Module 2: Single-Area OSPF 
     
2.1 Link-State Routing Protocol 
   
2.1.1 Overview of link-state routing  

Link-state routing algorithms maintain a complex database of topology information.

鏈路狀態路由演算法維護一個複雜的拓樸資訊資料庫。

2.1.2 Link-state routing protocol features  

Link-state routing protocols collect route information from all other routers in the network or within a defined area of the network. Once all of the information is collected, each router calculates the best paths to all destinations in the network.

鏈路狀態路由協定收集了來自網路內部或某定義的網路區域內的所有其他的路由器的路徑資訊。一旦收集完成所有資訊,每個路由器計算到網路上所有目的地的最佳路徑。

The following are some link-state routing protocol functions:

下列是一些鏈路狀態路由協定功能:

Each router multicasts hello packets to keep track of the state of the neighbor routers. Each router uses LSAs to keep track of all the routers in its area of the network. The hello packets contain information about the networks that are attached to the router. In Figure , P4 knows about its neighbors, P1 and P3, on the Perth3 network. The LSAs provide updates on the state of links that are interfaces on other routers in the network.

每個路由器群播hello封包來追蹤鄰近路由器的狀況。每顆路由器使用LSA來追蹤在它的網路區域內的所有路由器。hello封包包含與路由器連接的網路相關資訊。圖, P4 知道在Perth3網路上的鄰居P1和P3。LSA提供對在網路上其他路由器的介面的鏈路狀態的更新。

Routers that use link-state routing protocols have the following features:

使用鏈路狀態路由協定的路由器有下列特徵:

2.1.3 How routing information is maintained  

When a failure occurs in the network, such as a neighbor becomes unreachable, link-state protocols flood LSAs with a special multicast address throughout an area. This process sends information out all ports, except the port on which the information was received. Each link-state router takes a copy of the LSA and updates its link-state, or topological database. The link-state router then forwards the LSA to all neighbor devices. LSAs cause every router within the area to recalculate routes. For this reason, the number of link-state routers within an area should be limited.

當網路上發生問題,如無法到達某一鄰居,鏈路狀態協定以特定的群播位址氾送LSA遍及整個區域。此程序會向外發送資訊到所有介面,除了接收到該資訊的介面。每個鏈路狀態路由器得到一個LSA的複本且更新它的鏈路狀態或拓樸資料庫。鏈路狀態路由器隨後轉送LSA給所有鄰近設備。LSA使得在區掝內的每個路由器重新計算路徑。因為此理由,在一個區域內的鏈路狀態路由器數目應被限制。

2.1.4 Link-state routing algorithms 

An LSA exchange is triggered by an event in the network instead of periodic updates. This speeds up the convergence process because there is no need to wait for a series of timers to expire before the routers can converge.

LSA交換是由網路上的事件觸發而不是週期性的更新。這加快收歛程序,因為路由器收歛前,不需要等候一序列的計時器逾期的時間。

 
2.1.5 Advantages and disadvantages of link-state routing 

This page lists the advantages and disadvantages of link-state routing protocols. The following are advantages of link-state routing protocols:

 本頁列示鏈路狀態路由協定的優點和缺點。下列是鏈路狀態路由協定的優點:

The following are some disadvantages of link-state routing protocols:

下列是一些鏈路狀態路由協定的缺點:

2.1.6 Compare and contrast distance vector and link-state routing 
 
同上.
 
2.2 Single-Area OSPF Concepts 
   
2.2.1 OSPF overview 

OSPF can be used and configured as a single area for small networks. It can also be used for large networks.

OSPF 能被使用並組態成單一區域的小型網路。 它也能用在大型的網路。

As shown in Figure , large OSPF networks use a hierarchical design. Multiple areas connect to a distribution area, or area 0 which is also called the backbone. The design approach allows for extensive control of routing updates. Area definition reduces routing overhead, speeds up convergence, confines network instability to an area, and improves performance.

如同圖 顯示,大的OSPF網路使用階層式設計。多個區域連接到一個分區域,或也被稱為主幹的區域0。此設計方法使路由更新可廣泛控制。區域定義減少路由負擔、加快收歛、將網路不穩定性限制到一個區域和改進效能。

 
2.2.2 OSPF terminology 

OSPF gathers information from neighbor routers about the link status of each OSPF router. This information is flooded to all its neighbors. An OSPF router advertises its own link-states and passes on received link-states.

OSPF 收集從鄰近路由器來的關於每個OSPF 路由器的鏈結狀況的資訊。這資訊氾送給它所有的鄰居。OSPF 路由器通告它自己的鏈路狀態和傳遞收到的鏈路狀態。

The routers process the information about link-states and build a link-state database. Every router in the OSPF area will have the same link-state database. Therefore, every router has the same information about the state of the links and the neighbors of every other router.

路由器處理關於鏈路狀態的資訊和建置一個鏈路狀態資料庫。在OSPF區域的每個路由器有相同的鏈路狀態資料庫。因此,每個路由器有關於鏈路狀況和其他每個路由器的鄰居的相同資訊。

Each router then applies the SPF algorithm on its own copy of the database. This calculation determines the best route to a destination. The SPF algorithm adds up the cost, which is a value that is usually based on bandwidth. The lowest cost path is added to the routing table, which is also known as the forwarding database.

每顆路由器隨後對它自己的資料庫複本使用SPF演算法。此計算決定到目的地的最佳路徑。SPF 演算法加總成本,成本通常依據頻寬的一個值。最小成本路徑會加到路由表,它也被稱為轉送資料庫。

Each router keeps a list of adjacent neighbors, called the adjacency database. The adjacency database is a list of all the neighbor routers to which a router has established bidirectional communication. This is unique to each router.

每顆路由器保有一個被稱為鄰接資料庫的相鄰鄰居的表單。鄰接資料庫是與所有鄰近路由器建立雙向通訊的的表單。這對每個路由器是唯一的。

To reduce the number of exchanges of routing information among several neighbors on the same network, OSPF routers elect a designated router (DR) and a backup designated router (BDR) that serve as focal points for routing information exchange.

減少在相同網路內鄰居間的路由資訊交換的數OSPF路由器選舉一個指定路由器(DR)和一個備份指定路由器(BDR),來擔任路由資訊交換的焦點。

 
2.2.3 Comparing OSPF with distance vector routing protocols 

OSPF guarantees loop-free routing. Distance vector protocols may cause routing loops.

OSPF 保證無迴圈路由,距離向量協定可能引起路由迴圈。

 
2.2.4 Shortest path algorithm 

In this algorithm, the best path is the lowest cost path. Edsger Wybe Dijkstra, a Dutch computer scientist, formulated the shortest path-algorithm, also known as Dijkstra's algorithm.

在此演算法,最佳路徑是最小成本的路徑。荷蘭的電腦科學家Edsger Wybe Dijkstra導出最短路徑演算法的公式,也被稱為Dijkstra演算法。

 
2.2.5 OSPF network types 

OSPF interfaces automatically recognize three types of networks:

  • Broadcast multi-access, such as Ethernet
  • Point-to-point networks
  • Nonbroadcast multi-access (NBMA), such as Frame Relay

OSPF 介面辨識三種網路的類型:

A fourth type, point-to-multipoint, can be manually configured on an interface by an administrator. 

第四種類型,一點對多點,可由管理者在一介面上加以組態設定。

In a multi-access network, it is not known in advance how many routers will be connected. In point-to-point networks, only two routers can be connected.

在多重存取網路,預先並不知道將連接多少路由器。在點對點網路,只有二個路由器能被連接。

In a broadcast multi-access network segment, many routers may be connected. If every router had to establish full adjacency with every other router and exchange link-state information with every neighbor, there would be too much overhead. If there are 5 routers, 10 adjacency relationships would be needed and 10 link-states sent. If there are 10 routers then 45 adjacencies would be needed. In general, for n routers, n*(n-1)/2 adjacencies would need to be formed.

在廣播多重存取網路區段,可以連接許多路由器。假如每個路由器必須建立和每個其他路由器完全的鄰接且和每個鄰居交換鏈路狀態資訊,將會有太多的額外負擔。假如有5顆路由器,將需要10個鄰接關係和送出10鏈路狀態。假如有10顆路由器,將需要45個鄰接。一般而言,對n個路由器,將需要形成n*(n-1 )/2個鄰接。

The solution to this overhead is to hold an election for a designated router (DR). This router becomes adjacent to all other routers in the broadcast segment. All other routers on the segment send their link-state information to the DR. The DR in turn acts as the spokesperson for the segment. The DR sends link-state information to all other routers on the segment using the multicast address of 224.0.0.5 for all OSPF routers.

對此額外負擔的解決方式是執行指定路由器(DR)的選舉。此路由器成為毗連到在廣播區段內所有其他路由器。在此區段內所有其他路由器發送它們的鏈路狀態資訊給DRDR隨後作用如同這區段的發言人。DR使用對所有OSPF路由器的多點廣播位址224 .0 .0 .5來發送鏈路狀態資訊給在區段內的所有其他路由器。

Despite the gain in efficiency that electing a DR provides, there is a disadvantage. The DR represents a single point of failure. A second router is elected as a backup designated router (BDR) to take over the duties of the DR if it should fail. To ensure that both the DR and the BDR see the link-states all routers send on the segment, the multicast address for all designated routers, 224.0.0.6, is used.

儘管選舉DR提供了在效率上的改進,也有一個缺點。DR存著單點的失效。第二個路由器被選舉來當備份指定路由器(BDR)以取代假如DR失效的責任。為保證DR和BDR兩者知道在這區段所有路由器發送的鏈路狀態,給所有指定路由器的多點廣播位址224.0.0.6被使用。

On point-to-point networks only two nodes exist and no DR or BDR is elected. Both routers become fully adjacent with each other.

在點對點的網路只有二個節點存在且沒有DR或者BDR被選定。路由器兩者彼此完全相鄰。

 
2.2.6 OSPF Hello protocol 
 

When a router starts an OSPF routing process on an interface, it sends a hello packet and continues to send hellos at regular intervals. The rules that govern the exchange of OSPF hello packets are called the Hello protocol.

當路由器要在某介面開始OSPF路由程序時,它送出一個hello封包且定期持續送出hello。管理支配OSPF hello封包交換的規則稱為Hello協定。

At Layer 3 of the OSI model, the hello packets are addressed to the multicast address 224.0.0.5. This address is “all OSPF routers”. OSPF routers use hello packets to initiate new adjacencies and to ensure that neighbor routers are still functioning. Hellos are sent every 10 seconds by default on broadcast multi-access and point-to-point networks. On interfaces that connect to NBMA networks, such as Frame Relay, the default time is 30 seconds.

在OSI模式的第3層,hello封包的群播位址是224 .0 .0 .5。此位址代表“所有OSPF路由器 ”。OSPF 路由器使用hello封包來起始新的鄰接和確保鄰近路由器仍然在運作。在廣播多重存取和點對點網路,預設每10秒送出Hello。在連接到諸如訊框中繼的NBMA網路上的介面預設時間是30秒。

On multi-access networks the Hello protocol elects a designated router (DR) and a backup designated router (BDR).

在多重存取網路,Hello通訊協定選舉指定路由器(DR)和備份指定路由器(BDR)

Although the hello packet is small, it consists of the OSPF packet header. For the hello packet the type field is set to 1.

雖然hello封包是小的,它包含OSPF 封包標頭。hello封包的類型欄位是被設為1。

The hello packet carries information that all neighbors must agree upon before an adjacency is formed, and link-state information is exchanged.

hello封包在鄰接成形之前,載送所有鄰居必須同意的資訊且交換鏈路狀態資訊。

2.2.7 Steps in the operation of OSPF 

When a router starts an OSPF routing process on an interface, it sends a Hello packet and continues to send Hellos at regular intervals. The set of rules that govern the exchange of OSPF Hello packets is called the Hello protocol. On multi-access networks, the Hello protocol elects a designated router (DR) and a backup designated router (BDR). The Hello carries information about which all neighbors must agree to form an adjacency and exchange link-state information. On multi-access networks the DR and BDR maintain adjacencies with all other OSPF routers on the network.  

當路由器在某一介面要開始OSPF路由程序時,它送出一個Hello封包且定期持續送出Hello。管理支配OSPF hello封包交換的這組規則稱為Hello協定。在多重存取網路,Hello協定選舉指定路由器(DR)和備份指定路由器(BDR)。Hello載送所有鄰居必須同意而形成鄰接性的資訊且交換鏈路狀態資訊。在多重存取網路, DR和BDR 與網路上的所有其他OSPF路由器保持鄰接。

Adjacent routers go through a sequence of states. Adjacent routers must be in the full state before routing tables are created and traffic routed. Each router sends link-state advertisements (LSA) in link-state update (LSU) packets. These LSAs describe all of the routers links. Each router that receives an LSA from its neighbor records the LSA in the link-state database. This process is repeated for all routers in the OSPF network.

鄰近路由器經歷了一序列的狀況。在路由表格被產生和訊務交通被繞送之前,鄰近路由器必需經此全部的狀況。每個路由器發送在鏈路狀態更新(LSU)封包內的鏈路狀態廣播(LSA)。這些LSA描述所有路由器鏈路。從它的鄰居收到LSA的每個路由器記錄LSA在鏈路狀態資料庫。此程序在OSPF 網路的所有路由器中重複進行。

When the databases are complete, each router uses the SPF algorithm to calculate a loop free logical topology to every known network. The shortest path with the lowest cost is used in building this topology, therefore the best route is selected.

當資料庫建置完成,每個路由器使用SPF演算法來計算到每個已知網路的無迴圈的邏輯拓撲。使用最小 成本的最短路徑來建立此拓撲,因此最佳路徑被選擇了。

When there is a change in a link-state, routers use a flooding process to notify other routers on the network about the change. The Hello protocol dead interval provides a simple mechanism for determining that an adjacent neighbor is down. -

當一鏈路狀態有改變,時,路由器使用氾送程序來通知網路上的其他路由器關於此改變。Hello協定的停效(死 )間隔提供一個簡單的機制來決定鄰近鄰居是否當機。

 
2.3 Single-Area OSPF Configuration 
   
2.3.1 Configuring OSPF routing process  

OSPF routing uses the concept of areas. Each router contains a complete database of link-states in a specific area. An area in the OSPF network may be assigned any number from 0 to 65,535. However a single area is assigned the number 0 and is known as area 0. In multi-area OSPF networks, all areas are required to connect to area 0. Area 0 is also called the backbone area.

OSPF路由使用區域的觀念。每個路由器包含一個在一特定區域內完整的鏈路狀態資料庫。在OSPF 網路內的一個區域可以指定為從0到65 ,535的任何编號,然而被指定為編號0的單一區域,即所謂的區域0。在多區域的OSPF網路,所有區域都要連接到區域0。區域0也被稱為主幹區域。

OSPF configuration requires that the OSPF routing process be enabled on the router with network addresses and area information specified. Network addresses are configured with a wildcard mask and not a subnet mask. The wildcard mask represents the links or host addresses that can be present in this segment. Area IDs can be written as a whole number or dotted decimal notation.

OSPF組態要求OSPF路由程序在路由器上啟用而具有網路位址和特定區域資訊。 網路位址和萬用遮罩組態在一起,而不是子網路遮罩。萬用遮罩代表有可能出現在這區段的鏈路或主機位址。區域ID可寫成整個數字或寫成點十進制記數。

To enable OSPF routing, use the global configuration command syntax:

Router(config)#router ospfprocess-id

要啟用OSPF路由,使用全域組態指令語法:

          Router(config)#router ospf 程序ID

The process ID is a number that is used to identify an OSPF routing process on the router. Multiple OSPF processes can be started on the same router. The number can be any value between 1 and 65,535. Most network administrators keep the same process ID throughout an autonomous system, but this is not a requirement. It is rarely necessary to run more than one OSPF process on a router. IP networks are advertised as follows in OSPF:

Router(config-router)#network address wildcard-mask area area-id

程序ID是用來辨識路由器上一個OSPF路由程序的號碼。一顆路由器可啟動多個OSPF程序。此號碼可為1到65 ,535間的任意值。大部分網路管理者對一個自主系統,保持相同程序ID, 但這不是必要的。在一個路由器上很少需要執行超過一個OSPF程序。IP網路在OSPF以下列方式廣播:

           Router(config-router)# network 位址  萬用遮罩  area 區域ID

Each network must be identified with the area to which it belongs. The network address can be a whole network, a subnet, or the address of the interface. The wildcard mask represents the set of host addresses that the segment supports. This is different than a subnet mask, which is used when configuring IP addresses on interfaces.

每個網路必須以它所屬區域加以辨識。網路位址可能是整個網路、子網路或介面的位址。萬用遮罩代表此區段支援的主機位址的集合。這和子網路遮罩不同,子網路遮罩是用來組態介面的IP位址。

Lab Exercise: Configuring the OSPF Routing Process

In this lab, students will setup an IP addressing scheme for OSPF area 0 and configure and verify OSPF routing.

 
2.3.2 Configuring OSPF loopback address and router priority 

When the OSPF process starts, the Cisco IOS uses the highest local active IP address as its OSPF router ID. If there is no active interface, the OSPF process will not start. If the active interface goes down, the OSPF process has no router ID and therefore ceases to function until the interface comes up again

當OSPF程序開始,Cisco IOS使用本機最高運作IP位址當它的OSPF路由器ID。假如沒有活動介面,OSPF程序將不會開始。假如活動介面停止,OSPF程序因沒有路由器ID而終止作用,一直到介面又起效用。.

To ensure OSPF stability there should be an active interface for the OSPF process at all times. A loopback interface, which is a logical interface, can be configured for this purpose. When a loopback interface is configured, OSPF uses this address as the router ID, regardless of the value. On a router that has more than one loopback interface, OSPF takes the highest loopback IP address as its router ID.

為了確保OSPF穩定性,OSPF程序在任何時間應有一個活動介面。為了此目的,可組態設定一個邏輯介面的迴路介面。當迴路介面被組態時,無論其值OSPF使用此位址當作路由器ID。有超過一個迴路介面的路由器,OSPF選取最高迴路IP位址當作它的路由器ID

To create and assign an IP address to a loopback interface use the following commands:

Router(config)#interface loopback number

Router(config-if)#ip address ip-address subnet-mask

 

要產生和分派一個IP位址給迴路介面使用下列指令:

          Router(config)#interface loopback 編號

          Router(config)#ip address ip位址 子網路遮罩

It is considered good practice to use loopback interfaces for all routers running OSPF. This loopback interface should be configured with an address using a 32-bit subnet mask of 255.255.255.255. A 32-bit subnet mask is called a host mask because the subnet mask specifies a network of one host. When OSPF is requested to advertise a loopback network, OSPF always advertises the loopback as a host route with a 32-bit mask.

使用迴路介面所有執行OSPF的路由器被視為好的實務。迴路介面應該被組態成使用32位元子網路遮罩255.255.255.255的位址。32位元子網路遮罩被稱為主機遮罩,因為子網路遮罩規範了一台主機的網路。當OSPF被要求廣播迴路網路時,OSPF總是廣播此具32位元遮罩的迴路主機路

In broadcast multi-access networks there may be more than two routers. OSPF elects a designated router (DR) to be the focal point of all link-state updates and link-state advertisements. Because the DR role is critical, a backup designated router (BDR) is elected to take over if the DR fails.

在廣播多重存取網路可能有二顆以上的路由器。OSPF選舉指定路由器(DR)來當作所有鏈路狀態更新和鏈路狀態廣播的中心。因為DR角色是重要,假如DR失效時,備份指定路由器(BDR)被選舉來取代。

If the network type of an interface is broadcast, the default OSPF priority is 1. When OSPF priorities are the same, the OSPF election for DR is decided on the router ID. The highest router ID is selected.

假如一個介面的網路類型是廣播,預設OSPF優先權是1。當OSPF優先權相同,OSPF選舉DR是依路由器ID來作決定。最高的路由器ID被選擇。

The election result can be determined by ensuring that the ballots, the hello packets, contain a priority for that router interface. The interface reporting the highest priority for a router will ensure that it becomes the DR.

選舉的結果可以透過確認包含那個路由器介面的優先權的選票,即hello封包來決定。介面報告它有路由器的最高優先權將使它成為DR。

The priorities can be set to any value from 0 to 255. A value of 0 prevents that router from being elected. A router with the highest OSPF priority will be selected as the DR. A router with the second highest priority will be the BDR. After the election process, the DR and BDR retain their roles even if routers are added to the network with higher OSPF priority values.

優先權可以設定為從0255的任何值。0的值止路由器被選舉。有最高OSPF優先權的路由器將被選擇為DR。有第二高優先權的路由器將成為BDR。在選擇程序之後,即使有更高的OSPF優先權值的路由器被加入到這網路,DRBDR仍維持它們的角色。

Modify the OSPF priority by entering global interface configuration ip ospf priority command on an interface that is participating in OSPF. The command show ip ospf interface will display the interface priority value as well as other key information.

Router(config-if)#ip ospf prioritynumber

Router#show ip ospf interfacetype number

在參與OSPF的一個介面上以進入全域介面組態 ip ospf priority指令來更改OSPF優先權。 指令show ip ospf interface 將顯示介面優先權值和其他的關鍵資訊。

          Router(config-if)#ip ospf priority 數值

          Router#show ip ospf interface 型態 數值

Lab Exercise: Configuring OSPF with Loopback Addresses

In this lab, students will configure OSPF Loopback addresses and observe the election process.

 
2.3.3 Modifying OSPF cost metric  

OSPF uses cost as the metric for determining the best route. A cost is associated with the output side of each router interface. Costs are also associated with externally derived routing data. In general, the path cost is calculated using the formula 10^8/ bandwidth, where bandwidth is expressed in bps. The system administrator can also configure cost by other methods. The lower the cost, the more likely the interface is to be used to forward data traffic. The Cisco IOS automatically determines cost based on the bandwidth of the interface. It is essential for proper OSPF operation that the correct interface bandwidth is set.

OSPF使用成本當決定最佳路由的權值。成本是和每個路由器介面的輸出端有關,成本也和外部衍生的路由資料有關。大致而言,路徑成本使用公式10^8 / 頻寬加以計算,此處頻寬以bps表示。系統管理員也能以其他的方法組態成本。成本愈低,介面被使用來轉送資料訊務愈可能。Cisco IOS依據介面的頻寬自動決定成本。為了合適的OSPF運作,設定正確介面頻寬是必要的。

Router(config)#interface serial 0/0

Router(config-if)#bandwidth 56

Cost can be changed to influence the outcome of the OSPF cost calculation. A common situation requiring a cost change is in a multi-vendor routing environment. A cost change would ensure that one vendor’s cost value would match another vendor’s cost value. Another situation is when Gigabit Ethernet is being used. The default cost assigns the lowest cost value of 1 to a 100 Mbps link. In a 100-Mbps and Gigabit Ethernet situation, the default cost values could cause routing to take a less desirable path unless they are adjusted. The cost number can be between 1 and 65,535.

成本可被改變來影響OSPF成本計算的結果。需要將成本改變的一個普遍狀況是在多供應商的路由環境。成本改變將確保供應商的成本值和另一供應商的成本值相當。另一個狀況是當Gigabit乙太網路被使用時。預設成本指定最小的成本值1給100Mbps鏈路。在100-Mbps和Gigabit乙太網路狀況,預設成本值可能使路由選用一條較不適當的路徑,除非調整它們。成本數值可在1到65,535之間。

Use the following interface configuration command to set the link cost:

Router(config-if)#ip ospf costnumber

使用下列介面組態命令來設定鏈路成本:

           Router(config-if)#ip ospf cost 數值  

Lab Exercise: Modifying OSPF Cost Metric

In this lab, students will setup an Open Shortest Path First (OSPF) area

2.3.4 Configuring OSPF authentication 

By default, a router trusts that routing information is coming from a router that should be sending the information. A router also trusts that the information has not been tampered with along the route.

路由器預設信賴從發送資訊的路由器來的路由資訊。路由器也信賴沿路上的資訊沒有被偽造

To guarantee this trust, routers in a specific area can be configured to authenticate each other.

要保證此信賴,在特定區域內的路由器可被組態以彼此驗證。

Each OSPF interface can present an authentication key for use by routers sending OSPF information to other routers on the segment. The authentication key, known as a password, is a shared secret between the routers. This key is used to generate the authentication data in the OSPF packet header. The password can be up to eight characters. Use the following command syntax to configure OSPF authentication:

Router(config-if)#ip ospf authentication-keypassword

由路由器發送OSPF資訊給在區段內的其他路由器,每個OSPF 介面存有一認證鍵供使用。這認證鍵,稱為密碼,是路由器間共享的秘密。這鍵值被使用來產生OSPF封包標頭內的認證資料。密碼可達八字元。使用下面指令語法來組態OSPF認證:

             Router(config-if)#ip ospf authentication-key 密碼

After the password is configured, authentication must be enabled:

Router(config-router)#areaarea-number authentication

密碼被組態設定之後,必需啟用認證:

             Router(config-router)#area 區域編號 authentication

With simple authentication, the password is sent as plain text. This means that it can be easily decoded if a packet sniffer captures an OSPF packet.

憑著簡單的認證,密碼以明文傳送。此意味假如封包欄截者擷取一個OSPF 封包,它可能容易被解碼

It is recommended that authentication information be encrypted. To send encrypted authentication information and to ensure greater security, the message-digest keyword is used. The MD5 keyword specifies the type of message-digest hashing algorithm to use, and the encryption type field refers to the type of encryption, where 0 means none and 7 means proprietary.

認證資訊被加密是被推薦的。要發送加密的認證資訊和確保更高的安全性,訊息摘要關鍵字被使用。MD5關鍵字規範了使用的訊息摘要雜湊演算法的類型,和對應加密類型的加密型態欄位,其中0表示未設和7表示專屬的。

Use the interface configuration command mode syntax:

Router(config-if)#ip ospf message-digest-keykey-id encryption-type md5key

使用介面組態指命模式語法:

             Router(config-if)#ip ospf message-digest-key 鍵id  加密型態 md5

The key-id is an identifier and takes the value in the range of 1 through 255. The key is an alphanumeric password up to sixteen characters. Neighbor routers must use the same key identifier with the same key value.

id是一識別子,其值在1255之間。鍵是可達十六字元的文數字密碼。鄰近路由器必須使用有相同鍵值的同一鍵識別子。

The following is configured in router configuration mode:

Router(config-router)#areaarea-id authentication message-digest

下列是在路由器組態模式下進行組態:

         Router(config-router)#area 區域ID authentication message-digest

MD5 authentication creates a message digest. A message digest is scrambled data that is based on the password and the packet contents. The receiving router uses the shared password and the packet to re-calculate the digest. If the digests match, the router believes that the source and contents of the packet have not been tampered with. The authentication type identifies which authentication, if any, is being used. In the case of message-digest authentication, the authentication data field contains the key-id and the length of the message digest that is appended to the packet. The message digest is like a watermark that cannot be counterfeited.

MD5認證產生訊息摘要。訊息摘要是依據密碼和封包內容的混合資料。接收的路由器使用共享密碼和封包來重新計算摘要。假如摘要相符,路由器相信封包的來源和內容沒有被偽造。 假如有的話,認證型態識別那種認證被使用。在訊息摘要認證狀況,認證資料欄位包含附加到封包的鍵識別子和訊息摘要的長度。訊息摘要如同不能被仿冒的浮水印。

Lab Exercise: Configuring OSPF Authentication

In this lab, students will introduce OSPF authentication into the area.

2.3.5 Configuring OSPF timers  

OSPF routers must have the same hello intervals and the same dead intervals to exchange information. By default, the dead interval is four times the value of the hello interval. This means that a router has four chances to send a hello packet before being declared dead.

OSPF路由器必須有相同的hello間隔和相同的停效間隔以交換資訊。停效間隔預設是hello間隔的四倍。此意即在宣告停效前,路由器有四次機會來發送hello封包。

On broadcast OSPF networks, the default hello interval is 10 seconds and the default dead interval is 40 seconds. On nonbroadcast networks, the default hello interval is 30 seconds and the default dead interval is 120 seconds. These default values result in efficient OSPF operation and seldom need to be modified.

在廣播OSPF網路,預設hello間隔是10秒且預設停效間隔是40秒。在非廣播網路,預設hello間隔是30秒且預設停效間隔是120秒。這些預設值能讓OSPF有效率的運作且很少需要更改。

A network administrator is allowed to choose these timer values. A justification that OSPF network performance will be improved is needed prior to changing the timers. These timers must be configured to match those of any neighboring router.

網路管理員可以選擇這些計時器值。在改變計時器之前,必須先確認OSPF網路效能將獲得改進。這些計時器必需被組態以和任何鄰近路由器的設定相符。

To configure the hello and dead intervals on an interface, use the following commands:

Router(config-if)#ip ospf hello-intervalseconds

Router(config-if)#ip ospf dead-intervalseconds

要組態在一個介面上的hello和停效間隔,使用下面指令:

         Router(config-if)#ip ospf hello-interval 秒數

         Router(config-if)#ip ospf dead-interval 秒數

2.3.6 OSPF, propagating a default route  

To reach networks outside the domain, either OSPF must know about the network or OSPF must have a default route.

要到達網域外的網路,OSPF必須知道此網路或者OSPF必須有預設路徑。

A practical alternative is to add a default route to the OSPF router connected to the outside network. This route can be redistributed to each router in  the AS through normal OSPF updates.

實際的替代方式是 加入預設路徑給要連到外面網路OSPF 路由器。以經正常OSPF 更新重新分配AS內的每個路由器。

A configured default route is used by a router to generate a gateway of last resort. The static default route configuration syntax uses the network 0.0.0.0 address and a subnet mask 0.0.0.0:

Router(config)#ip route 0.0.0.0 0.0.0.0 [interface | next-hop address ]

組態預設路徑被路由器用來產生最後依據的閘道。靜態預設路由的組態語法使用網路0 .0 .0 .0位址和子網路遮罩0 .0 .0 .0 :

         Router(config)#ip route 0.0.0.0 0.0.0.0 [介面 | 下個跳躍位址 ]

This is referred to as the quad-zero route, and any network address is matched using the following rule. The network gateway is determined by ANDing the packet destination with the subnet mask.

此稱為四零路徑,且任何網路位址使用下列規則判斷是否相符。網路閘道器以封包目的地和子網路遮罩進行AND運算來加以決定。

The following configuration statement will propagate this route to all the routers in a normal OSPF area:

Router(config-router)#default-information originate

下列組態敘述將傳播此路徑給在正常OSPF區域內的所有路由器:

          Router(config-router)#default-information originate

All routers in the OSPF area will learn a default route provided that the interface of the border router to the default gateway is active.

只要邊界路由器到預設閘道器的介面還有作用,在OSPF區域的所有路由器將學習預設路徑。

Lab Exercise: Propagating Default Routes in an OSPF Domain

In this lab, students will configure the OSPF network so that all hosts in the OSPF area can connect to outside networks.

 
2.3.7 Common OSPF configuration issues 

An OSPF router must establish a neighbor or adjacency relationship with another OSPF router to exchange routing information. Failure to establish a neighbor relationship is caused by any of the following reasons:

  • Hellos are not sent from both neighbors.
  • Hello and dead interval timers are not the same.
  • Interfaces are on different network types.
  • Authentication passwords or keys are different.

OSPF 路由器必須建立和其他OSPF路由器的鄰居或鄰近關係以交換路由資訊。無法建立鄰居關係是由於任何下列理由:

  • Hello沒有從鄰居兩端傳送。

  • Hello和停效間隔計時器不相同。

  • 介面屬於不同的網路類型。

  • 認證密碼或鍵值不同。

In OSPF routing it is also important to ensure the following:

  • All interfaces have the correct addresses and subnet mask.
  • network area statements have the correct wildcard masks.
  • network area statements put interfaces into the correct area.

在OSPF路由,確保下列也是重要:

  • 所有介面有正確位址和子網路遮罩。

  • network area敘述有正確的萬用遮罩。

  • network area敘述將介面放到正確的區域。

2.3.8 Verifying the OSPF configuration  

To verify the OSPF configuration a number of show commands are available. Figure lists these commands. Figure shows commands useful for troubleshooting OSPF.

要驗證OSPF組態,有一些show命令可用。圖列示這些命令。圖顯示對診斷OSPF有用的 命令。