You mentioned restricting demand circuit to stubby, totally stubby, and NSSA areas and I had never really thought about that. A quick search on CCO turned this up:
Implementation Considerations Evaluate the following considerations before implementing this feature: Because LSAs that include topology changes are flooded over an on demand circuit, it is advised to put demand circuits within OSPF stub areas, or within NSSAs to isolate the demand circuits from as many topology changes as possible. To take advantage of the on demand circuit functionality within a stub area or NSSA, every router in the area must have this feature loaded. If this feature is deployed within a regular area, all other regular areas must also support this feature before the demand circuit functionality can take effect. This is because type 5 external LSAs are flooded throughout all areas. You do not want to do on a broadcast-based network topology because the overhead protocols (such as hellos and LSAs) cannot be successfully suppressed, which means the link will remain up. The middle paragraph interests me. I was under the impression that for demand circuit to work, only the routers on each end of the circuit needed to support this feature. At this point I don't understand why other routers in the area would need to support it. Any thoughts? John >>> "Priscilla Oppenheimer" 1/31/02 3:56:47 PM >>> I waited for an expert to answer, but none did. But sometimes seeing that I'm intrigued (and/or confused), smokes them out of their holes. ;-) It doesn't make sense that turning on MD5 authentication with OSPF would cause the demand-circuit to stay up. MD5 doesn't send the key over the wire. It's configured into each router and used to generate a message digest that is appended to packets, but it doesn't cause extra packets. Also if the routers agree that this is a demand circuit, you shouldn't have to filter the Hellos to 224.0.0.5, and doing so shouldn't cause the routers to declare each other dead. Something funny is happening there. I do see that Doyle and other references say to implement demand circuits only within stub, totally stubby, or NSSA areas. You mentioned that you're doing it in Area 0. I wonder if that's a problem. Could you send us your configs? Since it's a lab network, perhaps you could let us see the MD5 keys. (That is, don't configure service password-encryption. That way we can see the keys in your configs and maybe notice any problem with them.) Thanks. Priscilla At 12:23 PM 1/31/02, Richard Newman wrote: >Hi all. >I was working on a lab with an ISDN link between two of my OSPF routers. The >link would come up if the Frame cloud went away. Normal stuff link would be >initiated as usual. However, since area 0 had authentication turned on >broadcasts from 224.0.0.5 kept the isdn link up all the time. If I filtered >out the 224.0.0.5 from being interesting the ospf neighbors would get >terminated at the dead interval. When I turn off authen. from area 0 all >worked as normal. > >Is this a normal occurrance? When area authentication is turned on do the >key exchanges still happen even over a demand-circuit? > >Thanks... >Richard Newman ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33989&t=33884 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
