8.14 基于IPSEC的OSPFv3保护

1.NE1

#ipsec proposal
system-view immediately 
sysname NE1
ipsec proposal pps1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256

#ipsec sa
ipsec sa ospfv3-ne1-ne2
proposal pps1
 sa spi inbound ah 12345
 sa string-key inbound ah cipher hw123456
 sa spi outbound ah 54321
 sa string-key outbound ah cipher hw654321

#配置OSPF
ospfv3 1
router-id 1.1.1.1
area 0

#接口拥有ipsec sa
interface Ethernet1/0/0
 ipv6 enable
 ipv6 address 12::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 ipsec sa ospfv3-ne1-ne2

2.NE2

system-view immediately 
sysname NE2
#ipsec proposal
ipsec proposal pps1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256

#ipsec sa
ipsec sa ospfv3-ne2-ne1
proposal pps1
 sa spi inbound ah 54321
 sa string-key inbound ah cipher hw654321
 sa spi outbound ah 12345
 sa string-key outbound ah cipher hw123456

#配置OSPF
ospfv3 1
router-id 2.2.2.2
area 0

#接口应用
interface Ethernet1/0/0
 ipv6 enable
 ipv6 address 12::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 ipsec sa ospfv3-ne2-ne1

display ospfv3 peer
Neighbor ID      Pri State            Dead Time  Interface          Instance ID
2.2.2.2            1 Full/Backup      00:00:33   Eth1/0/0              0