In Open Shortest Path First version 3 (OSPFv3) authentication, an authentication field is added to each OSPFv3 packet for encryption. When a local device receives an OSPFv3 packet from a remote device, the local device discards the packet if the authentication password carried in the packet is different from the local one, which protects the local device against potential attacks. Therefore, OSPFv3 authentication improves network security.
Based on the applicable scope, OSPFv3 authentication is classified as follows:
Area authentication
This authentication is configured in the OSPFv3 area view and applies to packets received by all interfaces in an OSPF area.
Process authentication
This authentication is configured in the OSPFv3 view and applies to all packets in an OSPF process.
Interface authentication
This authentication is configured in the interface view and applies to all packets received by the interface.
Based on the authentication types carried in packets, OSPFv3 authentication is classified as follows:
Keychain authentication
A keychain consists of multiple authentication keys, each of which contains an ID and a password. The keys in the keychain are dynamically selected for authentication based on the key's lifetime, which enhances attack defense.
Keychain provides authentication for OSPFv3 and improves OSPFv3 security by dynamically changing authentication algorithms and keys. Keychain can be used to authenticate OSPFv3 packets and the process of establishing a Transmission Control Protocol (TCP) connection.
HMAC-SHA256 authentication
In HMAC-SHA256 authentication, a password is encrypted using the HMAC-SHA256 algorithm before being added to a packet, which improves password security.
Each OSPFv3 packet carries an authentication type in the header and authentication information in the tail.
The authentication types are as follows: