xStack® DGS-3620 Series Managed Switch Web UI Reference Guide
167
3.
Network Link-State Updates
- Issued by multi-access areas that have more than one attached router.
One router is elected as the Designated Router (DR) and this router issues the network link-state updates
describing every router on the segment.
4.
External Link-State Updates
- Issued by an Autonomous System Border Router and describes routes to
destinations outside the AS or a default route to the outside AS.
The format of these link-state updates is described in more detail below.
Router link-state updates are flooded to all routers in the current area. These updates describe the destinations
reachable through all of the router’s interfaces.
Summary link-state updates are generated by Border Routers to distribute routing information about other networks
within the AS. Normally, all Summary link-state updates are forwarded to the backbone (area 0) and are then
forwarded to all other areas in the network. Border Routers also have the responsibility of distributing routing
information from the Autonomous System Border Router in order for routers in the network to get and maintain
routes to other Autonomous Systems.
Network link-state updates are generated by a router elected as the Designated Router on a multi-access segment
(with more than one attached router). These updates describe all of the routers on the segment and their network
connections.
External link-state updates carry routing information to networks outside the Autonomous System. The
Autonomous System Border Router is responsible for generating and distributing these updates.
OSPF packets can be authenticated as coming from trusted routers by the use of predefined passwords. The
default for routers is to use no authentication.
OSPF Authentication
There are two other authentication methods: Simple Password Authentication (key) and Message Digest
authentication (MD-5).
A password (or key) can be configured on a per-area basis. Routers in the same area that participate in the routing
domain must be configured with the same key. This method is possibly vulnerable to passive attacks where a link
analyzer is used to obtain the password.
Simple Password Authentication
MD-5 authentication is a cryptographic method. A key and a key-ID are configured on each router. The router then
uses an algorithm to generate a mathematical “message digest” that is derived from the OSPF packet, the key and
the key-ID. This message digest (a number) is then appended to the packet. The key is not exchanged over the
wire and a non-decreasing sequence number is included to prevent replay attacks.
Message Digest Authentication (MD-5)
OSPF limits the number of link-state updates required between routers by defining areas within which a given
router operates. When more than one area is configured, one area is designated as area 0, also called the
backbone.
Backbone and Area 0
The backbone is at the center of all other areas, all areas of the network have a physical (or virtual) connection to
the backbone through a router. OSPF allows routing information to be distributed by forwarding it into area 0, from
which the information can be forwarded to all other areas (and all other routers) on the network.
In situations where an area is required, but is not possible to provide a physical connection to the backbone, a
virtual link can be configured.
Virtual links accomplish two purposes:
Virtual Links
Содержание DGS-3620-28PC-EI
Страница 1: ......