in

IEOC - Internetwork Expert's Online Community

Welcome to Internetwork Expert's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and Internetwork Expert's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Scott Morris - Quad CCIE #4713, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, Anthony Sequeira - CCIE #15626, Keith Barker - Dual CCIE #6783, and Marvin Greenlee - Triple CCIE #12237.
Forums » Internetwork Expert Products » CCIE R&S Lab Workbook Volume II Version 5.0 » IEWB-RS Volume 2 Version 5 Lab 1 » 2.1 OSPF - Help please.
Latest post 01-24-2010 10:10 AM by sirhan. 2 replies.
Page 1 of 1 (3 items)
Sort Posts: Previous Next

  • 01-24-2010 8:34 AM

    2.1 OSPF - Help please.

    Reply Contact

    Hi All

     

    The question states :

    + Ensure that host devices running OSPF on the segmant between R4 and R5 cannot intercept the OSPF communication between R4 and R5.

     

    I just want to clarify why we converting the Ethernet links to non-broadcast. Is this the reason why?

    Why did we convert these links to non-broadcast? -
    • Post Points: 20

  • 01-24-2010 9:20 AM In reply to

    Re: 2.1 OSPF - Help please.

    Reply Contact

    Hi, ..

     

    the key word in this task is "intercept".

    The solution must satisfy that the OSPF communication R4 <--> R5 ca not be sniffed/intercept by a host that resides on the Ethernet Link, VLan45 afair.

    If You leave the network type by default, OSPF control messages are sent by multicast and can easily be sniffed by every Host on Vlan45.

     

    Changing the Network type to Non-broadcast changes the Transport from Multicast to Unicast, so the Communication is only transported between the Switchprts on which the Ethernet-Ports of R4 and R5 are connected.

     

    Other possibilities, which may work, but are way more complex to implement :

    •  GRE Tunnel between R4 and R5
    •  GRE Tunnel with IPSec on Top

     

    OSPF Authentication is no solution, because with authentication, the Communication is ony "signed", but not encrypted. The payload of a packet is still sent in cleartext, hence it can be "intercepted".

    OSPF Authentication prevents You from being spoiled with spoofed LSAs, but does not prevent someone from "reading" Your OSPF Communication.

     

    Any other suggestions / explanations are more than welcome.

     

    Cheers,..

    /Christian.

     

     
    • Post Points: 20

  • 01-24-2010 10:10 AM In reply to

    Re: 2.1 OSPF - Help please.

    Reply Contact

    Thank you, that explains it in much detail. I understand now, you have brought light to the query.

    Thank you Christian.
    • Post Points: 5
Page 1 of 1 (3 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved