Authentication in OSPFv3
Derek Pan
DPan at advaoptical.com
Fri Mar 16 02:58:33 CET 2018
Hi Job and Stuart,
Thanks for your reply.
I know the ospfv3 authentication relies on IPsec.
But I'm still a little confused with the words:
"The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 and for OSPFv3 keys is HMAC-SHA-256."
I found such words in BIRD 2.0.0 User's Guide section 6.7.2:
authentication cryptographic
An authentication code is appended to every packet. The specific cryptographic algorithm is selected by option algorithm for each key. The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 and for OSPFv3 keys is HMAC-SHA-256. Passwords are not sent open via network, so this mechanism is quite secure. Packets can still be read by an attacker.
maybe the document should be updated to make clear.
Thanks.
Best regards,
Derek Pan
-----Original Message-----
From: Job Snijders [mailto:job at instituut.net]
Sent: Thursday, March 15, 2018 6:54 PM
To: Stuart Henderson <stu at spacehopper.org>
Cc: Derek Pan <DPan at advaoptical.com>; bird-users at network.cz; Asky Lee <ALee at advaoptical.com>
Subject: Re: Authentication in OSPFv3
On Thu, Mar 15, 2018 at 10:45:09AM +0000, Stuart Henderson wrote:
> On 2018/03/15 08:45, Derek Pan wrote:
> > when I create a ospfv3 instance with authentication info, and I get
> > the output: “Authentication not supported in OSPFv3”
> >
> > do you have a plan to support it or not ?
>
> It's not BIRD. OSPFv3 doesn't support authentication.
Indeed, please review: http://packetlife.net/blog/2008/sep/3/ospfv3-authentication/
Kind regards,
Job
More information about the Bird-users
mailing list