Taos implementation of ospf, Ospf features, Security – Lucent Technologies 6000 User Manual

8-2

MAX 6000/3000 Network Configuration Guide

Configuring OSPF Routing
OSPF overview

TAOS implementation of OSPF

The primary goal for the TAOS current implementation of OSPF is to enable the MAX to
communicate with other routers within a single Autonomous System (AS). The TAOS
implementation includes Area Border Router (ABR) capabilities and MD5 authentication.

The MAX does not function as a full AS Border Router (ASBR), although it performs ASBR
calculations for external routes such as WAN links that do not support OSPF. The MAX
imports external routes into its OSPF database and flags them as Autonomous System External
(ASE). It redistributes those routes by means of OSPF ASE advertisements, and propagates its
OSPF routes to remote WAN routers that are running RIP.

The MAX supports null and simple password authentication.

OSPF features

This section provides a brief overview of OSPF routing to help you properly configure the
MAX. For full details about how OSPF works, see RFC 1583, OSPF Version 2, 03/23/1994, J.
Moy.

An Autonomous System (AS) is a group of OSPF routers exchanging information, typically
under the control of one company. An AS can include a large number of networks, all of which
are assigned the same AS number. All information exchanged within the AS is interior.

Exterior protocols are used to exchange routing information between Autonomous Systems.
The protocols are referred to by the acronym EGP (Exterior Gateway Protocol). Border routers
can use the AS number to filter out certain EGP routing information. OSPF can make use of
EGP data generated by other border routers and added into the OSPF system as ASEs, and can
also use static routes configured in the MAX or RADIUS.

Security

All OSPF protocol exchanges are authenticated. This means that only trusted routers can
participate in the AS’s routing. A variety of authentication schemes are available. In fact,
different authentication types can be configured for each area. In addition, authentication
provides added security for the routers that are on the network. Routers that do not have the
password cannot gain access to the routing information, because authentication failure
prevents a router from forming adjacencies.

OSPF on the MAX supports the MD5 cryptographic authentication method. You can select the
MD5 authentication type to direct the MAX to validate OSPF packet exchanges using MD5
encryption and an authentication key of as many as 16 characters. The authentication key value
in the KeyID field is a number from 0 to 255.

For detailed information about the AuthType and the KeyID parameters, see the MAX
Reference.

Support for variable length subnet masks

OSPF enables the flexible configuration of IP subnets. Each route distributed by OSPF has a
destination and mask. Two different subnets of the same IP network number can have different
sizes (different masks). This capability is commonly referred to as Variable Length Subnet