Security Association - Cisco ASR 9000 Series Configuration Manual

Implementing RSVP for MPLS-TE
Neighbor-based keys are particularly useful in a network in which some neighbors support RSVP authentication
procedures and others do not. When the neighbor-based keys are configured for a particular neighbor, you
are advised to configure all the neighbor's addresses and router IDs for RSVP authentication.
Related Topics
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 86
RSVP Authentication Global Configuration Mode: Example, on page 102
Specifying the RSVP Authentication Keychain in Interface Mode, on page 88
RSVP Authentication by Using All the Modes: Example, on page 103

Security Association

A security association (SA) is defined as a collection of information that is required to maintain secure
communications with a peer to counter replay attacks, spoofing, and packet corruption.
This table lists the main parameters that define a security association.
Table 3: Security Association Main Parameters
Parameter
src
dst
interface
direction
Lifetime
Sequence Number
key-source
keyID
digest
Window Size
Window
OL-28381-02
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.3.x
Description
IP address of the sender.
IP address of the final destination.
Interface of the SA.
Send or receive type of the SA.
Expiration timer value that is used to collect unused
security association data.
Last sequence number that was either sent or accepted
(dependent of the direction type).
Source of keys for the configurable parameter.
Key number (returned form the key-source) that was
last used.
Algorithm last used (returned from the key-source).
Specifies the tolerance for the configurable parameter.
The parameter is applicable when the direction
parameter is the receive type.
Specifies the last window size value sequence number
that is received or accepted. The parameter is
applicable when the direction parameter is the receive
type.
Security Association
71