Configuring Authentication for OSPFv3
OSPF versionĀ 3 (OSPFv3) provides a method for protecting and securing the OSPF traffic through the router. OSPFv3 uses the IP authentication header (AH) and the IP Encapsulating Security Payload (ESP) to authenticate routing information.
Use ESP with NULL encryption to provide authentication to the OSPFv3 protocol headers only. Use AH to provide authentication to the OSPFv3 protocol headers, portions of the IPv6 header, and portions of the extension headers. Use ESP with non-NULL encryption for full confidentiality.
OSPFv3 authentication uses static keyed IP Security (IPsec) security associations (SAs) similar to BGP IPsec. Tunnel mode SAs and dynamic IPsec SAs using Internet Key Exchange (IKE) authentication are not supported. Dynamic keyed IPsec SAs run on the Routing Engine and do not require a services PIC.
To apply authentication, include the ipsec-sa statement for a specific OSPFv3 interface:
For a list of hierarchy levels at which you can include these statements, see the statement summary sections for these statements.
You specify the IPsec authentication name by including the name option. You configure the actual IPsec authentication separately.
For more information on IPsec, see the Junos System Basics Configuration Guide and the Junos Services Interfaces Configuration Guide.
