Nokia 7330 - Keychain; Table 32 Keychain Mapping

To Next Page

To Previous Page

"FD 100/320Gbps NT and FX NT IHub System

Basics, Management and OAM Guide"

Security

Issue: 10 3HH-11982-AAAA-TQZZA 43

4.1.2.2 Keychain

A keychain is a set of up to 64 keys, where each key is {A[i], K[i], V[i], S[i], T[i], S'[i],

T'[i]} as described in draft-bonica-tcp-auth-05.txt, Authentication for TCP-based

Routing and Management Protocols. They keys can be assigned to both sides of a

BGP or LDP peer.

The individual keys in a keychain have a begin- and end-time indicating when to use

this key.

These fields map to the CLI tree as:

Table 32 Keychain mapping

Field Definition CLI

i The key identifier

expressed as an integer

(0...63)

configure>system>security>keychain>direction>bi>entry

configure>system>security>keychain>direction>uni>receive> entry

configure>system>security>keychain>direction>uni>send>entry

A[i] Authentication

algorithm to use with

key[i]

configure>system>security>keychain>direction>bi>entry with algorithm

algorithm parameter

configure>system>security>keychain>direction>uni>receive> entry with

algorithm algorithm parameter

configure>system>security>keychain>direction>uni>send>entry with

algorithm algorithm parameter

K[i] Shared secret to use

with key[i].

configure>system>security>keychain>direction>uni>receive> entry with

shared secret parameter

configure>system>security>keychain>direction>uni>send>entry with

shared secret parameter

configure>system>security>keychain>direction>bi>entry with shared

secret parameter

V[i] A vector that determines

whether the key[i] is to

be used to generate

MACs for inbound

segments, outbound

segments, or both.

configure>system>security>keychain>direction

S[i] Start time from which

key[i] can be used by

sending TCPs.

configure>system>security>keychain>direction>bi>entry >begin-time

configure>system>security>keychain>direction>uni>send>entry

>begintime

T[i] End time after which

key[i] cannot be used by

sending TCPs.

Inferred by the begin-time of the next key (youngest key rule).

S'[i] Start time from which

key[i] can be used by

receiving TCPs.

configure>system>security>keychain>direction>bi>entry >begin-time

configure>system>security>keychain>direction>bi>entry >tolerance

configure>system>security>keychain>direction>uni>receive >entry

>begin-time

configure>system>security>keychain>direction>uni>receive >entry

>tolerance

(1 of 2)

Nokia 7330 - Keychain; Table 32 Keychain Mapping

Table of Contents

Other manuals for Nokia 7330

Related product manuals