Prior to the OSPFv3 Authentication Trailer, OSPFv3 IPsec as defined in RFC 4552 was the only mechanism for authenticating
protocol packets. The OSPFv3 Authentication Trailer feature defines an alternative mechanism to authenticate OSPFv3 protocol
packets that additionally provides a packet replay protection via sequence number and does not have any platform dependencies.
To perform non-IPsec cryptographic authentication, OSPFv3 devices append a special data block, that is, Authentication Trailer,
to the end of the OSPFv3 packets. The length of the Authentication Trailer is not included in the length of the OSPFv3 packet
but is included in the IPv6 payload length. The Link-Local Signaling (LLS) block is established by the L-bit setting in the
“OSPFv3 Options” field in OSPFv3 hello and database description packets. If present, the LLS data block is included along
with the OSPFv3 packet in the cryptographic authentication computation.
A new Authentication Trailer (AT)-bit is introduced into the OSPFv3 Options field. OSPFv3 devices must set the AT-bit in OSPFv3
Hello and Database Description packets to indicate that all the packets on this link will include an Authentication Trailer.
For OSPFv3 Hello and Database Description packets, the AT-bit indicates the AT is present. For other OSPFv3 packet types,
the OSPFv3 AT-bit setting from the OSPFv3 Hello/Database Description setting is preserved in the OSPFv3 neighbor data structure.
OSPFv3 packet types that do not include an OSPFv3 Options field will use the setting from the neighbor data structure to determine
whether or not the AT is expected. The AT-bit must be set in all OSPFv3 Hello and Database Description packets that contain
an Authentication Trailer.
To configure the Authentication Trailer, OSPFv3 utilizes existing Cisco IOS key chain command. For outgoing OSPFv3 packets, the following rules are used to select the key from the key chain:
-
Select the key that is the last to expire.
-
If two keys have the same stop time, select the one with the highest key ID.
The security association (SA) ID maps to the authentication algorithm and the secret key, which is used to generate and verify
the message digest. The following authentication algorithms are supported:
-
HMAC-SHA-1
-
HMAC-SHA-256
-
HMAC-SHA-384
-
HMAC-SHA-512
If the authentication is configured but the last valid key is expired, then the packets are sent using the key. A syslog message
is also generated. If no valid key is available then the packet is sent without the authentication trailer. When packets are
received, the key ID is used to look up the data for that key. If the key ID is not found in the key chain or if the SA is
not valid, the packet is dropped. Otherwise, the packet is verified using the algorithm and the key that is configured for
the key ID. Key chains support rollover using key lifetimes. A new key can be added to a key chain with the send start time
set in the future. This setting allows the new key to be configured on all devices before the keys are actually used.
The hello packets have higher priority than any other OSPFv3 packets and therefore can get re-ordered on the outgoing interface.
This reordering can create problems with sequence number verification on neighboring devices. To prevent sequence mismatch,
OSPFv3 verifies the sequence number separately for each packet type.
See RFC 7166 for more details on the authentication procedure.