Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module

661

662

663

664

665

666

667

668

669

670

Inter Area Rtr LSA Count 0

Group Mem LSA Count 0

Dell#show ipv6 ospf database grace-lsa

Type-11 Grace LSA (Area 0)

LS Age : 10

Link State ID : 6.16.192.66

Advertising Router : 100.1.1.1

LS Seq Number : 0x80000001

Checksum : 0x1DF1

Length : 36

Associated Interface : Gi 5/3

Restart Interval : 180

Restart Reason : Switch to Redundant Processor

OSPFv3 Authentication Using IPsec

Dell Networking OS supports OSPFv3 authentication using IP security (IPsec).

Starting in Dell Networking OS version 8.4.2.0, OSPFv3 uses IPsec to provide authentication for OSPFv3

packets. IPsec authentication ensures security in the transmission of OSPFv3 packets between IPsec-enabled

routers.

IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange

of packets at the IP layer. IPsec supports two encryption modes: transport and tunnel.

• Transport mode — encrypts only the data portion (payload) of each packet, but leaves the header

untouched.

• Tunnel mode — is more secure and encrypts both the header and payload. On the receiving side, an

IPsec-compliant device decrypts each packet.

NOTE: The Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with

IPsec.

With IPsec-based authentication, Crypto images are used to include the IPsec secure socket application

programming interface (API) required for use with OSPFv3.

To ensure integrity, data origin authentication, detection and rejection of replays, and confidentiality of the

packet, RFC 4302 and RFC 4303 propose using two security protocols — authentication header (AH) and

encapsulating security payload (ESP). For OSPFv3, these two IPsec protocols provide interoperable, high-

quality cryptographically-based security.

• HA — IPsec authentication header is used in packet authentication to verify that data is not altered

during transmission and ensures that users are communicating with the intended individual or

organization. Insert the authentication header after the IP header with a value of 51. AH provides

integrity and validation of data origin by authenticating every OSPFv3 packet. For detailed information

about the IP AH protocol, refer to RFC 4302.

• ESP — encapsulating security payload encapsulates data, enabling the protection of data that follows in

the datagram. ESP provides authentication and confidentiality of every packet. The ESP extension header

is designed to provide a combination of security services for both IPv4 and IPv6. Insert the ESP header

after the IP header and before the next layer protocol header in Transport mode. It is possible to insert

the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode.

However, Tunnel mode is not supported in the Dell Networking OS. For detailed information about the

IP ESP protocol, refer to RFC 4303.

Open Shortest Path First (OSPFv2 and OSPFv3) 663