OSPF key expire rules violates RFC 2293?
Hi! When an OSPF key lifetime expires then bird stops using that key. E.g. if the configured parameter "generate from time" expires, then bird reverts to an OSPF interface in unauthenticated mode. Is this intentional? Or is it something that can be configured? I think it is not according to the RFC. In appendix D of RFC 2293, the following is stated; "In the event that the last key associated with an interface expires, it is unacceptable to revert to an unauthenticated condition, and not advisable to disrupt routing." Thanks, Kenth
Typo in the RFC number, should of course read RFC 2328. https://tools.ietf.org/html/rfc2328#appendix-D /k On Thu, 2019-09-26 at 15:47 +0000, Kenth Eriksson wrote:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi!
When an OSPF key lifetime expires then bird stops using that key. E.g. if the configured parameter "generate from time" expires, then bird reverts to an OSPF interface in unauthenticated mode.
Is this intentional? Or is it something that can be configured? I think it is not according to the RFC. In appendix D of RFC 2293, the following is stated;
"In the event that the last key associated with an interface expires, it is unacceptable to revert to an unauthenticated condition, and not advisable to disrupt routing."
Thanks, Kenth
On Thu, Sep 26, 2019 at 03:47:39PM +0000, Kenth Eriksson wrote:
Hi!
When an OSPF key lifetime expires then bird stops using that key. E.g. if the configured parameter "generate from time" expires, then bird reverts to an OSPF interface in unauthenticated mode.
Is this intentional? Or is it something that can be configured? I think it is not according to the RFC. In appendix D of RFC 2293, the following is stated;
Hi You are right (although it does not revert to unauthenticated mode, it sends packets marked as authenticated, with zeroed hash). I think it is oversight. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Kenth Eriksson -
Ondrej Zajicek