Skip to main content

Modifying OSPF cost metric / Configuring OSPF authentication


Modifying OSPF cost metric
2.3.3

This page will teach students how to modify cost values on network interfaces.
OSPF uses cost as the metric for determining the best route. A cost is associated with the output side of each router interface. Costs are also associated with externally derived routing data. In general, the path cost is calculated using the formula 10^8/ bandwidth, where bandwidth is expressed in bps. The system administrator can also configure cost by other methods. The lower the cost, the more likely the interface is to be used to forward data traffic. The Cisco IOS automatically determines cost based on the bandwidth of the interface. It is essential for proper OSPF operation that the correct interface bandwidth is set.
Router(config)#interface serial 0/0
Router(config-if)#bandwidth 56
Cost can be changed to influence the outcome of the OSPF cost calculation. A common situation requiring a cost change is in a multi-vendor routing environment. A cost change would ensure that one vendor’s cost value would match another vendor’s cost value. Another situation is when Gigabit Ethernet is being used. The default cost assigns the lowest cost value of 1 to a 100 Mbps link. In a 100-Mbps and Gigabit Ethernet situation, the default cost values could cause routing to take a less desirable path unless they are adjusted. The cost number can be between 1 and 65,535.
Use the following interface configuration command to set the link cost:
Router(config-if)#ip ospf costnumber
The Lab Activities will show students how to modify the OSPF cost metric of an interface.
The next page will explain how OSPF authentication is configured.


Configuring OSPF authentication
2.3.4 


This page will explain why OSPF authentication keys are used and how they are configured.
By default, a router trusts that routing information is coming from a router that should be sending the information. A router also trusts that the information has not been tampered with along the route.
To guarantee this trust, routers in a specific area can be configured to authenticate each other.
Each OSPF interface can present an authentication key for use by routers sending OSPF information to other routers on the segment. The authentication key, known as a password, is a shared secret between the routers. This key is used to generate the authentication data in the OSPF packet header. The password can be up to eight characters. Use the following command syntax to configure OSPF authentication:
Router(config-if)#ip ospf authentication-keypassword
After the password is configured, authentication must be enabled:
Router(config-router)#areaarea-number authentication
With simple authentication, the password is sent as plain text. This means that it can be easily decoded if a packet sniffer captures an OSPF packet.
It is recommended that authentication information be encrypted. To send encrypted authentication information and to ensure greater security, the message-digest keyword is used. The MD5 keyword specifies the type of message-digest hashing algorithm to use, and the encryption type field refers to the type of encryption, where 0 means none and 7 means proprietary.
Use the interface configuration command mode syntax:
Router(config-if)#ip ospf message-digest-keykey-id encryption-type md5key
The key-id is an identifier and takes the value in the range of 1 through 255. The key is an alphanumeric password up to sixteen characters. Neighbor routers must use the same key identifier with the same key value.
The following is configured in router configuration mode:
Router(config-router)#areaarea-id authentication message-digest
MD5 authentication creates a message digest. A message digest is scrambled data that is based on the password and the packet contents. The receiving router uses the shared password and the packet to re-calculate the digest. If the digests match, the router believes that the source and contents of the packet have not been tampered with. The authentication type identifies which authentication, if any, is being used. In the case of message-digest authentication, the authentication data field contains the key-id and the length of the message digest that is appended to the packet. The message digest is like a watermark that cannot be counterfeited.
The Lab Activities will require students to set up an IP address scheme for an OSPF area. Students will then configure OSPF authentication for the area.
The next page will teach students how to configure OSPF timers.

Comments

Post a Comment

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...
Post a Comment
Read more

Advantages and disadvantages of link-state routing

Advantages and disadvantages of link-state routing 2.1.5  This page lists the advantages and disadvantages of link-state routing protocols. The following are advantages of link-state routing protocols:  Link-state protocols use cost metrics to choose paths through the network. The cost metric reflects the capacity of the links on those paths. Link-state protocols use triggered updates and LSA floods to immediately report changes in the network topology to all routers in the network. This leads to fast convergence times. Each router has a complete and synchronized picture of the network. Therefore, it is very difficult for routing loops to occur. Routers use the latest information to make the best routing decisions. The link-state database sizes can be minimized with careful network design. This leads to smaller Dijkstra calculations and faster convergence. Every router, at the very least, maps the topology of it...
Post a Comment
Read more

Ports for services

Ports for services 10.2.2  Services running on hosts must have a port number assigned to them so communication can occur. A remote host attempting to connect to a service expects that service to use specific transport layer protocols and ports. Some ports, which are defined in RFC 1700, are known as the well-known ports. These ports are reserved in both TCP and UDP.  These well-known ports define applications that run above the transport layer protocols. For example, a server that runs FTP will use ports 20 and 21 to forward TCP connections from clients to its FTP application. This allows the server to determine which service a client requests. TCP and UDP use port numbers to determine the correct service to which requests are forwarded. The next page will discuss ports in greater detail.
Post a Comment
Read more