Routing Protocols

See the Objects section for related information on these screens.

Routing Protocols Overview

Routing protocols give the ZyWALL routing information about the network from other routers. The ZyWALL then stores this routing information in the routing table, which it uses when it makes routing decisions. In turn, the ZyWALL can also provide routing information via routing protocols to other routers.

The ZyWALL supports two standards, RIP and OSPF, for routing protocols. RIP and OSPF are compared in OSPF vs. RIP, and they are discussed further in the next two sections.

OSPF vs. RIP 

 
OSPF
RIP
Network Size
Large
Small (with up to 15 routers)
Metric
Bandwidth, hop count, throughput, round trip time and reliability.
Hop count
Convergence
Fast
Slow

RIP Overview

RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a device to exchange routing information with other routers. RIP is a vector-space routing protocol, and, like most such protocols, it uses hop count to decide which route is the shortest. Unfortunately, it also broadcasts its routes asynchronously to the network and converges slowly. Therefore, RIP is more suitable for small networks (up to 15 routers).

In the ZyWALL, you can configure two sets of RIP settings before you can use it in an interface.

First, the Authentication field specifies how to verify that the routing information that is received is the same routing information that is sent.

Second, the ZyWALL can also redistribute routing information from non-RIP networks, specifically OSPF networks and static routes, to the RIP network. Costs might be calculated differently, however, so you use the Metric field to specify the cost in RIP terms.

RIP uses UDP port 520.

Authentication Types

Authentication is used to guarantee the integrity, but not the confidentiality, of routing updates. The transmitting router uses its key to encrypt the original message into a smaller message, and the smaller message is transmitted with the original message. The receiving router uses its key to encrypt the received message and then verifies that it matches the smaller message sent with it. If the received message is verified, then the receiving router accepts the updated routing information. The transmitting and receiving routers must have the same key.

The ZyWALL supports three authentication methods for RIP and OSPF routing protocols:

MD5 is an authentication method that produces a 128-bit checksum, called a message-digest, for each packet. It also includes an authentication ID, which can be set to any value between 1 and 255. The ZyWALL only accepts packets if these conditions are satisfied.

For RIP, authentication is not available in RIP version 1. In RIP version 2, you can only select one authentication type for all interfaces. For OSPF, the ZyWALL supports a default authentication type by area. If you want to use this default in an interface or virtual link, you set the associated Authentication Type field to Same as Area. As a result, you only have to update the authentication information for the area to update the authentication type used by these interfaces and virtual links. Alternatively, you can override the default in any interface or virtual link by selecting a specific authentication method. Please see the respective interface sections for more information.

RIP Screen

The RIP screen is used to specify the authentication method, and it is used to maintain the policies for redistribution.

Network > Routing Protocol > RIP 

Label
Description
Authentication
 
Authentication
Select the authentication method used in the RIP network. Choices are: None, Text, and MD5.
Text Authentication Key
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 8 characters long.
MD5 Authentication ID
This field is available if the Authentication is MD5. Type the ID for MD5 authentication. The ID can be between 1 and 255.
MD5 Authentication Key
This field is available if the Authentication is MD5. Type the password for MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
Redistribute
 
Active
Select this check box to advertise routes that were learned from the indicated Name.
Name
This field displays other sources of routing information that the ZyWALL can advertise in the RIP network.
Metric
Type the cost for routes provided by the indicated source. The metric represents the "cost" of transmission for routing purposes. RIP routing uses hop count as the measurement of cost, with 1 usually used for directly connected networks. The number does not have to be precise, but it must be between 0 and 16. In practice, 2 or 3 is usually used.

OSPF Overview

OSPF (Open Shortest Path First, RFC 2328) is a link-state protocol designed to distribute routing information within a group of networks, called an Autonomous System (AS). OSPF offers some advantages over vector-space routing protocols like RIP.

Naturally, OSPF is also more complicated than RIP, so OSPF is usually more suitable for large networks.

OSPF uses IP protocol 89.

OSPF Areas

An OSPF Autonomous System (AS) is divided into one or more areas. Each area represents a group of adjacent networks and is identified by a 32-bit ID. In OSPF, this number may be expressed as an integer or as an IP address.

There are several types of areas.

OSPF Routers

Every router in the same area has the same routing information. They do this by exchanging Hello messages to confirm which neighbor (layer-3) devices exist, and then they exchange database descriptions (DDs) to create a synchronized link-state database. The link-state database contains records of router IDs, their associated links and path costs. The link-state database is then constantly updated through Link State Advertisements (LSA). Each router uses the link state database and the Dijkstra algorithm to compute the least cost paths to network destinations.

Like areas, each router has a unique 32-bit ID in the OSPF AS, and there are several types of routers. Each type is really just a different role, and it is possible for one router to play multiple roles at one time.

In order to reduce the amount of traffic between routers, a group of routers that are directly connected to each other selects a designated router (DR) and a backup designated router (BDR). All of the routers only exchange information with the DR and the BDR, instead of exchanging information with all of the other routers in the group. The DR and BDR are selected by priority; if two routers have the same priority, the highest router ID is used.

The DR and BDR are selected in each group of routers that are directly connected to each other. If a router is directly connected to several groups, it might be a DR in one group, a BDR in another group, and neither in a third group all at the same time.

Virtual Links

In some OSPF AS, it is not possible for an area to be directly connected to the backbone. In this case, you can create a virtual link through an intermediate area to logically connect the area to the backbone.

You cannot create a virtual link to a router in a different area.

OSPF Configuration

Follow these steps when you configure OSPF on the ZyWALL.

OSPF Screens

The OSPF screens are used to specify the ID the ZyWALL uses in the OSPF AS and to maintain the policies for redistribution. In addition, they are also used to create, maintain, and remove OSPF areas.

OSPF Summary

The OSPF screen is used to specify the OSPF router and maintain the policies for redistribution. In addition, it provides a summary of OSPF areas, allows you to remove them, and opens the OSPF Add/Edit screen to add or edit them.

Network > Routing Protocol > OSPF 

Label
Description
OSPF Router ID
Select the 32-bit ID the ZyWALL uses in the OSPF AS.
Default - the highest available IP address assigned to the interfaces is the ZyWALL's ID.
User Define - enter the ID (in IP address format) in the field that appears when you select User Define.
Redistribute
 
Active
Select this check box to advertise routes that were learned from the indicated source.
  • If you select this for RIP, the ZyWALL advertises routes learned from RIP to Normal and NSSA areas but not to Stub areas.
  • If you select this for static routes, the ZyWALL advertises routes learned from static routes to all types of areas.
Route
This field displays other sources of routing information that the ZyWALL can advertise in the OSPF AS.
Type
Select how OSPF calculates the cost associated with routing information from the indicated source. Choices are: Type 1 and Type 2.
Type 1 - cost = OSPF AS cost + external cost (Metric)
Type 2 - cost = external cost (Metric); the OSPF AS cost is ignored.
Metric
Type the external cost for routes provided by the indicated source. The metric represents the "cost" of transmission for routing purposes. The way this is used depends on the Type field. This value is usually the average cost in the OSPF AS, and it can be between 1 and 16777214.
Area
This section displays information about OSPF areas in the ZyWALL.
#
This field is a sequential value, and it is not associated with a specific area.
Area
This field displays the 32-bit ID for each area in IP address format.
Type
This field displays the type of area. This type is different from the Type field above.
Authentication
This field displays the default authentication method in the area.
Add icon
This column provides icons to add, edit, and remove areas.
To add an area, click the Add icon at the top of the column. The OSPF Area Add/Edit screen appears.
To edit an area, click the Edit icon next to the area. The Area Add/Edit screen appears.
To delete an area, click on the Remove icon next to the area. The web configurator confirms that you want to delete the area before doing so.

OSPF Area Add/Edit

The OSPF Area Add/Edit screen allows you to create a new area or edit an existing one.

Network > Routing > OSPF > Edit 

Label
Description
Area ID
Type the unique, 32-bit identifier for the area in IP address format.
Type
This field displays the type of area.
Normal - This area is a normal area. It has routing information about the OSPF AS and about networks outside the OSPF AS.
Stub - This area is an stub area. It has routing information about the OSPF AS but not about networks outside the OSPF AS. It depends on a default route to send information outside the OSPF AS.
NSSA - This area is a Not So Stubby Area (NSSA), per RFC 1587. It has routing information about the OSPF AS and networks that are outside the OSPF AS and are directly connected to the NSSA. It does not have information about other networks outside the OSPF AS.
Authentication
This field displays the default authentication method in the area. Choices are: None, Text, and MD5.
Text Authentication Key
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 8 characters long.
MD5 Authentication ID
This field is available if the Authentication is MD5. Type the default ID for MD5 authentication in the area. The ID can be between 1 and 255.
MD5 Authentication Key
This field is available if the Authentication is MD5. Type the default password for MD5 authentication in the area. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
Virtual Link
This section is displayed if the Type is Normal. Create a virtual link if you want to connect a different area (that does not have a direct connection to the backbone) to the backbone. You should set up the virtual link on the ABR that is connected to the other area and on the ABR that is connected to the backbone.
#
This field is a sequential value, and it is not associated with a specific area.
Peer Router ID
Type the 32-bit ID (in IP address format) of the other ABR in the virtual link.
Authentication
Select which authentication method to use in the virtual link. Choices are: None, Text, MD5, and Same as Area. In this case, Same as Area refers to the Authentication settings above.
Text Authentication Key
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 8 characters long.
MD5 Authentication ID
This field is available if the Authentication is MD5. Type the default ID for MD5 authentication in the area. The ID can be between 1 and 255.
MD5 Authentication Key
This field is available if the Authentication is MD5. Type the default password for MD5 authentication in the area. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
Add icon
This column provides icons to add and remove virtual links.
To add a virtual link, click the Add icon at the top of the column. A new record appears in the virtual link list.
To delete a virtual link, click on the Remove icon next to the virtual link. The web configurator confirms that you want to delete the virtual link.