Authentication Trailer

Authentication Trailer for OSPFv3 (as described in RFC 7166) provides an alternative way to authenticate packets, as IPsec may not be suitable in some environments.

Authentication Trailer uses Keychain Manager to manage keys (see Keychain Manager Overview). Keychain Manager provides OSPFv3 the key string and algorithm to use for authentication when a key becomes active, and it will notify OSPFv3 when a key expires. The authentication configuration is per interface or virtual interface, and the corresponding peers need to be configured with the same authentication keys. The maximum length of a key string that OSPFv3 can accommodate is 127 characters, which is the same as the maximum length of a key string currently allowed by Keychain Manager.

The cryptographic algorithms supported are HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512.



OSPFv3 Authentication Trailer does not support the accept tolerance feature of Keychain Manager.

Configuring OSPFv3 Authentication Trailer

To configure Authentication Trailer to provide authentication for OSPFv3 interfaces see Configuring and Using Keychain Manager, or run the following commands:

configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name] authentication [keychain keychain-name | none]

To configure Authentication trailer to provide authentication on OSPFv3 virtual-links, run the following command:

configure ospfv3 virtual-link {routerid} router-identifier {area} area-identifier authentication [keychain keychain_name | none]