beautypg.com

Ldp message authentication, Configuring ldp message authentication – Brocade Multi-Service IronWare Multiprotocol Label Switch (MPLS) Configuration Guide (Supporting R05.6.00) User Manual

Page 373

background image

Multi-Service IronWare Multiprotocol Label Switch (MPLS) Configuration Guide

349

53-1003031-02

Setting the LDP Hello Interval and Hold Timeout values

2

For targeted LDP sessions – The value received in Hello messages from its peers
determines the time that the device waits for its LDP peers to send a Hello message. When
the Timeout value received from a peer is zero, the Hold Time is set to the default period of
45 seconds.

For link LDP sessions – In this case, the wait time is determined by any one of the below
criteria.

1. When the Hello Hold Time is set per-interface, that value is used. That value is set as described

in

“Setting the LDP Hello Holdtime per-interface (link only)”

.

2. When the Hello Hold Time is not set per-interface, the hold time in the received message is

used.

3. When the Hello Hold Time in the received message is zero (0), the default value of 15 seconds

is used.

Setting the LDP Hello Holdtime per-interface (link only)

The user can set the LDP Hello Holdtime on a per-interface basis. This holdtime value is sent in
Hello messages from the interface. This option is available for Link LDP sessions only. The following
example configuration is for the MPLS Interface at Ethernet port 1/3 with a hello-timeout of 18
seconds.

Brocade(config)# mpls

Brocade(config-mpls)# mpls-interface ethernet 1/3

Brocade(config-mpls-if-e100-1/3)# ldp-params

Brocade(config-mpls-if-e100-1/3-ldp-params)# hello-timeout 18

Syntax: [no] hello-timeout seconds

The value configured in the seconds variable is the LDP Hello Timeout value that are sent in LDP
Hello messages from this interface. The minimum value that can be configured for this variable is 2
* the value set for the Hello Interval.

The [no] option removes a previously configured LDP Hello Timeout value and sets the value as
described in

“Determining the LDP Hold Time on an MPLS interface”

.

LDP message authentication

The Multi-Service IronWare software supports LDP authentication based upon the TCP MD5
signature option specified in RFC 2385. This RFC defines a new TCP option for carrying an MD5
digest in a TCP segment. The purpose of this feature is to protect against spoofed TCP segments in
a connection stream.

Configuring LDP message authentication

Brocade devices allow configuration of an authentication key on a per LDP session basis. The LDP
session can be to an adjacent peer (basic discovery) or to the targeted peer (extended discovery).
This feature must be configured on both sides of an LDP peer link. To configure LDP message
authentication use the following commands.

See also other documents in the category Brocade Computer Accessories: