Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Protocols

  • Support for OSPFv2 HMAC SHA-1 keychain authentication and optimization for multi-active MD5 keys (EX2300, EX2300-C, EX2300-MP, EX2300-VC, EX3400, EX3400-VC, EX4100-24MP, EX4100-24P, EX4100-24T, EX4100-48MP, EX4100-48P, EX4100-48T, EX4100-F-12P, EX4100-F-12T, EX4100-F-24P, EX4100-F-24T, EX4100-F-48P, EX4100-F-48T, EX4300-MP, EX4400-24MP, EX4400-24P, EX4400-24T, EX4400-24X, EX4400-48F, EX4400-48MP, EX4400-48P, EX4400-48T, EX4650, EX4650-48Y-VC, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, MX2020, MX204, MX240, MX304, MX480, MX960)—Starting in Junos OS Release 23.4R1, you can enable OSPFv2 HMAC-SHA1 authentication with keychain to authenticate packets reaching or originating from an OSPF interface.This feature ensures smooth transition from one key to another for OSPFv2 with enhanced security.

    You can enable OSPFv2 to send packets authenticated with only the latest MD5 key after all the neighbors switch to the latest configured key. In Junos OS releases earlier than Release 23.4R1, we support advertising authenticated OSPF packets always with multiple active MD5 keys with a maximum limit of two keys per interface.

    To enable OSPFv2 HMAC-SHA1 authentication, configure the authentication keychain <keychain name> option at the [edit protocols ospf area area-id interface interface_name hierarchy level. To enable optimization of multiple active MD5 keys, configure the delete-if-not-inuse option at the [edit protocols ospf area area-id interface interface_name authentication multi-active-md5] hierarchy level.

    [See Understanding OSPFv2 Authentication.]