[quagga-users 14699] OSPFv3 security?

Matthias Ferdinand mf at 14v.de
Wed Jun 14 19:11:51 BST 2017


I am working on configuring OSPFv3 (ospf6d) in our networks. In ospfd,
we use 

    ip ospf message-digest-key ...

for authentication. There is a specification for a somewhat similar
mechanism for OSPFv3 in RFC7166 (Authentication Trailers,
https://tools.ietf.org/html/rfc7166), but this seems not to be
implemented in quagga AFAICT (quagga-1.0.20160315).

So what do other people use to authenticate OSPFv3 routers - are you
really using IPsec? I am at a loss at how to configure that (on Linux).
While I probably could achieve authentication header for the unicast
communication using setkey with static keys, I have absolutely no clue
how to do that for the multicast packets.

Any help appreciated.

Matthias Ferdinand

More information about the Quagga-users mailing list