The use of cryptographic authentication with the IS-IS protocol has been defined and periodically extended. Specifically, the IS-IS protocol was updated to enable the authentication or all IS-IS Protocol Data Units (PDUs) by including authentication information as part of the PDU. This authentication information is encoded as a Type-Length-Value (TLV) tuple. The type of this authentication information TLV is specified as 10. The length of this TLV can vary and the value of the TLV depends on an authentication algorithm to be used and similar factors. The first octet of the value of the TLV specifies the authentication type. Type 0 is reserved, type 1 indicates a cleartext password, and type 255 is used for routing domain private authentication methods. The remaining portion of the TLV value is referred to as the Authentication Value, which is a field and value to be utilized during the authentication process. Extensions to the cryptographic authentication features of IS-IS have enabled additional types of authentication, mechanisms, and processes to be utilized and standardized for use with IS-IS.
Group key management enables the definition of a chain of authentication keys to be utilized in connection with any type of authentication process. The chain defines an order of use for the authentication keys providing a defined progression of authentication keys to enhance security over a continuous use of a single authentication key. In connection with IS-IS, group key management can he utilized, but the update of the authentication keys across the nodes of a network can potentially disrupt the functioning of the IS-IS protocol during transition from an old authentication key to a new authentication key.