Huawei AR150 Series Configuration Manual page 105
Hide thumbs
Also See for AR150 Series:
- Configuration manual (221 pages) ,
- Configuration manual - device management (132 pages) ,
- Quick start manual (42 pages)
Table of Contents
Advertisement
Huawei AR150&200&1200&2200&3200 Series Enterprise
Routers
Configuration Guide - Device Management
5.
KOD
When a server receives a large number of client access packets within a specified period of time
and cannot bear the load, the KOD function can be enabled on the server to perform access
control. KOD is a brand new access control technology that is put forward in NTPv4, and it is
used by the server to provide information, such as a status report and access control, for the
client.
A KOD packet is a special NTP packet. When the Stratum field in an NTP packet is 0, the packet
is called a KOD packet and the ASCII message it conveys is called kiss code and represents
access control information. Currently, only two types of kiss codes are supported: DENY and
RATE.
After the KOD function is enabled on the server, the server sends kiss code DENY or RATE to
the client based on the configuration.
NOTE
l
l
Authentication
The NTP authentication function can be enabled on networks demanding high security. Different
keys may be configured in different operating modes.
When a user enables the NTP authentication function in a certain NTP operating mode, the
system records the key ID in this operating mode.
l
l
Issue 05 (2014-01-16)
limited: taking effect only when the KoD function is enabled. The rate of incoming packets
is controlled and the kiss code is sent after the KoD function is enabled.
After the KOD function is enabled, the corresponding ACL rule needs to be configured. When the ACL
rule is configured as deny, the server sends the deny kiss code. When the ACL rule is configured as
permit and the rate of NTP packets received reaches the configured upper limit, the server sends the rate
kiss code.
When the client receives kiss code DENY, the client terminates all connections to the server
and stops sending packets to the server.
When the client receives kiss code RATE, the client immediately reduces its polling interval
to the server and continues to reduce the interval each time it receives a RATE kiss code.
Sending process
The system determines whether authentication is required in this operating mode. If
authentication is not required, the system directly sends a packet. If authentication is
required, the system encrypts the packet using the key ID and an encryption algorithm and
sends it.
Receiving process
After receiving a packet, the system determines whether the packet needs to be
authenticated. If the packet does not need to be authenticated, the system directly performs
subsequent processing on the packet. If the packet needs to be authenticated, the system
authenticates the packet using the key ID and a decryption algorithm. If the authentication
fails, the system directly discards the packet. If the authentication succeeds, the system
processes the received packet.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 NTP Configuration
96
Hide quick links:
Advertisement
Table of Contents
