The following example illustrates how MD5 authentication is used to authenticate two neighboring OSPF routers.
In Figure 1, R1 combines the routing message with the pre-shared secret key and calculates the signature using the MD5 algorithm. The signature is also known as a hash value.
In Figure 2, R1 adds the signature to the routing message and sends it to R2.
MD5 does not encrypt the message; therefore, the content is easily readable.
In Figure 3, R2 opens the packet, combines the routing message with the pre-shared secret key and calculates the signature using the MD5 algorithm.
- If the signatures match, then R2 accepts the routing update.
- If the signatures do not match, then R2 discards the update.
OSPFv3 (OSPF for IPv6) does not include any authentication capabilities of its own. Instead it relies entirely on IPSec to secure communications between neighbors using the ipv6 ospf authentication ipsec spi interface configuration mode command. This is beneficial in simplifying the OSPFv3 protocol and standardizing its authentication mechanism.