Alcatel-Lucent 7450 Manual page 301

RSVP sender complies to the procedures for RSVP message generation in RFC 2747, RSVP
Cryptographic Authentication.
A RSVP receiver uses the key together with the authentication algorithm to process received RSVP
messages.
When a PLR node switches the path of the LSP to a bypass LSP, it does not send the Integrity object
in the RSVP messages sent over the bypass tunnel. If the PLR receives an RSVP message with an
Integrity object, it will perform the digest verification for the key of the interface over which the
packet was received. If this fails, the packet is dropped. If the received RSVP message is a RESV
message and does not have an Integrity object, then the PLR node will accept it only if it originated
from the MP node.
An MP node will accept RSVP messages received over the bypass tunnel with and without the
Integrity object. If an Integrity object is present, the proper digest verification for the key of the
interface over which the packet was received is performed. If this fails, the packet is dropped.
The MD5 implementation does not support the authentication challenge procedures in RFC 2747.
The no form of this command disables authentication.
Default no authentication-key - The authentication key value is the null string.
Parameters
authentication-key — The authentication key. The key can be any combination of ASCII characters
hash-key — The hash key. The key can be any combination of up 33 alphanumeric characters. If
hash — Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key
hash2 — Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is
auth-keychain
Syntax auth-keychain name
Context config>router>rsvp>interface
Description This command configures an authentication keychain to use for authentication of protocol messages
sent and received over the associated interface. The keychain must include a valid entry to properly
authenticate protocol messages, including a key, specification of a supported authentication
algorithm, and beginning time. Each entry may also include additional options to control the overall
lifetime of each entry to allow for the seamless rollover of without affecting the protocol adjacencies.
The no form of the auth-keychain command removes the association between the routing protocol
and any keychain currently used.
Default no auth-keychain
7450 ESS MPLS Guide
up to 16 characters in length (unencrypted). If the string contains special characters (#, $, spaces,
etc.), the entire string must be enclosed within double quotes.
spaces are used in the string, enclose the entire string in quotation marks (" ")
This is useful when a user must configure the parameter, but for security purposes, the actual
unencrypted key value is not provided.
is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted
form in the configuration file with the hash parameter specified.
not used, the less encrypted hash form is assumed.
MPLS and RSVP
Page 301