[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Secure Neighbor Discovery Configuration Guidelines

The Secure Neighbor Discovery (SEND) Protocol provides support for protecting Neighbor Discovery Protocol messages. SEND is applicable in environments where physical security on a link is not ensured and attacks on Neighbor Discovery Protocol messages are a concern. The JUNOS implementation secures Neighbor Discovery Protocol messages through cryptographically generated addresses (CGAs).

You must also enable IPv6 on at least one interface. Because SEND relies on dynamically generated CGAs, it does not support static IPv6 addresses. For more information about configuring an IPv6 interface and address, see the JUNOS Network Interfaces Configuration Guide.

To configure Secure Neighbor Discovery, include the following statements:

protocols {
neighbor-discovery {
secure {
security-level {
(default | secure-messages-only);
}
cryptographic-address {
key-length number;
key-pair pathname;
}
timestamp {
clock-drift number;
known-peer-window seconds;
new-peer-window seconds;
}
traceoptions {
file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
}
}

This chapter discusses the following topics that describe how to configure Secure Neighbor Discovery:


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]