Technical Documentation

Option: Securing OSPFv3 Networks with Transport Mode

OSPF version 3 (OSPFv3), unlike OSPF version 2, does not have a built-in authentication method and relies on IPSec to provide this functionality. Using the ES PIC syntax, you can use IPSec to secure OSPFv3 between Routing Engines in M Series and T Series platforms. You can secure specific OSPFv3 interfaces and protect OSPFv3 virtual links. To configure, create a transport mode security association and apply the SA to the OSPFv3 configuration by including the ipsec-sa statement at the [edit protocols ospf3 area area-number interface interface-name] or [edit protocols ospf3 area area-number virtual-link neighbor-id neighbor-ip-address transit-area area-number] hierarchy level.

[edit]protocols {ospf3 {area area-number {interface interface-name {ipsec-sa sa-name;}virtual-link neighbor-id neighbor-ip-address transit-area area-number {ipsec-sa sa-name;}}}}

Published: 2010-04-15