authentication window-size

Use authentication window-size in RSVP view to set the global RSVP authentication window size, which is the maximum number of authenticated RSVP messages that can be received out of sequence.

Use authentication window-size in RSVP neighbor view to set the RSVP authentication window size for an RSVP neighbor.

Use undo authentication window-size to restore the default.

Syntax

authentication window-size number

undo authentication window-size

Default

Only one authenticated RSVP message can be received out of sequence.

Views

RSVP view

RSVP neighbor view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of authenticated RSVP messages that can be received out of sequence, in the range of 1 to 64.

Usage guidelines

To protect against replay attacks, the sender places a unique sequence number in each RSVP message that contains authentication information. The sender increases the value of the sequence number by one each time it sends an RSVP message. If the sequence number of a received message is in the specified authentication window size, the receiver accepts the message. If it is not in the specified authentication window size, the receiver discards the message.

When the receiver receives an RSVP message, it compares the sequence number of the last accepted RSVP message with the sequence number of the newly received RSVP message.

By default, the authentication window size is 1. If the sequence number of a newly received RSVP message is smaller than that of the last accepted message, the device discards the message. However, if the sender sends multiple RSVP messages in a short time, these messages might arrive at the neighbor out of sequence. If you use the default window size, the out-of-sequence messages will be discarded. To solve this problem, you can use the authentication window-size command to configure a correct window size.

A security association established by using the authentication key configured in a view uses the window size configured in that view.

A modification to the window size affects only security associations established after the modification. To apply the new setting to existing security associations, you must execute the reset rsvp authentication command to delete and then re-establish the security associations.

Examples

# In RSVP view, set the maximum number of out-of-sequence authenticated RSVP messages that can be received to 10.

<Sysname> system-view
[Sysname] rsvp
[Sysname-rsvp] authentication window-size 10

# In RSVP neighbor view, set the maximum number of out-of-sequence authenticated RSVP messages that can be received from RSVP neighbor 1.1.1.9 to 10.

<Sysname> system-view
[Sysname] rsvp
[Sysname-rsvp] peer 1.1.1.9
[Sysname-rsvp-peer-1.1.1.9] authentication window-size 10

Related commands

authentication challenge

authentication key

authentication lifetime

display rsvp authentication

reset rsvp authentication

rsvp authentication challenge

rsvp authentication key

rsvp authentication lifetime

rsvp authentication window-size