No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Feature Description - WAN Access 01

This is ME60 V800R010C10SPC500 Feature Description - WAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
OSPF Authentication

OSPF Authentication

OSPF authentication encrypts OSPF packets by adding the authentication field to packets to ensure network security. When a local device receives OSPF packets from a remote device, the local device discards the packets if the authentication passwords carried in these packets do not match the local one, which protects the local device from potential attacks.

In terms of the packet type, the authentication is classified as follows:

  • Area authentication

    Area authentication is configured in the OSPF area view and applies to packets received by all interfaces in the OSPF area.

  • Interface authentication

    Interface authentication is configured in the interface view and applies to all packets received by the interface.

In terms of packet the authentication modes, the authentication is classified as follows:

  • Non-authentication

    Authentication is not required.

  • Simple authentication

    The authenticated party directly adds the configured password to packets for authentication. This authentication mode provides the lowest password security.

  • MD5 authentication

    The authenticated party encrypts the configured password using a Message Digest 5 (MD5) algorithm and adds the ciphertext password to packets for authentication. This authentication mode improves password security. The supported MD5 algorithms include MD5 and HMAC-MD5.

  • Keychain authentication

    A keychain consists of multiple authentication keys, each of which contains an ID and a password. Each key has the lifetime. Keychain dynamically selects the authentication key based on the lifetime. A keychain can dynamically select the authentication key to enhance attack defense.

    Keychain dynamically changes algorithms and keys, which improves OSPF security. For detailed information about Keychain, see the chapter "Keychain" in HUAWEI ME60 Feature Description - Security.

  • HMAC-SHA256 authentication

    A password is encrypted using the HMAC-SHA256 algorithm before it is added to the packet, which improves password security.

OSPF carries authentication types in packet headers and authentication information in packet tails.

The authentication types include:

  • 0: non-authentication

  • 1: simple authentication

  • 2: Ciphertext authentication

Usage Scenario

Figure 6-35 OSPF authentication on a broadcast network

The configuration requirements are as follows:

  • The interface authentication configurations must be the same on all devices on the same network so that OSPF neighbor relationships can be established.

  • The area authentication configurations must be the same on all devices in the same area.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059473

Views: 15627

Downloads: 10

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next