Re: Fwd: OSPF area authentication

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Sat Nov 11 2006 - 15:24:16 ART

• Next message: Alexei Monastyrnyi: "Re: Fwd: OSPF area authentication"
• Previous message: Alexei Monastyrnyi: "Re: confused about network statements"
• Maybe in reply to: Ming Ki Au: "Fwd: OSPF area authentication"
• Next in thread: Alexei Monastyrnyi: "Re: Fwd: OSPF area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think first time should be in sync, then you can give a bit of a gap
in accept life time during rotation on both sides.

key 1
send ZZZ 1993 to time X day Y 2006
accept ZZZ 1993 to time X+15 min day Y 2006

key 2
send time X day Y 2006 to infinity
accept time X-15 min day Y 2006 to infinity

HTH
A

Ming Ki Au wrote:
> Dear all,
>
> Can anyone tell me what is the best practice to do a key rotation with
> minimum impact when I configure area authentication within OSPF?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Alexei Monastyrnyi: "Re: Fwd: OSPF area authentication"
• Previous message: Alexei Monastyrnyi: "Re: confused about network statements"
• Maybe in reply to: Ming Ki Au: "Fwd: OSPF area authentication"
• Next in thread: Alexei Monastyrnyi: "Re: Fwd: OSPF area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART