Keychains / Key Rotation / hmac-sha keys - OSPF Authentication - Practical OSPF

Подписаться 244 тыс.

Просмотров 6 тыс.

50% 1

How can two routers change the authentication keys they are using without risking a neighbor adjacency going down? That is handled by Key Rotation.
How can we configure more secure hashing algorithms for OSPF authentication like hmac-sha? That is handled by Key Chains.
Both Keychains and Key Rotation are covered in this lesson.
This is lesson 21 of the Practical OSPF series. The full series is available here:
• Practical OSPF
00:00 - Intro
01:33 - Key Rotation using Key IDs
02:42 - GNS3 Topology Introduction
03:37 - Key Rotation Demo -- Key Rollover in progress
10:06 - What happens on the wire during Key Rollover?
13:14 - MD5 sucks - What is SHA? What is HMAC?
14:44 - What are Key Chains?
16:02 - Keychain Demo - backwards compatible using MD5
20:02 - Keychain Demo - hmac-sha
24:06 - Date Based Key Rollover with Keychains
25:12 - Keychain Key Rollover Configuration Example
26:38 - Keychain Key Rotation Demo
29:59 - Keychain Rollover final thoughts
31:17 - Main Takeaways
#ospf #networking #ccnp
================
To learn more about Hashing Algorithms:
• Hashing, Hashing Algor...
To learn more about Data Integrity and HMACs:
• Data Integrity - How H...
================
💬 Join us on Discord:
pracnet.net/discord
📜 Studying for the CCNA? Check out these free resources:
www.practicalnetworking.net/i...
🎯 Full Practical OSPF Series ➡️ pracnet.net/ospf:
• Practical OSPF

Наука

Опубликовано:

16 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 37

@adedejiemmanuel1 Год назад

This is awesome! Everything you teach is always new, and I often gain understanding. Your material is so good that I have to study in many cycles. At the first attempt, one is often tempted to think it's mastered because you're good at what you do, making complex concepts look easy. Cautiously, I know I have to read, watch, and listen a few times more to make it familiar. You are always my reference point, and I cannot thank you enough for this.

@PracticalNetworking Год назад

Thank you, as always, for the kind words Azza. I'm honored to be a part of your learning journey =)

@michalczapnik1988 Год назад

1 of the best or maybe even the best explanation i've seen so far regarding auth in ospf. I was not sure about the date rotation of keys, but it is clear now. Thank you.

@PracticalNetworking Год назад

Thank you for the kind words, Michal. Truly appreciate it.

@scottspa74 Год назад

As always, excellent and informative video. Well organized, too.

@PracticalNetworking Год назад

Thank you, Scott. Cheers !

@ghamari 2 дня назад

Another awesome video

@dc4life_956 7 месяцев назад

Great series!! Thank you

@PracticalNetworking 7 месяцев назад

Glad you enjoyed it =)

@muhammadbinahmedyar5797 Год назад

Excellent tutorial

@PracticalNetworking Год назад

Thank you =)

@amitpatil1900 Год назад

Simply Awesome Ed!! Thank you!!

@PracticalNetworking Год назад

Glad you liked it!

@amitpatil1900 Год назад

@@PracticalNetworking OSPF series completed?

@PracticalNetworking Год назад

@@amitpatil1900 Yes, for now. The series really didn't generate as much traction as I had hoped. After 21 lessons, I'm moving on to another project. I may come back to OSPF and add a few more lessons in the future.

@amitpatil1900 Год назад

@@PracticalNetworking OK, New project means are you coming with new topic?

@PracticalNetworking Год назад

@@amitpatil1900 Yes. TCP/UDP are next, as per the vote results from my community page =)

@sateeshkumar2305 Год назад

Learned a lot from this series! Extremely AWESOME. Will you make one for BGP?

@PracticalNetworking Год назад

Glad you enjoyed it, Sateesh! Lots of folks have asked for BGP. It's on my list, but a few projects are in front of it.

@skeheterammurshed4580 Год назад

thank you so much dude you're a god

@PracticalNetworking Год назад

Heh, thank you. Glad you enjoyed it.

@zulfuqarahmad2780 Год назад

Sir Just make a similar series for BGP as soon as possible.

@user-bg6gv2br5d Год назад

Goat

@PracticalNetworking Год назад

@lucas93177 Год назад

Your videos are fantastic! I still have a question though, is there the concept of youngest key in with the key chain? Which key will be chosen if there are multiple key ids without date and time specified?

@JamesJohnson-st1wf Год назад

Thank you so very much I have learned more from you and your videos than me School has taught me. I don’t know if I asked this but can you do EIGRP or BGP kinda hard to grasp the concept of them???

@PracticalNetworking Год назад

Glad you enjoyed this, James =). I would like to one day do a BGP series, but there are a few other projects on my list I have to finish first. As for EIGRP, I wrote about EIGRP here: EIGRP Explained : www.practicalnetworking.net/stand-alone/eigrp-terminology/ EIGRP Metric : www.practicalnetworking.net/stand-alone/eigrp-metric/ EIGRP Feasibility Condition: www.practicalnetworking.net/stand-alone/eigrp-feasibility-condition/

@Gurben92 Год назад

Could you do a video, or small deepdive about STUN protocol one day?

@PracticalNetworking Год назад

I'll add that to my ever growing list of topics I"d like to cover =)

@himanshibhambhani6704 2 месяца назад

Hey @Ed can you pls tell me what is the purpose of key rotation?

@PracticalNetworking 2 месяца назад

The idea is configuring two routers to rotate to the new key on their own, without it being dependent on the administrating configuring them both at the exact same time. You can imagine a situation without a key rotation feature where one router is configured with the new key, which instantly ends the neighbor relationship with it's peer (and purges the routes learned from that peer), until the new key is configured on the peer. That "in between time" could cause traffic interruption. So it's best practice to use a formal key rotation to avoid that. HTH.

@espartaco2028 Год назад

I´m not certain this will interest you but, there are 1 billion native Spanish speakers. I´m not one. However, as a Spanish learner, English teacher, I know how super difficult it is to find good voices, and you have one. IF you did becoming interested in expanding your audience by 20 or 30,000 of an estimate, I do know for a fact that SPAIN, specially Málaga, is rapidly expanding American-based technology and International company business. They are desperate to learn protocols in the language you provide. The only change I would suggest, if you wish to engage is, preventing the drop off of your final syllable in your words. It´s extremely common where we just barely pronounce the last syllable. Secondly, keep an even meter, which mostly you do. Your material could actually save families from poverty and help folks with dreams they never could have realized otherwise. What you do is important!

@PracticalNetworking Год назад

Thank you for the tips. I don't know if a Spanish audience would make sense for me at the moment... I still feel I have so much left to teach in English ;)

@anandmore7899 Год назад

show conf t--> lol, what?😅

@PracticalNetworking 11 месяцев назад

You caught that, did you ;) When I saw that in the editing I was like "what was I thinking!" Ha!

@justinava1675 Год назад

Dang ospf seems complicated and unpractical. theyre just gonna invent something better and simpler like is-is underlay then overlay using sd access.

@PracticalNetworking Год назад

Maybe... but remember the complication happens over time as different situations arise. It might seem complicated trying to learn it all at once, but as with anything, the longer it's used the more complicated it becomes.