Ospfv3 Authentication Using Ipsec - Dell Force10 Z9000 Configuration Manual
Hide thumbs
Also See for Force10 Z9000:
- Reference manual (1483 pages) ,
- Configuration manual (984 pages) ,
- Manual (56 pages)
Table of Contents
Advertisement
Process 1 database summary
Type
Oper Status
Admin Status
Area Bdr Rtr Status
AS Bdr Rtr Status
AS Scope LSA Count
AS Scope LSA Cksum sum
Originate New LSAS
Rx New LSAS
Ext LSA Count
Rte Max Eq Cost Paths
GR grace-period
GR mode
Area 0 database summary
Type
Brd Rtr Count
AS Bdr Rtr Count
LSA count
Summary LSAs
Rtr LSA Count
Net LSA Count
Inter Area Pfx LSA Count 12000
Inter Area Rtr LSA Count 0
Group Mem LSA Count
The following example shows the show ipv6 ospf database grace-lsa command.
Dell#show ipv6 ospf database grace-lsa
!
Type-11 Grace LSA (Area 0)
LS Age
Link State ID
Advertising Router
LS Seq Number
Checksum
Length
Associated Interface : Te 5/3
Restart Interval
Restart Reason
OSPFv3 Authentication Using IPsec
OSPFv3 uses IPsec to provide authentication for OSPFv3 packets. IPsec authentication ensures security in the transmission of
OSPFv3 packets between IPsec-enabled routers.
IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange of packets at the IP
layer. IPsec supports two encryption modes: transport and tunnel.
•
Transport mode — encrypts only the data portion (payload) of each packet, but leaves the header untouched.
•
Tunnel mode — is more secure and encrypts both the header and payload. On the receiving side, an IPsec-compliant device
decrypts each packet.
NOTE: Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec.
With IPsec-based authentication, Crypto images are used to include the IPsec secure socket application programming interface (API)
required for use with OSPFv3.
To ensure integrity, data origin authentication, detection and rejection of replays, and confidentiality of the packet, RFC 4302 and
RFC 4303 propose using two security protocols — authentication header (AH) and encapsulating security payload (ESP). For
OSPFv3, these two IPsec protocols provide interoperable, high-quality cryptographically-based security.
•
HA — IPsec authentication header is used in packet authentication to verify that data is not altered during transmission and
ensures that users are communicating with the intended individual or organization. Insert the authentication header after the IP
Count/Status
1
1
0
1
0
0
73
114085
0
5
180
planned and unplanned
Count/Status
2
2
12010
1
4
3
0
: 10
: 6.16.192.66
: 100.1.1.1
: 0x80000001
: 0x1DF1
: 36
: 180
: Switch to Redundant Processor
Open Shortest Path First (OSPFv2 and OSPFv3)
515
Advertisement
Table of Contents
Troubleshooting
