The receive-tolerance command sets receive tolerance for all the receive keys in the keychain.
The undo receive-tolerance command deletes the receive tolerance configuration.
By default, no receive tolerance is configured.
| Parameter | Description | Value |
|---|---|---|
| value | Specifies the receive tolerance value for a keychain. | The integer value ranges from 1 to 14400 in minutes. |
| infinite | Indicates that the receive tolerance is infinite. That is, the receive key is always valid. | - |
Usage Scenario
In keychain authentication mode, secure protocol packet transmission is provided by changing the authentication algorithm and key string dynamically. Each key is configured with an authentication algorithm and a key string. When a key becomes valid, the corresponding authentication algorithm is used.
Due to the networking environment or clock asynchronization on the packet sender and receiver, packets may be delayed. The receiver may receive a packet sent from the sender after its key for packet receiving becomes invalid. As a result, the receiver discards the packet and packet transmission is interrupted. To address this problem, set a tolerance time to ensure that the validity period of the receive key on the receiver expires after all packets sent from the sender reach the receiver.
Implementation Procedure
After a tolerance time is set, the tolerance time is added to the start time and end time when the key ID for packet receiving becomes valid.
Precautions
A tolerance time is required for each keychain. The configured tolerance time takes effect for all keys in the keychain.