Table of Contents
Advertisement
MPLS and RSVP-TE
The Hello protocol extension is composed of a Hello message, a Hello request object
and a Hello ACK object. Hello processing between two neighbors supports
independent selection of failure detection intervals. Each neighbor can automatically
issue Hello request objects. Each Hello request object is answered by a Hello ACK
object.
3.3.1.4
Protocol authentication protects against malicious attacks on the communications
between routing protocol neighbors. These attacks could either disrupt
communications or inject incorrect routing information into the systems routing table.
The use of authentication keys can help to protect routing protocols from these types
of attacks.
All RSVP-TE protocol exchanges can be authenticated. This guarantees that only
trusted routers can participate in autonomous system routing.
Authentication must be explicitly configured and can be done using two separate
mechanisms:
Either the authentication-key command or the auth-keychain command can be
used by RSVP-TE, but both cannot be supported at the same time. If both
commands are configured, the auth-keychain configuration will be applied and the
authentication-key command will be ignored.
By default, authentication is not enabled on an interface.
3.3.1.4.1
When enabled on an RSVP-TE interface with the authentication-key command,
authentication of RSVP messages operates in both directions of the interface. A
node maintains a security association with its neighbors for each authentication key.
The following items are stored in the context of this security association:
40
Authentication
• configuration of an explicit authentication key and algorithm using the
authentication-key command
• configuration of an authentication keychain using the auth-keychain command
Authentication Key
• the HMAC-MD5 authentication algorithm
• the key used with the authentication algorithm
Use subject to Terms available at: www.nokia.com
© 2022 Nokia.
MPLS Guide
3HE 18686 AAAB TQZZA
Advertisement
Table of Contents
