EasyManua.ls Logo

Nokia 7705 - 3.4.6.1 Keychain Authentication

Nokia 7705
404 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 35
TCP peers can use this extension to authenticate messages passed between one
another. This strategy improves upon the practice described in RFC 2385, Protection
of BGP Sessions via the TCP MD5 Signature Option. Using this new strategy, TCP
peers can update authentication keys during the lifetime of a TCP connection. TCP
peers can also use stronger authentication algorithms to authenticate routing
messages.
3.4.6.1 Keychain Authentication
TCP enhanced authentication uses keychains that are associated with every
protected TCP connection.
The keychain concept supported by BGP and LDP has also been extended to the
OSPF, IS-IS, and RSVP-TE protocols.
The keychain mechanism allows for the creation of keys used to authenticate
protocol communications. Each keychain entry defines the authentication attributes
to be used in authenticating protocol messages from remote peers or neighbors; the
keychain must include at least one key entry to be valid. The keychain mechanism
also allows authentication keys to be changed without affecting the state of the
associated protocol adjacencies.
Each key within a keychain must include the following attributes for the
authentication of protocol messages:
key identifier – unique identifier, expressed as a decimal integer
authentication algorithm – see Table 3
authentication key – used by the authentication algorithm to authenticate
packets
direction – packet stream direction in which the key is applied (receive direction,
send direction, or both)
begin time – the time at which a new authentication key can be used
Optionally, each key can include the following attributes:
end time – the time at which the authentication key becomes inactive (applies to
received packets only)
tolerance – period in which both old and new authentication key values can
overlap and both keys will be allowed on received packets (applies to received
packets only)
For added security, support for the Secure Hash Algorithm (SHA) has been added.
Table 3 lists the security algorithms supported per protocol.

Table of Contents

Other manuals for Nokia 7705

Preview: Guide
Guide594 pages
Preview: Configuration Guide
Configuration Guide538 pages
Preview: Quality Of Service Guide
Quality Of Service Guide534 pages

Related product manuals