Chuck,
Let's see if I can make any sense in my reply to your comments.
When I think of a "virtual-link" as it relates to opsf, I think of it in
terms of being a tunnel. Also, short of being able to use a virtual-link, a
tunnel is what's recommended to maintain connectivity for any non-area0
connected areas.
Here's a excerpt from rfc 2328 which describes a virtual link.
12.4.1.3. Describing virtual links
For virtual links, a link description is added to the
router-LSA only when the virtual neighbor is fully
adjacent. In this case, add a Type 4 link (virtual link)
with Link ID set to the Router ID of the virtual
neighbor, Link Data set to the IP interface address
associated with the virtual link and cost set to the
cost calculated for the virtual link during the routing
table calculation (see Section 15).
And then this excerpt from section 15..
The virtual link is treated as if it were an unnumbered point-to-point
network belonging to the backbone and joining the two area border routers.
An attempt is made to establish an adjacency over the virtual link. When
this adjacency is established, the virtual link will be included in backbone
router-LSAs, and OSPF packets pertaining to the backbone area will flow over
the adjacency. Such an adjacency has been referred to in this document as a
"virtual adjacency".
So as you noted it would be safe to say that a virtual-link is governed by
the termination points of it's unnumbered p-2-p links. So where your
transit-area uses MD5 authentication so must your virtual-link.
Alex Zinin's Cisco IP Routing [pg. 489] clearly states that the virtual-link
always belongs to the backbone. In saying this, the characteristics of the
transit area to identify the peering ABR and then receive
packets(encrypted/decrypted) would be the only things that associates the
virtual-link to the transit area.
HTH
Nigel :-)
----- Original Message -----
From: "The Long and Winding Road"
To:
Sent: Tuesday, March 18, 2003 12:04 AM
Subject: OSPF Virtual link authentication - observations [7:65628]
> Not sure I have this all sorted out correctly. Perhaps those with a bit
more
> experience might add their wisdom, not to mention their corrections.
>
> The ospf virtual link being what it is, it follows rules similar to any
> other interface.
>
> It does appear, though, that in terms of structure, it looks something
like
> this:
>
> ( commands under the ospf process )
>
> area X authentication
> area X virtual-link y.y.y.y authentication
> area X virtual-link y.y.y.y authentication-key WORD
>
> where X is the non zero area number over which the virtual link transits.
>
> In other words, for purposes of structure, the virtual link is not really
> part of area 0. It is a point-to-point link that is part of the non zero
> transit area.
>
> Am I understanding this correctly? I have a setup working, where the area
0
> authentication is simple and the transit area authentication is MD5, and
no
> adjacency is formed across the virtual link with simple authentication,
but
> comes up just fine with MD5.
>
> Any comments are appreciated.
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65637&t=65628
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
