Filter
Top Products
SmartSwitch Router User Reference Manual 115
Chapter 7: Routing Policy Configuration Guide
Many protocols allow the specification of two authentication keys per interface. Packets
are always sent using the primary keys, but received packets are checked with both the
primary and secondary keys before being discarded.
Authentication Keys and Key Management
An authentication key permits generation and verification of the authentication field in
protocol packets. In many situations, the same primary and secondary keys are used on
several interfaces of a router. For ease of management of keys, a concept of key-chain is
introduced. Each key-chain has an identifier and contains up to two keys. One of keys is
the primary key and other is the secondary key. Outgoing packets use the primary
authentication key, but incoming packets may match either the primary or secondary
authentication key. In the router configuration mode, instead of specifying the key for
each interface (which can be up to 16 characters long), a key-chain identifier is specified.
Currently, the SSR supports MD5 specification of OSPF RFC 2178 which uses the MD5
algorithm and an authentication key of up to 16 characters. Thus there are now three
authentication schemes available per interface: none, simple and RFC 2178 OSPF MD5
authentication. It is possible to configure different authentication schemes on different
interfaces.
RFC 2178 allows multiple MD5 keys per interface. Each key has two times associated with
the key:
• a time period that the key will be generated
• a time period that the key will be accepted.
The SSR only allows one MD5 key per interface. Also, there are no options provided to
specify the time period during which the key would be generated and accepted - the
specified MD5 key is always generated and accepted. Both these limitations would be
removed in a future release.
Configure Simple Routing Policies
Simple routing policies provide an efficient way for routing information to be exchanged
between routing protocols. The redistribute command can be used to redistribute routes
from one routing domain into another routing domain. Redistribution of routes between
routing domains is based on route policies. A route policy is a set of conditions based on
which routes are redistributed. While the redistribute command is expected to satisfy the
export policy requirement for most users, complex export policies may require the use of
the commands listed under Export Policies.
The general syntax of the redistribute command is as follows:
ip-router policy redistribute from-proto <protocol> to-proto <protocol> [network <ipAddr-
mask> [exact|refines|between <low-high>]] [metric <number>|restrict] [source-as
<number>] [target-as <number>]