[c-nsp] OSPFv3 authentication
sthaug at nethelp.no
sthaug at nethelp.no
Thu Aug 25 09:58:01 EDT 2011
> Am I missing something, or is OSPFv3 authentication (provided by ipsec,
> since auth was removed from the protocol) not supported in any release for
> any of cisco's switching platforms? i.e. 3560, 4900, 6500
>
> Depending on how you search in feature navigator (the same feature appears
> to be there under two different names):
>
> IPv6 Security: IPv6 IPSec to Authenticate OSPFv3
> IPv6 Routing: OSPF for IPv6 (OSPFv3) Authentication Support with IPsec
One of the ideas of IPv6 which doesn't work in practice - everything
IPv6 "must" support IPsec.
In any case, I believe the lack of IPsec authentication for OSPFv3 is
fairly widespread. See this draft for an attempt at something more
lightweight than full IPsec:
http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-06
> you get different lists of supported platforms, but both are pretty small
> and lack any of the gear I'm interested in. Is everyone using/moving to
> ISIS?...or just doing OSPFv3 without authentication?
ISIS here.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the cisco-nsp
mailing list