Table of Contents
Advertisement
Other Security Features
Keychain
A keychain is a set of up to 64 keys, where each key is {A[i], K[i], V[i], S[i], T[i], S'[i], T'[i]}
as described in draft-bonica-tcp-auth-05.txt, Authentication for TCP-based Routing and
Management Protocols. They keys can be assigned to both sides of a BGP or LDP peer.The
individual keys in a keychain have a begin- and end-time indicating when to use this key.
These fields map to the CLI tree as:
Table 5: Keychain Mapping
Field
Definition
i
The key identifier expressed as an
integer (0...63)
A[i]
Authentication algorithm to use with
key[i]
K[i]
Shared secret to use with key[i].
V[i]
A vector that determines whether
the key[i] is to be used to generate
MACs for inbound segments, out-
bound segments, or both.
S[i]
Start time from which key[i] can be
used by sending TCPs.
T[i]
End time after which key[i] cannot
be used by sending TCPs.
S'[i]
Start time from which key[i] can be
used by receiving TCPs.
T'[i]
End time after which key[i] cannot
be used by receiving TCPs
Page 54
config>system>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
config>system>security>keychain>direction>bi>entry with algorithm
algorithm parameter.
config>system>security>keychain>direction>uni>receive>entry with
algorithm algorithm parameter.
config>system>security>keychain>direction>uni>send>entry with
algorithm algorithm parameter.
config>system>security>keychain>direction>uni>receive>entry with
shared secret parameter
config>system>security>keychain>direction>uni>send>entry with
shared secret parameter
config>system>security>keychain>direction>bi>entry with shared
secret parameter
config>system>security>keychain>direction
config>system>security>keychain>direction>bi>entry>begin-time
config>system>security>keychain>direction>uni>send>entry >begin-
time
Inferred by the begin-time of the next key (youngest key rule).
config>system>security>keychain>direction>bi>entry>begin-time
config>system>security>keychain>direction>bi>entry>tolerance
config>system>security>keychain>direction>uni>receive>entry
>begin-time
config>system>security>keychain>direction>uni>receive>entry >tol-
erance
config>system>security>keychain>direction>uni>receive>entry>end-
time
7950 SR OS System Management Guide
CLI
Advertisement
Table of Contents
