Re: Does anybody out there use Authentication Header (AH)?
It can be used to prevent NAT on an intermediate path, which can be useful under certain circumstances. I have seen it in the wild, both in Internet and private networking contexts. David Barak
I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there is no other option than some kind of IPsec for authentication. I'm also using it for OSPFv2 so I don't have to maintain multiple authentication methods and keys for the different protocols.
On Mon, Jan 2, 2012 at 6:27 AM, Chuck Anderson <cra@wpi.edu> wrote:
I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there is no other option than some kind of IPsec for authentication. I'm also using it for OSPFv2 so I don't have to maintain multiple authentication methods and keys for the different protocols.
OSPF WG has come out with a mechanism that can be used to secure OSPFv3 without IPsec - http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-11 It should get published as an RFC any time now. BTW, there isnt any standard for using IPsec with OSPFv2, so youre probably using a proprietary solution. I think a better solution is to move to OSPFv3-AT, as its very similar to OSPFv2 authentication. Glen
participants (3)
-
Chuck Anderson
-
David Barak
-
Glen Kent