Ospf Authentication; Virtual Links - D-Link DES-3326SR Manual

OSPF Authentication

OSPF packets can be authenticated as coming from trusted routers by the use of predefined passwords. The
default for routers is to use not authentication.
There are two other authentication methods − simple password authentication (key) and Message Digest
authentication (MD-5).
Message Digest Authentication (MD-5)
MD-5 authentication is a cryptographic method. A key and a key-ID are configured on each router. The router
then uses an algorithm to generate a mathematical "message digest" that is derived from the OSPF packet, the
key and the key-ID. This message digest (a number) is then appended to the packet. The key is not exchanged
over the wire and a non-decreasing sequence number is included to prevent replay attacks.
Simple Password Authentication
A password (or key) can be configured on a per-area basis. Routers in the same area that participate in the
routing domain must be configured with the same key. This method is possibly vulnerable to passive attacks
where a link analyzer is used to obtain the password.
The Backbone and Area 0
OSPF limits the number of link-state updates required between routers by defining areas within which a given
router operates. When more than one area is configured, one area is designated as area 0 − also called the
backbone.
The backbone is at the center of all other areas − all areas of the network have a physical (or virtual) connection
to the backbone through a router. OSPF allows routing information to be distributed by forwarding it into area 0,
from which the information can be forwarded to all other areas (and all other routers) on the network.
In situations where an area is required, but is not possible to provide a physical connection to the backbone, a
virtual link can be configured.

Virtual Links

Virtual links accomplish two purposes:
1. Linking an area that does not have a physical connection to the backbone.
2. Patching the backbone in case there is a discontinuity in area 0.
Areas Not Physically Connected to Area 0
All areas of an OSPF network should have a physical connection to the backbone, but is some cases it is not
possible to physically connect a remote area to the backbone. In these cases, a virtual link is configured to
connect the remote area to the backbone. A virtual path is a logical path between two border routers that have a
common area, with one border router connected to the backbone.
Partitioning the Backbone
OSPF also allows virtual links to be configured to connect the parts of the backbone that are discontinuous. This
is the equivalent to linking different area 0s together using a logical path between each area 0. Virtual links can
also be added for redundancy to protect against a router failure. A virtual link is configured between two border
routers that both have a connection to their respective area 0s.
D-Link DES-3326SR Layer 3 Switch
160