RIP with MD5 authentication

[Ondrej Zajicek]

On Thu, Nov 12, 2015 at 06:28:34PM +0100, Alexander Velkov wrote:
> Hi Pavel,
> 
> I tried your suggestion and defined the password field as a single line. I
> tried out the behavior on different architectures.

Single line versus one password in passwords block should not make difference.


> - when bird runs on a little endian box, then there is no error and the
> boxes can successfully authenticate, even when the pass is specified in a
> passwords block.
> - when bird runs on a big endian box (e.g. running an arm processor), then
> the error "MD5 tail signature is not there" occurs as before no matter if
> the pass is defined in one line or in a passwords block.

Yes, issue with MD5 not working with big endian is known bug in current
RIP, fixed in rip-new.


> Another question. In Quagga you may define a key-chain containing multiple
> keys to be used for the MD5 authentication. Does it work the same way in
> bird ? I thought defining a passwords block containing multiple password
> entries like:
> 
> passwords {
>   password "secret 1";
>   password "secret 2";
> };

Yes, this should work. Note that with multiple passwords it is a good
idea to explicitly specify 'id' key parameter.

Also note that there is a limitation in RIP MD5 auth with multiple
passwords in BIRD that all passwords share the same sequence number
(with one neighbor), which may cause interoperatbility problems with
implementations that sends separate independent sequence numbers for
each passwords.


-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20151112/10736cf6/attachment.asc>