Saturday, April 20, 2013

Modifying OSPF cost metric / Configuring OSPF authentication


Modifying OSPF cost metric
2.3.3

This page will teach students how to modify cost values on network interfaces.
OSPF uses cost as the metric for determining the best route. A cost is associated with the output side of each router interface. Costs are also associated with externally derived routing data. In general, the path cost is calculated using the formula 10^8/ bandwidth, where bandwidth is expressed in bps. The system administrator can also configure cost by other methods. The lower the cost, the more likely the interface is to be used to forward data traffic. The Cisco IOS automatically determines cost based on the bandwidth of the interface. It is essential for proper OSPF operation that the correct interface bandwidth is set.
Router(config)#interface serial 0/0
Router(config-if)#bandwidth 56
Cost can be changed to influence the outcome of the OSPF cost calculation. A common situation requiring a cost change is in a multi-vendor routing environment. A cost change would ensure that one vendor’s cost value would match another vendor’s cost value. Another situation is when Gigabit Ethernet is being used. The default cost assigns the lowest cost value of 1 to a 100 Mbps link. In a 100-Mbps and Gigabit Ethernet situation, the default cost values could cause routing to take a less desirable path unless they are adjusted. The cost number can be between 1 and 65,535.
Use the following interface configuration command to set the link cost:
Router(config-if)#ip ospf costnumber
The Lab Activities will show students how to modify the OSPF cost metric of an interface.
The next page will explain how OSPF authentication is configured.


Configuring OSPF authentication
2.3.4 


This page will explain why OSPF authentication keys are used and how they are configured.
By default, a router trusts that routing information is coming from a router that should be sending the information. A router also trusts that the information has not been tampered with along the route.
To guarantee this trust, routers in a specific area can be configured to authenticate each other.
Each OSPF interface can present an authentication key for use by routers sending OSPF information to other routers on the segment. The authentication key, known as a password, is a shared secret between the routers. This key is used to generate the authentication data in the OSPF packet header. The password can be up to eight characters. Use the following command syntax to configure OSPF authentication:
Router(config-if)#ip ospf authentication-keypassword
After the password is configured, authentication must be enabled:
Router(config-router)#areaarea-number authentication
With simple authentication, the password is sent as plain text. This means that it can be easily decoded if a packet sniffer captures an OSPF packet.
It is recommended that authentication information be encrypted. To send encrypted authentication information and to ensure greater security, the message-digest keyword is used. The MD5 keyword specifies the type of message-digest hashing algorithm to use, and the encryption type field refers to the type of encryption, where 0 means none and 7 means proprietary.
Use the interface configuration command mode syntax:
Router(config-if)#ip ospf message-digest-keykey-id encryption-type md5key
The key-id is an identifier and takes the value in the range of 1 through 255. The key is an alphanumeric password up to sixteen characters. Neighbor routers must use the same key identifier with the same key value.
The following is configured in router configuration mode:
Router(config-router)#areaarea-id authentication message-digest
MD5 authentication creates a message digest. A message digest is scrambled data that is based on the password and the packet contents. The receiving router uses the shared password and the packet to re-calculate the digest. If the digests match, the router believes that the source and contents of the packet have not been tampered with. The authentication type identifies which authentication, if any, is being used. In the case of message-digest authentication, the authentication data field contains the key-id and the length of the message digest that is appended to the packet. The message digest is like a watermark that cannot be counterfeited.
The Lab Activities will require students to set up an IP address scheme for an OSPF area. Students will then configure OSPF authentication for the area.
The next page will teach students how to configure OSPF timers.
Posted by at No comments:

Configuring OSPF loopback address and router priority


Configuring OSPF loopback address and router priority
2.3.2


This page will explain the purpose of an OSPF loopback interface. Students will also learn how to assign an IP address to a loopback interface.
When the OSPF process starts, the Cisco IOS uses the highest local active IP address as its OSPF router ID. If there is no active interface, the OSPF process will not start. If the active interface goes down, the OSPF process has no router ID and therefore ceases to function until the interface comes up again.
To ensure OSPF stability there should be an active interface for the OSPF process at all times. A loopback interface, which is a logical interface, can be configured for this purpose. When a loopback interface is configured, OSPF uses this address as the router ID, regardless of the value. On a router that has more than one loopback interface, OSPF takes the highest loopback IP address as its router ID.
To create and assign an IP address to a loopback interface use the following commands:
Router(config)#interface loopback number
Router(config-if)#ip address ip-address subnet-mask
It is considered good practice to use loopback interfaces for all routers running OSPF. This loopback interface should be configured with an address using a 32-bit subnet mask of 255.255.255.255. A 32-bit subnet mask is called a host mask because the subnet mask specifies a network of one host. When OSPF is requested to advertise a loopback network, OSPF always advertises the loopback as a host route with a 32-bit mask.
In broadcast multi-access networks there may be more than two routers. OSPF elects a designated router (DR) to be the focal point of all link-state updates and link-state advertisements. Because the DR role is critical, a backup designated router (BDR) is elected to take over if the DR fails.
If the network type of an interface is broadcast, the default OSPF priority is 1. When OSPF priorities are the same, the OSPF election for DR is decided on the router ID. The highest router ID is selected.
The election result can be determined by ensuring that the ballots, the hello packets, contain a priority for that router interface. The interface reporting the highest priority for a router will ensure that it becomes the DR.
The priorities can be set to any value from 0 to 255. A value of 0 prevents that router from being elected. A router with the highest OSPF priority will be selected as the DR. A router with the second highest priority will be the BDR. After the election process, the DR and BDR retain their roles even if routers are added to the network with higher OSPF priority values.
Modify the OSPF priority by entering global interface configuration ip ospf priority command on an interface that is participating in OSPF. The command show ip ospf interface will display the interface priority value as well as other key information.
Router(config-if)#ip ospf prioritynumber
Router#show ip ospf interfacetype number
The Lab Activity will teach students to configure loopback interfaces for OSPF as well as observe the election process for DR and BDR.
The next page will discuss the OSPF cost metric.
Posted by at No comments:
Subscribe to: Posts (Atom)