Dijkstra).
The Security Appliance supports OSPF routing protocol in a manner similar to the IOS. The Security Appliance
can run up to two OSPF processes simultaneously, for different sets of interfaces. By default, the two processes
will not exchange information unless route redistribution is configured explicitly. The two processes are isolated,
as in two separate routing instances in the same device. There are several reasons to have two OSPF processes
on the Security Appliance. For example, two processes on the Security Appliance are useful if the Security
Appliance has interfaces that use the same IP addresses. (NAT allows these interfaces to coexist, but OSPF does
not allow overlapping addresses.) Or, in most cases, a separate OSPF process is enabled on the inside and the
outside interfaces (as shown in Figure 6-9), to give you the capability to control route propagation by
redistributing a subset of routes between the two processes. Similarly, there could be a requirement to
segregate private addresses from public addresses, making two processes necessary.
Figure 6-9. IP Routing Protocols on Security Appliance
[View full size image]
The cost (also called metric) of an interface in OSPF is inversely proportional to the bandwidth of that interface.
Pages:
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284