Security Association - Cisco CRS Configuration Manual

Security Association

RSVP Authentication by Using All the Modes: Example, on page 152
Security Association
A security association (SA) is defined as a collection of information that is required to maintain secure
communications with a peer to counter replay attacks, spoofing, and packet corruption.
This table lists the main parameters that define a security association.
Table 3: Security Association Main Parameters
Parameter
src
dst
interface
direction
Lifetime
Sequence Number
key-source
keyID
digest
Window Size
Window
An SA is created dynamically when sending and receiving messages that require authentication. The neighbor,
source, and destination addresses are obtained either from the IP header or from an RSVP object, such as a
HOP object, and whether the message is incoming or outgoing.
When the SA is created, an expiration timer is created. When the SA authenticates a message, it is marked as
recently used. The lifetime timer periodically checks if the SA is being used. If so, the flag is cleared and is
cleaned up for the next period unless it is marked again.
Cisco IOS XR MPLS Configuration Guide for the Cisco CRS Router, Release 5.1.x
120
Implementing RSVP for MPLS-TE and MPLS O-UNI
Description
IP address of the sender.
IP address of the final destination.
Interface of the SA.
Send or receive type of the SA.
Expiration timer value that is used to collect unused
security association data.
Last sequence number that was either sent or accepted
(dependent of the direction type).
Source of keys for the configurable parameter.
Key number (returned form the key-source) that was
last used.
Algorithm last used (returned from the key-source).
Specifies the tolerance for the configurable parameter.
The parameter is applicable when the direction
parameter is the receive type.
Specifies the last window size value sequence number
that is received or accepted. The parameter is
applicable when the direction parameter is the receive
type.