Cisco NCS 5500 Series Configuration Manual page 43
Mpls ios xr release 6.2.x
Hide thumbs
Also See for NCS 5500 Series:
- Configuration manuals (268 pages) ,
- Configuration manual (172 pages) ,
- Hardware installation manual (146 pages)
Table of Contents
Advertisement
Implementing RSVP for MPLS-TE
receiver must know the security key used by the sender to validate the digital signature in the received RSVP
message. Network administrators manually configure a common key for each RSVP neighbor on the shared
network. The sending and receiving systems maintain a security association for each authentication key that
they share. For detailed information about different security association parameters, see
Association Parameters, on page 35
You can configure global defaults for all authentication parameters including key, window size, and lifetime.
These defaults are inherited when you configure authentication for each neighbor or interface. However, you
can also configure these parameters individually on a neighbor or interface basis, in which case the global
values (configured or default) are no longer inherited.
Interface and neighbor interface modes unless explicitly configured, inherit the parameters from global
configuration mode as follows:
• Window-size is set to 1.
• Lifetime is set to 1800.
• key-source key-chain command is set to none or disabled.
The following situations explain how to choose between global, interface, or neighbor configuration modes:
• Global configuration mode is optimal when a router belongs to a single security domain (for example,
part of a set of provider core routers). A single common key set is expected to be used to authenticate
all RSVP messages.
• Interface, or neighbor configuration mode, is optimal when a router belongs to more than one security
domain. For example, a provider router is adjacent to the provider edge (PE), or a PE is adjacent to an
edge device. Different keys can be used but not shared.
A security association (SA) is a collection of information that is required to maintain secure communications
with a peer. The following table lists the main parameters that defines a security association
Table 2: Security Association Parameters
Security Association Parameters
src
dst
interface
direction
Lifetime
Sequence Number
key-source
keyID
Description
IP address of the sender.
IP address of the final destination.
Interface of the security association.
Send or receive type of the security association.
Expiration timer value that is used to collect unused
security association data.
Last sequence number that was either sent or accepted
(dependent of the direction type).
Source of keys for the configurable parameter.
Key number (returned form the key-source) that was
last used.
MPLS Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.2.x
RSVP for MPLS-TE Features- Details
Table 2: Security
35
Advertisement
Table of Contents
