Improving OSPF Network Security

Usage Scenario

With the increase in attacks on TCP/IP networks and the defects in the TCP/IP protocol suite, network attacks have increasing impacts on the network security. Attacks on network devices may lead to network crash. By configuring OSPF authentication and GTSM, you can improve OSPF network security.

OSPF authentication encrypts OSPF packets by adding the authentication field to packets to ensure network security. A local device checks the authentication field in OSPF packets received from a remote device, and discards the packets if they do not contain the same authentication password as the locally configured one, thereby achieving self-protection.

Based on the packet type, authentication is classified into the following types:

• Area authentication: configured in the OSPF area view and applies to packets on all interfaces in the OSPF area.

• Interface authentication: configured in the interface view and applies to all packets on the interface.

The NetEngine 8000 F supports OSPF GTSM. For detailed configuration of OSPF GTSM, refer to the HUAWEI NetEngine 8000 F Series Configuration Guide - Security

Pre-configuration Tasks

Before improving OSPF network security, complete the following tasks:

• Configure a link layer protocol.

• Configure IP addresses for interfaces to ensure that neighboring nodes are reachable at the network layer.

• Configure basic OSPF functions.

• Configure a keychain