IGP authentication key rollover? posted 09/25/2006
- Subject: IGP authentication key rollover?
- From: "Tony Paterra" <apaterra@xxxxxxxxx>
- Date: Mon, 25 Sep 2006 19:56:38 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JfVVNjxFjYnoBa43gh8inUCU8jZM7cnQnpLx3JxWLyW+YLscMC3jMVA4wTpvZpN5FE5uEfmQrjcC2lrIwxJNmrDm3lg2rShe5h3H5IVr6kzhHSev5jpqmb00VmxTpbcKE0Xwy8RS2l+IVJTToFBkJ+Vgk4q9RJcnqIgBPjaQHB8=
I am looking for an explanation of IGP authentication protocols. For
OSPF, I've seen mentions of the highest common key ID is the one that
is accepted to auth peers. How does this work with rollover though?
Can it be time-based like EIGRP?
Also with EIGRP and the accept/send timeframes... If there is an
overlap between 2 of the keys, they are both accepted as long as the
keys are both inside the 'accept' time window right?
Thanks in advance,