why OSPF neighbour authentication ?

Unanswered Question
Oct 11th, 2007

Hi all

I understand the concept of Ospf router authentications as a security breach prevention mechanism, but could someone please explain to me how route authentication is achieved ?

Thanks in Advance

MM

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Thu, 10/11/2007 - 17:22

Maamun, read Edison's link it is all there . but basically when OSPF authentication has been configured on a router the way it works is router authenticates the source of each routing update packets it receives from a neighbor, in other words before learned or advertised routes are exchanged from one OSPF router to another and are participating within the same ospf domain OSPF routers check authentication, if authentication does not match it will not form adjacency and therefore will not receive fraudulent routes from a router unconfigured with same authentication password. It is not the routes that are authenticated.

GillieLucent Thu, 10/11/2007 - 22:40

Hi,

In simple words, a common problem with RIP is that anyone can bring up a bogus RIP router advertising any route, disrupting routing. By authentication in OSPF, a router would have to be given the correct key before it could join the OSPF routing domain. After then, all OSPF protocol exchanges are authenticated.The OSPF packet header (see Section A.3.1 of RFC 2328) includes an authentication type field.

Thanks,

Vijaybabu

Actions

This Discussion