1 Jan
2012
1 Jan
'12
8:04 p.m.
On Mon, Jan 2, 2012 at 6:27 AM, Chuck Anderson <cra@wpi.edu> wrote:
I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there is no other option than some kind of IPsec for authentication. I'm also using it for OSPFv2 so I don't have to maintain multiple authentication methods and keys for the different protocols.
OSPF WG has come out with a mechanism that can be used to secure OSPFv3 without IPsec - http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-11 It should get published as an RFC any time now. BTW, there isnt any standard for using IPsec with OSPFv2, so youre probably using a proprietary solution. I think a better solution is to move to OSPFv3-AT, as its very similar to OSPFv2 authentication. Glen