Advanced OSPF Design Concepts

The process of changing keys is as follows. Suppose the current configuration is

    interface ethernet 1    ip ospf message-digest-key 100 md5 OLD 

You change the configuration to the following:

    interface ethernet 1    ip ospf message-digest-key 101 md5 NEW 

The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It sends multiple copies of the same packet, each authenticated by different keys. In this example, the system sends out two copies of the same packet—the first one authenticated by key 100 and the second one authenticated by key 101.

Rollover allows neighboring routers to continue communication while the network administrator is updating them with the new key. Rollover stops once the local system finds that all its neighbors know the new key. The system detects that a neighbor has the new key when it receives packets from the neighbor authenticated by the new key.

After all neighbors have been updated with the new key, the old key should be removed. In this example, you would enter the following:

    interface ethernet 1    no ip ospf message-digest-key 100 

Then, only key 101 is used for authentication on Ethernet interface 1. You should not keep more than one key per interface, as recommended by Cisco. Every time you add a new key, you should remove the old key to prevent the local system from continuing to communicate with a hostile system that knows the old key. Removing the old key also reduces overhead during rollover.

Example: The following example sets a new key 19 with the password 8ry4222:

    interface ethernet 1    ip ospf message-digest-key 10 md5 xvv560qle    ip ospf message-digest-key 19 md5 8ry4222 

Related Commands: area authentication

ip ospf name-lookup

To configure OSPF to look up Domain Name System (DNS) names for use in all OSPF SHOW EXEC command displays, use the ip ospf name-lookup global configuration command. To disable this feature, use the no form of this command. The syntax for this command (and the no form) is as follows:

    ip ospf name-lookup    no ip ospf name-lookup 

Syntax Description: This command has no arguments or keywords.

Default: Disabled.

Command Mode: Global configuration.

Usage Guidelines: This feature makes it easier to identify a router because it is displayed by name rather than by its router ID or neighbor ID.

Example: The following example configures OSPF to look up DNS names for use in all OSPF show EXEC command displays:

    ip ospf name-lookup 

Sample Display: The following is sample output from the show ip ospf database EXEC command, for example, after you have enabled the DNS name lookup feature:

    Router# show ip ospf database    OSPF Router with id (160.89.41.1) (Autonomous system 109)    Router Link States (Area 0.0.0.0)    Link ID ADV Router Age Seq# Checksum Link count    160.89.41.1 router 381 0x80000003 0x93BB 4    160.89.34.2 neon 380 0x80000003 0xD5C8 2    Net Link States (Area 0.0.0.0)    Link ID ADV Router Age Seq# Checksum    160.89.32.1 router 381 0x80000001 0xC117 

ip ospf network

To configure the OSPF network type to a type other than the default for a given media, use the ip ospf network interface configuration command. To return to the default value, use the no form of this command. The syntax for this command (and the no form) is as follows:

    ip ospf network {broadcast | non-broadcast | point-to-multipoint}    no ip ospf network 

Syntax Description:

broadcast. Sets the network type to broadcast.

non-broadcast. Sets the network type to nonbroadcast.

point-to-multipoint. Sets the network type to point-to-multipoint.

Default: Depends on the network type.

Command Mode: Interface configuration.

Usage Guidelines: Using this feature, you can configure broadcast networks as nonbroadcast multiaccess networks when, for example, you have routers in your network that do not support multicast addressing.

You can also configure nonbroadcast multiaccess networks, such as X.25, Frame Relay, and SMDS, as broadcast networks. This feature saves you from having to configure neighbors.

Configuring nonbroadcast multiaccess networks as either broadcast or nonbroadcast assumes that there are virtual circuits from every router to every router or fully-meshed network. This is not true for some cases, for example, due to cost constraints or when you have only a partially-meshed network. In these cases, you can configure the OSPF network type as a point-to-multipoint network. Routing between two routers that are not directly connected will go through the router that has virtual circuits to both routers. Note that you do not need to configure neighbors when using this feature.

If this command is issued on an interface that does not allow it, it will be ignored.

Example: The following example sets your OSPF network as a broadcast network:

    interface serial 0    ip address 160.89.77.17 255.255.255.0    ip ospf network broadcast    encapsulation frame-relay 

Related Commands: neighbor (OSPF)

ip ospf priority

To set the router priority, which helps determine the designated router for this network, use the ip ospf priority interface configuration command. To return to the default value, use the no form of this command. The syntax for this command (and the no form) is as follows:

    ip ospf priority number    no ip ospf priority 

Syntax Description:

number. 8-bit unsigned integer that specifies the priority. The range is from 0 to 255.

Default: Priority of 1.

Command Mode: Interface configuration.

Usage Guidelines: When two routers attached to a network, both attempt to become the designated router; the one with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero is ineligible to become the DR or BDR. Router priority is only configured for interfaces to multiaccess networks (in other words, not point-to-point networks).

This priority value is used when you configure OSPF for nonbroadcast networks using the neighbor router configuration command for OSPF.