mpls rsvp-te authentication window-size

Function

The mpls rsvp-te authentication window-size command specifies the maximum number of RSVP authentication messages that can be received out of sequence.

The undo mpls rsvp-te authentication window-size command restores the default configuration.

By default, the maximum number of RSVP authentication messages that can be received out of sequence is 1.

Format

mpls rsvp-te authentication window-size window-size

undo mpls rsvp-te authentication window-size

Parameters

Parameter	Description	Value
window-size	Specifies the size of a message window.	The value is an integer that ranges from 1 to 64. The default size is 1.

Views

VLANIF interface view, GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-trunk interface view, RSVP-TE neighbor view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Enhanced RSVP authentication can be configured to improve the system security and the capability to authenticate users in the unfavorable environment such as network congestion. Enhanced RSVP authentication functions are as follows:

Sets the sliding window size for RSVP authentication messages.
Configures the RSVP-TE handshake mechanism and sets the local password.

Traditional RSVP authentication is used to prevent an unauthorized remote node from setting up a neighbor relationship with the local node. It also prevents attacks (such as maliciously reserving a large number of bandwidth resources) initiated by a remote node after the remote node constructs pseudo RSVP messages to set up an RSVP neighbor relationship with the local node. Traditional RSVP authentication, however, cannot prevent anti-replay attacks or prevent the problem of neighbor relationship termination due to RSVP message disorder.

In an unfavorable environment, the mpls rsvp-te authentication window-size command can be used to set the maximum number of RSVP authentication messages that can be received. This setting prevents authentication termination due to RSVP message disorder.

Prerequisites

The RSVP authentication function must have been enabled by running the mpls rsvp-te authentication { { cipher | plain } auth-key | keychain keychain-name } command in the interface view or the MPLS RSVP-TE neighbor view.

Precautions

Setting the window size to a value greater than 32 is recommended. If the size of a sliding window is small, the RSVP messages may be dropped and the RSVP neighbor relationship may be terminated. If the size of a sliding window is set to 1, all the RSVP authentication messages that are received out of sequence are dropped.

Example

# Set the size of the message window to 64.

<HUAWEI> system-view
[HUAWEI] mpls rsvp-te peer 172.16.1.1
[HUAWEI-mpls-rsvp-te-peer-172.16.1.1] mpls rsvp-te authentication cipher beijing123
[HUAWEI-mpls-rsvp-te-peer-172.16.1.1] mpls rsvp-te authentication window-size 64

# Set the size of the message window to 1.

<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] mpls
[HUAWEI-Vlanif100] mpls te
[HUAWEI-Vlanif100] mpls rsvp-te
[HUAWEI-Vlanif100] mpls rsvp-te authentication cipher beijing123
[HUAWEI-Vlanif100] mpls rsvp-te authentication window-size 1

# Set the size of the message window to 1.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] mpls
[HUAWEI-GigabitEthernet0/0/1] mpls te
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te authentication cipher beijing123
[HUAWEI-GigabitEthernet0/0/1] mpls rsvp-te authentication window-size 1