Re: why OSPF neighbour authentication ?

emaamur2006 · ‎10-11-2007

Hi all

I understand the concept of Ospf router authentications as a security breach prevention mechanism, but could someone please explain to me how route authentication is achieved ?

Thanks in Advance

MM

Edison Ortiz · ‎10-11-2007

Please refer to this sample config and let us know if you still have any questions:

http://www.cisco.com/warp/public/104/25.shtml

JORGE RODRIGUEZ · ‎10-11-2007

Maamun, read Edison's link it is all there . but basically when OSPF authentication has been configured on a router the way it works is router authenticates the source of each routing update packets it receives from a neighbor, in other words before learned or advertised routes are exchanged from one OSPF router to another and are participating within the same ospf domain OSPF routers check authentication, if authentication does not match it will not form adjacency and therefore will not receive fraudulent routes from a router unconfigured with same authentication password. It is not the routes that are authenticated.

Jorge Rodriguez

GillieLucent · ‎10-11-2007

Hi,

In simple words, a common problem with RIP is that anyone can bring up a bogus RIP router advertising any route, disrupting routing. By authentication in OSPF, a router would have to be given the correct key before it could join the OSPF routing domain. After then, all OSPF protocol exchanges are authenticated.The OSPF packet header (see Section A.3.1 of RFC 2328) includes an authentication type field.

Thanks,

Vijaybabu