The backbone area 0 cannot be an NSSA
All OSPF areas must physically connect to area 0 (backbone area). If one area cannot connect directly to area 0, you need a virtual link. Virtual links allow you to connect an OSPF area ABR to a backbone area ABR when a direct physical connection is not available. Figure 1-3 shows a virtual link that connects area 5 to the backbone area 0 through area 3.
You can also use virtual links to temporarily recover from a partitioned area, which occurs when a link within the area fails, isolating part of the area from reaching the designated ABR to the backbone area.
OSPF routers with the broadcast network type will flood the network with LSAs. The same link-state information needs to be sent from multiple sources. For this type, OSPF uses a single router, the designated router (DR), to control the LSA floods and represent the network to the rest of the OSPF area. OSPF selects a backup designated router (BDR). If the DR fails, the BDR will take the DR role of redistributing routing information.
Network types are as follows:
Point-to-point: A network that exists only between two routers. All neighbors on a point-to-point network establish adjacency, and there is no DR required.
Broadcast: A network with multiple routers that can communicate over a shared medium that allows broadcast traffic, such as Ethernet. OSPF routers establish a DR and BDR that control LSA flooding on the network. In OSPFv2, DR uses the well-known IPv4 multicast address 224.0.0.5 and the MAC address 0100.5e00.0005 to communicate with neighbors, and in OSPFv3, it uses the well-known IPv6 multicast address FF02::5 and the MAC address 3333.0000.0005 to communicate with neighbors. Likewise, in OSPFv2, each non-DR or non-BDR router uses the well-known IPv4 multicast address 224.0.0.6 and the MAC address 0100.5e00.0006 to send routing information to a DR or BDR, and in OSPFv3, it uses the well-known IPv6 multicast address FF02::6 and the MAC address 3333.0000.0006 to send routing information to a DR or BDR.
OSPFv2 supports authentication to prevent unauthorized or invalid routing updates in the network. Cisco NX-OS supports two authentication methods:
Simple password authentication
MD5 authentication digest
Simple password authentication uses a simple cleartext password that is sent as part of the OSPFv2 message. The receiving OSPFv2 router must be configured with the same cleartext password to accept the OSPFv2 message as a valid route update. Because the password is in clear text, anyone who can watch traffic on the network can learn the password.
Cisco recommends that you use MD5 authentication to authenticate OSPFv2 messages. You can configure a password that is shared at the local router and all remote OSPFv2 neighbors. For each OSPFv2 message, Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password. The interface sends this digest with the OSPFv2 message. The receiving OSPFv2 neighbor validates the digest using the same encrypted password. If the message has not changed, the digest calculation is identical, and the OSPFv2 message is considered valid.
MD5 authentication includes a sequence number with each OSPFv2 message to ensure that no message is replayed in the network.
OSPFv3 doesn’t have an authentication field in its header like OSPFv2; instead, OSPFv3 relies on IPsec.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
