Ntp For Mpls L3Vpn Instances - HPE FlexNetwork 5510 HI Series Network Management And Monitoring Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Security configuration manual (551 pages) ,
- Mpls configuration manual (505 pages)
Table of Contents
Advertisement
NTP authentication
Use this feature to authenticate the NTP messages for security purposes. If an NTP message
passes authentication, the device can receive it and get time synchronization information. If not, the
device discards the message. This function makes sure the device does not synchronize to an
unauthorized time server.
Figure 7 NTP authentication
Message
Sender
As shown in
1.
The sender uses the key identified by the key ID to calculate a digest for the NTP message
through the MD5 algorithm. Then it sends the calculated digest together with the NTP message
and key ID to the receiver.
2.
Upon receiving the message, the receiver performs the following tasks:
a. Finds the key according to the key ID in the message.
b. Uses the key and the MD5 algorithm to calculate the digest for the message.
c. Compares the digest with the digest contained in the NTP message.
− If they are the same, the receiver accepts the message.
− If they are different, the receiver discards the message.
In Release 1121 and later, NTP authentication is performed as follows:
3.
The sender uses the key identified by the key ID to calculate a digest for the NTP message
through the specified authentication algorithm. Then it sends the calculated digest together with
the NTP message and key ID to the receiver.
4.
Upon receiving the message, the receiver performs the following actions:
a. Finds the key according to the key ID in the message.
b. Uses the key and the specified authentication algorithm to calculate the digest for the
message.
c. Compares the digest with the digest contained in the NTP message.
− If they are different, the receiver discards the message.
− If they are the same, the local device determines whether the sender is allowed to use
NTP for MPLS L3VPN instances
In an MPLS L3VPN network, the device supports multiple VPN instances when:
•
It functions as an NTP client to synchronize with the NTP server.
•
It functions as a symmetric active peer to synchronize with the symmetric passive peer.
Only the client/server and symmetric active/passive modes support VPN instances.
Message
Key ID
Compute the
Digest
digest
Key value
Figure
7, NTP authentication is performed as follows in Release 1111 and later:
the authentication ID. If the sender is allowed to use the authentication ID, the receiver
accepts the message. If the sender is not allowed to use the authentication ID, the
receiver discards the message.
Sends to the
Message
receiver
Key ID
Digest
11
Key value
Compute the
Digest
digest
Compare
Receiver
- Quick Links:
- Configuring Ntp
- Configuring Snmp
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
