Amer Networks E5Web GUI User Manual

interface participating in the OSPF AS.

Private Router ID

This is used in an HA cluster and is the ID for this security
gateway and not the cluster.

Note

When running OSPF on a HA Cluster there is a need
for a private master and private slave Router ID as
well as the shared Router ID.

Reference Bandwidth

Set the reference bandwidth that is used when calculating the
default interface cost for routes.

If bandwidth is used instead of specifying a metric on an OSPF
Interface, the cost is calculated using the following formula:

cost = reference bandwidth / bandwidth

RFC 1583 Compatibility

Enable this if the Clavister Security Gateway will be used in a
environment that consists of routers that only support RFC
1583.

Debug

The debug options provides a troubleshooting tool by enabling the generation of additional
OSPF log events. These are described more fully in Section 4.6.7, “OSPF Troubleshooting”.

Authentication

The primary purpose of OSPF authentication is to make sure that the correct OSPF router
processes are talking to each and it is therefore mostly used when there are multiple OSPF AS'.
OSPF supports the following authentication options:

No (null) authentication

No authentication is used for OSPF protocol exchanges.

Passphrase

A simple password is used to authenticate all the OSPF
protocol exchanges.

MD5 Digest

MD5 authentication consists of a key ID and 128-bit key.
When MD5 digest is used the specified key is used to
produce the 128-bit MD5 digest.

This does NOT mean that the OSPF packets are encrypted.
If the OSPF traffic needs to be encrypted then they must be
sent using a VPN. For example, using IPsec. Sending OSPF
packets through an IPsec tunnel is discussed further in
Section 4.6.5, “Setting Up OSPF”.

Note: Authentication must be the same on all routers

If a passphrase or MD5 authentication is configured for OSPF, the passphrase or
authentication key must be the same on all OSPF Routers in that Autonomous System.

Chapter 4: Routing

305