Authentication Algorithms - Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual

Related
Documentation
Understanding IPsec Authentication for OSPF Packets on EX Series Switches

Authentication Algorithms

Copyright © 2010, Juniper Networks, Inc.
You can disable distributed PPM for all protocols that use PPM. You can also disable
distributed PPM for LACP packets only.
BEST PRACTICE: We recommend that, generally, you disable distributed
PPM only if Juniper Networks Customer Service advises you to do so. You
should disable distributed PPM only if you have a compelling reason to disable
it.
Configuring Distributed Periodic Packet Management on an EX Series Switch (CLI
Procedure) on page 1929
IP Security (IPsec) provides a secure way to authenticate senders and encrypt IP version
4 (IPv4) traffic between network devices. IPsec offers network administrators for Juniper
Networks EX Series Ethernet Switches and their users the benefits of data confidentiality,
data integrity, sender authentication, and anti-replay services.
IPsec is a framework for ensuring secure private communication over IP networks and is
based on standards developed by the International Engineering Task Force (IETF). IPsec
provides security services at the network layer of the Open Systems Interconnection
(OSI) model by enabling a system to select required security protocols, determine the
algorithms to use for the security services, and implement any cryptographic keys required
to provide the requested services. You can use IPsec to protect one or more paths between
a pair of hosts, between a pair of security gateways (such as switches), or between a
security gateway and a host.
OSPF version 3 (OSPFv3), unlike OSPF version 2 (OSPFv2), does not have a built-in
authentication method and relies on IPsec to provide this functionality. You can secure
specific OSPFv3 interfaces and protect OSPFv3 virtual links.
Authentication Algorithms on page 1905
Encryption Algorithms on page 1906
IPsec Protocols on page 1906
Security Associations on page 1907
IPsec Modes on page 1907
Authentication is the process of verifying the identity of the sender. Authentication
algorithms use a shared key to verify the authenticity of the IPsec devices. The Juniper
Networks Junos operating system (Junos OS) uses the following authentication
algorithms:
Message Digest 5 (MD5) uses a one-way hash function to convert a message of arbitrary
length to a fixed-length message digest of 128 bits. Because of the conversion process,
it is mathematically infeasible to calculate the original message by computing it
Chapter 76: Layer 3 Protocols—Overview
1905