Configuring Cryptographically Generated Addresses for Secure Neighbor Discovery
The Secure Neighbor Discovery (SEND) Protocol uses cryptographically generated addresses (CGAs), as defined in RFC 3972, Cryptographically Generated Addresses, to ensure that the sender of a Neighbor Discovery Protocol (NDP) message is the “owner” of the claimed address. Each node must generate a public-private key pair before it can claim an address. The CGA is included in all outgoing neighbor solicitation and neighbor advertisement messages.
To configure parameters for CGAs, include the following statements:
For information about how to configure parameters for cryptographic addresses, see the following sections:
Specifying the Pathname for the Key File
A cryptographic address is dynamically generated based on a public key and a subnet prefix. The private-public key file that is generated is placed by default in the /var/etc/rsa_key directory. You can a specify a pathname for that file. Include the key-pair pathname statement:
For a complete list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement.
Specifying the RSA Key Length
You can specify the length of the RSA key used to generate the CGA public-private pair. The default is 1024 bits, and you can specify a value from 1024 through 2048. Include the key-length number statement:
For a complete list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement.
