R3303-HP HSR6800 Routers Layer 3 - IP Routing Configuration Guide
304
Applying IPsec policies for RIPng
To protect routing information and defend attacks, RIPng supports using an IPsec policy to authenticate
protocol packets.
Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A
device uses the SPI carried in a received packet to match against the configured IPsec policy. If they
match, the device accepts the packet. Otherwise, it discards the packet and does not establish a
neighbor relationship with the sending device.
You can configure an IPsec policy for a RIPng process or interface. The IPsec policy configured for a
process applies to all packets in the process. The IPsec policy configured on an interface applies to
packets on the interface. If an interface and its process each have an IPsec policy configured, the
interface uses its own IPsec policy.
An IPsec policy used for RIPng can only be in manual mode. For more information, see Security
Configuration Guide.
Configuration prerequisites
Before you apply an IPsec policy for RIPng, complete following tasks:
• Create an IPsec proposal.
• Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration procedure
To apply an IPsec policy in a process:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter RIPng view.
ripng [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3. Apply an IPsec policy in the
process.
enable ipsec-policy policy-name Not configured by default.
To apply an IPsec policy on an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Apply an IPsec policy on the
interface.
ripng ipsec-policy policy-name Not configured by default.
Displaying and maintaining RIPng