RSVP Authentication by Using All the Modes: Example, on page 152
Security Association
A security association (SA) is defined as a collection of information that is required to maintain secure
communications with a peer to counter replay attacks, spoofing, and packet corruption.
This table lists the main parameters that define a security association.
Table 3: Security Association Main Parameters
DescriptionParameter
IP address of the sender.src
IP address of the final destination.dst
Interface of the SA.interface
Send or receive type of the SA.direction
Expiration timer value that is used to collect unused
security association data.
Lifetime
Last sequence number that was either sent or accepted
(dependent of the direction type).
Sequence Number
Source of keys for the configurable parameter.key-source
Key number (returned form the key-source) that was
last used.
keyID
Algorithm last used (returned from the key-source).digest
Specifies the tolerance for the configurable parameter.
The parameter is applicable when the direction
parameter is the receive type.
Window Size
Specifies the last window size value sequence number
that is received or accepted. The parameter is
applicable when the direction parameter is the receive
type.
Window
An SA is created dynamically when sending and receiving messages that require authentication. The neighbor,
source, and destination addresses are obtained either from the IP header or from an RSVP object, such as a
HOP object, and whether the message is incoming or outgoing.
When the SA is created, an expiration timer is created. When the SA authenticates a message, it is marked as
recently used. The lifetime timer periodically checks if the SA is being used. If so, the flag is cleared and is
cleaned up for the next period unless it is marked again.
Cisco IOS XR MPLS Configuration Guide for the Cisco CRS Router, Release 5.1.x
120
Implementing RSVP for MPLS-TE and MPLS O-UNI
Security Association
To Next Page
Loading...
Need help?
General
