OSPF Neighbor relationship process
1. Determine the Router ID
- It is the router’s name in the OSPF process. It’s always advisable to hard code the router-id.
- Router-id > Loopbacks > Active Physical interface IP
2. Add interfaces to the link state database, done by the network command
3. Send a Hello message on chosen interfaces
||Every 10 seconds
|Non-Broadcast Multi-access Networks (NBMA)
||Every 30 seconds
Since my new job requires me to be good at OSPF and the fact that the last time I studied OSPF was during my CCNA studies 4 years back I had to come up with this so I can fetch it when needed.
Just some notes that I prepared from CBT nuggets. Mostly it’s what Jeremy had on his screen and some of it is from the ROUTE cert guide. Just collated them for it to be in a single place for reference.
- Define a key chain > key > key-string.
- Reference the key-chain under the interface configuration.
key chain RIPkey
ip rip authentication key-string
ip rip authentication mode [md5 | text]
To minimize the complexity of configuration we can use IPsec profiles and associate them to Virtual Tunnel Interfaces. Its more like a Route Based VPN in Juniper NetScreen. There are other reasons why you would want to consider using VTIs to implement GRE over IPsec and they can be found here.
Jeremy Stretch has written a fantastic post on configuring GRE over IPsec using VTIs in the most simplest way possible – http://packetlife.net/blog/2008/jul/14/ipsec-quick-and-dirty/ so i won’t be bothering to include that all over again.
Just adding some notes below for my reference;
As GRE does not have its own mechanism to encrypt traffic it depends on IPsec for getting the encryption job done. As opposed to GRE over IPsec, which encrypts anything that is encapsulated by GRE, IPsec over GRE encrypts only the payload and not the routing protocols running over a GRE tunnel.
In IPsec over GRE, the GRE tunnel is established over the internet, neighborship is formed and routes are exchanged and all of this is in clear text. We are only concerned with encrypting the interesting traffic flowing between the two peers. When securing the routing updates and routes isn’t a requirement and the major concern is to encrypt the information/payload flowing between the peers we use IPsec over GRE.
IPsec over GRE eliminates the additional overhead of encrypting the GRE header.