mpls rsvp-te authentication keychain (MPLS RSVP-TE neighbor view)

Function

The mpls rsvp-te authentication keychain command is used to configure keychain authentication.

The undo mpls rsvp-te authentication keychain command is used to disable keychain authentication.

By default, keychain authentication is not enabled.

Format

mpls rsvp-te authentication keychain keychain-name

undo mpls rsvp-te authentication keychain

Parameters

Parameter Description Value
keychain-name

Specifies the keychain name, which is configured by running the keychain command.

The value is a string of 1 to 47 case-sensitive characters, spaces not supported.

Views

MPLS RSVP-TE neighbor view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
mpls-te write

Usage Guidelines

Usage Scenario

RSVP authentication can be configured to improve network reliability and security and prevent attacks initiated using messages modified or forged by unauthorized users.

RSVP authentication can prevent the setup of an illegal RSVP neighbor relationship using the following methods and protect the local node against attacks (such as malicious reservation of a larger number of bandwidth resources):

  • An unauthorized node attempts to set up an RSVP neighbor relationship with the local node.
  • A remote node generates and sends forged RSVP messages to set up a neighbor relationship with the local node.

Precautions

The two nodes between which an LSP is set up must use the same keychain configuration. Otherwise, the LSP will be interrupted or cannot be successfully set up.

Example

# Enable Keychain authentication.
<HUAWEI> system-view
[~HUAWEI] mpls
[*HUAWEI-mpls] mpls te
[*HUAWEI-mpls] mpls rsvp-te
[*HUAWEI-mpls] mpls rsvp-te peer 10.1.0.1
[*HUAWEI-mpls-rsvp-te-peer-10.1.0.1] mpls rsvp-te authentication keychain key123
Parent Topic: MPLS TE Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >