< Home

OSPF Packet Authentication

This section describes the classification and the application of OSPF packet authentication,

OSPF packet authentication encrypts OSPF packets by adding the authentication field to packets to ensure network security. When a local device receives OSPF packets from a remote device, the local device discards the packets if finding that the authentication passwords do not match. This protects the local device.

Classification of Authentication

According to the types of packets, the authentication is classified into the following:

  • Area authentication

    This authentication is configured in the OSPF area view and applies to the packets received by all the interfaces in the OSPF area.

  • Interface authentication

    This authentication is configured in the interface view and applies to all the packets received by the interface.

According to the authentication modes of packets, the authentication is classified into the following:

  • Non-authentication

    Authentication is not required.

  • Simple authentication

    The authenticated party directly adds the configured password to packets for authentication. This imposes security threats.

  • MD5 authentication

    The authenticated party encrypts the configured password using a Message Digest 5 (MD5) algorithm and adds the ciphertext password to packets for authentication. This authentication mode improves password security. The supported MD5 algorithms are MD5 and HMAC-MD5.

  • Keychain authentication

    A keychain consists of multiple authentication keys, each of which contains an ID and a password. Each key has the lifecycle. According to the life cycle of the key, you can dynamically select different authentication keys from the keychain. A keychain can dynamically select the authentication key to enhance attack defense.

    Keychain provides authentication protection for OSPF by dynamically changing algorithms and keys to improve the security of OSPF.

  • HMAC-SHA256 authentication

    The HMAC-SHA256 algorithm use to encrypt a password before adding the password to the packet, which improves password security.

OSPF carries authentication types in packet headers and authentication information in packet tails.

The authentication types include:

  • 0: Non-authentication

  • 1: Simple authentication

  • 2: Ciphertext authentication

Application Environment

Figure 1 Networking for OSPF packet authentication on a broadcast network

The configuration requirements are as follows:

  • OSPF neighbor relationships can be set up between multiple devices on the same network only when interface authentication is configured in the same manner on all the devices.

  • When multiple devices are in the same area, you must configure area authentication in the same manner on all the devices.

Parent Topic: Understanding OSPF
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >