[130255] in North American Network Operators' Group
Re: OSPFv3 Authentication
daemon@ATHENA.MIT.EDU (Manav Bhatia)
Thu Sep 30 12:53:34 2010
In-Reply-To: <AANLkTingr7CKniWzJ=nPjYs8LdEBLjoZF5kLCAOg1QLp@mail.gmail.com>
Date: Thu, 30 Sep 2010 22:23:22 +0530
From: Manav Bhatia <manavbhatia@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
I received 12 responses for the query that i had put up.
o 1 response stated that the provider was using IS-IS for IPv6 and not
using any authentication.
o 7 responses where OSPFv3 was being used without any authentication.
o 2 responses where OSPFv3 is being used with authentication
o 2 responses where they were using OSPFv2 with authentication turned on.
I asked the 7 people who had replied in negative about why they were
not using authentication with OSPFv3. 5 responded stating a mix of the
following reasons:
o IPsec not available on all platforms
o IPsec required interoperability testing, which was perceived as a hassle
o Troubleshooting becomes much harder. OSPF operation should be kept
as simple as possible, especially when used in the core.
o Complex configuration
o Required coordination between different boxes which is a deterrent.
o IPSec on some platforms requires a special license which can be expensive.
o Unsure of how well is the IPsec implemented on the boxes
Cheers, Manav
On Tue, Sep 28, 2010 at 5:33 AM, Manav Bhatia <manavbhatia@gmail.com> wrote:
> Hi,
>
> I am doing a survey and was interested in knowing if network operators
> are using OSPFv3 with authentication [RFC 4552] turned on? I know that
> most providers turn on authentication with OSPFv2, but given that
> OSPFv3 needs IPsec integration and can thus get little cumbersome to
> configure, wanted to understand if a similar % of folks also turn on
> authentication for OSPFv3?
>
> You can unicast me your responses (if you dont wish to share it on the
> list) and i will collate all data and post a summary on the list.
>
> Cheers, Manav
>
