From: Nick Shah (nshah@connect.com.au)
Date: Mon Sep 09 2002 - 21:18:10 GMT-3
> These BOTH commands below work fine without explicit "area 0
authentication
> message-digest":
> "area 1 virtual-link a.b.c.d authentication message-digest"
> "area 1 virtual-link a.b.c.d message-digest-key 1 md5 ccie"
> Isn't it ?
With the implementation of per-interface authentication, and per-interface
authentication overriding, I guess that affects the virtual link as well. So
the earlier requirement to have similar authentication across the virtual
link (as area 0) has been relaxed.
However I would still stick to whatever authentication is defined for area
0.
I also explicitly specify area 0 authentication message-digest (or plain
authentication), and then explicitly specify number 2 ("area 1 virtual-link
a.b.c.d message-digest-key 1 md5 ccie")
> I would say that in partial mesh option 2 is OK. As soon as You assign
> priority "0" to spokes
> HUB will be DR always and if we loose HUB - who cares about BDR ? since
> spokes can not communicate without HUB. My opinion that option 2 is better
> for those Hub-Spokes Lab scenarios.
> I would prefer option 2 when we have FLSM/VLSM design and option 1 in case
> of pure VLSM.
Watch out for scenarios of full mesh, (consider 3 sites, not the
conventional hub/spoke scenario). In that case, the 2 sites should continue
to talk to each other if the third site goes down. In that case it would be
ideal to have one DR, one BDR and one DROTHER.
rgds
Nick
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:47 GMT-3