Configuring RSVP authentication
RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. The interfaces at the two ends of a link must use the same authentication key.
RSVP authentication can be configured in the following views:
RSVP view—Configuration in this view applies to all RSVP security associations.
RSVP neighbor view—Configuration in this view applies only to RSVP security associations with the specified RSVP neighbor.
Interface view—Configuration in this view applies only to RSVP security associations established on the current interface.
Configurations in RSVP neighbor view, interface view, and RSVP view are in descending order of priority.
To configure RSVP authentication in RSVP neighbor view:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter RSVP view. | rsvp | N/A |
3. Create an RSVP authentication neighbor and enter RSVP neighbor view. | peer ip-address | By default, the device does not have any RSVP authentication neighbors. |
4. Enable RSVP authentication for the RSVP neighbor and specify the authentication key. | authentication key { cipher | plain } auth-key | By default, RSVP authentication is disabled. |
5. Enable challenge-response handshake for the RSVP neighbor. | authentication challenge | By default, the challenge-response handshake function is disabled. |
6. Configure the idle timeout for the RSVP security associations with the RSVP neighbor. | authentication lifetime life-time | By default, the idle timeout is 1800 seconds (30 minutes). |
7. Specify the maximum number of out-of-sequence RSVP authentication messages that can be received from the RSVP neighbor. | authentication window-size number | By default, only one RSVP authenticated message can be received out of sequence. |
To configure RSVP authentication in interface view:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Enable RSVP authentication on the interface and configure the authentication key. | rsvp authentication key { cipher | plain } auth-key | By default, RSVP authentication is disabled. Do not enable both RSVP authentication and FRR on the same interface. |
4. Enable challenge-response handshake on the interface. | rsvp authentication challenge | By default, the challenge-response handshake function is disabled. |
5. Configure the idle timeout for RSVP security associations on the interface. | rsvp authentication lifetime life-time | By default, the idle timeout is 1800 seconds (30 minutes). |
6. Specify the maximum number of out-of-sequence RSVP authentication messages that can be received on the interface. | rsvp authentication window-size number | By default, only one RSVP authenticated message can be received out of sequence. |
To configure RSVP authentication in RSVP view:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter RSVP view. | rsvp | N/A |
3. Enable RSVP authentication globally and configure the authentication key. | authentication key { cipher | plain } auth-key | By default, RSVP authentication is disabled. |
4. Enable challenge-response handshake globally. | authentication challenge | By default, the challenge-response handshake function is disabled. |
5. Configure the global idle timeout for RSVP security associations. | authentication lifetime life-time | By default, the idle timeout is 1800 seconds (30 minutes). |
6. Specify the global RSVP authentication window size—the maximum number of RSVP authenticated messages that can be received out of sequence. | authentication window-size number | By default, only one RSVP authenticated message can be received out of sequence. |