OSPF authentication supported for IPv6 / OSPFv3?
Cybertinus
bird at cybertinus.nl
Mon Mar 4 20:56:10 CET 2019
Hello Bird users,
I'm trying to get authentication enabled on my OSPF sessions. I'm
running Bird 1.6.4 on Debian 9.8. I have the following config in my
ospf.conf:
protocol ospf ospf1 {
import filter only_loopbacks;
export filter only_loopbacks;
area 0.0.0.0 {
interface "lo";
interface "eno1" {
type pointopoint;
bfd on;
};
interface "eno2" {
type pointopoint;
bfd on;
};
interface "eno3" {
type pointopoint;
bfd on;
authentication cryptographic;
password "Test123";
};
};
}
I include this ospf.conf in both bird.conf and bird6.conf. For IPv4 Bird
it works without an issue and the sessions (over eno3) are
authenticated. For IPv6 I see the following error when I try to load the
config:
# birdc6 configure check
BIRD 1.6.4 ready.
Reading configuration from /etc/bird/bird6.conf
/etc/bird/ospf.conf, line 17: Authentication not supported in OSPFv3
When I check https://bird.network.cz/?get_doc&v=16&f=bird-6.html#ss6.8 I
see the following:
"authentication cryptographic
An authentication code is appended to every packet. The specific
cryptographic algorithm is selected by option algorithm for each key.
The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 and for
OSPFv3 keys is HMAC-SHA-256. Passwords are not sent open via network, so
this mechanism is quite secure. Packets can still be read by an
attacker."
So, I think it should work for IPv6 too. What am I doing wrong? Or did I
hit a bug of some kind?
Kind regards,
Cybertinus
More information about the Bird-users
mailing list