Selecting a peer public key management option – Brocade Virtual ADX Global Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Page 67

Advertising
background image

Brocade Virtual ADX Global Server Load Balancing Guide

57

53-1003245-01

Secure GSLB

1

To verify the communication state and public fingerprint key entry being exchanged, enter a
command such as in the following.

Syntax: show gslb security peer

Syntax: show gslb security key-fingerprint

Selecting a peer public key management option

After the key exchange is completed, there are three key-management options provided to you.

Select the desired option based on the level of security required, balanced with an acceptable level
of administration overhead for the key exchange.

To select the one-time option, enter the following command.

Secure-Virtual ADX(config)#gslb auth-encrypt-communication peer-pub-key-expire

one-time

If you do not set a peer-pub-key-expire, the default value is 180 seconds.

Syntax: [no] gslb auth-encrypt-communication peer-pub-key-expire [one-time | never | timeout]

The one-time option configures the peer public keys for a one-time usage, which is the highest level
of security. They expire after each TCP session to the peer device is disconnected. To set up a new
connection between the devices to forward GSLB messages, you must redo the key exchange steps
detailed previously. When you enable the gslb auth-encrypt-communication secure-only option on a
site, the ADX device will communicate only with the controller that is Secure GSLB enabled.

Consider issuing the command gslb auth-encrypt-communication peer-pub-key-expire one-time
before exchanging keys using crypto key-exchange passive. If you exchange the keys first, the
one-time usage will not take affect until the next exchange.

SLB-Virtual ADX(config)#show gslb security peer

Public key for peer 10.2.2.1

Valid duration(seconds): 30000000

loaded from flash 0

Peer authentication handshake done 1

key get from peer 10.2.2.1

fingerprint:

63743f5c a1b77dbf 68adbb8e 46379203 9647c77c

Public key for peer 10.2.2.3

Valid duration(seconds): 30000000

loaded from flash 1

Peer authentication handshake done 1

key get from peer 10.2.2.3

fingerprint:

f16b1cdc 547b3e5c ac77f284 b2ebe711 8f4b9722

SLB-Virtual ADX#sh gslb security key-fingerprint

Key fingerprint index: 1

Peer IP address for this key 10.2.2.3

f16b1cdc 547b3e5c ac77f284 b2ebe711 8f4b9722

Valid duration(seconds): 29999965

Advertising
Popular Brands
Popular manuals