vlink-peer (OSPF area)
Function
The vlink-peer command creates and configures a virtual link.
The undo vlink-peer command deletes the virtual link or restores the default setting.
By default, no virtual link is configured for OSPF.
Format
vlink-peer router-id [ dead dead-interval | hello hello-interval | retransmit retransmit-interval | smart-discover | trans-delay trans-delay-interval | [ simple [ plain plain-text | [ cipher ] cipher-text ] | { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ] | authentication-null | keychain keychain-name ] ] *
undo vlink-peer router-id [ dead | hello | retransmit | smart-discover | trans-delay | simple | md5 | hmac-md5 | hmac-sha256 | authentication-null | keychain ]
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the keychain keychain-name parameter.
Parameters
| Parameter | Description | Value |
|---|---|---|
router-id |
Specifies the router ID of virtual link neighbor. |
- |
dead dead-interval |
Specifies a dead interval. This value must be equal to dead-interval of the Switch that sets up a virtual link with the interface and must be at least 4 times that of hello-interval. |
The value is an integer that ranges from 1 to 235926000, in seconds. The default value is 40 seconds. |
hello hello-interval |
Specifies an interval for transmitting Hello packets on an interface. This value must be equal to hello-interval value of the Switch that sets up a virtual link with the interface. The default value is 10 seconds. |
The value ranges from 1 to 65535 seconds. The default value is 10 seconds. |
retransmit retransmit-interval |
Specifies an interval for retransmitting the LSA packets on an interface. |
The value is an integer that ranges from 1 to 3600, in seconds. The default value is 5 seconds. |
smart-discover |
Automatically sends Hello packets |
- |
trans-delay trans-delay-interval |
Specifies the delay in transmitting LSA packets on an interface. |
The value is an integer that ranges from 1 to 3600, in seconds. The default value is 1 second. |
simple |
Indicates simple authentication. In simple authentication, the password type is cipher by default. NOTICE:
Simple authentication carries potential security risks. As such, HMAC-SHA256 authentication is recommended. |
- |
plain |
Indicates plain authentication. Only plain text can be entered, and only plain text is displayed when the configuration file is viewed. NOTICE:
If plain is selected, the password is saved in the configuration file in plain text. This carries security risks. Select cipher to save the password in cipher text for increased security. |
- |
plain-text |
Specifies a plain text password. |
|
cipher |
Indicates cipher authentication. Either plain text or cipher text can be entered, and cipher text is displayed when the configuration file is viewed. |
- |
cipher-text |
Specifies a cipher text password. |
|
md5 |
Indicates MD5 authentication. In MD5 authentication, the password type is cipher by default. NOTICE:
MD5 authentication carries potential security risks. As such, HMAC-SHA256 authentication is recommended. |
- |
hmac-md5 |
Indicates HMAC-MD5 authentication. In HMAC-MD5 authentication, the password type is cipher by default. NOTICE:
HMAC-MD5 authentication carries potential security risks. As such, HMAC-SHA256 authentication is recommended. |
- |
hmac-sha256 |
Indicates HMAC-SHA256 authentication. In HMAC-SHA256 authentication, the password type is cipher by default. |
- |
key-id |
Specifies the authentication key ID of the interface's cipher authentication. The key ID must be consistent with that of the peer. |
The value is an integer that ranges from 1 to 255. |
authentication-null |
Indicates that no authentication is used. |
- |
keychain |
Indicates keychain authentication. NOTE:
Before configuring this parameter, run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, OSPF authentication will fail. Currently, only the HMAC-MD5, SM3, and HMAC-SHA256 algorithms can be used in OSPF. |
- |
keychain-name |
Specifies the keychain name. |
The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string. |
Usage Guidelines
Usage Guidelines
After OSPF areas are defined, OSPF route updates between non-backbone areas are transmitted through a backbone area. Therefore, OSPF requires that all non-backbone areas be directly connected to the backbone area and devices within the backbone area keep connected as well. However, these requirements may not be met due to various limitations. OSPF virtual links can be configured to solve the problem.
Follow-up Procedure
After virtual links are established, devices provided by different vendors may use different default MTUs. To ensure consistent MTUs on the devices, run the undo ospf mtu-enable command to set the default MTU in DD packets sent by interfaces to 0.
Configuring the MTU in DD packets will cause the neighbor relationship to be re-established.
Precautions
When configuring parameters, pay attention to the following:
- A smaller hello value indicates faster detection of changes in network topology and higher network resource usage.
- A retransmit value that is too small leads to unnecessary retransmission of LSAs. On a low-speed network, set a large retransmit value.
- The authentication mode of a virtual link must be the same as that in the backbone area.