HP-UX Reference (11i v1 00/12) - 4 File Formats (vol 8)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man4/!!!intro.4
________________________________________________________________
___ ___
g
gated.conf(4) gated.conf(4)
and the backbone is no exception. To permit maximum flexibility, OSPF allows the configuration of virtual
links enable the backbone area to appear contiguous despite the physical reality.
All routers in an area must agree on the parameters of that area. A separate copy of the link-state algo-
rithm is run for each area. Because of this, most configuration parameters are defined on a per area basis.
All routers belonging to an area must agree on the configuration of that area. Misconfiguration will lead to
adjacencies not forming between neighbors, and routing information might not flow, or even loop.
Authentication
All OSPF protocol exchanges are authenticated. Authentication guarantees that routing information is only
imported from trusted routers, to protect the Internet and its users. A variety of authentication schemes
can be used but a single scheme must be configured for each area. This enables some areas to use much
stricter authentication than others. OSPF protocol exchanges may be authenticated. Authentication
guarantees that routing information is imported only from trusted routers, to protect the Internet and its
users. There are two authentication schemes available. The first uses a simple authentication key of up to 8
characters and is standardized. The second is still experimental and uses the MD5 algorithm and an
authentication key of up to 16 characters.
The simple password provides very little protection because in many cases it is possible to easily capture
packets from the network and learn the authentication key. The experimental MD5 algorithm provides
much more protection as it does not include the authentication key in the packet.
The OSPF specification currently specifies that the authentication type be configured per area with the abil-
ity to configure separate passwords per interface. This has been extended to allow the configuration of
different authentication types and keys per interface. In addition it is possible to specify both a primary and
a secondary authentication type and key on each interface. Outgoing packets use the primary authentica-
tion type, but incoming packets may match either the primary or secondary authentication type and key.
The OSPF Statement
ospf yes | no | on | off [ {
defaults {
preference preference ;
cost cost ;
tag [ as ] tag ;
type 1 | 2 ;
};
exportlimit routes ;
exportinterval time ;
traceoptions trace_options ;
monitorauthkey authkey ;
monitorauth none |([simple | md5 ] authkey ) ;
backbone |(area area ) {
authtype 0 | 1 | none | simple ;
stub [ cost cost] ;
networks {
network [ restrict ] ;
network mask mask [ restrict ] ;
network masklen number [ restrict ] ;
host host [ restrict ] ;
};
stubhosts {
host cost cost ;
};
interface interface_list;[cost cost ] {
interface_parameters
};
interface interface_list nonbroadcast [cost cost ] {
pollinterval time ;
routers {
gateway [ eligible ] ;
};
interface_parameters
};
Backbone only:
Section 4−−90 − 19 − HP-UX Release 11i: December 2000
___
___