[Contents] [Prev] [Next] [Index] [Report an Error]

Option: Securing OSPFv3 Networks with Transport Mode

OSPF version 3 (OSPFv3), unlike OSPF version 2, does not have a built-in authentication method and relies on IPSec to provide this functionality. Using the ES PIC syntax, you can use IPSec to secure OSPFv3 between Routing Engines in M-series and T-series platforms. You can secure specific OSPFv3 interfaces and protect OSPFv3 virtual links. To configure, create a transport mode security association and apply the SA to the OSPFv3 configuration by including the ipsec-sa statement at the [edit protocols ospf3 area area-number interface interface-name] or [edit protocols ospf3 area area-number virtual-link neighbor-id neighbor-ip-address transit-area area-number] hierarchy level.



[edit]
protocols {


ospf3 {


area                    area-number                  {


interface                      interface-name                    {
ipsec-sa                      sa-name;
}




virtual-link neighbor-id                      neighbor-ip-address                    transit-area                      area-number           
        {
ipsec-sa                      sa-name;
}


}


}


}

[Contents] [Prev] [Next] [Index] [Report an Error]