Routing

 View Only
last person joined: yesterday 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  OSPF Authentication - RFC 2328 vs Junos

    Posted 09-20-2012 08:34

    RFC 2328 recommends and I quote

    The authentication type is configurable on a per-interface (or
    equivalently, on a per-network/subnet) basis.  Additional
    authentication data is also configurable on a per-interface basis.

     This would mean that any enhancements made to provide authentication for all links in an area in a single command should be exactly that, an enhancement.

     

    But Junos documentation and the CLI lead me to believe that OSPF authentication-type in Junos is configurable at the Area level only. The only thing one can configure at the interface level is the authentication-key/message-digest-key.

     

    Does this not break the RFC requirements?

     

    More so than that, is my observation correct that all interfaces on all routers in a single area must use the same authentication-type? There is no way this can be overridden on a per-interface basis?

     

    Thanks,

     

    Nic


    #OSPFauthentication
    #ospf
    #RFC2328


  • 2.  RE: OSPF Authentication - RFC 2328 vs Junos
    Best Answer

    Posted 09-20-2012 15:33

    Hi Juniper supports OSPF authentication at interface level. You can configure authentication type at interface level. ( MD5 or Simple-Password)

     

    R6#set protocols ospf area 1 interface xe-9/0/0.100 authentication ?
    Possible completions:
    + apply-groups         Groups from which to inherit configuration data
    + apply-groups-except  Don't inherit configuration data from these groups
    > md5                  MD5 authentication key
      simple-password      Authentication key



    R6# set protocols ospf area 1 interface xe-9/0/0.100 authentication md5 ?
    Possible completions:
      <key-id>             Key ID for MD5 authentication (0..255)



    R6# set protocols ospf area 1 interface xe-9/0/0.100 authentication simple-password ?
    Possible completions:
      <simple-password>    Authentication key

     

    Regards

    Moses N

     

    -------------------------------------------------------

    If this post answers your question, please mark it as "Accepted Solution".
    Kudos are a nice way of expressing your gratitude



  • 3.  RE: OSPF Authentication - RFC 2328 vs Junos

    Posted 09-21-2012 04:30

    Moses,

     

    Thanks for clearing my misunderstanding.

     

    So, am I correct in stating that both the authentication-type and the authentication/message-digest-key are set using a single command?

     

    I logged on the CLI quickly and my verification with a single router seems to say that 

     

    interface fe-0/0/0.0 authentication simple-password XXXX
    
    interface fe-0/0/0.0 authentication md5 1 key XXXX

     are mutually exclusive. Thus, the first command sets the authentication-type to 1  and key to XXXX and the second command sets the authentication-type to 2 and key to XXXX.

     

    Thank you, that clarifies a lot. I will be doing some labs over the weekend that should verify my observations.

     

    Nic



  • 4.  RE: OSPF Authentication - RFC 2328 vs Junos

    Posted 09-21-2012 05:04

    Hi Nic,

    Yes, That's correct.

     

    Regards

    Moses N

     

    -------------------------------------------------------

    If this post answers your question, please mark it as "Accepted Solution".
    Kudos are a nice way of expressing your gratitude



  • 5.  RE: OSPF Authentication - RFC 2328 vs Junos

    Posted 09-21-2012 07:42

    Just to add some more information to the post, it seems that even the current Junos does not support the area level authentication.

     

    I have a couple of older machines 8.0 where I have the following command

     

    nic@R2# set protocols ospf area 0 authentication-type ?
    Possible completions:
      md5                  MD5 authentication
      none                 No authentication
      simple               Simple password authentication
    [edit]
    nic@R2# run show version
    Hostname: R2
    Model: m10
    JUNOS Base OS boot [8.1R4.3]
    

     

    The command is gone by the Junos 8.5 release.

     

    Thanks again Moses,

     

    Nic