Hi Job and Stuart, Thanks for your reply. I know the ospfv3 authentication relies on IPsec. But I'm still a little confused with the words: "The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 and for OSPFv3 keys is HMAC-SHA-256." I found such words in BIRD 2.0.0 User's Guide section 6.7.2: authentication cryptographic An authentication code is appended to every packet. The specific cryptographic algorithm is selected by option algorithm for each key. The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 and for OSPFv3 keys is HMAC-SHA-256. Passwords are not sent open via network, so this mechanism is quite secure. Packets can still be read by an attacker. maybe the document should be updated to make clear. Thanks. Best regards, Derek Pan -----Original Message----- From: Job Snijders [mailto:job@instituut.net] Sent: Thursday, March 15, 2018 6:54 PM To: Stuart Henderson <stu@spacehopper.org> Cc: Derek Pan <DPan@advaoptical.com>; bird-users@network.cz; Asky Lee <ALee@advaoptical.com> Subject: Re: Authentication in OSPFv3 On Thu, Mar 15, 2018 at 10:45:09AM +0000, Stuart Henderson wrote:

On 2018/03/15 08:45, Derek Pan wrote:

...

when I create a ospfv3 instance with authentication info, and I get the output: “Authentication not supported in OSPFv3”

do you have a plan to support it or not ?

It's not BIRD. OSPFv3 doesn't support authentication.

Indeed, please review: http://packetlife.net/blog/2008/sep/3/ospfv3-authentication/ Kind regards, Job

Hi Ondrej, Got it. It's very clear. Thanks. Best regards, Derek Pan ADVA Shenzhen -----Original Message----- From: Ondrej Zajicek [mailto:santiago@crfreenet.org] Sent: Saturday, March 17, 2018 7:08 AM To: Derek Pan <DPan@advaoptical.com> Cc: Job Snijders <job@instituut.net>; Stuart Henderson <stu@spacehopper.org>; bird-users@network.cz; Asky Lee <ALee@advaoptical.com> Subject: Re: Authentication in OSPFv3 On Fri, Mar 16, 2018 at 01:58:33AM +0000, Derek Pan wrote:

Hi Job and Stuart,

Thanks for your reply.

I know the ospfv3 authentication relies on IPsec. But I'm still a little confused with the words: "The default cryptographic algorithm for OSPFv2 keys is Keyed-MD5 and for OSPFv3 keys is HMAC-SHA-256."

Hi We currently do not support authentication in OSPFv3, but we have some WiP on RFC 7166, and this note in documentation gets here from that. So, when we will have RFC 7166, default would be HMAC-SHA-256. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."