No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


OSPF/OSPFv3 packet authentication

OSPF/OSPFv3 supports packet authentication. Only OSPF/OSPFv3 packets that are authenticated can be received. If packets fail to be authenticated, a neighbor relationship cannot be established. When area authentication is used, all the routers in an area must have the same area authentication mode and password. Interface authentication is implemented by setting an authentication mode and password between neighboring routers. Interface authentication takes precedence over area authentication.

OSPFv3 IPsec

Relevant standards(Authentication/Confidentiality for OSPFv3) define the use of the IP Security (IPsec) mechanism to authenticate OSPFv3 packets.

  • Confidentiality: ESP is used to provide confidentiality. When confidentiality is enabled, a device discards the OSPFv3 packets that are not protected with ESP and the packets that fail confidentiality checks.

  • Data authentication: When OSPFv3 authentication is enabled, a device discards the OSPFv3 packets that are not protected with AH or ESP and the packets that fail authentication checks.

All OSPFv3 instances running over the same interface use the same SA.

OSPFv3 starts sending packets using IPsec authentication and notifies the lower layers to check received packets with IPsec authentication. The lower layers will check all the received packets, and the packets which fail the check will be discarded silently.

Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 7599

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next