|
OSPF routers use costs associated with
interfaces to determine the best route. The Cisco IOS automatically
determines cost based on the bandwidth of an interface using the
formula:
108/ bandwidth value = 100,000,000 /
bandwidth value
Figure shows common default path
costs for a variety of media. For OSPF to calculate routes properly,
all interfaces connected to the same link must agree on the cost of
that link. In a multivendor routing environment, you may override the
default cost of an interface to match another vendor's value with the ip
ospf cost command, which has
the following syntax:
router(config-if)#ip ospf cost
number
The new cost can be a number between 1
and 65,535. You can use this command to override the default cost on a
router's S0 using these commands:
router(config)#interface s0
router(config-if)#ip ospf cost 1000
The ip
ospf cost command
can also be used to manipulate the desirability of a route because
routers install the lowest-cost paths in their tables.
For the Cisco IOS cost formula to be
accurate, serial interfaces must be configured with appropriate
bandwidth values. Cisco routers default to T1 (1.544 Mbps) on most serial interfaces and require manual configuration for any other
bandwidth, as shown in this example:
router(config)#interface s1
router(config-if)#bandwidth 56
Configuring Authentication
Authentication is another interface-specific configuration. Each OSPF
interface on a router can present a different authentication key,
which functions as a password among OSPF routers in the same area. The
following command syntax is used to configure OSPF authentication:
router(config-if)#ip ospf
authentication-key password
After a password is configured, you can
enable authentication on an area-wide basis with the following syntax,
which must be entered on all participating routers:
router(config-router)#area
number authentication [message-digest]
Although the message-digest
keyword is optional, it is recommended that you always use it with
this command. By default, authentication passwords will be sent in
clear text over the wire. A packet sniffer could easily capture an
OSPF packet and decode the unencrypted password. However, if the message-digest
argument is used, a message digest, or hash, of the password is sent
over the wire in place of the password itself. Unless the recipient is
configured with the proper authentication key, that person will not be
able to make sense of the message digest.
If you choose to use message-digest
authentication, the authentication key will not be used. Instead, you
must configure a message-digest key on the OSPF router's interface.
The syntax for this command is as follows:
router(config-if)#ip ospf
message-digest-key key-id md5 [encryption-type]
password
Figure describes the ip
ospf message-digest-key command
parameters.
The following example sets the
message-digest key to "itsasecret" and enables
message-digest authentication within Area 0.
router(config)#int s0
router(config-if)#ip ospf message-digest-key 1 md5 7 itsasecret
router(config-if)#int e0
router(config-if)#ip ospf message-digest-key 1 md5 7 itsasecret
router(config-if)#router ospf 1
router(config-router)#area 0 authentication message-digest
Remember, you would have to configure
the same parameters on the other routers in the same area.
Configuring OSPF Timers
In order for OSPF routers to exchange information, they must have the
same hello intervals and the same dead intervals. By default, the dead
interval is four times the value of the hello interval. That way, a
router has four chances to send a hello packet before being declared
dead.
On broadcast OSPF networks, the default
hello interval is 10 seconds, and the default dead interval is 40
seconds. On nonbroadcast networks, the default hello interval is 30
seconds, and the default dead interval is 2 minutes (120 seconds).
These default values typically result
in efficient OSPF operation and therefore do not need to be modified.
You may come across a situation in which the hello and dead intervals
need to be adjusted either to improve performance or to match another
router's timers. The syntax of the commands needed to configure both
the hello and dead intervals is as follows:
router(config-if)#ip ospf
hello-interval seconds
router(config-if)#ip ospf dead-interval seconds
The following example sets the hello
interval to 5 seconds, and the dead interval to 20 seconds.
router(config)#interface e0
router(config-if)#ip ospf hello-interval 5
router(config-if)#ip ospf dead-interval 20
Note that, although it is advised, the
Cisco IOS does not require you to configure the dead interval to be
four times the hello interval. If you set the dead interval to be less
than that, you increase the risk that a router could be declared dead,
when in fact a congested or flapping link has prevented one or two
hello packets from reaching their destination.
|