D-Link xStack Reference Manual page 210

®
xStack DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch Web UI Reference Guide
Simple Password Authentication
A password (or key) can be configured on a per-area basis. Routers in the same area that participate in the routing
domain must be configured with the same key. This method is possibly vulnerable to passive attacks where a link
analyzer is used to obtain the password.
Message Digest Authentication (MD-5)
MD-5 authentication is a cryptographic method. A key and a key-ID are configured on each router. The router then
uses an algorithm to generate a mathematical "message digest" that is derived from the OSPF packet, the key and
the key-ID. This message digest (a number) is then appended to the packet. The key is not exchanged over the
wire and a non-decreasing sequence number is included to prevent replay attacks.
Backbone and Area 0
OSPF limits the number of link-state updates required between routers by defining areas within which a given
router operates. When more than one area is configured, one area is designated as area 0, also called the
backbone.
The backbone is at the center of all other areas, all areas of the network have a physical (or virtual) connection to
the backbone through a router. OSPF allows routing information to be distributed by forwarding it into area 0, from
which the information can be forwarded to all other areas (and all other routers) on the network.
In situations where an area is required, but is not possible to provide a physical connection to the backbone, a
virtual link can be configured.
Virtual Links
Virtual links accomplish two purposes:
Linking an area that does not have a physical connection to the backbone.
Patching the backbone in case there is a discontinuity in area 0.
Areas Not Physically Connected to Area 0
All areas of an OSPF network should have a physical connection to the backbone, but in some cases it is not
possible to physically connect a remote area to the backbone. In these cases, a virtual link is configured to connect
the remote area to the backbone. A virtual path is a logical path between two border routers that have a common
area, with one border router connected to the backbone.
Partitioning the Backbone
OSPF also allows virtual links to be configured to connect the parts of the backbone that are discontinuous. This is
the equivalent to linking different area 0s together using a logical path between each area 0. Virtual links can also
be added for redundancy to protect against a router failure. A virtual link is configured between two border routers
that both have a connection to their respective area 0s.
Neighbors
Routers that are connected to the same area or segment become neighbors in that area. Neighbors are elected via
the Hello protocol. IP multicast is used to send out Hello packets to other routers on the segment. Routers become
neighbors when they see themselves listed in a Hello packet sent by another router on the same segment. In this
way, two-way communication is guaranteed to be possible between any two neighbor routers.
Any two routers must meet the following conditions before they become neighbors:
Area ID - Two routers having a common segment
segment. Of course, the interfaces should belong to the same subnet and have the same subnet mask.
Authentication - OSPF allows for the configuration of a password for a specific area. Two routers on the same
segment and belonging to the same area must also have the same OSPF password before they can become
neighbors.
Hello and Dead Intervals - The Hello interval specifies the length of time, in seconds, between the hello
packets that a router sends on an OSPF interface. The dead interval is the number of seconds that a router's
Hello packets have not been seen before its neighbors declare the OSPF router down. OSPF routers exchange
their interfaces have to belong to the same area on that
209