There are two ways to perform authentication for OSPFv3: using IPsec and using Authentication Trailer. Authentication Trailer provides an alternative way to authenticate packets, as IPsec may not be suitable in some environments.
Authentication Trailer uses Keychain Manager to manage keys. Keychain Manager provides OSPFv3 the key string and algorithm to use for authentication when a key becomes active, and it will notify OSPFv3 when a key expires. The authentication configuration is per interface or virtual interface, and the corresponding peers need to be configured with the same authentication keys. The maximum length of a key string that OSPFv3 can accommodate is 127 characters, which is the same as the maximum length of a key string currently allowed by Keychain Manager.
The cryptographic algorithms supported are HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512.
Note
OSPFv3 Authentication Trailer does not support the accept tolerance feature of Keychain Manager.This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5420, and 5520 series switches.
Note
Keychain Manager is only supported on the OSPFv3 application and user VR.configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name] authentication [keychain keychain-name | none]
configure ospfv3 virtual-link {routerid} router-identifier {area} area-identifier authentication [keychain keychain_name | none]