OSPF keychain authentication

Applications such as OSPF can make use of keychain module that provides hitless authentication key rollover. Using the keychain module allows OSPF to overcome the limitation of a static configuration in authentication methods that requires manual intervention to change the key periodically.

For each OSPF protocol packet, a key is used to generate and verify a message digest. The key is valid for the entire duration of the protocol without any option to change the key string or authentication algorithm automatically. The keychain module that functions as a container of keys with different attributes such as an authentication algorithm, a password, and different lifetimes provides OSPF with an option to choose the key that best suits its criteria and automatically change the key ID, password, and cryptographic algorithm without manual intervention. OSPFv2 and OSPFv3 authentication using the keychain can be configured using the ip ospf authentication key-chain and ipv6 ospf authentication keychain commands respectively. For more information on OSPFv2 and OSPFv3 authentication using keychain module, refer to the Ruckus FastIron Layer 3 Routing Configuration Guide.