Configuring RSVP authentication

RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. The interfaces at the two ends of a link must use the same authentication key.

RSVP authentication can be configured in the following views:

Configurations in RSVP neighbor view, interface view, and RSVP view are in descending order of priority.

To configure RSVP authentication in RSVP neighbor view:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter RSVP view.

rsvp

N/A

3. Create an RSVP authentication neighbor and enter RSVP neighbor view.

peer ip-address

By default, the device does not have any RSVP authentication neighbors.

4. Enable RSVP authentication for the RSVP neighbor and specify the authentication key.

authentication key { cipher | plain } auth-key

By default, RSVP authentication is disabled.

5. Enable challenge-response handshake for the RSVP neighbor.

authentication challenge

By default, the challenge-response handshake function is disabled.

6. Configure the idle timeout for the RSVP security associations with the RSVP neighbor.

authentication lifetime life-time

By default, the idle timeout is 1800 seconds (30 minutes).

7. Specify the maximum number of out-of-sequence RSVP authentication messages that can be received from the RSVP neighbor.

authentication window-size number

By default, only one RSVP authenticated message can be received out of sequence.

To configure RSVP authentication in interface view:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Enable RSVP authentication on the interface and configure the authentication key.

rsvp authentication key { cipher | plain } auth-key

By default, RSVP authentication is disabled.

Do not enable both RSVP authentication and FRR on the same interface.

4. Enable challenge-response handshake on the interface.

rsvp authentication challenge

By default, the challenge-response handshake function is disabled.

5. Configure the idle timeout for RSVP security associations on the interface.

rsvp authentication lifetime life-time

By default, the idle timeout is 1800 seconds (30 minutes).

6. Specify the maximum number of out-of-sequence RSVP authentication messages that can be received on the interface.

rsvp authentication window-size number

By default, only one RSVP authenticated message can be received out of sequence.

To configure RSVP authentication in RSVP view:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter RSVP view.

rsvp

N/A

3. Enable RSVP authentication globally and configure the authentication key.

authentication key { cipher | plain } auth-key

By default, RSVP authentication is disabled.

4. Enable challenge-response handshake globally.

authentication challenge

By default, the challenge-response handshake function is disabled.

5. Configure the global idle timeout for RSVP security associations.

authentication lifetime life-time

By default, the idle timeout is 1800 seconds (30 minutes).

6. Specify the global RSVP authentication window size—the maximum number of RSVP authenticated messages that can be received out of sequence.

authentication window-size number

By default, only one RSVP authenticated message can be received out of sequence.