09-01-2023 12:44 PM
Looking at deploying Fabric with ISIS authentication enabled. If we wanted to change the key at a later date, how would we approach that task without breaking all the ISIS adjacencies?
09-06-2023 02:45 AM
Unfortunately the VOSS Fabric ISIS Hello Auth key implementation allows you to set a key-id, but there is no key rotation capability behind it, nor is there any key chain implementation. So if you change the key, the ISIS adjacency will go down. But, with default timers (Hello sent every 9 secs, and adjacency going down after 3 missed hellos) you have about 27 secs, to change the key at both ends of the same link, without the adjacency going down.