OSPFv3 / EIGRPv6 Authentication

Can anyone explain to me the reasons why OSPFv3 doesnt use authentication due to the authentication inherent in IPv6, but EIGRP does?  If it doesnt need it, then why would CISCO have applied it to EIGRP?  From Doyles book:

"Removal of OSPF-specific authentication: IPv6 has, using the Authentication extension header, a standard authentication 

procedure. Because of this, OSPFv3 has no need for its own authentication of OSPFv3 packets; it just uses IPv6 

authentication."

Why doesn't EIGRPv6 do the same thing?

Comments

  • Hi,

    Because Cisco decided so; one technical reason could be that EIGRP uses TLV's for authentication, for both IPv4 and IPv6 AFs; there was no real use-case to implement the IPv6 AH authentication for EIGRP. With OSPF this is different as first of all for IPV6 they had to change the protocol behaviour and design, they came up with OSPFv3 which does not use TLVs and they decided to make use of the built-in IPV6 AH header.

    BGP runs on top of layer 4, thus still uses TCPoption 19 for authentication, IS-IS runs on top  of layer2, thus it cannot make use of the layer 3 header, it has to use its own authentication mechanism. RIPng runs on top of layer4, but based on the RFC, a implementation can either use the built-in IPV6 AH header or rely on an IPsec tunnel to protect RIP packets, With Cisco implementation you need the IPsec tunnel.

    Regards,

    Cristian.

Sign In or Register to comment.