OSPF protocol Overview

OSPF (Open Shortest Path First) is an Internal Gateway Protocol (IGP) used for Route decision-making in a single autonomous system (. Compared with RIP, OSPF is a link-state path protocol, while RIP is a distance vector routing protocol. The link is another form of router interface. Therefore, OSPF is also known as the interface status routing protocol. OSPF establishes a link status database by notifying the status of network interfaces between routers, and generates a shortest path tree. Each OSPF router uses these Shortest Paths to construct a route table.
1. Related commands

Global settings

Note: 1) the OSPF routing process-id must be 1-65535. Multiple OSPF processes can be configured on the same vro, but it is best not to do so. Multiple OSPF processes require copies of multiple OSPF databases and must run copies of multiple Shortest Path Algorithms. Process-id only works inside the vro. The process-id of different vrouters can be different.

2) wildcard-mask is the inverse code of the subnet mask. The ID area-id in the network area is in decimal number from 0 to 4294967295, or it can be x. x in the IP address format. When the network Region ID is 0 or 0.0.0.0, it is the main domain. Routers in different network regions learn route information through the trunk domain.

2. Basic configuration example:

Interface ethernet 0
Ip address 192.1.0.129 255.255.255.192
!
Interface serial 0
Ip address 192.200.10.5 255.255.255.252
!
Router ospf 100
Network 192.200.10.4 0.0.3 area 0
Network 192.1.0.128 0.0.63 area 1
!
Router2:
Interface ethernet 0
Ip address 192.1.0.65 255.255.255.192
!
Interface serial 0
Ip address 192.200.10.6 255.255.255.252
!
Router ospf 200
Network 192.200.10.4 0.0.3 area 0
Network 192.1.0.64 0.0.63 area 2
!
Router3:
Interface ethernet 0
Ip address 192.1.0.130 255.255.255.192
!
Router ospf 300
Network 192.1.0.128 0.0.63 area 1
!
Router4:
Interface ethernet 0
Ip address 192.1.0.66 255.255.255.192
!
Router ospf 400
Network 192.1.0.64 0.0.63 area 1
!
Related Debugging commands:
Debug ip ospf events
Debug ip ospf packet
Show ip ospf
Show ip ospf database
Show ip ospf interface
Show ip ospf neighbor
Show ip route

3. Use Authentication 

For security reasons, we can enable the authentication function on the vrouters in the same OSPF region. Only the vrouters in the same region that have been authenticated can advertise route information to each other.

By default, OSPF does not use area verification. You can enable the authentication function in two ways: plain text authentication and Message Digest (md5) authentication. The authentication password transmitted by plain text authentication is identified by the Network detector, so it is not secure and is not recommended. The Digest (md5) authentication must encrypt the password before transmitting the authentication password. Therefore, we recommend that you use this method for authentication.

When using authentication, all vro interfaces in the region must use the same authentication method. To start identity authentication, you must configure a password for each vro interface in the region in router interface configuration mode.

The following are two verification settings. The network distribution and Address Allocation environment in this example are the same as those in the preceding basic configuration. The authentication function is only used in Zone 0 of Router1 and Router2.

Example 1. use plain text Authentication
Router1:
Interface ethernet 0
Ip address 192.1.0.129 255.255.255.192
!
Interface serial 0
Ip address 192.200.10.5 255.255.255.252
Ip ospf authentication-key cisco
!
Router ospf 100
Network 192.200.10.4 0.0.3 area 0
Network 192.1.0.128 0.0.63 area 1
Area 0 authentication
!
Router2:
Interface ethernet 0
Ip address 192.1.0.65 255.255.255.192
!
Interface serial 0
Ip address 192.200.10.6 255.255.255.252
Ip ospf authentication-key cisco
!
Router ospf 200
Network 192.200.10.4 0.0.3 area 0
Network 192.1.0.64 0.0.63 area 2
Area 0 authentication
!

Example 2. Message Digest (md5) authentication:
Router1:
Interface ethernet 0
Ip address 192.1.0.129 255.255.255.192
!
Interface serial 0
Ip address 192.200.10.5 255.255.255.252
Ip ospf message-digest-key 1 md5 cisco
!
Router ospf 100
Network 192.200.10.4 0.0.3 area 0
Network 192.1.0.128 0.0.63 area 1
Area 0 authentication message-digest
!
Router2:
Interface ethernet 0
Ip address 192.1.0.65 255.255.255.192
!
Interface serial 0
Ip address 192.200.10.6 255.255.255.252
Ip ospf message-digest-key 1 md5 cisco
!
Router ospf 200
Network 192.200.10.4 0.0.3 area 0
Network 192.1.0.64 0.0.63 area 2
Area 0 authentication message-digest
!
Related Debugging commands:
Debug ip ospf
Debug ip ospf events