mpls rsvp-te authentication window-size (Interface view)

Function

The mpls rsvp-te authentication window-size command specifies the maximum number of RSVP authentication messages that a device can receive.

The undo mpls rsvp-te authentication window-size command deletes the maximum number of RSVP authentication messages that a device can receive.

By default, the maximum number of RSVP authentication messages that a device can receive is 1.

Format

mpls rsvp-te authentication window-size window-size

undo mpls rsvp-te authentication window-size

Parameters

Parameter Description Value
window-size

Specifies the size of a sliding window.

The value is an integer ranging from 1 to 64. The default value is 1.

Views

100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, GE optical interface view, GE sub-interface view, GE electrical interface view, GMPLS-UNI interface view, Tunnel interface view, XGE sub-interface view, XGE interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
mpls-te write

Usage Guidelines

Usage Scenario

Enhanced RSVP authentication can be configured to improve the system security and the capability to authenticate users in the unfavorable environment such as network congestion. Enhanced RSVP authentication functions are as follows:

  • Sets the sliding window size for RSVP authentication messages.
  • Configures the RSVP-TE handshake mechanism.

    Traditional RSVP authentication is used to prevent an unauthorized remote node from setting up a neighbor relationship with the local node. It also prevents attacks (such as maliciously reserving a large number of bandwidth resources) initiated by a remote node after the remote node constructs pseudo RSVP messages to set up an RSVP neighbor relationship with the local node. Traditional RSVP authentication, however, cannot prevent anti-replay attacks or prevent the problem of neighbor relationship termination resulted from RSVP message missequence.

    In an unfavorable environment, the mpls rsvp-te authentication window-size command can be used to set the maximum number of RSVP authentication messages that can be received. This setting prevents authentication termination due to RSVP message missequence.

Precautions

Setting the window size to a value greater than 32 is recommended. If the size of a sliding window is small, the RSVP messages may be dropped and the RSVP neighbor relationship may be terminated.

Example

# Set the sliding window size to 64.
<HUAWEI> system-view
[~HUAWEI] mpls
[*HUAWEI-mpls] mpls te
[*HUAWEI-mpls] mpls rsvp-te
[*HUAWEI-mpls] quit
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] mpls
[*HUAWEI-GigabitEthernet0/1/0] mpls te
[*HUAWEI-GigabitEthernet0/1/0] mpls rsvp-te
[*HUAWEI-GigabitEthernet0/1/0] mpls rsvp-te authentication cipher Huawei-123
[*HUAWEI-GigabitEthernet0/1/0] mpls rsvp-te authentication handshake
[*HUAWEI-GigabitEthernet0/1/0] mpls rsvp-te authentication window-size 64
Parent Topic: MPLS TE Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >