R0106-HP MSR Router Series MPLS Command Reference(V7)
187
Views
System view
Predefined user roles
network-admin
Usage guidelines
To enable global RSVP, you must enable both global RSVP (by using the rsvp command) and global
MPLS TE (by using the mpls te command).
Examples
# Enable RSVP globally and enter RSVP view.
<Sysname> system-view
[Sysname] rsvp
[Sysname-rsvp]
Related commands
• mpls te
• rsvp enable
rsvp authentication challenge
Use rsvp authentication challenge to enable RSVP challenge-response handshake on an interface.
Use undo rsvp authentication challenge to disable RSVP challenge-response handshake on an interface.
Syntax
rsvp authentication challenge
undo rsvp authentication challenge
Default
RSVP challenge-response handshake is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
To prevent packet replay attacks, RSVP requires received authentication messages to carry incremental
sequence numbers. RSVP saves the sequence number of the last valid message in a receive-type security
association to verify the subsequent messages. However, when RSVP creates a new receive-type security
association, it cannot obtain the sequence number of the sender. To successfully establish the
receive-type security association, RSVP sets the receive sequence number to 0 by default, so the
association can receive a message with any sequence number from the peer. Because this introduces a
vulnerability to replay attacks, you should execute the authentication challenge command. When RSVP
creates a receive-type security association, it will perform a challenge-response handshake to obtain the
sequence number of the sender.
RSVP challenge-response handshake can be configured in the following views:
• RSVP view—Configuration applies to all RSVP security associations.