No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Configuration Guide - MPLS 01

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Handshake Function

(Optional) Configuring the Handshake Function

The handshake function helps RSVP key authentication prevent replay attacks.

Context

If the handshake function is configured between neighbors and the lifetime is configured, the lifetime must be greater than the interval at which RSVP update messages are sent. If the lifetime is smaller than the interval at which RSVP update messages are sent, authentication relationships may be deleted because no RSVP update message is received within the lifetime. As a result, the handshake mechanism is used again when a new update message is received. An RSVP-TE tunnel may be deleted or fail to be established.

Procedure

  • Configuring the handshake function in the interface view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The view of the interface on which the MPLS TE tunnel is established is displayed.

    3. Run:

      mpls rsvp-te authentication handshake

      The handshake function is enabled.

      NOTE:

      The task of Configuring an RSVP Authentication Mode must be complete before the RSVP handshake function is configured.

      The handshake function helps a device to establish an RSVP neighbor relationship with its neighbor. If a device receives RSVP messages from a neighbor, with which the device has not established an RSVP authentication relationship, the device will send Challenge messages carrying local identifier to this neighbor. After receiving the Challenge messages, the neighbor returns Response messages carrying the identifier the same as that in the Challenge messages. After receiving the Response messages, the local end checks identifier carried in the Response messages. If identifier in the Response messages is the same as the local one, the device determines to establish an RSVP authentication relationship with its neighbor.

    4. Run:

      commit

      The configuration is committed.

  • Configuring the handshake function in the MPLS RSVP-TE peer view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      mpls

      The MPLS view is displayed.

    3. Run:

      mpls rsvp-te peer ip-address
      • If ip-address is set to an interface IP address of a neighbor, not the neighbor LSR ID, the handshake function will only take effect on that neighbor interface.

      • If ip-address is set to a neighbor LSR ID, the handshake function will take effect on all interfaces of the neighbor.

    4. Run:

      mpls rsvp-te authentication handshake

      The handshake function is enabled.

      NOTE:

      The task of Configuring an RSVP Authentication Mode must be complete before the RSVP handshake function is configured. The handshake can only take effect after it is configured on both ends of an RSVP authentication relationship.

      The handshake function helps a device to establish an RSVP neighbor relationship with its neighbor. If a device receives RSVP messages from a neighbor, with which the device has not established an RSVP authentication relationship, the device will send Challenge messages carrying local identifier to this neighbor. After receiving the Challenge messages, the neighbor returns Response messages carrying the identifier the same as that in the Challenge messages. After receiving the Response messages, the local end checks identifier carried in the Response messages. If identifier in the Response messages is the same as the local one, the device determines to establish an RSVP authentication relationship with its neighbor.

    5. Run:

      commit

      The configuration is committed.

Download
Updated: 2018-07-12

Document ID: EDOC1100028530

Views: 101129

Downloads: 336

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next