Authentication Strategies; Key Rollover; Neighbors And Adjacency For Ospf; Designated Router (Dr) For Ospf - Cisco ASR 9000 Series Configuration Manual

Neighbors and Adjacency for OSPF

Authentication Strategies

Authentication can be specified for an entire process or area, or on an interface or a virtual link. An interface
or virtual link can be configured for only one type of authentication, not both. Authentication configured for
an interface or virtual link overrides authentication configured for the area or process.
If you intend for all interfaces in an area to use the same type of authentication, you can configure fewer
commands if you use the authentication command in the area configuration submode (and specify the
message-digest keyword if you want the entire area to use MD5 authentication). This strategy requires fewer
commands than specifying authentication for each interface.

Key Rollover

To support the changing of an MD5 key in an operational network without disrupting OSPF adjacencies (and
hence the topology), a key rollover mechanism is supported. As a network administrator configures the new
key into the multiple networking devices that communicate, some time exists when different devices are using
both a new key and an old key. If an interface is configured with a new key, the software sends two copies
of the same packet, each authenticated by the old key and new key. The software tracks which devices start
using the new key, and the software stops sending duplicate packets after it detects that all of its neighbors
are using the new key. The software then discards the old key. The network administrator must then remove
the old key from each the configuration file of each router.
Neighbors and Adjacency for OSPF
Routers that share a segment (Layer 2 link between two interfaces) become neighbors on that segment. OSPF
uses the hello protocol as a neighbor discovery and keep alive mechanism. The hello protocol involves receiving
and periodically sending hello packets out each interface. The hello packets list all known OSPF neighbors
on the interface. Routers become neighbors when they see themselves listed in the hello packet of the neighbor.
After two routers are neighbors, they may proceed to exchange and synchronize their databases, which creates
an adjacency. On broadcast and NBMA networks all neighboring routers have an adjacency.

Designated Router (DR) for OSPF

On point-to-point and point-to-multipoint networks, the Cisco IOS XR software floods routing updates to
immediate neighbors. No DR or backup DR (BDR) exists; all routing information is flooded to each router.
On broadcast or NBMA segments only, OSPF minimizes the amount of information being exchanged on a
segment by choosing one router to be a DR and one router to be a BDR. Thus, the routers on the segment
have a central point of contact for information exchange. Instead of each router exchanging routing updates
with every other router on the segment, each router exchanges information with the DR and BDR. The DR
and BDR relay the information to the other routers. On broadcast network segments the number of OSPF
packets is further reduced by the DR and BDR sending such OSPF updates to a multicast IP address that all
OSPF routers on the network segment are listening on.
The software looks at the priority of the routers on the segment to determine which routers are the DR and
BDR. The router with the highest priority is elected the DR. If there is a tie, then the router with the higher
router ID takes precedence. After the DR is elected, the BDR is elected the same way. A router with a router
priority set to zero is ineligible to become the DR or BDR.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.1.x
340
Implementing OSPF
OL-30423-03