|
SmartSwitch Router User Reference Manual 115Chapter 7: Routing Policy Configuration GuideMany protocols allow the specification of two authentication keys per interface. Packetsare always sent using the primary keys, but received packets are checked with both theprimary and secondary keys before being discarded.Authentication Keys and Key ManagementAn authentication key permits generation and verification of the authentication field inprotocol packets. In many situations, the same primary and secondary keys are used onseveral interfaces of a router. For ease of management of keys, a concept of key-chain isintroduced. Each key-chain has an identifier and contains up to two keys. One of keys isthe primary key and other is the secondary key. Outgoing packets use the primaryauthentication key, but incoming packets may match either the primary or secondaryauthentication key. In the router configuration mode, instead of specifying the key foreach interface (which can be up to 16 characters long), a key-chain identifier is specified.Currently, the SSR supports MD5 specification of OSPF RFC 2178 which uses the MD5algorithm and an authentication key of up to 16 characters. Thus there are now threeauthentication schemes available per interface: none, simple and RFC 2178 OSPF MD5authentication. It is possible to configure different authentication schemes on differentinterfaces.RFC 2178 allows multiple MD5 keys per interface. Each key has two times associated withthe key:• a time period that the key will be generated• a time period that the key will be accepted.The SSR only allows one MD5 key per interface. Also, there are no options provided tospecify the time period during which the key would be generated and accepted - thespecified MD5 key is always generated and accepted. Both these limitations would beremoved in a future release.Configure Simple Routing PoliciesSimple routing policies provide an efficient way for routing information to be exchangedbetween routing protocols. The redistribute command can be used to redistribute routesfrom one routing domain into another routing domain. Redistribution of routes betweenrouting domains is based on route policies. A route policy is a set of conditions based onwhich routes are redistributed. While the redistribute command is expected to satisfy theexport policy requirement for most users, complex export policies may require the use ofthe commands listed under Export Policies.The general syntax of the redistribute command is as follows:ip-router policy redistribute from-proto to-proto [network mask> [exact|refines|between ]] [metric |restrict] [source-as] [target-as ]
PreviousNext |