Chapter 7: Routing Policy Configuration Guide114 SmartSwitch Router User Reference ManualRoute-FilterThis component specifies the individual routes that are to be aggregated or summarized.The preference to be associated with these routes can also be explicitly specified using thiscomponent.The contributing routes are ordered according to the aggregation preference that appliesto them. If there is more than one contributing route with the same aggregatingpreference, the route's own preferences are used to order the routes. The preference of theaggregate route will be that of contributing route with the lowest aggregate preference.A route may only contribute to an aggregate route that is more general than itself; it mustmatch the aggregate under its mask. Any given route may only contribute to oneaggregate route, which will be the most specific configured, but an aggregate route maycontribute to a more general aggregate.An aggregate-route only comes into existence if at least one of its contributing routes isactive.AuthenticationAuthentication guarantees that routing information is only imported from trusted routers.Many protocols like RIP V2 and OSPF provide mechanisms for authenticating protocolexchanges. A variety of authentication schemes can be used. Authentication has twocomponents – an Authentication Method and an Authentication Key. Many protocolsallow different authentication methods and keys to be used in different parts of thenetwork.Authentication MethodsThere are mainly two authentication methods:Simple Password: In this method, an authentication key of up to 8 characters is includedin the packet. If this does not match what is expected, the packet is discarded. Thismethod provides little security, as it is possible to learn the authentication key bywatching the protocol packets.MD5: This method uses the MD5 algorithm to create a crypto-checksum of the protocolpacket and an authentication key of up to 16 characters. The transmitted packet does notcontain the authentication key itself, instead it contains a crypto-checksum, called thedigest. The receiving router performs a calculation using the correct authentication keyand discard the packet if the digest does not match. In addition, a sequence number ismaintained to prevent the replay of older packets. This method provides a much strongerassurance that routing data originated from a router with a valid authentication key.