SPI Section
Because the Mobile IP protocol requires message authentication, you must identify the security context by using a security parameter index (SPI). You define the security context in the SPI section. You must include a different SPI section for each security context that is defined. A numerical ID identifies the security context. The Mobile IP protocol reserves the first 256 SPIs. Therefore, you should use only SPI values greater than 256. The SPI section contains security-related information, such as shared secrets and replay protection.
The SPI section also contains the ReplayMethod and Key labels. The SPI section has the following syntax:
[SPI SPI-identifier]
ReplayMethod = <none/timestamps>
Key = key
|
Two communicating peers must share the same SPI identifier. You must configure them with the same key and replay method. You specify the key as a string of hexadecimal digits. The maximum length is 16 bytes. For example, if the key is 16 bytes long, and contains the hexadecimal values 0 through f, the key string might resemble the following:
Key = 0102030405060708090a0b0c0d0e0f10 |
Keys must have an even number of digits, corresponding to the two digits per byte representation.
The following table describes the labels and values that you can use in the SPI section.
Table 29–4 SPI Section Labels and Values|
Label |
Value |
Description |
|---|---|---|
|
ReplayMethod |
none or timestamps |
Specifies the type of replay authentication used for the SPI |
|
Key |
x |
- © 2010, Oracle Corporation and/or its affiliates