Re: ospf auth and network type clarification

From: Nick Shah (nshah@connect.com.au)
Date: Mon Sep 09 2002 - 20:44:47 GMT-3

• Next message: Mingzhou Nie: "Re: BGP"
• Previous message: Mingzhou Nie: "Re: BGP"
• Maybe in reply to: Volkov, Dmitry (Toronto - BCE): "ospf auth and network type clarification"
• Next in thread: Volkov, Dmitry (Toronto - BCE): "RE: ospf auth and network type clarification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> I have to subj fo clarificationj:
> A) If the Lab requirements: "Configure strongest authent for Area 0"
> and there are virt links exist in design.
>
> We MUST configure authentication for virtual links as well, because Virt
> links are considered to be as part of Area 0.

Yes.

> The following must be done under OSPF process on the routers where virt
> links terminated :
>
> 1) "area 0 authentication message-digest"
> OR
> 2)
> "area 1 virtual-link a.b.c.d authentication message-digest"
>
> command:
> " area 1 virtual-link a.b.c.d message-digest-key 1 md5 ccie" can be added
in
> both cases,
> if it's not added - OSPF will still work but without authentication, we
> will get in this case
> Message digest authentication enabled
> No key configured, using default key id 0

Always enable area 0 authentication, AND also explicitly specify area 1
virtual-link blah auth & appropriate authentication type & key. Unless
explicitly mentioned not to.

> B) If the Lab requirements: Don't use ospf neigbors command and we have FR
> cloud as one subnet, we have two choices using multipoint subs ot physical
> int:
>
> 1) to use "ip ospf network point-to-multipoint" - drawback - we get /32
> routes
> OR
> 2) to use "ip ospf network broadcast" - drawback - we have to put "ip ospf
> priority 0" under interfaces/subint on spokes to force HUB to be DR.

If you choose to use option 1, then you must see if there would be any
summaries needed for IGRP/RIP.
If you choose option 2, then also you must see if there are any requirements
of having a backup DR (generally I dont anticipate a scenario like this, but
its possible in case of full mesh), if not, then 'explicitly nail' the
priorities of spokes to zero and hub to something higher or leave as
default.

There is one more thing that I would generally nail down, and that is
router-id's , these I think are not only good practices especially when
using virtual links and also preventing synch issues in case of using BGP
RR's & OSPF. This also makes more sense if you are using meaning ful
loopback addresses as RID's and want to preserve that meaningfulness upon
reload.

rgds
Nick

• Next message: Mingzhou Nie: "Re: BGP"
• Previous message: Mingzhou Nie: "Re: BGP"
• Maybe in reply to: Volkov, Dmitry (Toronto - BCE): "ospf auth and network type clarification"
• Next in thread: Volkov, Dmitry (Toronto - BCE): "RE: ospf auth and network type clarification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:47 GMT-3