Example For Configuring Ipsec For Ospfv3 - Huawei Quidway NetEngine80E Configuration Manual

HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing

6.16.6 Example for Configuring IPSec for OSPFv3

On an OSPFv3 network, you can configure OSPFv3 IPSec on the interfaces setting up OSPFv3
neighbor relationships to protect the devices against forged OSPFv3 protocol packets.
Networking Requirements
As shown in
and are reachable. If no authentication mechanism is configured, IP packets along the route
between RouterA and RouterB may be modified or faked, causing neighbor relationships
between RouterA and RouterB to be interrupted or incorrect routes to be imported.
To prevent such attacks, IPSec can be configured between RouterA and RouterB to protect
OSPFv3 packets during transmission. ESP is configured as the security protocol, and SHA-1 is
configured as the authentication algorithm.
Figure 6-6 Configuring IPSec
RouterA
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Issue 02 (2014-09-30)
sysname RouterC
#
ipv6
#
ospfv3 1
router-id 3.3.3.3
bfd all-interfaces enable
bfd all-interfaces min-transmit-interval 100 min-receive-interval 100 detect-
multiplier 4
#
interface gigabitethernet1/0/0
ipv6 enable
ipv6 address 2001:DB8:2::2/64
ospfv3 1 area 0.0.0.0
#
interface gigabitethernet1/0/1
ipv6 enable
ipv6 address 2001:DB8:3::3/64
ospfv3 1 area 0.0.0.0
#
return
Figure 6-6, RouterA and RouterB run Open Shortest Path First version 3 (OSPFv3)
GE1/0/1
2001:DB8:100::1/64
Configure basic OSPFv3 functions on RouterA and RouterB.
Configure a security proposal and define the security protocol and authentication algorithm
and encapsulation mode.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Internet
2001:DB8:100::2/64
6 OSPFv3 Configuration
RouterB
GE1/0/1
487