Dis-contiguous area
Non-backbone area has to be converged with backbone area (area 0) in order for OSPF to learn the routes. The following example has area 100 discontiguous with backbone area, the solution is either to use GRE tunnel or virtual link.
Virtual link
1. Router-id is used for virtual-link neighbor not the IP address of the neighbor.
2. The area that configures virtual-link must not be a stub area.
3. Area that configures virtual-link must be converged to backbone area.
4. If plain or message digest authentication is used in area 0, the router that has discontiguous area must configure area 0 authentication command.
5. The authentication password must match area 0’s password.
6. Virtual link is like a link to area 0, its OSPF network type is point-to-point.
Warning syslogs
Area ID mismatch
%OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be vi rtual-link but not found from 192.168.0.6, FastEthernet1/0
This means the OSPF neighbor router’s OSPF hello packet contains Area 0, which is mismatched to the area the receiving router is connecting to.
OSPF authentication type mismatch
Rcv pkt from 192.168.0.6, OSPF_VL13 : Mismatch Authentication type. Input packet specified type 0, we use type 2
This means the router has received mismatched authentication type from its neighbor.
Type 0 = no authentication.
Type 1 = plain text authentication.
Type 2 = MD5 authentication.
In this example, area 0 is using MD5 authentication, however the neighbor router’s virtual link is sending OSPF hello with no authentication. To resolve this, the router with discontiguous area must configure area 0 authentication message-digest.
In this example, R3 has a discontiguous area and hence virtual link is configured on R2 and R3. As R3 has no link to area 0, there is no area 0 authentication message-digest command, hence after virtual link was configured correctly there is no adjacency formed.
Although no adjacency is formed, the virtual link is in up status.
!From R2
R2#sh ip ospf virtual-links
Virtual Link OSPF_VL13 to router 3.3.3.3 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface FastEthernet1/0, Cost of using 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Message digest authentication enabled
Youngest key id is 1
R2#
!From R3
R3#sh ip ospf virtual-link
Virtual Link OSPF_VL10 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface FastEthernet1/0, Cost of using 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
As observed, R2’s virtual link is using key 1, R3’s virtual link however has no indication of key used.
To resolve this area 0 authentication message-digest is inserted into the ospf command.
R3#sh run | sec router router ospf 1 router-id 3.3.3.3 log-adjacency-changes area 0 authentication message-digest area 1 authentication message-digest area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco network 3.3.3.3 0.0.0.0 area 1 network 192.168.0.4 0.0.0.3 area 1 network 192.168.0.9 0.0.0.0 area 100 R3#
R2 and R3 virtual link formed adjacency as soon as the command was executed.
%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on OSPF_VL10 from LOADING to FULL, Loading Done
!From R2 R2#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 3.3.3.3 0 FULL/ - - 192.168.0.6 OSPF_VL13
!From R3 R3#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 0 FULL/ - - 192.168.0.5 OSPF_VL10
cyruslab 