes
      Restart: Enabled
        Restart duration: 180 sec
        Restart grace period: 210 sec
        Helper mode: Enabled
      Area: 0.0.0.0
        Stub type: Not Stub
        Authentication Type: None
        Area border routers: 5, AS boundary routers: 5
        Neighbors
          Up (in full state): 2
      Area: 0.0.0.1
        Stub type: Stub NSSA, Stub cost: 1000
        Authentication Type: None
        Area border routers: 1, AS boundary routers: 4
        Neighbors
          Up (in full state): 2
      Area: 30.30.30.30
        Stub type: Not Stub
        Authentication Type: None           
        Area border routers: 5, AS boundary routers: 5
        Neighbors
          Up (in full state): 2
      Area: 101.101.101.101
        Stub type: Not Stub
        Authentication Type: None
        Area border routers: 6, AS boundary routers: 6
        Neighbors
          Up (in full state): 2
      Area: 102.102.102.102
        Stub type: Not Stub
        Authentication Type: None
        Area border routers: 6, AS boundary routers: 6
        Neighbors
          Up (in full state): 2
      Topology: default (ID 0)
        Prefix export count: 2
        Full SPF runs: 13
        SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
        Backup SPF: Not Needed
    
    admin@J2300-1> 
    
  • Can track graceful restart OSPF events with the graceful-restart flag under the traceoptions for the protocol
  • Exercise: Graceful Restart

    Type 10 LSAs - Area Scope LSA

    Flooding scope:Areak

    Applications:Traffic Engineering

    Traffic Engineering in a Nutshell

    Traffic Engineering is basically controlling and regulating the path that packets take through the network. This can be done a number of ways, by tweaking link costs, and policy routing for example. OSPF can help construct a special database that can be used for calculating the paths of MPLS Label Switched Paths (LSPs) on which to map network onto. When these LSPs are initiated, they can consult the database built by OSPF (or IS-IS) to help them determine the paths through the network based on bandwidth, priority, usage, cost, link type and class. To help construct the Traffic Engineering Database (TED), a special LSA was added to OSPF.

  • Traffic Engineering LSA defined in RFC 3630
  • Uses Type 10 Opaque LSAs with a type of 1
  • Designed to carry extra information about TE routers and their links
  • Reccomended for point-to-point links
  • Traffic Engineering LSA

          0                   1                   2                   3
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |            LS age             |    Options    |      10       |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |       1       |                   Instance                    |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |                     Advertising Router                        |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |                     LS sequence number                        |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |         LS checksum           |             Length            |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
      

    TLV Header

           0                   1                   2                   3
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |              Type             |             Length            |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         |                            Value...                           |
         .                                                               .
         .                                                               .
         .                                                               .
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    

    Three TLV Types Defined

    Router Address TLV (Type 1, Length = 4)
    Specifies a stable address for the router that is always reachable. Address must still be reachable if any physical interface goes down. Typically a loopback interface which is assigned the Router ID for the system.
    Also be used to correlate IS-IS TE data
    Link TLV (Type 2, Length = variable)
    Describes a single link
    Only one Link TLV per LSA is allowed
    Uses several sub-TLVs for description of link properties
    • sub-TLVs use 32 bit IEEE floating point numbers
      1. Link type (1 octet)
        • Mandatory subTLV
        • Describes the type of link, 1 = point-to-point, 2 = multiaccess
      2. Link ID (4 octets)
        • Mandatory subTLV
        • Identifies the other end of the link
          • Router ID for point-to-point links
          • Interface IP address for multiaccess links
      3. Local interface IP address (4 octets)
        • Identifies IP address(es) for the local router on the link
        • Length is 4*n octets, where n is the number of addresses on the link
      4. Remote interface IP address (4 octets)
        • IP address(es) of the neighbors interface
        • Length is also 4*n octets, where n is the number of addresses on the link
      5. Traffic engineering metric (4 octets)
        • A separate 24 bit metric for traffic engineering purposes
        • May be different than the OSPF cost for the link
      6. Maximum bandwidth (4 octets)
        • Maximum bandwidth that can be used on the link in the direction from the system originating the LSA towards it's neighbor
        • Link capacity in bytes per second
      7. Maximum reservable bandwidth (4 octets)
        • Maximum bandwidth that may be reserved on the link
        • May be greater than the maximum bandwidth (oversubscription)
        • Units are bytes per second
      8. Unreserved bandwidth (32 octets)
        • Bandwidth that can be reserved with a setup priority of 0 - 7
        • Units are bytes per second
      9. Administrative group (4 octets)
        • Also called Resource Class, Color, Affinity
        • 32 bit mask assigned by the network administrator
        • Each bit corresponds to a separate administrative group
        • A link may belong to multiple groups or none at all
    Node Attributes TLV (Type 5, Length = variable)
    Carries information about multiple addresses that are assigned to a router
    Used for specifying different next-hops for different tolpologies or protocols

    Configuring Traffic Engineering for OSPF on Junos

  • Enable generation of Traffic Engineering LSAs by setting set protocols ospf traffic-engineering
  • Can set an independent metric on a link for TE with set protocols ospf area interface te-metric where the metric is from 1 to 4294967295
  • Viewing a Traffic Engineering LSA

  • No specific command to view a TE LSA on Junos
  • Example: Viewing a TE LSA with a Router Address TLV Note: the TLV Type, Length and value is shown in the LSA guts

    admin@J2300-1> show ospf database opaque-area area 0 advertising-router 10.0.0.1 lsa-id 1.0.0.1 detail                      
    
        OSPF database, Area 0.0.0.0
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    OpaqArea*1.0.0.1          10.0.0.1         0x80000011  1377  0x22 0xfb0d  28
      Area-opaque TE LSA
      RtrAddr (1), length 4: 10.0.0.1
    
    admin@J2300-1> 
    

    Example: Viewing a TE LSA with a Link TLV and it subTLVs

    admin@J2300-1> show ospf database opaque-area area 0 advertising-router 10.0.0.1 lsa-id 1.0.0.3 detail                
    
        OSPF database, Area 0.0.0.0
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
    OpaqArea*1.0.0.3          10.0.0.1         0x80000012   952  0x22 0xcba9 136
      Area-opaque TE LSA
      Link (2), length 112:
        Linktype (1), length 1:
          1
        LinkID (2), length 4:
          10.0.0.2
        LocIfAdr (3), length 4:
          10.0.12.1
        RemIfAdr (4), length 4:
          10.0.12.2
        TEMetric (5), length 4:
          5
        MaxBW (6), length 4:
          10Gbps
        MaxRsvBW (7), length 4:
          10Gbps
        UnRsvBW (8), length 32:
            Priority 0, 10Gbps
            Priority 1, 10Gbps
            Priority 2, 10Gbps              
            Priority 3, 10Gbps
            Priority 4, 10Gbps
            Priority 5, 10Gbps
            Priority 6, 10Gbps
            Priority 7, 10Gbps
        LinkLocalRemoteIdentifier (11), length 8:
          Local 68, Remote 0
        Color (9), length 4:
          0
    
    admin@J2300-1> 
    

    Troubleshooting Traffic Engineering

  • Junos will only create a TE LSA with a Link Attributes TLV if an interface is configured to process RSVP and MPLS
  • Junos will create a TE LSA with a Router Address TLV as long as it is configured to run TE extensions to OSPF
  • A TE LSA with a Link TLV will pull it's values from the following places for each subTLV:
    1. Link type - OSPF interface type
    2. Link ID - OSPF adjacency
    3. Local interface IP address - Local interface
    4. Remote interface IP address - OSPF adjacency
    5. Traffic Engineering Metric - Defaults to the OSPF cost, or the configured TE metric if one exists
    6. Maximum bandwidth - RSVP
    7. Maximum reservable bandwidth - RSVP
    8. Unreserved bandwidth - RSVP
    9. Administrative group - MPLS interface configuration
  • Can view the protocols that are populating the TED with show ted protocol
  • Example: TED Protocol Contributions

    admin@J2300-1> show ted protocol 
    Protocol name        Credibility  Self node
    OSPF(0)              502          10.0.0.1
    OSPF(1)              502          10.0.0.1
    OSPF(505290270)      502          10.0.0.1
    OSPF(1701143909)     502          10.0.0.1
    OSPF(1717986918)     502          10.0.0.1
    
    admin@J2300-1> 
    
  • Can view the TED with operational command show ted database
  • Example: Viewing the TED for a particular system

    admin@J2300-1> show ted database 10.0.0.2 detail 
    TED database: 0 ISIS nodes 15 INET nodes
    NodeID: 10.0.0.2
      Type: Rtr, Age: 13902 secs, LinkIn: 4, LinkOut: 1
      Protocol: OSPF(0.0.0.0)
        To: 10.0.0.1, Local: 10.0.12.2, Remote: 10.0.12.1
          Local interface index: 68, Remote interface index: 0
      Protocol: OSPF(30.30.30.30)
      Protocol: OSPF(101.101.101.101)
      Protocol: OSPF(102.102.102.102)
    
    admin@J2300-1> 
    
  • Can view all of the link information with operational command show ted link
  • Example: Viewing the links in the TED

    admin@J2300-1> show ted link           
    ID                         ->ID                          LocalPath LocalBW
    10.0.0.1                     10.0.0.2                            1 0bps
    10.0.0.2                     10.0.0.1                            0 0bps
    10.0.0.3                     10.0.0.1                            0 0bps
    10.101.0.10-1                10.0.0.1                            0 0bps
    10.101.0.10-1                10.0.0.6                            0 0bps
    10.101.0.10-1                10.0.0.5                            0 0bps
    10.101.0.10-1                10.0.0.4                            0 0bps
    10.101.0.10-1                10.0.0.3                            0 0bps
    10.101.0.10-1                10.0.0.2                            0 0bps
    10.101.0.10-1                10.10.10.10                         0 0bps
    10.102.0.10-1                10.0.0.1                            0 0bps
    10.102.0.10-1                10.0.0.6                            0 0bps
    10.102.0.10-1                10.0.0.5                            0 0bps
    10.102.0.10-1                10.0.0.4                            0 0bps
    10.102.0.10-1                10.0.0.3                            0 0bps
    10.102.0.10-1                10.0.0.2                            0 0bps
    10.102.0.10-1                10.10.10.10                         0 0bps
    10.30.30.30-1                10.0.0.1                            0 0bps
    10.30.30.30-1                99.99.99.99                         0 0bps
    10.30.30.30-1                10.0.0.6                            0 0bps
    10.30.30.30-1                10.0.0.5                            0 0bps
    10.30.30.30-1                10.0.0.4                            0 0bps
    10.30.30.30-1                10.0.0.3                            0 0bps
    10.30.30.30-1                10.0.0.2                            0 0bps
    10.1.111.101-1               10.0.0.1                            0 0bps
    10.1.111.101-1               10.1.0.1                            0 0bps
    10.1.123.102-1               10.0.0.3                            0 0bps
    10.1.123.102-1               10.1.0.2                            0 0bps
    
    admin@J2300-1> 
    
    

    Editorial Note: Since an LSA with area flooding scope is used to build the TED, you wind up with a separate TED for each area. Due to the nature of OSPF, it isn't guaranteed that a router, especially a non-backbone router, will have complete information of the entire domain topology. This is certain if any kind of stub areas, summarizing addresses at ABRs. Thus, a router trying to precompute the path for a LSP won't necessarily have all of the needed information if the LSP terminates outside it's own area. So if you're planning on doing any TE, do your best to keep your OSPF design to a single area. To do TE in multiple areas you need to arrange for meeting points of LSPs in each area, and stitch them together. There are a lot of expired RFCs and things in the works. So stay tuned for a good working implementation, but don't hold your breath.

    Exercise: OSPF Traffic Engineering Database

    MPLS and OSPF

    LDP synchronization

    Advertising LSPs with OSPF

    Loop Free Alternative Routes


    OSPF and Layer 3 MPLS VPNS

  • There are a few extensions and features in OSPF that enhance it's use as a routing protocol in L3VPNs
  • Down Bit

    Sham Links

    Editorial Note: As much fun it is to set up OSPF as the routing protocol between the CE and PE in a MPLS L3VPN, it is really quite nasty and should not be attempted by mortal network engineers (really , it is fun). This involves some of the most advanced level routing concepts you'll ever run into between BGP and OSPF. This is also plagued by some strangeish behavior - the Type 1 & 2 LSA converstion to a Type 3 LSA which can be really daunting and misleading. It also suffers from some messy hacks -- the sham link, which sleeps in the bed next to the virtual link and GRE tunnel. It's really good to understand how all this works for one simple reason -- talking people out of using it! There are far better protocols for route distribution between the CE and PE - RIP, BGP and even static routes. As scared as some people are about using BGP, it is for the most part straight forward and predictable -- use it instead of OSPF.


    Unused LSAs


    Bidirectional Forwarding Detection (BFD)

    BFD Overview

    BFD Operation

    Configuring BFD for OSPF on Junos

    Troubleshooting BFD Sessions for OSPF


    OSPFv3 in Very Brief


    OSPF Configuration Overview

    OSPF Configuration Options for OSPFv2 for Junos 10.0

    protocols {
       ospf {
       disable;
       export [ policy-names ];
       external-preference preference;
       graceful-restart {
          disable;
          helper-disable;
          notify-duration seconds;
          restart-duration seconds;
       }
       import [ policy-names ];
       no-nssa-abr;
       no-rfc-1583;
       overload {
          timeout seconds;
       }
       preference preference;
       prefix-export-limit;
       rib-group group-name;
       reference-bandwidth reference-bandwidth;
       sham-link {
          local address;
       }
       spf-options {
          delay milliseconds;
          rapid-runs number;
          holddown milliseconds;
       }
       traffic-engineering {
          advertise-unnumbered-interfaces;
          multicast-rpf-routes;
          no-topology;
          shortcuts {
             ignore-lsp-metrics;
             lsp-metric-into-summary;
          }
       }
       traceoptions {
          file filename   ;
          flag flag  ;
       }
       area area-id {
          area-range network/mask-length   ;
          interface interface-name {
             disable;
             authentication {
                md5 key-id {
                   key [ key-values ];
                   start-time time;
                }
                simple-password key;
             }
             bfd-liveness-detection {
                authentication {
                   algorithm algorithm-name;
                   key-chain key-chain-name;
                   loose-check;
                }
                detection-time {
                threshold milliseconds;
                }
                full-neighbors-only;
                minimum-interval milliseconds;
                minimum-receive-interval milliseconds;
                multiplier number;
                no-adaptation;
                transmit-interval {
                   threshold milliseconds;
                   minimum-interval milliseconds;
                }
                version (1 | automatic);
             }
             dead-interval seconds;
             demand-circuit;
             flood-reduction;
             hello-interval seconds;
             interface-type type;
             ipsec-sa name;
             ldp-synchronization {
                disable;
                hold-time seconds;
             }
             metric metric;
             neighbor address ;
             passive {
                traffic-engineering {
                   remote-node-id address;
                }
             }
             poll-interval seconds;
             priority number;
             retransmit-interval seconds;
             secondary;
             te-metric metric;
             topology (ipv4-multicast | name) {
                metric metric;
             }
             transit-delay seconds;
          }
          label-switched-path name metric metric;
          network-summary-export [ policy-names ];
          network-summary-import [policy-names ];
          nssa {
             area-range network/mask-length   ;
             default-lsa {
                default-metric metric;
                metric-type type;
                type-7;
             }
             (summaries | no-summaries);
          }
          peer-interface interface-name {
             disable;
             dead-interval seconds;
             demand-circuit;
             flood-reduction;
             hello-interval seconds;
             retransmit-interval seconds;
             transit-delay seconds;
          }
          sham-link-remote address {
             demand-circuit;
             flood-reduction;
             ipsec-sa name;
             metric metric;
             }
          }
             stub  ;
             virtual-link neighbor-id router-id transit-area area-id {
             disable;
             authentication {
                md5 key-id {
                   key [ key-values ];
                }
                simple-password key;
             }
             dead-interval seconds;
             demand-circuit;
             flood-reduction;
             hello-interval seconds;
             ipsec-sa name;
             retransmit-interval seconds;
             topology (ipv4-multicast | name) disable;
             transit-delay seconds;
          }
       }
    }
    

    Final Comments

    Whew!

    After all of this is said and done, I actually really prefer IS-IS as my IGP.

    If I ever find some time, I may expand this section a bit in the following ways:

    References

    RFC 1583 OSPF Version 2

    RFC 1587 The OSPF NSSA Option

    RFC 1918 Address Allocation for Private Internets

    RFC 2328 OSPF Version 2

    RFC 2370 The OSPF Opaque LSA Option

    RFC 2470 Transmission of IPv6 Packets over Token Ring Networks

    RFC 3101 The OSPF Not-So-Stubby Area (NSSA) Option

    RFC 3623 Graceful OSPF Restart

    RFC 3630 Traffic Engineering (TE) Extensions to OSPF Version 2

    RFC 4203 OSPF Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS)

    RFC 5185 OSPF Multi-Area Adjacency

    RFC 5250 The OSPF Opaque LSA Option

    RFC 5340 OSPF for IPv6

    RFC 5709 OSPFv2 HMAC-SHA Cryptographic Authentication

    RFC 5786 Advertising a Router's Local Addresses in OSPF Traffic Engineering (TE) Extensions

    RFC 5880 Bidirectional Forwarding Detection (BFD)

    John T. Moy OSPF: Anatomy of an Internet Routing Protcol, ISBN: 9780201634723

    Juniper Networks Junos OS Documentation, Release 10.0




          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |   Version 0   |       C       |            Plenty             |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |           Router ID - www.blackhole-networks.com              |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                   Area ID - OSPF Deep Dive                    |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |          Checksum  OK         |         Construction          |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
          |                                                               |
          +-                                                             -+
          |                        PAGE STILL                             | 
          +-                         UNDER                               -+
          |                       CONSTRUCTION                            |
          +-                                                             -+
          |                  ROUGH AROUND THE EDGES                       |
          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+