Resource Reservation Protocol (RSVP) transmits packets using RawIP. RawIP does not provide a security mechanism; therefore, packets can be tampered with easily, and devices are prone to attacks.
When processing packets, RSVP checks various information, such as packet parameters, formats, and types. The information, however, can be easily obtained by attackers. Therefore, an attacker can intercept RSVP packets and send packets to a switch repeatedly to increase the load of the switch. Such attacks are called replay attacks.
RSVP authentication uses keys to prevent packets from being tampered with or forged. Enhanced RSVP authentication can be configured to improve the system security and the capability to authenticate users in the unfavorable environment such as network congestion. Enhanced RSVP authentication functions are as follows:
Configure RSVP authentication.
<HUAWEI> system-view [Switch] keychain huawei mode absolute //Configure the keychain function. [Switch-keychain-huawei] key-id 1 [Switch-keychain-huawei-keyid-1] algorithm hmac-sha-256 [Switch-keychain-huawei-keyid-1] key-string cipher Huawei@1234 [Switch-keychain-huawei-keyid-1] quit [Switch-keychain-huawei] quit [HUAWEI] mpls [HUAWEI-mpls] mpls te [HUAWEI-mpls] mpls rsvp-te [HUAWEI-mpls] quit [HUAWEI] mpls rsvp-te peer 10.0.0.1 [HUAWEI-mpls-rsvp-te-peer-10.0.0.1] mpls rsvp-te authentication keychain huawei //Configure keychain authentication for the peer and use the keychain named huawei. [HUAWEI-mpls-rsvp-te-peer-10.0.0.1] mpls rsvp-te authentication handshake //Configure the RSVP-TE handshake meschanism. [HUAWEI-mpls-rsvp-te-peer-10.0.0.1] mpls rsvp-te authentication window-size 64 //Configure the sliding window size for RSVP-TE authentication. [HUAWEI-mpls-rsvp-te-peer-10.0.0.1] quit