OSPF requires that all areas be connected to a backbone router. Sometimes, WAN link provisioning or failures can prevent an OSPF area from being directly connected to a backbone router. You can use virtual links to temporarily connect (virtually) an area to the backbone.

In Figure 4-7, Area 4 is not directly connected to the backbone. A virtual link is configured between Router A and Router B. The flow of the virtual link is unidirectional and must be configured in each router of the link. Area 2 becomes the transit area through which the virtual link is configured. Traffic between Areas 2 and 4 does not flow directly to Router B. Instead, the traffic must flow to Router A to reach Area 0 and then pass through the virtual link.

Figure 4-7 OSPF Virtual Link

OSPFv2 Router Authentication

OSPFv2 supports the authentication of routes using 64-bit plaintext, cryptographic Message Digest 5 (MD5), and Secure Hash (SHA) Standard authentication. Authentication can be performed on a per-area or per-interface basis. Plaintext authentication passwords do not need to be the same for the routers throughout the area, but they must be the same between neighbors.

MD5 authentication provides higher security than plaintext authentication. As with plaintext authentication, passwords do not have to be the same throughout an area, but they do need to be the same between neighbors. SHA-1 authentication is recommended because it is the most secure.

OSPF supports the National Institute of Standards and Technology (NIST) Secure Hash Standard family of algorithms for authentication.

OSPFv2 Summary

OSPFv2 is used in large enterprise IPv4 networks. The network topology must be hierarchical. OSPF is used in the enterprise campus building access, distribution, and core layers. OSPF is also used in the enterprise data center, WAN/MAN, and branch offices.

The characteristics of OSPFv2 follow:

• Is a link-state routing protocol
• Uses IP protocol 89
• Is a classless protocol (supports VLSM and CIDR)
• Uses cost as the metric (based on interface bandwidth, by default)
• Provides fast convergence, using link-state updates and SPF calculation
• Uses reduced bandwidth thanks to sending LSA updates only when changes occur
• Labels routes as intra-area, interarea, external Type 1, or external Type 2
• Supports authentication
• Uses the Dijkstra algorithm to calculate the SPF tree
• Has a default administrative distance of 110
• Uses multicast address 224.0.0.5 (ALLSPFRouters) and multicast address 224.0.0.6 (ALLDRouters)
• Provides good scalability and recommended for large networks