All OSPF protocol exchanges can, if required, be authenticated. This means that only routers with
the correct authentication can join an AS. Different authentication schemes can be used and
with NetDefendOS the scheme can be either a passphrase or an MD5 digest.
It is possible to configure separate authentication methods for each AS.
OSPF Areas
An OSPF
Area
consists of networks and hosts within an AS that have been grouped together.
Routers that are only within an area are called
internal routers
. All interfaces on internal routers
are directly connected to networks within the area.
The topology of an area is hidden from the rest of the AS. This information hiding reduces the
amount of routing traffic exchanged. Also, routing within the area is determined only by the
area's own topology, lending the area protection from bad routing data. An area is a
generalization of an IP subnetted network.
In NetDefendOS, areas are defined by
OSPF Area
objects and are added to the AS which is itself
defined by an
OSPF Router
object. There can be more than one area within an AS so multiple
OSPF Area
objects could be added to a single
OSPF Router
. In most cases, one is enough and it
should be defined separately on each NetDefend Firewall which will be part of the OSPF
network.
This NetDefendOS object is described further in
OSPF Area Components
A summary of OSPF components related to an area is given below:
ABRs
Area Border Routers
are routers that have interfaces connected to more
than one area. These maintain a separate topological database for each
area to which they have an interface.
ASBRs
Routers that exchange routing information with routers in other
Autonomous Systems are called
Autonomous System Boundary Routers
.
They advertise externally learned routes throughout the Autonomous
System.
Backbone Areas
All OSPF networks need to have at least the
Backbone Area
which is the
OSPF area with an ID of 0. This is the area that other related areas should
be connected to. The backbone ensures routing information is distributed
between connected areas. When an area is not directly connected to the
backbone it needs a virtual link to it.
OSPF networks should be designed by beginning with the backbone.
Stub Areas
Stub areas are areas through which or into which AS external
advertisements are not flooded. When an area is configured as a stub area,
the router will automatically advertise a default route so that routers in
the stub area can reach destinations outside the area.
Transit Areas
Transit areas are used to pass traffic from an area that is not directly
connected to the backbone area.
The Designated Router
Each OSPF broadcast network has a single
Designated Router
(DR) and a single
Backup Designated
Router
. The routers use OSPF
Hello
messages to elect the DR and BDR for the network based on
Chapter 4: Routing
335
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...