Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
MPLS Security( RSVP )

MPLS Security( RSVP )

Latest reply: Jul 2, 2021 05:25:03 354 3 1 0 0
View the author 1#

Attack Behavior

Resource Reservation Protocol (RSVP) transmits packets using RawIP. RawIP does not provide a security mechanism; therefore, packets can be tampered with easily, and devices are prone to attacks.

When processing packets, RSVP checks various information, such as packet parameters, formats, and types. The information, however, can be easily obtained by attackers. Therefore, an attacker can intercept RSVP packets and send packets to a switch repeatedly to increase the load of the switch. Such attacks are called replay attacks.

Security Policy

RSVP authentication uses keys to prevent packets from being tampered with or forged. Enhanced RSVP authentication can be configured to improve the system security and the capability to authenticate users in the unfavorable environment such as network congestion. Enhanced RSVP authentication functions are as follows:

  • RSVP-TE handshake mechanism: prevents replay attacks.
  • Sliding window size for RSVP authentication messages: prevents the disorder of RSVP packets from causing the termination of authentication relationships between neighbors.
RSVP key authentication can be configured in the interface view or Multiprotocol Label Switching (MPLS) RSVP-Traffic Engineering (RSVP-TE) peer view.
  • RSVP key authentication configured in the interface view applies to two directly connected nodes.
  • RSVP key authentication configured in the MPLS RSVP-TE peer view can be applied to any two nodes that are mutually configured as neighbors. This configuration mode is recommended.

Configuration Method

Configure RSVP authentication.

<HUAWEI> system-view
[Switch] keychain huawei mode absolute  
//Configure the keychain function.
[Switch-keychain-huawei] key-id 1
[Switch-keychain-huawei-keyid-1] algorithm hmac-sha-256
[Switch-keychain-huawei-keyid-1] key-string cipher Huawei@1234
[Switch-keychain-huawei-keyid-1] quit
[Switch-keychain-huawei] quit
[HUAWEI] mpls
[HUAWEI-mpls] mpls te
[HUAWEI-mpls] mpls rsvp-te
[HUAWEI-mpls] quit
[HUAWEI] mpls rsvp-te peer 10.0.0.1  
[HUAWEI-mpls-rsvp-te-peer-10.0.0.1] mpls rsvp-te authentication keychain huawei  
//Configure keychain authentication for the peer and use the keychain named huawei.
[HUAWEI-mpls-rsvp-te-peer-10.0.0.1] mpls rsvp-te authentication handshake  
//Configure the RSVP-TE handshake meschanism.
[HUAWEI-mpls-rsvp-te-peer-10.0.0.1] mpls rsvp-te authentication window-size 64  
//Configure the sliding window size for RSVP-TE authentication.
[HUAWEI-mpls-rsvp-te-peer-10.0.0.1] quit

Like (1) Dislike (0) Favorite(0) Share Report
Previous: E-Trunk Security
Next: Defense Against Cross-Network Bogus Parent Attacks
(1) (0)
2#
andersoncf1
MVE Author Created Jul 1, 2021 23:30:15

Thanks for sharing knowledge with us.
View more
  • x
  • convention:
(0) (0)
3#
Sokrin
Created Jul 2, 2021 02:34:58

Good share
View more
  • x
  • convention:
(0) (0)
4#
Unicef
MVE Created Jul 2, 2021 05:25:03

Very good post
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.