Ospf Overview; Enabling Ospf - Cisco PIX 500 Series Configuration Manual

Configuring OSPF
•
•
•
•

OSPF Overview

OSPF uses a link-state algorithm to build and calculate the shortest path to all known destinations. Each
router in an OSPF area contains an identical link-state database, which is a list of each of the router
usable interfaces and reachable neighbors.
The advantages of OSPF over RIP include the following:
•
•
The disadvantage of shortest path first algorithms is that they require a lot of CPU cycles and memory.
The security appliance can run two processes of OSPF protocol simultaneously, on different sets of
interfaces. You might want to run two processes if you have interfaces that use the same IP addresses
(NAT allows these interfaces to coexist, but OSPF does not allow overlapping addresses). Or you might
want to run one process on the inside, and another on the outside, and redistribute a subset of routes
between the two processes. Similarly, you might need to segregate private addresses from public
addresses.
You can redistribute routes into an OSPF routing process from another OSPF routing process, a RIP
routing process, or from static and connected routes configured on OSPF-enabled interfaces.
The security appliance supports the following OSPF features:
•
•
•
•
•
•
•
•

Enabling OSPF

To enable OSPF, you need to create an OSPF routing process, specify the range of IP addresses
associated with the routing process, then assign area IDs associated with that range of IP addresses.
Cisco Security Appliance Command Line Configuration Guide
9-8
Logging Neighbors Going Up or Down, page 9-17
Displaying OSPF Update Packet Pacing, page 9-18
Monitoring OSPF, page 9-18
Restarting the OSPF Process, page 9-19
OSPF link-state database updates are sent less frequently than RIP updates, and the link-state
database is updated instantly rather than gradually as stale information is timed out.
Routing decisions are based on cost, which is an indication of the overhead required to send packets
across a certain interface. The security appliance calculates the cost of an interface based on link
bandwidth rather than the number of hops to the destination. The cost can be configured to specify
preferred paths.
Support of intra-area, interarea, and external (Type I and Type II) routes.
Support of a virtual link.
OSPF LSA flooding.
Authentication to OSPF packets (both password and MD5 authentication).
Support for configuring the security appliance as a designated router or a designated backup router.
The security appliance also can be set up as an ABR; however, the ability to configure the security
appliance as an ASBR is limited to default information only (for example, injecting a default route).
Support for stub areas and not-so-stubby-areas.
Area boundary router type-3 LSA filtering.
Advertisement of static and global address translations.
Chapter 9 Configuring IP Routing
OL-12172-03