Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Virtual Links at OSPF:


Can any of you techno's say any security issues need to be considered while using virtual links at OSPF network.

A practial example would help to address the following doubts

1. What security hazards need to considered about the transit area?

2. Does networking professionals prefer virtual-links?

3. Does the virtual link reduce the cost ?




Re: Virtual Links at OSPF:

It would be advisable to use some form of authentication (preferably MD5) over the virtual link.

Virtual links, should be considered, only if its not at all possible to link the desired area, directly to the backbone.

In some cases, yes, virtual link does reduce the cost, of linking the desired area, directly to the backbone area.

New Member

Re: Virtual Links at OSPF:

Do you suggest small scale ISPs dispersed and having high geographical proximity issues force them to move on to virtual-links to connect with other LARGE ISP network as a TRANSIT AREA for there network.

Moreover is there any demerits for OSPF other than high resource requirement at router against other interior routing protocols.

Thanks for the reply


Re: Virtual Links at OSPF:

to activate authentication to a virtual link you have to authenticate area0 because the virtual link is a link to area0.


Re: Virtual Links at OSPF:

I don't know that I understand the question: Are you asking if you should use a virtual link to connect areas which are seperated by another ISP's network? If so, then no, I wouldn't do that. You should either simply tunnel your ospf traffic through the other ISP's network, which means your traffic will also go over that tunnel, or use MPLS VPNs to do this, using sham links, most likely.

Geographical dispersion has nothing to do with the use of virtual links, it's more of a network design issue. If you have any area which, for some reason, you simply can't connect to area 0, then you would use a virtual link to connect it. There are very few network design situations I would ever recommend a virtual link in, though.