Ospf Authentication - D-Link DGS-3324SRi User Manual

Areas and Border Routers
OSPF link-state updates are forwarded to other routers by flooding to all routers on the network. OSPF uses the concept of
areas to define where on the network routers that need to receive particular link-state updates are located. This helps ensure
that routing updates are not flooded throughout the entire network and to reduce the amount of bandwidth consumed by
updating the various router's routing tables.
Areas establish boundaries beyond which link-state updates do not need to be flooded. So the exchange of link-state
updates and the calculation of the shortest path tree are limited to the area that the router is connected to.
Routers that have connections to more than one area are called Border Routers (BR). The Border Routers have the
responsibility of distributing necessary routing information and changes between areas.
Areas are specific to the router interface. A router that has all of its interfaces in the same area is called an Internal Router.
A router that has interfaces in multiple areas is called a Border Router. Routers that act as gateways to other networks
(possibly using other routing protocols) are called Autonomous System Border Routers (ASBRs).
Link-State Packets
There are a number of different types of link-state packets, four of which are illustrated below:
Router Link-State Updates These describe a router's links to destinations within an area.
Summary Link-State Updates – Issued by Border Routers and describe links to networks outside the area but
within the Autonomous System (AS).
Network Link-State Updates – Issued by multi-access areas that have more than one attached router. One router is
elected as the Designated Router (DR) and this router issues the network link-state updates describing every
router on the segment.
External Link-State Updates – Issued by an Autonomous System Border Router and describes routes to
destinations outside the AS or a default route to the outside AS.
The format of these link-state updates is described in more detail below.
Router link-state updates are flooded to all routers in the current area. These updates describe the destinations reachable
through all of the router's interfaces.
Summary link-state updates are generated by Border Routers to distribute routing information about other networks within
the AS. Normally, all Summary link-state updates are forwarded to the backbone (area 0) and are then forwarded to all
other areas in the network. Border Routers also have the responsibility of distributing routing information from the
Autonomous System Border Router in order for routers in the network to get and maintain routes to other Autonomous
Systems.
Network link-state updates are generated by a router elected as the Designated Router on a multi-access segment (with
more than one attached router). These updates describe all of the routers on the segment and their network connections.
External link-state updates carry routing information to networks outside the Autonomous System. The Autonomous
System Border Router is responsible for generating and distributing these updates.

OSPF Authentication

OSPF packets can be authenticated as coming from trusted routers by the use of predefined passwords. The default for
routers is to use not authentication.
There are two other authentication methods
(MD-5).
Message Digest Authentication (MD-5)
MD-5 authentication is a cryptographic method. A key and a key-ID are configured on each router. The router then uses an
algorithm to generate a mathematical "message digest" that is derived from the OSPF packet, the key and the key-ID. This
message digest (a number) is then appended to the packet. The key is not exchanged over the wire and a non-decreasing
sequence number is included to prevent replay attacks.
xStack Stackable Gigabit Layer 3 Switch Manual
simple password authentication (key) and Message Digest authentication
170