[c-nsp] Possible to talk ospfv3 with auth or encryption to Brocade?

Nathanael Law Nathanael.Law at aimco.alberta.ca
Thu Apr 18 15:15:19 EDT 2013

> But the Cisco side is confusing:
>   NULL encryption SHA-1 auth SPI 500, secure socket UP (errors: 0)
>   authentication NULL

The first line from the Cisco side means that it's using ESP encapsulation with NULL encryption and SHA-1 authentication.
The second line means that it's not using AH encapsulation.

In theory, you could do AH+ESP in cases where you want encryption of the contents and authentication of the source and destination IP.
 - ESP provides encryption (optional) and authentication of the payload (optional)
 - AH provides authentication only 
The difference for authentication is that AH includes the source and destination address in the authentication, but ESP only authenticates the payload.

Cisco's syntax for OSPFv3 IPsec makes things a little confusing because in that case "encryption" refers to ESP, which can include authentication.  And "authentication" refers to AH.

I hope that helps clear things up a bit.

Best regards,

Nathanael Law

More information about the cisco-nsp mailing list