Additional Features

Support for the following features has been extended to these platforms.

• BGP, OSPF, and OSPFv3 authentication and encryption using manual IPsec SA (MX240, MX480, and MX960 with MX-SPC3, SRX Series devices and vSRX running iked process). OSPF for IPv6, also known as OSPF version 3 (OSPFv3), does not have built-in authentication to ensure that routing packets are not altered and re-sent to the router. Starting in Junos OS Release 22.2R1, you can use IPsec to encrypt and secure BGP, OSPF, and OSPFv3 packets.

  To configure IPsec for BGP, OSPF, and OSPFv3, define a security association (SA) with the security-association sa-name configuration option at the [edit security ipsec] hierarchy level for both MX Series and SRX Series platforms. You then apply the configured SA to the BGP, OSPF, and OSPFv3 configurations.

  [See security-association.]

  To view the configured IPsec SAs for BGP, OSPF, and OSPFv3:

  • On MX240, MX480, and MX960 with MX-SPC3, and on SRX Series devices and vSRX running the iked process, use the show security ipsec control-plane-security-associations command.

    [See show security ipsec control-plane-security-associations.]

  • On MX240, MX480, and MX960 routers with MS-MPC/MS-MIC, use the show ipsec security-associations command.

    [See show ipsec security-associations.]

  • On SRX Series devices running the kmd process, use the show security ipsec security-associations command.

    [See show security ipsec security-associations.]

  Note:

  We do not support this feature with BGP, OSPF, and OSPFv3 over the secure tunnel (st0) interface.

  [See Understanding OSPFv3 Authentication, Using IPsec to Secure OSPFv3 Networks (CLI Procedure), and Example: Configuring IPsec Authentication for an OSPF Interface.]