4 authentication, Authentication -17 – Riverstone Networks WICT1-12 User Manual

Page 325

Advertising
background image

Riverstone Networks RS Switch Router User Guide Release 8.0 17-17

MPLS Configuration

RSVP Configuration

If an RSVP neighbor on the interface does not support hello packets, soft state timeouts are used to detect loss of state
information.

By default, RSVP hello packets are sent at 3-second intervals. You can change this interval with the

rsvp set

global hello-interval

command. For example, the following command sets the sending of RSVP hello packets

to 5-second intervals:

By default, the RSVP hello multiplier is 3. You can change this variable with the

rsvp set global

hello-multiplier

command. For example, the following command sets the RSVP hello multiplier to 5:

If RSVP hello packets are supported on all neighbor nodes, you can increase RSVP refresh intervals and thereby
reduce the refresh overhead. (See

Section 17.3.2, "RSVP Refresh Intervals."

) Refresh operations will consume less

CPU and bandwidth, allowing scaling for a larger number of sessions. The time needed for node or link failure
detection is not adversely impacted.

17.3.4

Authentication

RSVP messages can be authenticated to prevent unauthorized nodes from setting up reservations. On the RS, RSVP
authentication is enabled on a per-interface basis; RSVP authentication is disabled by default. If RSVP authentication
is used, all routers connected to the same IP subnet must use the same authentication method and password.
Authentication is performed on all RSVP messages that are sent or received on an interface where RSVP
authentication is enabled.

RSVP on the RS supports the IETF standard MD5 signature authentication. To set RSVP authentication for an
interface on the RS, use the

rsvp set interface

command. Use the

auth-method

parameter to specify the

authentication method and the

auth-key

parameter to specify the password.

For example, the following command sets the MD5 password ‘p55717’ for RSVP sessions on the interface ‘int2’:

In the above example, if you specify

interface all,

the MD5 password is applied to all RSVP sessions on the

router.

rsvp set global hello-interval 5

rsvp set global hello-multiplier 5

rsvp set interface int2 auth-method md5 auth-key p55717

Advertising
Popular Brands
Popular manuals