HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)
g
gated.conf(4) gated.conf(4)
OSPF uses the destination address and the type of service to choose the best route to the destination.
OSPF intra- and inter-area routes are always imported into the GateD routing database with a prefer-
ence of 10. It would be a violation of the protocol if an OSPF router did not participate fully in the OSPF
of the area, so it is not possible to override this. Although it is possible to give other routes lower prefer-
ence values explicitly, it is ill-advised to do so.
Hardware multicast capabilities are also used where possible to deliver link-status messages. OSPF
areas are connected by the backbone area, the area with identifier 0.0.0.0. All areas must be logically con-
tiguous and the backbone is no exception. To permit maximum flexibility, OSPF allows the configuration
of virtual links enable the backbone area to appear contiguous despite the physical reality.
All routers in an area must agree on the parameters of that area. A separate copy of the link-state algo-
rithm is run for each area. Because of this, most configuration parameters are defined on a per area
basis. All routers belonging to an area must agree on the configuration of that area. Misconfiguration will
lead to adjacencies not forming between neighbors, and routing information might not flow, or even loop.
Authentication
All OSPF protocol exchanges are authenticated. Authentication guarantees that routing information is
only imported from trusted routers, to protect the Internet and its users. A variety of authentication
schemes can be used but a single scheme must be configured for each area. This enables some areas to
use much stricter authentication than others. OSPF protocol exchanges may be authenticated. Authenti-
cation guarantees that routing information is imported only from trusted routers, to protect the Internet
and its users. There are two authentication schemes available. The first uses a simple authentication key
of up to 8 characters and is standardized. The second is still experimental and uses the MD5 algorithm
and an authentication key of up to 16 characters.
The simple password provides very little protection because in many cases it is possible to easily capture
packets from the network and learn the authentication key. The experimental MD5 algorithm provides
much more protection as it does not include the authentication key in the packet.
The OSPF specification currently specifies that the authentication type be configured per area with the
ability to configure separate passwords per interface. This has been extended to allow the configuration of
different authentication types and keys per interface. In addition it is possible to specify both a primary
and a secondary authentication type and key on each interface. Outgoing packets use the primary
authentication type, but incoming packets may match either the primary or secondary authentication
type and key.
The OSPF Statement
ospf yes | no | on | off [ {
defaults {
preference preference ;
cost cost ;
tag [ as ] tag ;
type 1 | 2 ;
};
exportlimit routes ;
exportinterval time ;
traceoptions trace_options ;
monitorauthkey authkey ;
monitorauth none |([simple | md5 ] authkey ) ;
backbone |(area area ) {
authtype 0 | 1 | none | simple ;
stub [ cost cost] ;
networks {
network [ restrict ] ;
network mask mask [ restrict ] ;
network masklen number [ restrict ] ;
host host [ restrict ] ;
};
stubhosts {
host cost cost ;
};
interface interface_list;[cost cost ] {
interface_parameters
HP-UX 11i Version 2: September 2004 − 19 − Hewlett-Packard Company Section 4−−95