On Mon, Jan 2, 2012 at 6:27 AM, Chuck Anderson <[email protected]> wrote: > I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there > is no other option than some kind of IPsec for authentication. I'm > also using it for OSPFv2 so I don't have to maintain multiple > authentication methods and keys for the different protocols.
OSPF WG has come out with a mechanism that can be used to secure OSPFv3 without IPsec - http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-11 It should get published as an RFC any time now. BTW, there isnt any standard for using IPsec with OSPFv2, so youre probably using a proprietary solution. I think a better solution is to move to OSPFv3-AT, as its very similar to OSPFv2 authentication. Glen
