< Home

mpls rsvp-te authentication handshake (upgrade-compatible command)

Function

The mpls rsvp-te authentication handshake command configures the RSVP-TE handshake mechanism and sets a local password.

The undo mpls rsvp-te authentication handshake command deletes the RSVP-TE handshake mechanism configuration.

By default, no RSVP-TE handshake mechanism is configured.

Format

mpls rsvp-te authentication handshake local-secret

undo mpls rsvp-te authentication handshake

Parameters

Parameter Description Value
local-secret Specifies the local password. The value is a string of 8 to 40 characters without spaces. It has no default value.

Views

Interface view, RSVP-TE neighbor view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Enhanced RSVP authentication can be configured to improve the system security and the capability to authenticate users in the unfavorable environment such as network congestion. Enhanced RSVP authentication functions are as follows:
  • Sets the sliding window size for RSVP authentication messages.
  • Configures the RSVP-TE handshake mechanism and sets the local password.

Traditional RSVP authentication is used to prevent an unauthorized remote node from setting up a neighbor relationship with the local node. It also prevents attacks (such as maliciously reserving a large number of bandwidth resources) initiated by a remote node after the remote node constructs pseudo RSVP messages to set up an RSVP neighbor relationship with the local node. Traditional RSVP authentication, however, cannot prevent anti-replay attacks or prevent the problem of neighbor relationship termination due to RSVP message disorder.

In an unfavorable environment, the mpls rsvp-te authentication handshake command can be used to configure the RSVP-TE handshake mechanism and sets the local password to prevent anti-replay and improve network security.

Prerequisites

The RSVP authentication function must have been enabled by running the mpls rsvp-te authentication { { cipher | plain } auth-key | keychain keychain-name } command in the interface view or the MPLS RSVP-TE neighbor view.

Precautions

local-secret is valid only on the local device and can be different from local-secret configured on neighbors.

Example

# Configure the RSVP-TE handshake mechanism.
<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] mpls
[HUAWEI-Vlanif100] mpls te
[HUAWEI-Vlanif100] mpls rsvp-te
[HUAWEI-Vlanif100] mpls rsvp-te authentication cipher beijing123
[HUAWEI-Vlanif100] mpls rsvp-te authentication handshake 12345678
# Configure the RSVP-TE handshake mechanism.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] mpls
[HUAWEI-GigabitEthernet0/0/1] mpls te
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te authentication cipher beijing123
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te authentication handshake 12345678
Parent Topic: MPLS compatible command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >