From: Alsontra Daniels (alsontra@gmail.com)
Date: Fri Apr 22 2005 - 11:44:41 GMT-3
Hi,
OSPF key rollover works as follows (or least here are my notes on the
topic):
In case you want to configure a new plain text key or MD5 key, there must be
a way to do a key rollover to switch from the old key to the new key without
disrupting communication. As a network administrator configures the new key
into the multiple networking devices that communicate, a time period exists
when different devices are using both a new key and an old key. If an
interface is configured with a new key, the software sends two copies of the
same packet, each authenticated by the old key and the new key. The software
tracks which devices start using the new key, and the software stops sending
duplicate packets once it detects that all of its neighbors are using the
new key. The software then discards the old key. The network administrator
must then remove the old key from each router's configuration file.
Youngest key = greatest key number
My understanding is that OSPF should use whatever key is validated first;
which would suggest that OSPF keys are not the problem. As far as the adj.
not forming, I'm somewhat confused by your explanation of the behavior. Can
you post the appropriate adj. debug?
HTH,
Alsontra
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Thursday, April 21, 2005 12:07 PM
To: ccielab@groupstudy.com
Subject: OSPF MD5 - Rollover
Rollover key works fine before reloading. After reloading R4 tries to
authenticate using key 1 and 2 but adjacency does not go up. If I remove the
second key, it establishes the adjacency.
If I configure neighbor statement on R1, adjacency goes up.
Network type is non-broadcast.
Have you seem this behavior?
R4
interface Serial0/0
ip address 142.20.14.4 255.255.255.0
ip pim sparse-dense-mode
encapsulation frame-relay
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 ccie
R4
router-id 142.20.4.1
log-adjacency-changes
area 112 authentication message-digest
area 113 authentication message-digest
redistribute connected subnets route-map connected->ospf
network 142.20.4.0 0.0.0.255 area 112
network 142.20.14.0 0.0.0.255 area 112
network 142.20.45.4 0.0.0.3 area 113
neighbor 142.20.14.1
R1
router ospf 1
router-id 142.20.1.1
log-adjacency-changes
area 0 authentication
area 112 authentication message-digest
redistribute rip subnets
network 142.20.1.0 0.0.0.255 area 0
network 142.20.14.0 0.0.0.255 area 112
network 142.20.125.0 0.0.0.31 area 0
R1
interface Serial0/0.14 multipoint
ip address 142.20.14.1 255.255.255.0
ip pim sparse-dense-mode
ip ospf message-digest-key 1 md5 cisco
ip ospf priority 0
ipv6 address 2001::1/64
frame-relay map ip 142.20.1.4 104 broadcast
frame-relay map ip 142.20.14.4 104 broadcast
Rack2R4#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.2(15)T5
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:07 GMT-3