The IPv4 version of the OSPF routing protocol can use a shared secret to authenticate routers before forming an adjacency, in order to prevent rogue routers from affecting the routing table. Because the IPv6 specification mandates that IPSec be included in any implementation of an IPv6 network stack, the internal authentication feature of OSPF is no longer required, and has been removed from OSPFv3 (the IPv6 version of the protocol).

So if we want to authenticate neighbour routers in OSPFv3, IPSec AH needs to be set up. Cisco makes this fairly easy, however it’s a little harder under Linux because the routing service doesn’t handle the encryption internally.
Read the rest of this entry »