Rules for OSPF dead interval and hello interval timers
The following rules apply regarding these timers:
• If both the hello-interval and dead-interval parameters are congured, they will each be set to the values that you have
congured.
• If the hello-interval parameter is congured, but not the dead-interval parameter, the dead-interval parameter will be set to a
value that is 4 times the value set for the hello-interval.
• If the dead-interval parameter is congured, but not the hello-interval parameter, the hello-interval parameter will be set to a
value that is 1/4 the value set for the dead-interval. The minimum value for the hello-interval is 1.
The recommended setting is that:
• The dead interval is four times that of the hello interval.
• The hello interval is ¼ times that of the dead interval.
• If the OSPF hello interval and dead interval are set to more aggressive levels than 1:4 seconds respectively, the OSPF protocol
might ap when the write memory command is used or in the case of any high CPU.
Changing the timer for OSPF authentication changes
When you make an OSPF authentication change, the software uses the authentication-change timer to gracefully implement the change.
The software implements the change in the following ways:
• Outgoing OSPF packets - After you make the change, the software continues to use the old authentication to send packets,
during the remainder of the current authentication-change interval. After this, the software uses the new authentication for
sending packets.
• Inbound OSPF packets - The software accepts packets containing the new authentication and continues to accept packets
containing the older authentication for two authentication-change intervals. After the second interval ends, the software accepts
packets only if they contain the new authentication key.
The default authentication-change interval is 300 seconds (5 minutes). You change the interval to a value from 0 - 14400 seconds.
OSPF provides graceful authentication change for all the following types of authentication changes in OSPF:
• Changing authentication methods from one of the following to another of the following:
– Simple text password
– MD5 authentication
– No authentication
•
Conguring a new simple text password or MD5 authentication key
• Changing an existing simple text password or MD5 authentication key
To change the authentication-change interval, enter a command such as the following at the interface conguration level of the CLI.
device(config-if-e10000-1/2/5)# ip ospf auth-change-wait-time 400
Syntax: [no] ip ospf auth-change-wait-time secs
The secs parameter species the interval and can be from 0 - 14400 seconds. The default is 300 seconds (5 minutes).
NOTE
For backward compatibility, the ip ospf md5-authentication key-activation-wait-time command is still supported.
Conguring OSPF
FastIron Ethernet Switch Layer 3 Routing
242 53-1003627-04