RE: Going for R/S in 20 days, studying ISAKMP

From: Antonio Soares (amsoares@netcabo.pt)
Date: Tue Jul 10 2007 - 16:20:15 ART

• Next message: Anis Faruqui: "One Voice on CME & T1"
• Previous message: Mike Kraus \(mikraus\): "RE: BGP path selection process, confederation peer's AS numbers"
• Maybe in reply to: johngibson1541@yahoo.com: "Going for R/S in 20 days, studying ISAKMP"
• Next in thread: John Gibson: "RE: Going for R/S in 20 days, studying ISAKMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

OSPFv3 Authentication is very easy to configure:

+++++++++++++++++++++++++++++++++++++++++++
R4:
!
ipv6 unicast-routing
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
!
interface Serial0/1
 no ip address
 ipv6 address 2001::4/64
 ipv6 ospf 1 area 0
 clock rate 64000
!
ipv6 router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 area 0 authentication ipsec spi 4545 md5 0123456789ABCDEF0123456789ABCDEF
!
+++++++++++++++++++++++++++++++++++++++++++
R5:
!
ipv6 unicast-routing
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.0
!
interface Serial0/1
 no ip address
 ipv6 address 2001::5/64
 ipv6 ospf 1 area 0
!
ipv6 router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 area 0 authentication ipsec spi 4545 md5 0123456789ABCDEF0123456789ABCDEF
!
+++++++++++++++++++++++++++++++++++++++++++
R4#sh ipv6 ospf n

Neighbor ID Pri State Dead Time Interface ID Interface
5.5.5.5 1 FULL/ - 00:00:31 6 Serial0/1
R4#
+++++++++++++++++++++++++++++++++++++++++++
R4#sh ipv6 ospf int s0/1
Serial0/1 is up, line protocol is up
  Link Local Address FE80::213:19FF:FE38:5B20, Interface ID 6
  Area 0, Process ID 1, Instance ID 0, Router ID 4.4.4.4
  Network Type POINT_TO_POINT, Cost: 64
  MD5 Authentication (Area) SPI 4545, secure socket state UP (errors: 0)
<----------------
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:00
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 5.5.5.5
  Suppress hello for 0 neighbor(s)
R4#
+++++++++++++++++++++++++++++++++++++++++++
R5#
R5#sh ipv6 ospf n

Neighbor ID Pri State Dead Time Interface ID Interface
4.4.4.4 1 FULL/ - 00:00:38 6 Serial0/1
R5#
+++++++++++++++++++++++++++++++++++++++++++
R5#sh ipv6 ospf int s0/1
Serial0/1 is up, line protocol is up
  Link Local Address FE80::211:93FF:FEE6:91C0, Interface ID 6
  Area 0, Process ID 1, Instance ID 0, Router ID 5.5.5.5
  Network Type POINT_TO_POINT, Cost: 64
  MD5 Authentication (Area) SPI 4545, secure socket state UP (errors: 0)
<----------------
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:05
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 4.4.4.4
  Suppress hello for 0 neighbor(s)
R5#
+++++++++++++++++++++++++++++++++++++++++++

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Gibson
Sent: terga-feira, 10 de Julho de 2007 3:00
To: eric_dobyns@yahoo.com; 'Narbik Kocharians'
Cc: ccielab@groupstudy.com
Subject: RE: Going for R/S in 20 days, studying ISAKMP

No, I am doing ISAKMP for the TCP connection of the BGP peers.

I heard OSPFv3 can use IPSec but I don't know how.
I can only pray that doesn't show up.

John

--- Eric Dobyns <eric_dobyns@yahoo.com> wrote:

> I think OSPFv3 can use IPSEC for authentication in IPv6, but somehow I
> doubt that's what you were doing with ISAKMP.
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of John Gibson
> Sent: Monday, July 09, 2007 3:37 PM
> To: Narbik Kocharians
> Cc: ccielab@groupstudy.com
> Subject: Re: Going for R/S in 20 days, studying ISAKMP
>
> I fixed my IPSec any ways. Now cranking out BGP aggregate routes.
>
> I am so surprised that locally generated BGP networks can be
> aggregated locally and sent out.
> Used to think only learned routes can be aggregated like that.
>
> If I get CCIE # this round, I must be the least qualified CCIE. Or
> maybe not, this is just minor detail.
>
> John
>
>
> --- Narbik Kocharians <narbikk@gmail.com> wrote:
>
> > ISAKMP is NOT part of R&S track.
> >
> > On 7/9/07, johngibson1541@yahoo.com
> > <johngibson1541@yahoo.com> wrote:
> > >
> > > Have to go back to the right track soon. I set
> > myself up in my lab for
> > > loopback to loopback communication requiring
> IPSec
> > earlier. Now running
> > > loopback to loopback TCP connection for eBGP.
> > Stuck here a day
> > > troubleshooting
> > > ISAKMP. My spirit is deteriorating.
> > >
> > >
> >
>

• Next message: Anis Faruqui: "One Voice on CME & T1"
• Previous message: Mike Kraus \(mikraus\): "RE: BGP path selection process, confederation peer's AS numbers"
• Maybe in reply to: johngibson1541@yahoo.com: "Going for R/S in 20 days, studying ISAKMP"
• Next in thread: John Gibson: "RE: Going for R/S in 20 days, studying ISAKMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART