Hi Joel, > Hi, I'm an operator... > > And I use ospf cryptographic authentication to preclude the accidental > introduction of new router's in datacenter environments. Just because two > devices are connected to the same broadcast domain does not mean they should > form an adjacency.
Why dont you use cleartext for that? This would avoid "accidental" adjacency formation between two unrelated routers on the same lan, unless one of them actively snoops the packets from the other, and tries forming an adjacency with that router. I see one advantage in using crypto - In data center environments most folks can see packets from others since they share the same bcast domain. In such cases, somebody can bring up a session with a different OSPF router if there is no auth or cleartext used. This cant be done with crypto though. Somebody can also launch attacks on the other. Is this the reason for using crypto auth? Glen _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
