peer
Use peer to create an RSVP authentication neighbor and enter its view, or enter the view of an existing RSVP authentication neighbor.
Use undo peer to delete an RSVP authentication neighbor.
Syntax
peer ip-address
undo peer ip-address
Default
No RSVP authentication neighbors exist.
Views
RSVP view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an RSVP authentication neighbor by its IP address.
Usage guidelines
After this command is executed, you can configure RSVP authentication information for the specified RSVP neighbor, such as the authentication key and idle timeout of the security association.
After the device receives an RSVP message with an authentication object, it checks whether it has an RSVP authentication neighbor that matches one of the following addresses:
The IP address in PHOP of the message (Path or Path Tear message).
The source IP address in the message (message other than Path and Path Tear).
If a matching neighbor exists and an authentication key has been configured for the neighbor, the device verifies the validity of the message according to the key. If no authentication key is configured for the neighbor, the device uses the authentication key configured in interface view or RSVP view to verify the message validity. If no authentication key is configured in any view, the device ignores the authentication object carried in the message and accepts the message.
When sending an RSVP message, the device checks whether it has a matching authentication neighbor according to the next hop address for the destination address in the RSVP message. If a matching neighbor exists and an authentication key has been configured for the neighbor, the device sets the authentication object of the message according to the key. If no authentication key is configured for the neighbor, the device uses the authentication key configured in interface view or RSVP view to set the authentication object. If no authentication key is configured in any view, the device does not add an authentication object in the message.
If an FRR occurs, the downstream authentication neighbor of the PLR node is the destination IP address of the bypass tunnel. The upstream authentication neighbor of the MP node is the IP address of the physical outgoing interface of the bypass tunnel on the PLR.
Examples
# Create RSVP authentication neighbor 1.1.1.1, enter RSVP neighbor view, and configure a plaintext authentication key of abcdfegh for the neighbor.
<Sysname> system-view [Sysname] rsvp [Sysname-rsvp] peer 1.1.1.1 [Sysname-rsvp-peer-1.1.1.1] authentication key plain abcdfegh
Related commands
authentication challenge
authentication key
authentication lifetime
authentication window-size