Modifying OSPF cost metric / Configuring OSPF authentication

Modifying OSPF cost metric
2.3.3

This page will teach students how to modify cost values on network interfaces.
OSPF uses cost as the metric for determining the best route. A cost is associated with the output side of each router interface. Costs are also associated with externally derived routing data. In general, the path cost is calculated using the formula 10^8/ bandwidth, where bandwidth is expressed in bps. The system administrator can also configure cost by other methods. The lower the cost, the more likely the interface is to be used to forward data traffic. The Cisco IOS automatically determines cost based on the bandwidth of the interface. It is essential for proper OSPF operation that the correct interface bandwidth is set.

Router(config)#interface serial 0/0

Router(config-if)#bandwidth 56

Cost can be changed to influence the outcome of the OSPF cost calculation. A common situation requiring a cost change is in a multi-vendor routing environment. A cost change would ensure that one vendor’s cost value would match another vendor’s cost value. Another situation is when Gigabit Ethernet is being used. The default cost assigns the lowest cost value of 1 to a 100 Mbps link. In a 100-Mbps and Gigabit Ethernet situation, the default cost values could cause routing to take a less desirable path unless they are adjusted. The cost number can be between 1 and 65,535.
Use the following interface configuration command to set the link cost:

Router(config-if)#ip ospf costnumber

The Lab Activities will show students how to modify the OSPF cost metric of an interface.
The next page will explain how OSPF authentication is configured.

Configuring OSPF authentication
2.3.4 


This page will explain why OSPF authentication keys are used and how they are configured.
By default, a router trusts that routing information is coming from a router that should be sending the information. A router also trusts that the information has not been tampered with along the route.
To guarantee this trust, routers in a specific area can be configured to authenticate each other.
Each OSPF interface can present an authentication key for use by routers sending OSPF information to other routers on the segment. The authentication key, known as a password, is a shared secret between the routers. This key is used to generate the authentication data in the OSPF packet header. The password can be up to eight characters. Use the following command syntax to configure OSPF authentication:

Router(config-if)#ip ospf authentication-keypassword

After the password is configured, authentication must be enabled:

Router(config-router)#areaarea-number authentication

With simple authentication, the password is sent as plain text. This means that it can be easily decoded if a packet sniffer captures an OSPF packet.
It is recommended that authentication information be encrypted. To send encrypted authentication information and to ensure greater security, the message-digest keyword is used. The MD5 keyword specifies the type of message-digest hashing algorithm to use, and the encryption type field refers to the type of encryption, where 0 means none and 7 means proprietary.
Use the interface configuration command mode syntax:

Router(config-if)#ip ospf message-digest-keykey-id encryption-type md5key

The key-id is an identifier and takes the value in the range of 1 through 255. The key is an alphanumeric password up to sixteen characters. Neighbor routers must use the same key identifier with the same key value.
The following is configured in router configuration mode:

Router(config-router)#areaarea-id authentication message-digest

MD5 authentication creates a message digest. A message digest is scrambled data that is based on the password and the packet contents. The receiving router uses the shared password and the packet to re-calculate the digest. If the digests match, the router believes that the source and contents of the packet have not been tampered with. The authentication type identifies which authentication, if any, is being used. In the case of message-digest authentication, the authentication data field contains the key-id and the length of the message digest that is appended to the packet. The message digest is like a watermark that cannot be counterfeited.
The Lab Activities will require students to set up an IP address scheme for an OSPF area. Students will then configure OSPF authentication for the area.
The next page will teach students how to configure OSPF timers.