< Home

mpls rsvp-te authentication handshake

Function

The mpls rsvp-te authentication handshake command configures the RSVP-TE handshake mechanism.

The undo mpls rsvp-te authentication handshake command deletes the RSVP-TE handshake mechanism configuration.

By default, no RSVP-TE handshake mechanism is configured.

Format

mpls rsvp-te authentication handshake

undo mpls rsvp-te authentication handshake

Parameters

None

Views

VLANIF interface view, GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-trunk interface view, RSVP-TE neighbor view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Enhanced RSVP authentication can be configured to improve the system security and the capability to authenticate users in the unfavorable environment such as network congestion. Enhanced RSVP authentication functions are as follows:
  • Sets the sliding window size for RSVP authentication messages.
  • Configures the RSVP-TE handshake mechanism.

Traditional RSVP authentication is used to prevent an unauthorized remote node from setting up a neighbor relationship with the local node. It also prevents attacks (such as maliciously reserving a large number of bandwidth resources) initiated by a remote node after the remote node constructs pseudo RSVP messages to set up an RSVP neighbor relationship with the local node. Traditional RSVP authentication, however, cannot prevent anti-replay attacks or prevent the problem of neighbor relationship termination due to RSVP message disorder.

In an unfavorable environment, the mpls rsvp-te authentication handshake command can be used to configure the RSVP-TE handshake mechanism to prevent anti-replay and improve network security.

Prerequisites

The RSVP authentication function must have been enabled by running the mpls rsvp-te authentication { { cipher | plain } auth-key | keychain keychain-name } command in the interface view or the MPLS RSVP-TE neighbor view.

Example

# Configure the RSVP-TE handshake mechanism.
<HUAWEI> system-view
[HUAWEI] mpls rsvp-te peer 172.16.1.1
[HUAWEI-mpls-rsvp-te-peer-172.16.1.1] mpls rsvp-te authentication cipher beijing123
[HUAWEI-mpls-rsvp-te-peer-172.16.1.1] mpls rsvp-te authentication handshake
# Configure the RSVP-TE handshake mechanism.
<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] mpls
[HUAWEI-Vlanif100] mpls te
[HUAWEI-Vlanif100] mpls rsvp-te
[HUAWEI-Vlanif100] mpls rsvp-te authentication cipher beijing123
[HUAWEI-Vlanif100] mpls rsvp-te authentication handshake
# Configure the RSVP-TE handshake mechanism.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] mpls
[HUAWEI-GigabitEthernet0/0/1] mpls te
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te authentication cipher beijing123
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te authentication handshake
Parent Topic: MPLS TE Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >