Hi Veeru, Is there a need to have the same behaviour? When we had to implement it I remember we followed rule 1 for OSPFv3, but we triggered a trap message before doing so.
Thanks & Regards, Abhinay R On Mon, Mar 8, 2021 at 9:00 AM Veerendranatha Reddy V <veerendranatha.reddy.v=40ericsson....@dmarc.ietf.org> wrote: > > Hi All, > > As per OSPF authentication RFCs , during last key expired/inactive key of > key chain the behavior of authentication process is different between > OSPFv2/v3 > > > > For OSPFv2 from RFC 5709, > > [ From Section 3.2] > > Key storage SHOULD persist across a system restart, warm or cold, to > > avoid operational issues. In the event that the last key associated > > with an interface expires, it is unacceptable to revert to an > > unauthenticated condition, and not advisable to disrupt routing. > > Therefore, the router should send a "last Authentication Key > > expiration" notification to the network manager and treat the key as > > having an infinite lifetime until the lifetime is extended, the key > > is deleted by network management, or a new key is configured. > > > > For OSPFv3 from RFC7166, > > [From Section 3] > > Key storage SHOULD persist across a system restart, warm or cold, > > to avoid operational issues. In the event that the last key > > associated with an interface expires, the network operator SHOULD > > be notified, and the OSPFv3 packet MUST NOT be transmitted > > unauthenticated. > > > > For new implementation for these RFCs, I am requesting to provide the > suggested behavior. > > Sending side: > > Should not send the packet until valid key configured on key chain. > Packet send without authentication. > Packet send with the last expired authentication key. > > > > Receiving side: > > Ignore the packets until valid key configured on key chain. > Accept the packets without authentication. > Accept the packets matches the last expired key. > > > > > > Thanks & Regards, > > Veerendranath > > _______________________________________________ > Lsr mailing list > Lsr@ietf.org > https://www.ietf.org/mailman/listinfo/lsr -- ~♥~♫AbHiNaY♫~♥~∞ _______________________________________________ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr