Bandwidth Reservation Percentage; Information About Implementing Rsvp Authentication; Rsvp Authentication Functions; Rsvp Authentication Design - Cisco ASR 9000 Series Configuration Manual

Implementing RSVP for MPLS-TE

Bandwidth Reservation Percentage

The Bandwidth Reservation Percentage allows the RSVP interface bandwidth to be specified as percentages
of the link's physical bandwidth.

Information About Implementing RSVP Authentication

Before implementing RSVP authentication, you must configure a keychain first. The name of the keychain
must be the same as the one used in the keychain configuration. For more information about configuring
keychains, see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide.
RSVP authentication supports only keyed-hash message authentication code (HMAC) type algorithms.
Note
To implement RSVP authentication on Cisco IOS XR software, you must understand the following concepts:

RSVP Authentication Functions

You can carry out these tasks with RSVP authentication:
• Set up a secure relationship with a neighbor by using secret keys that are known only to you and the
• Configure RSVP authentication in global, interface, or neighbor configuration modes.
• Authenticate incoming messages by checking if there is a valid security relationship that is associated
• Add an integrity object with message digest to the outgoing message.
• Use sequence numbers in an integrity object to detect replay attacks.

RSVP Authentication Design

Network administrators need the ability to establish a security domain to control the set of systems that initiates
RSVP requests.
The RSVP authentication feature permits neighbors in an RSVP network to use a secure hash to sign all RSVP
signaling messages digitally, thus allowing the receiver of an RSVP message to verify the sender of the
message without relying solely on the sender's IP address.
The signature is accomplished on a per-RSVP-hop basis with an RSVP integrity object in the RSVP message
as defined in RFC 2747. This method provides protection against forgery or message modification. However,
the receiver must know the security key used by the sender to validate the digital signature in the received
RSVP message.
Network administrators manually configure a common key for each RSVP neighbor on the shared network.
The following reasons explain how to choose between global, interface, or neighbor configuration modes:
OL-28381-02
neighbor.
based on key identifier, incoming interface, sender address, and destination address.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.3.x
Bandwidth Reservation Percentage
69