Hi, I am doing a survey and was interested in knowing if network operators are using OSPFv3 with authentication [RFC 4552] turned on? I know that most providers turn on authentication with OSPFv2, but given that OSPFv3 needs IPsec integration and can thus get little cumbersome to configure, wanted to understand if a similar % of folks also turn on authentication for OSPFv3? You can unicast me your responses (if you dont wish to share it on the list) and i will collate all data and post a summary on the list. Cheers, Manav
While I have used MD5 with OSPFv2, I never used authentication with OSPFv3 since IPsec is (a) not available on all platforms (or/and requires a special license) and (b) requires too much of coordination with other folks to bring it up. I know operators who use authentication with ISIS for v6, but very little auth for OSPFv3.Obviously, you'll find an equal number that enthusiastically use auth with OSPFv3, so really there isnt any one right answer. Sriram On Tue, Sep 28, 2010 at 5:33 AM, Manav Bhatia <manavbhatia@gmail.com> wrote:
Hi,
I am doing a survey and was interested in knowing if network operators are using OSPFv3 with authentication [RFC 4552] turned on? I know that most providers turn on authentication with OSPFv2, but given that OSPFv3 needs IPsec integration and can thus get little cumbersome to configure, wanted to understand if a similar % of folks also turn on authentication for OSPFv3?
You can unicast me your responses (if you dont wish to share it on the list) and i will collate all data and post a summary on the list.
Cheers, Manav
On Tue, 28 Sep 2010, Venkatesh Sriram wrote:
While I have used MD5 with OSPFv2, I never used authentication with OSPFv3 since IPsec is (a) not available on all platforms (or/and requires a special license) and (b) requires too much of coordination with other folks to bring it up. I know operators who use authentication with ISIS for v6, but very little auth for OSPFv3.Obviously, you'll find an equal number that enthusiastically use auth with OSPFv3, so really there isnt any one right answer.
Dear Sriram, Can you list/name the platforms does not support IPsec for OSPFv3 without special license? e.g. to avoid such a platform.... Best Regards, Janos
Sriram
On Tue, Sep 28, 2010 at 5:33 AM, Manav Bhatia <manavbhatia@gmail.com> wrote:
Hi,
I am doing a survey and was interested in knowing if network operators are using OSPFv3 with authentication [RFC 4552] turned on? I know that most providers turn on authentication with OSPFv2, but given that OSPFv3 needs IPsec integration and can thus get little cumbersome to configure, wanted to understand if a similar % of folks also turn on authentication for OSPFv3?
You can unicast me your responses (if you dont wish to share it on the list) and i will collate all data and post a summary on the list.
Cheers, Manav
Janos,
On Tue, 28 Sep 2010, Venkatesh Sriram wrote:
While I have used MD5 with OSPFv2, I never used authentication with OSPFv3 since IPsec is (a) not available on all platforms (or/and requires a special license) and (b) requires too much of coordination with other folks to bring it up. I know operators who use authentication with ISIS for v6, but very little auth for OSPFv3.Obviously, you'll find an equal number that enthusiastically use auth with OSPFv3, so really there isnt any one right answer.
Dear Sriram, Can you list/name the platforms does not support IPsec for OSPFv3 without special license? e.g. to avoid such a platform.... Best Regards, Janos
Some platforms of Cisco for one. http://mellowd.co.uk/ccie/?p=1421 Sriram
Hi, I received 12 responses for the query that i had put up. o 1 response stated that the provider was using IS-IS for IPv6 and not using any authentication. o 7 responses where OSPFv3 was being used without any authentication. o 2 responses where OSPFv3 is being used with authentication o 2 responses where they were using OSPFv2 with authentication turned on. I asked the 7 people who had replied in negative about why they were not using authentication with OSPFv3. 5 responded stating a mix of the following reasons: o IPsec not available on all platforms o IPsec required interoperability testing, which was perceived as a hassle o Troubleshooting becomes much harder. OSPF operation should be kept as simple as possible, especially when used in the core. o Complex configuration o Required coordination between different boxes which is a deterrent. o IPSec on some platforms requires a special license which can be expensive. o Unsure of how well is the IPsec implemented on the boxes Cheers, Manav On Tue, Sep 28, 2010 at 5:33 AM, Manav Bhatia <manavbhatia@gmail.com> wrote:
Hi,
I am doing a survey and was interested in knowing if network operators are using OSPFv3 with authentication [RFC 4552] turned on? I know that most providers turn on authentication with OSPFv2, but given that OSPFv3 needs IPsec integration and can thus get little cumbersome to configure, wanted to understand if a similar % of folks also turn on authentication for OSPFv3?
You can unicast me your responses (if you dont wish to share it on the list) and i will collate all data and post a summary on the list.
Cheers, Manav
participants (3)
-
Manav Bhatia -
Mohacsi Janos -
Venkatesh Sriram