OSPF Network Design Solutions
OSPF Features This area covers some of the features of OSPF (authentication and route redistribution between protocols) that you should consider deploying within your network. There can be only one choice concerning which feature should be first for you to consider. Protecting corporate resources, security, policing the network, ensuring correct usage of the network, authenticationthey are all different labels for a similar need within every network: network security. Network security should be built into the network from day one, not added as an afterthought. Mistakes have already happened in the networking environment you know today. Nevertheless, how could they not with the almost required Internet presence and www logo seen on almost every business card? The open unsecure protocols such as Simple Mail Transfer Protocol (SMTP) or Simple Network Management Protocol (SNMP) are essential for business and network management, though they are also vulnerable for exploitation. Hopefully, the respective working groups will get moving towards solving this problem. All is not doom and gloom though, as OSPF comes with built-in authenticationthe way it should be! OSPFs built-in authentication set is extremely useful and flexible. In the OSPF specification, MD5 is the only cryptographic algorithm that has been completely specified. The overall implementation of security within OSPF is rather straightforward. For example, you assign a key to OSPF. This key can either be the same throughout your network or different on each routers interface or a combination of the two. The bottom line is that each router directly connected to each other must have the same key for communication to take place. Further detailed discussion of this OSPF feature will take place in later chapters. Route redistribution is another very useful Cisco IOS software feature. To review redistribution is the exchange of routing information between two different routing processes (protocols). This feature should be turned on in your routers if you have separate routing domains within your Autonomous System and you need to exchange routes between them. For example, the engineering department might be running OSPF and the accounting department might be running IGRP as shown in Figure 7-18. Figure 7-18 depicts one router connecting the two separate touring processes (protocols), which need to share routing information. This sharing process is called redistribution. The router shown in Figure 7-18 is configured to run both IGRP and OSPF routing.
TIPS: When routes are redistributed between major networks, no subnet information is required. IOS Features Some of the features of the IOS that you should consider deploying within your network are as follows:
Step 6: Implement, Monitor, and Manage the Network The last step is also the first step to continually managing the growth of your network. Some time is spent on this subject later in the chapter, but Chapter 9, Managing Your OSPF Network, will delve more deeply into the network management arena. In the context of this step you should consider the following actions:
Notes: What do you know? Coming into Step 6 you have determined your network requirements, developed a physical network topology, laid out your addressing and naming scheme, provisioned your network equipment, and deployed the necessary OSPF and IOS features. In this step, you will begin to implement the network, institute monitoring, and engage in proactive network management. Network Management and Monitoring Applications Network management applications that use Simple Network Management Protocol (SNMP) provide a useful array of tools to control internetwork support costs:
Configuring OSPF on Cisco Routers
OSPF typically requires coordination among many internal routers, area border routers (routers connected to multiple areas), and autonomous system boundary routers. At a minimum, OSPF-based routers, or access servers, can be configured with all default parameter values, no authentication, and interfaces assigned to areas. If you intend to customize your environment, you must ensure coordinated configurations of all routers. To configure OSPF, complete the tasks in the following sections. Enabling OSPF is mandatory; the other tasks are optional, but they might be required for your network. Enabling OSPF on an Inter-Area Router
As with other routing protocols, the enabling of OSPF on Cisco routers requires a few steps before the process begins:
Now that you have determined how the OSPF process should be configured, you need to start configuring the router. Perform the following tasks, starting in global configuration mode:
If this was an inter-area OSPF router, then the process for configuring it for OSPF would now be complete. There are a few subtle differences when configuring the different types of OSPF routers, as described in the next few sections.
|