OSPFv3 Authentication and Encryption

This topic is to discuss the following lesson:

Rene, do you have IPSEC lesson?

Hi John,

I just published it, it’s a long story:

Let me know what you think of it.

Rene

Is the “0” or “7” option relating to whether or not the running-config file saves the key as encrypted or clear text?

Hello Chris

Options 0 and 7 refer to whether or not the key that is sent between the routers during the authentication process is encrypted. In order to encrypt the key in the configuration file, use the system password-encryption command. This command encrypts authentication key passwords among others.

I hope this has been helpful!

Laz

Hi,
does this means IPsec is the only way to authenticate in OSPFv3?
I tried with the following and it worked:

R2#interface Ethernet0/0

no ip address

ipv6 address 2001::2/64

ospfv3 1 authentication key-chain CISCO

ospfv3 1 ipv6 area 0



R2#show ospfv3 ipv6

OSPFv3 1 address-family ipv6

Router ID 2.2.2.2

Active Key-chains:

  Key chain CISCO: Send key 1, Algorithm HMAC-SHA-1, Number of interfaces 1

    Area BACKBONE(0)

thanks

Edit: This post gives the idea that OSPFv3 does not support any authentication beside IPsec, but after checking it does support the usual MD5 and HMAC that I mentioned above.
Samer.

Hi,
what about this command? R1(config-if)#ospfv3 encryption ipsec

Hi Samer,

This is interesting, I haven’t seen this before. It seems they added non-IPSec support later in OSPFv3:

https://tools.ietf.org/html/rfc7166

I’ll update the lesson to include this, it’s a valid method to configure authentication.

Rene