Re: Using AH for Authentication for OSPFv3

[Mukesh Gupta <mgupta@iprg.nokia.com>]

> IPSec provides security at IP level so the OSPF may not need any special
> mechanism  to provide security services to OSPF data. All you might need
> is to configure a policy.

That's right.

> >OSPFv3 uses both multicast and unicast packets. Is there any standard
> >way of handling these packets using IPsec AH ??
> >
> >Is there any standard way of implementing OSPFv3 Authentication using AH
> >extension header ?? Is there any vendor out there who has implemented it
> >??
>
> The RFC2740 clearly says that OSPF is not doing any Authentication part.
> For your reference i am copying the RFC...
>
> Authentication has been removed from the OSPF protocol   itself, instead
> relying on IPv6's Authentication Header and Encapsulating Security
> Payload.

I am clear about the part that OSPF is not doing any authentication and
IPsec is going to provide the security required. Since OSPF is going to send
both unicast and multicast traffic and it is going to be a point to
multipoint security, the implementation is little more involved. I was
wondering if there is any standard way of taking care of the issues.

Is there any vendor out there who has implemented this or planning to
implement this in near future ??

regards
Mukesh

--
******************************************************************
Often the test of courage is to not to die,but to live.
******************************************************************
Mukesh Gupta
Phone: (650) 625-2264
Cell : (650) 868-9111
http://www.iprg.nokia.com/~mgupta
******************************************************************