4000 Router Series MPLS Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

141

142

143

144

145

146

147

148

149

150

136

rsvp authentication window-size

Use rsvp authentication window-size to configure the RSVP authentication window size, which is the

maximum number of authenticated RSVP messages that can be received out of sequence on an interface.

Use undo rsvp authentication window-size to restore the default.

Syntax

rsvp authentication window-size number

undo rsvp authentication window-size

Default

Only one authenticated RSVP message can be received out of sequence on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of authenticated RSVP messages that can be received out of

sequence, in the range of 1 to 64.

Usage guidelines

To protect against replay attacks, the sender places a unique sequence number in each RSVP message

that contains authentication information. The sender monotonically increases the value of the sequence

number each time it sends an RSVP message. If the sequence number of a received message is in the

specified authentication window size, the receiver accepts the message. Otherwise, the receiver discards

the message.

When the receiver receives an RSVP message, it compares the sequence number of the last accepted

RSVP message with the sequence number of the newly received RSVP message.

• If the new sequence number is greater than the last sequence number, RSVP accepts the message

and updates the last sequence number with the new sequence number.

• If the received sequence number equals the last sequence number, RSVP regards the message a

replay message and discards the message.

• If the new sequence number is smaller than the last sequence number but greater than the new

sequence number minus the window size, and has never been received before, RSVP accepts the

message. If the new sequence number has been received before, RSVP regards the message a

replay message and discards the message.

• If the new sequence number is smaller than the new sequence number minus the window size, RSVP

regards the message invalid and discards the message.

By default, the authentication window size is 1, namely, if the sequence number of a newly received RSVP

message is smaller than that of the last accepted message, the device discards the message. However,

if the sender sends multiple RSVP messages in a short time, these messages might arrive at the neighbor

out of sequence. If you use the default window size, the out-of-sequence messages will be discarded. To

solve this problem, you can use the rsvp authentication window-size command to configure a correct

window size.