IPSec design for OSPFv3?

[Thomas Johnson]

I'm looking around, and not seeing anything online regarding how to
protect BIRD OSPFv3 with IPSec (at least on FreeBSD). I am able to
configure IPSec transport mode to protect unicast traffic between
routers; but multicast traffic is still transmitted without AH.

A number of sources seem to be setting up a GRE/IPSec tunnel between
routers, and running OSPF on that interface, facilitating multicast
traffic. That seems counter to performance though, wouldn't data
traffic then [needlessly] use the tunnel? Another thought I had was to
configure all OSPF interfaces as NBMA, making OSPF traffic easier to
protect.

Thoughts on this? Are BIRD users just skipping authentication for OSPFv3?

Thanks,

-- 
Thomas Johnson

-- 
This e-mail and any files transmitted with it are confidential and are 
intended solely for the use of the individual or entity to whom they are 
addressed. If you are not the intended recipient or the individual 
responsible for delivering the e-mail to the intended recipient, please be 
advised that you have received this e-mail in error and that any use, 
dissemination, forwarding, printing, or copying of this e-mail is strictly 
prohibited.

If you have received this communication in error, please return it to the 
sender immediately and delete the original message and any copy of it from 
your computer system. If you have any questions concerning this message, 
please contact the sender or call ClaimLynx at (952) 593-5969.