Global, Interface, And Neighbor Authentication Modes - Cisco CRS Configuration Manual
Ios xr mpls configuration guide
Hide thumbs
Also See for CRS:
- User manual (304 pages) ,
- Configuration manual (292 pages) ,
- Command reference manual (155 pages)
Table of Contents
Advertisement
Implementing RSVP for MPLS-TE and MPLS O-UNI
Global configuration mode configures the defaults for interface and neighbor interface modes. These modes,
unless explicitly configured, inherit the parameters from global configuration mode, as follows:
• Window-size is set to 1.
• Lifetime is set to 1800.
• key-source key-chain command is set to none or disabled.
Related Topics
Configuring a Lifetime for an Interface for RSVP Authentication, on page 139
RSVP Authentication by Using All the Modes: Example, on page 152
Global, Interface, and Neighbor Authentication Modes
You can configure global defaults for all authentication parameters including key, window size, and lifetime.
These defaults are inherited when you configure authentication for each neighbor or interface. However, you
can also configure these parameters individually on a neighbor or interface basis, in which case the global
values (configured or default) are no longer inherited.
RSVP uses the following rules when choosing which authentication parameter to use when that parameter
Note
is configured at multiple levels (interface, neighbor, or global). RSVP goes from the most specific to least
specific; that is, neighbor, interface, and global.
Global keys simplify the configuration and eliminate the chances of a key mismatch when receiving messages
from multiple neighbors and multiple interfaces. However, global keys do not provide the best security.
Interface keys are used to secure specific interfaces between two RSVP neighbors. Because many of the RSVP
messages are IP routed, there are many scenarios in which using interface keys are not recommended. If all
keys on the interfaces are not the same, there is a risk of a key mismatch for the following reasons:
• When the RSVP graceful restart is enabled, RSVP hello messages are sent with a source IP address of
• When the RSVP fast reroute (FRR) is active, the RSVP Path and Resv messages can traverse multiple
• When Generalized Multiprotocol Label Switching (GMPLS) optical tunnels are configured, RSVP
Neighbor-based keys are particularly useful in a network in which some neighbors support RSVP authentication
procedures and others do not. When the neighbor-based keys are configured for a particular neighbor, you
are advised to configure all the neighbor's addresses and router IDs for RSVP authentication.
Related Topics
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 135
RSVP Authentication Global Configuration Mode: Example, on page 150
Specifying the RSVP Authentication Keychain in Interface Mode, on page 137
the local router ID and a destination IP address of the neighbor router ID. Because multiple routes can
exist between the two neighbors, the RSVP hello message can traverse to different interfaces.
interfaces.
messages are exchanged with router IDs as the source and destination IP addresses. Since multiple
control channels can exist between the two neighbors, the RSVP messages can traverse different interfaces.
Cisco IOS XR MPLS Configuration Guide for the Cisco CRS Router, Release 5.1.x
Global, Interface, and Neighbor Authentication Modes
119
Advertisement
Table of Contents
