 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
All RSVP protocol exchanges can be authenticated to guarantee that only trusted neighbors participate in setting up reservations. By default, RSVP authentication is disabled.
RSVP authentication uses an HMAC-MD5 message-based digest. This scheme produces a message digest based on a secret authentication key and the message contents. (The message contents also include a sequence number.) The computed digest is transmitted with RSVP messages. Once you have configured authentication, all received and transmitted RSVP messages with all neighbors are authenticated on this interface.
MD5 authentication provides protection against forgery and message modification. It also can prevent replay attacks. However, it does not provide confidentiality, because all messages are sent in clear text.
By default, authentication is disabled. To enable authentication, configure a key on each interface by including the authentication-key statement:
-
authentication-key key;
You can include this statement at the following hierarchy levels:
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |