As far as I can tell from my reading, if you want to avoid periodic 30-minute refresh LSAs passing over the demand circuit, every router in the network (not just the area!) needs to understand OSPF demand circuits, per RFC 1793. They don't have to be configured to be demand circuits, but they have to understand how they behave. The reasons are grossly complicated, but have to do with the fact that, otherwise, routers won't be allowed to send an LSA with the Do Not Age (DNA) bit set. If a router can't send such an LSA, then the LSA will age and the periodic refreshes won't be squelched, as they should be for a demand circuit.
A workaround is to configure the routers on the demand circuit to be in a stub area. This works because then the routers never hear about the dumb routers that don't understand demand circuits. To support routers announcing whether they support demand circuits, there's a bit called the DC-bit per RFC 1793. If routers set this bit, then there's no problem. Cisco routers should set the bit as long as they are running 11.2 or later. Older Cisco routers and non-Cisco routers may not set this bit. There's also a new type of packet called an Indication LSA that routers use to tell other routers that there's a dumb router that doesn't understand demand circuit behavior. These Indication LSAs go across normal areas, but not into stub areas. So by making an area a stub, you avoid it being affected by the stupid behavior of routers that don't support demand circuits. Clear as mud? None of the reading I have done is any clearer than that!? ;-) I don't think this is relevant to the original problem, but here's a URL anyway: http://www.cisco.com/warp/public/104/dc.html Priscilla At 06:23 PM 1/31/02, John Neiberger wrote: >You mentioned restricting demand circuit to stubby, totally stubby, and >NSSA areas and I had never really thought about that. A quick search on >CCO turned this up: > > > >Implementation Considerations >Evaluate the following considerations before implementing this >feature: > > >Because LSAs that include topology changes are flooded over an on >demand circuit, it is advised to put demand circuits within OSPF stub >areas, or within NSSAs to isolate the demand circuits from as many >topology changes as possible. > >To take advantage of the on demand circuit functionality within a stub >area or NSSA, every router in the area must have this feature loaded. If >this feature is deployed within a regular area, all other regular areas >must also support this feature before the demand circuit functionality >can take effect. This is because type 5 external LSAs are flooded >throughout all areas. > >You do not want to do on a broadcast-based network topology because the >overhead protocols (such as hellos and LSAs) cannot be successfully >suppressed, which means the link will remain up. > > > >The middle paragraph interests me. I was under the impression that for >demand circuit to work, only the routers on each end of the circuit >needed to support this feature. At this point I don't understand why >other routers in the area would need to support it. > >Any thoughts? > >John > > >>> "Priscilla Oppenheimer" 1/31/02 3:56:47 PM > >>> >I waited for an expert to answer, but none did. But sometimes seeing >that >I'm intrigued (and/or confused), smokes them out of their holes. ;-) > >It doesn't make sense that turning on MD5 authentication with OSPF >would >cause the demand-circuit to stay up. MD5 doesn't send the key over the > >wire. It's configured into each router and used to generate a message >digest that is appended to packets, but it doesn't cause extra >packets. > >Also if the routers agree that this is a demand circuit, you shouldn't >have >to filter the Hellos to 224.0.0.5, and doing so shouldn't cause the >routers >to declare each other dead. Something funny is happening there. I do >see >that Doyle and other references say to implement demand circuits only >within stub, totally stubby, or NSSA areas. You mentioned that you're >doing >it in Area 0. I wonder if that's a problem. > >Could you send us your configs? Since it's a lab network, perhaps you >could >let us see the MD5 keys. (That is, don't configure service >password-encryption. That way we can see the keys in your configs and >maybe >notice any problem with them.) Thanks. > >Priscilla > >At 12:23 PM 1/31/02, Richard Newman wrote: > >Hi all. > >I was working on a lab with an ISDN link between two of my OSPF >routers. The > >link would come up if the Frame cloud went away. Normal stuff link >would be > >initiated as usual. However, since area 0 had authentication turned >on > >broadcasts from 224.0.0.5 kept the isdn link up all the time. If I >filtered > >out the 224.0.0.5 from being interesting the ospf neighbors would get > >terminated at the dead interval. When I turn off authen. from area 0 >all > >worked as normal. > > > >Is this a normal occurrance? When area authentication is turned on do >the > >key exchanges still happen even over a demand-circuit? > > > >Thanks... > >Richard Newman >________________________ > >Priscilla Oppenheimer >http://www.priscilla.com ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33996&t=33884 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
