KB.15.15

Figure 313 Status of keys in key chain entry "HPSwitch2"

The "HPSwitch1" key chain entry is a time-independent key and will not expire. "HPSwitch2" uses

time-dependent keys, which result in this data:

Key 1 has expired because its lifetime ended at 8:10

on 01/18/03, the previous day.

Expired=1

Key 2 and 3 are both active for 10 minutes from 8:00

to 8:10 on 1/19/03.

Active=2

Keys 4 and 5 are either not yet active or expired. The total number of keys is 5.

Overview

The switches covered in this guide provide support for advanced routing capabilities. Security is

extremely important as complex networks and the internet grow and become a part of our daily

life and business. This fact forces protocol developers to improve security mechanisms employed

by their protocols, which in turn becomes an extra burden for system administrators who have to

set up and maintain them. One solution to this is centralizing the mechanisms used to configure

and maintain security information for all routing protocols. The Key Management System (KMS)

can carry this burden.

KMS is designed to configure and maintain key chains. A key chain is a set of keys with a timing

mechanism for activating and deactivating individual keys. KMS provides specific instances of

routing protocols with one or more Send or Accept keys that must be active at the time of a request.

A protocol instance is usually an interface on which the protocol is running.

426 Key Management System