Configuring OSPFv3 Interface Authentication

OSPFv3 supports packet authentication, with which devices accept only the OSPFv3 packets that are authenticated. If OSPFv3 packets fail to be authenticated, OSPFv3 neighbor relationships cannot be established. Configuring OSPFv3 interface authentication improves OSPFv3 network security.

Context

With the increase in attacks on TCP/IP networks and inherent defects and flawed implementation of the TCP/IP protocol suite, the attacks have increasing impacts on the networks. Attacks on network devices may even cause a network crash or lead to network unavailability. Configuring OSPFv3 interface authentication improves OSPFv3 network security. Interface authentication takes effect between neighboring devices' interfaces on which an authentication mode and password are configured. Interface authentication takes precedence over area authentication. For interfaces on the same subnet, the configured authentication mode and password must be identical. This requirement does not apply to the OSPFv3 interfaces on different subnets.

By default, no authentication mode is configured for an OSPFv3 interface. For security purposes, you are advised to configure an authentication mode.

OSPFv3 authentication takes effect in descending order of priority as follows: interface authentication, area authentication, and process authentication.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Configure an authentication mode for the OSPFv3 interface as required.

    • To configure the HMAC-SHA256 or HMAC-SM3 authentication mode for the OSPFv3 interface, run the ospfv3 authentication-mode { hmac-sha256 | hmac-sm3 } key-id KeyId { plain PlainText | [ cipher ] CipherText } [ instance instanceId ] command.

      If you choose plain, the password will be saved as a cleartext in the configuration file, which provokes high security risks. To improve system security, choose ciphertext authentication and change the password periodically.

  4. Run commit

    The configuration is committed.

Parent Topic: Configuring OSPFv3 Authentication
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >