Specifications
Implementing OSPF on Cisco IOS XR Software
Information About Implementing OSPF on Cisco IOS XR Software
RC-241
Cisco IOS XR Routing Configuration Guide
To manage the rollover of keys and enhance MD5 authentication for OSPF, you can configure a container
of keys called a keychain with each key comprising the following attributes: generate/accept time, key
identification, and authentication algorithm.
GTSM TTL Security Mechanism for OSPF
OSPF is a link state protocol that requires networking devices to detect topological changes in the
network, flood Link State Advertisement (LSA) updates to neighbors, and quickly converge on a new
view of the topology. However, during the act of receiving LSAs from neighbors, network attacks can
occur, because there are no checks that unicast or multicast packets are originating from a neighbor that
is one hop away or multiple hops away over virtual links.
For virtual links, OSPF packets travel multiple hops across the network; hence, the TTL value can be
decremented several times. For these type of links, a minimum TTL value must be allowed and accepted
for multiple-hop packets.
To filter network attacks originating from invalid sources traveling over multiple hops, the Generalized
TTL Security Mechanism (GTSM), RFC 3682, is used to prevent the attacks. GTSM filters link-local
addresses and allows for only one-hop neighbor adjacencies through the configuration of TTL value 255.
The TTL value in the IP header is set to when OSPF packets are originated and checked on the received
OSPF packets against the default GTSM TTL value 255 or the user configured GTSM TTL value,
blocking unauthorized OSPF packets originated from TTL hops away.
Path Computation Element for OSPFv2
A PCE is an entity (component, application, or network node) that is capable of computing a network
path or route based on a network graph and applying computational constraints.
PCE is accomplished when a PCE address and client is configured for MPLS-TE. PCE communicates
its PCE address and capabilities to OSPF then OSPF packages this information in the PCE Discovery
type-length-value (TLV) (Type 2) and re originates the RI LSA. OSPF also includes the Router
Capabilities TLV (Type 1) in all its RI LSAs. The PCE Discovery TLV contains the PCE address
sub-TLV (Type 1) and the Path Scope Sub-TLV (Type 2).
The PCE Address Sub-TLV specifies the IP address that must be used to reach the PCE. It should be a
loop-back address that is always reachable, this TLV is mandatory, and must be present within the PCE
Discovery TLV. The Path Scope Sub-TLV indicates the PCE path computation scopes, which refers to
the PCE ability to compute or participate in the computation of intra-area, inter-area, inter-AS or
inter-layer TE LSPs.
PCE extensions to OSPFv2 include support for the Router Information Link State Advertisement
(RI LSA). OSPFv2 is extended to receive all area scopes (LSA Types 9, 10, and 11). However, OSPFv2
originates only area scope Type 10.
For detailed information for the Path Computation Element feature see the “Implementing MPLS Traffic
Engineering on Cisco IOS XR software” module of the Cisco IOS XR MPLS Configuration Guide,
Release 3.5, and the following IETF drafts:
• draft-ietf-ospf-cap-09
• draft-ietf-pce-disco-proto-ospf-00