[dev] Regarding ospfv3 authentication

Renato Westphal renato at opensourcerouting.org
Thu Sep 7 12:10:57 EDT 2017 

Hi Bala and Sutharsan,

Here's the RFC 4552 code rebased on top of master:
https://github.com/opensourcerouting/frr/commits/ospfv3-ipsec

And here are two topologies I used to test this code:
https://hastebin.com/esuxutehob.yml
https://hastebin.com/etecusurok.yml

Any feedback will be appreciated. Once I find some time I'll convert
ipsec.c to use netlink and try to get this branch merged in.

Regards,
Renato.

On Thu, Sep 7, 2017 at 2:46 AM, Bala Chandru <chandrubala141 at gmail.com> wrote:
> Thanks Renato. We will apply the patch after rebasing it to master and test
> it.
> Kindly let us know when lib/ipsec.c is completely updated to use Netlink.
>
> Regards,
> Bala
>
> On Wed, Sep 6, 2017 at 9:55 PM, Sutharsan S <sutharsan.ss at gmail.com> wrote:
>>
>> Dear Renato,
>>
>> Thank you for the information. Can you please share us the patch? Probably
>> we shall apply that and test.
>>
>> Best Regards,
>> Sutharsan
>>
>> On Sep 6, 2017 21:45, "Renato Westphal" <renato at opensourcerouting.org>
>> wrote:
>>
>> Hi Bala,
>>
>> Unfortunately it looks like I updated the changelog before getting the
>> RFC 4552 code[1] merged in the repository. Long story short: I got
>> everything working in the last year but my code relies on an external
>> tool (iproute2) to install the IPSec SAs and policies in the Linux
>> kernel, and this is not the ideal thing to do. I started converting
>> the new lib/ipsec.c file to use Netlink instead but for some reason
>> this work was sidetracked and I never finished it. I apologize for
>> this mistake and I'll fix the chengelog until I actually open a Pull
>> Request for this feature. In the meanwhile I can rebase [1] on top of
>> master and send you a patch if you want. Let me know if that would
>> help.
>>
>> Regards,
>> Renato.
>>
>> [1] https://github.com/opensourcerouting/frr/commit/aebe82bb2
>>
>> On Wed, Sep 6, 2017 at 9:00 AM, Bala Chandru <chandrubala141 at gmail.com>
>> wrote:
>> > Hi,
>> >
>> > Does FRR 3.0 supports OSPFv3 authentication?
>> > Though OSPFv3 doesn't have authentication header on its own similar to
>> > OSPFv2, it should use IPSec for authentication.
>> >
>> > Though github claims that it supports RFC 4552.
>> >
>> > Reference Link:
>> >
>> >
>> > https://github.com/FRRouting/frr/wiki/FRR-2.0-%E2%86%92-FRR-3.0-Changelog
>> >
>> > But I couldn't see commands like "ipv6 ospf authentication .." etc.,
>> > Do I miss something?
>> >
>> > Regards,
>> > Bala
>> >
>> >
>> >
>> > _______________________________________________
>> > dev mailing list
>> > dev at lists.frrouting.org
>> > https://lists.frrouting.org/listinfo/dev
>> >
>>
>>
>>
>> --
>> Renato Westphal
>>
>> _______________________________________________
>> dev mailing list
>> dev at lists.frrouting.org
>> https://lists.frrouting.org/listinfo/dev
>>
>>
>



-- 
Renato Westphal

More information about the dev mailing list