OSPFv3 Authentication

Manav Bhatia manavbhatia at gmail.com
Thu Sep 30 16:53:22 UTC 2010


I received 12 responses for the query that i had put up.

o 1 response stated that the provider was using IS-IS for IPv6 and not
using any authentication.
o 7 responses where OSPFv3 was being used without any authentication.
o 2 responses where OSPFv3 is being used with authentication
o 2 responses where they were using OSPFv2 with authentication turned on.

I asked the 7 people who had replied in negative about why they were
not using authentication with OSPFv3. 5 responded stating a mix of the
following reasons:

o IPsec not available on all platforms
o IPsec required interoperability testing, which was perceived as a hassle
o Troubleshooting becomes much harder. OSPF operation should be kept
 as simple as possible, especially when used in the core.
o Complex configuration
o Required coordination between different boxes which is a deterrent.
o IPSec on some platforms requires a special license which can be expensive.
o Unsure of how well is the IPsec implemented on the boxes

Cheers, Manav

On Tue, Sep 28, 2010 at 5:33 AM, Manav Bhatia <manavbhatia at gmail.com> wrote:
> Hi,
> I am doing a survey and was interested in knowing if network operators
> are using OSPFv3 with authentication [RFC 4552] turned on? I know that
> most providers turn on authentication with OSPFv2, but given that
> OSPFv3 needs IPsec integration and can thus get little cumbersome to
> configure, wanted to understand if a similar % of folks also turn on
> authentication for OSPFv3?
> You can unicast me your responses (if you dont wish to share it on the
> list) and i will collate all data and post a summary on the list.
> Cheers, Manav

More information about the NANOG mailing list