Keychain; Table 4: Keychain Mapping - Alcatel-Lucent 7210 SAS E OS System Management Manual

Keychain

A keychain is a set of up to 64 keys, where each key is {A[i], K[i], V[i], S[i], T[i], S'[i], T'[i]} as
described in draft-bonica-tcp-auth-05.txt, Authentication for TCP-based Routing and
Management Protocols. They keys can be assigned to both sides of a BGP or LDP peer.The
individual keys in a keychain have a begin- and end-time indicating when to use this key.
These fields map to the CLI tree as:

Table 4: Keychain Mapping

Field Definition
i The key identifier expressed as an
integer (0...63)
A[i] Authentication algorithm to use with
key[i]
K[i] Shared secret to use with key[i].
V[i] A vector that determines whether
the key[i] is to be used to generate
MACs for inbound segments, out-
bound segments, or both.
S[i] Start time from which key[i] can be
used by sending TCPs.
7210 SAS-E OS System Management Guide
config>system>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
config>system>security>keychain>direction>bi>entry with algorithm
algorithm parameter.
config>system>security>keychain>direction>uni>receive>entry with
algorithm algorithm parameter.
config>system>security>keychain>direction>uni>send>entry with
algorithm algorithm parameter.
config>system>security>keychain>direction>uni>receive>entry with
shared secret parameter
config>system>security>keychain>direction>uni>send>entry with
shared secret parameter
config>system>security>keychain>direction>bi>entry with shared
secret parameter
config>system>security>keychain>direction
config>system>security>keychain>direction>bi>entry>begin-time
config>system>security>keychain>direction>uni>send>entry >begin-
time
CLI
Page 39
Security