Re: Using AH for Authentication for OSPFv3

[Ramana Yarlagadda <ramana.yarlagadda@analog.com>]

HI,


>I am working on providing authentication for OSPFv3 using IPv6 AH
>extension header.
>
>RFC 2740 suggests using AH/ESP extension headers of IPv6 for OSPF
>authentication but doesn't provide details about how exactly this needs
>to be done.
>
>It seems that OSPFv3 shouldn't need to worry about it and it is kernel's
>responsibility to provide AH authentication for all OSPFv3 packets. This
>way OSPFv3 only receives authenticated packets.

IPSec provides security at IP level so the OSPF may not need any special
mechanism  to provide security services to OSPF data. All you might need
is to configure a policy.


>OSPFv3 uses both multicast and unicast packets. Is there any standard
>way of handling these packets using IPsec AH ??
>
>Is there any standard way of implementing OSPFv3 Authentication using AH
>extension header ?? Is there any vendor out there who has implemented it
>??

The RFC2740 clearly says that OSPF is not doing any Authentication part.
For your reference i am copying the RFC...

Authentication has been removed from the OSPF protocol   itself, instead 
relying
on IPv6's Authentication Header and Encapsulating Security Payload.


>Comments/Suggestions would be highly appreciated.

-cheers
-ramana