Hi, On Thu, Jan 06, 2011 at 06:45:48AM +0100, Mikael Abrahamsson wrote: > I think it's a mistake of people implementing IPv6 protocols to design > them so that they have to rely on IPSEC for their > authentication/encryption, at least initially when IPSEC support seems to > be quite incomplete for platforms.
That's a somewhat philosophical question - IPv6 mandates(!) IPSEC support, so protocol designers are doing the right thing in relying on established crypto infrastructure that's supposed to be already there and well-tested, instead of every one inventing their own scheme again and again. Now, in real life, things tend to not work out that way - OSPFv3 is there, IPSEC for IPv6 isn't. So who's to blaim, the protocol designers, or the vendors that choose to implement only bits and pieces of the protocol suite? But anyway, I seem to remember that OSPF+IPSEC is there on IOS... FN agrees with me: http://tools.cisco.com/ITDIT/CFN/Dispatch?act=featdesc&task=display&featureId=2261 "IPv6 Security: IPv6 IPSec to Authenticate OSPFv3" http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-ospf.html#wp1069880 "To use the IPsec AH, you must enable the ipv6 ospf authentication command..." Now the interesting question is whether this is available in any reasonable subset of IOS versions... the URL above claims it was added to 12.4(9)T, and doesn't say a word about 12.2SX/12.2SR trains. FN says it was added to 12.3(4)T, but nothing about 12.2SX/R or IOS XR/IOS XE either. So, for the original poster, this won't help. (Please go to your BU and complain that IOS feature distribution sucks big time...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpuMLg4H6uy0.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
