topic Re: Will EIGRP Support Encryption to Secure the Hello Packets? in Network Security

Will EIGRP Support Encryption to Secure the Hello Packets?

AudieO — Fri, 17 Jun 2022 17:19:16 GMT

Hello Cisco Experts,

Aside SHA Authentication, for long time OSPFv3 can encrypt the Hello packets using IPSec ESP. Thus nobody can see the LSA Updates! Will EIGRP have the same feature?

Thank You,

Audie

Re: Will EIGRP Support Encryption to Secure the Hello Packets?

Flavio Miranda — Fri, 17 Jun 2022 17:48:34 GMT

It does also.

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/82110-eigrp-authentication.html

"EIGRP message authentication is added to the interface of a router, that router stops receiving routing messages from its peers until they are also configured for message authentication. This does interrupt routing communications on your network. See Messages When Only Dallas is Configured for more information."

Re: Will EIGRP Support Encryption to Secure the Hello Packets?

AudieO — Fri, 17 Jun 2022 18:23:18 GMT

Thanks for replying Flavio....yes the SHA authentication has been out for sometime, but my question is for encrypting the EIGRP Hello packets. OSPFv3 can perform this encryption. The OSPF Hello packets are encrypted and encapsulated inside ESP

Re: Will EIGRP Support Encryption to Secure the Hello Packets?

balaji.bandi — Fri, 17 Jun 2022 18:46:08 GMT

Aside SHA Authentication, for long time OSPFv3 can encrypt the Hello packets using IPSec ESP. Thus nobody can see the LSA Updates! Will EIGRP have the same feature?

OSPFv3 is an open standard and v3 is much-improved version of OSPF, so you will not be getting the same features when you compare Eigrp vs OSPFv3.

what is the use case here for encryption

Re: Will EIGRP Support Encryption to Secure the Hello Packets?

AudieO — Sat, 18 Jun 2022 13:32:39 GMT

Thanks for replying BB!

The default Hello packets can be captured, and will provide a sophisticated hacker some glimpse of EIGRP topology. Anyone can capture from a switch the Hello packets using Wireshark, and see the contents of the Hello packets.

I urge you to see the OSPFv3 Hello packets when the encryption feature is enabled...no Hello packets! You will see only IPSec ESP packets. The hello packets are encrypted, and encapsulated within ESP packets. I just hope EIGRP would have the same feature.