How to configure OSPF Virtual Link

If you studied Cisco’s CCNA you have learned that when you use OSPF all the areas have to be directly connected to the backbone area. Is this really true? Areas have to be connected to the backbone area but if they aren’t we can fix it with a virtual link.

Let me show you an example:

Look at my picture above. We have three areas and on the left side is area 0. Area 2 is behind area 1. Normally this is not going to work since area 2 has to be directly connected to area 0. We can make this work by using a virtual link. By using a virtual link we can extend area 0 through area 1 so area 2 will be “directly connected” to area 0. Let’s take a look at how a virtual link can solve this problem:

This is basically how a virtual link works. It’s like a tunnel through area 1 to reach area 2. This way area 2 will be directly connected. Now let me show you how to configure a virtual link:

In the example above area 2 is not directly connected to area 0 so we’ll have to use a virtual link between routers R1 and R2, here’s how we do it:

R1(config)#router ospf 1
R1(config-router)#network 1.1.1.0 0.0.0.255 area 0
R1(config-router)#network 192.168.12.0 0.0.0.255 area 1

R2(config)#router ospf 1
R2(config-router)#network 192.168.12.0 0.0.0.255 area 1
R2(config-router)#network 192.168.23.0 0.0.0.255 area 2

R3(config)#router ospf 1
R3(config-router)#network 192.168.23.0 0.0.0.255 area 2

I’ll start with a default OSPF configuration.

R1(config)#router ospf 1
R1(config-router)#area 1 virtual-link 192.168.23.2

R2(config)#router ospf 1
R2(config-router)#area 1 virtual-link 1.1.1.1

We configure the virtual-link between ABRs and we use the area virtual-link command. First you need to specify the area 1 where we need the virtual-link which is area 1 in my example. Second step is to configure the OSPF router ID of the other ABR. Keep this in mind…you need to configure the OSPF router ID and NOT the IP address of the ABR. If everything is OK area 2 will have be directly connected to area 0 through our virtual-link.

R1# %OSPF-5-ADJCHG  Process 1, Nbr 192.168.23.2 on OSPF_VL0 from LOADING to FULL, Loading Done

R2# %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on OSPF_VL0 from LOADING to FULL, Loading Done

You will see the message above that tells us the virtual link is established.

R1#show ip ospf virtual-links 
Virtual Link OSPF_VL0 to router 192.168.23.2 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 1, via interface FastEthernet0/0, Cost of using 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:06
    Adjacency State FULL (Hello suppressed)
    Index 1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

R2#show ip ospf virtual-links 
Virtual Link OSPF_VL0 to router 1.1.1.1 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 1, via interface FastEthernet0/0, Cost of using 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:05
    Adjacency State FULL (Hello suppressed)
    Index 1/3, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

You can use the show ip ospf virtual-links command to check if your virtual-link is working.

R1#show ip ospf database 

            OSPF Router with ID (1.1.1.1) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         189         0x80000004 0x00E333 2
192.168.23.2    192.168.23.2    1     (DNA) 0x80000002 0x009816 1

R2#show ip ospf database 

            OSPF Router with ID (192.168.23.2) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         1     (DNA) 0x80000004 0x00E333 2
192.168.23.2    192.168.23.2    159         0x80000002 0x009816 1

If you look at the LSDB you will see that the virtual-link shows up as a type 1 router LSA. You can also see DNA which means do not age.

Configurations

Want to take a look for yourself? Here you will find the configuration of each device.

R2

hostname R2
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.23.2 255.255.255.0
!
router ospf 1
 area 1 virtual-link 1.1.1.1
 network 192.168.12.0 0.0.0.255 area 1
 network 192.168.23.0 0.0.0.255 area 2
!
end

R1

hostname R1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router ospf 1
 area 1 virtual-link 192.168.23.2
 network 1.1.1.0 0.0.0.255 area 0
 network 192.168.12.0 0.0.0.255 area 1
!
end

R3

hostname R3
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
!
router ospf 1
 network 192.168.23.0 0.0.0.255 area 2
!
end

Any other situation where we need a virtual-link? What about a discontinuous backbone area? Let me show you an example:

Forum Replies

Hi M,

That’s right, I don’t think you can still see it in the LSDB somewhere.

Rene

Hello Stuart.

Here is the diagram that Rene has in his lesson:

//cdn-forum.networklessons.com/uploads/default/original/1X/7c5c0badd9511411a37f8e6335b9a3aeed8e925b.png

A virtual link has been created between the L0 interface of R1 and the Fa1/0 interface of R2.

The OSPF packets between the two ends of the virtual link are not multicast packets. (Note the two ends of the virtual link are the L0 interface of R1 and the Fa1/0 interface of R2). LSAs that are sent over the virtual link are actually tunnelled packets between 192.168.23.2 and 1.1.1.1, based on the ne

... Continue reading in our forum

Hi Laz,
I think you can’t catch my question…
Visualize a topology like …

area0>> Area-1 stub/nssa >> Area-2
so upon on above scenario the Area-2 have to connect to Area-0 using Virtual link to make the area functioning. Technically Virtual link not possible over the Stub/nssa area why ?? Thx

br//zaman

Hi Zeko,

If you enable authentication for virtual links, you have to enable it globally for area 0 and set the password on the virtual link command. Here’s an example:

R1#show run | begin ospf
router ospf 1
 area 0 authentication
 area 1 virtual-link 2.2.2.2 authentication-key NWL

Authentication is enabled for area 0, the virtual link goes through area 1 and has the password. You can see it works with this command:

R1#show ip ospf virtual-links 
Virtual Link OSPF_VL0 to router 192.168.23.2 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 1,

... Continue reading in our forum

Hello Sovandara,

You can create more than one virtual link if needed. For example, let’s say you have a topology like this:

(area 0) R1 (area 1) R2 (area 2) R3 (area 3)

You can configure a virtual link between R1-R2 to get area 2 connected to area 0. The virtual link is like a tunnel that gives R2 access to area 0.

You can then configure a virtual link between R2 and R3 to connect area 3 to area 0.

Hope this helps!

Rene

59 more replies! Ask a question or join the discussion by visiting our Community Forum