Hi,
I am doing a survey and was interested in knowing if network operators
are using OSPFv3 with authentication [RFC 4552] turned on? I know that
most providers turn on authentication with OSPFv2, but given that
OSPFv3 needs IPsec integration and can thus get little cumbersome to
configure, wanted to understand if a similar % of folks also turn on
authentication for OSPFv3?
You can unicast me your responses (if you dont wish to share it on the
list) and i will collate all data and post a summary on the list.
Cheers, Manav
While I have used MD5 with OSPFv2, I never used authentication with
OSPFv3 since IPsec is (a) not available on all platforms (or/and
requires a special license) and (b) requires too much of coordination
with other folks to bring it up. I know operators who use
authentication with ISIS for v6, but very little auth for
OSPFv3.Obviously, you'll find an equal number that enthusiastically
use auth with OSPFv3, so really there isnt any one right answer.
Sriram
While I have used MD5 with OSPFv2, I never used authentication with
OSPFv3 since IPsec is (a) not available on all platforms (or/and
requires a special license) and (b) requires too much of coordination
with other folks to bring it up. I know operators who use
authentication with ISIS for v6, but very little auth for
OSPFv3.Obviously, you'll find an equal number that enthusiastically
use auth with OSPFv3, so really there isnt any one right answer.
Dear Sriram,
Can you list/name the platforms does not support IPsec for OSPFv3 without special license? e.g. to avoid such a platform....
Best Regards,
Janos
Hi,
I received 12 responses for the query that i had put up.
o 1 response stated that the provider was using IS-IS for IPv6 and not
using any authentication.
o 7 responses where OSPFv3 was being used without any authentication.
o 2 responses where OSPFv3 is being used with authentication
o 2 responses where they were using OSPFv2 with authentication turned on.
I asked the 7 people who had replied in negative about why they were
not using authentication with OSPFv3. 5 responded stating a mix of the
following reasons:
o IPsec not available on all platforms
o IPsec required interoperability testing, which was perceived as a hassle
o Troubleshooting becomes much harder. OSPF operation should be kept
as simple as possible, especially when used in the core.
o Complex configuration
o Required coordination between different boxes which is a deterrent.
o IPSec on some platforms requires a special license which can be expensive.
o Unsure of how well is the IPsec implemented on the boxes
Cheers, Manav