Mobile IP Administration Guide

SPI Section

Because the Mobile IP protocol requires message authentication, you must identify the security context using a Security Parameter Index (SPI). You define the security context in the SPI section. You must include a different SPI section for each security context defined. A numerical ID identifies the security context. The Mobile IP protocol reserves the first 256 SPIs. Therefore, you should use only SPI values greater than 256. The SPI section contains security-related information, such as shared secrets and replay protection.

The SPI section also contains the ReplayMethod and Key labels. This section defines the security contexts. The SPI section has the following syntax:

[SPI SPI-identifier]
     ReplayMethod = <none/timestamps>
     Key = key

Two communicating peers must share the same SPI identifier. You must configure them with the same key and replay method. You specify the key as a string of hex digits. The maximum length is 16 bytes. For example, if the key is 16 bytes long, and contains the hex values 0 through f, the key string might look like:

Key = 0102030405060708090a0b0c0d0e0f10

Keys must have an even number of digits (corresponding to the two digits per byte representation).

The following table describes the labels and values that you can use in the SPI section.

Table 2-4 SPI Section Labels and Values





none or timestamps

Specifies the type of replay authentication used for the SPI. 



Authentication key in hexadecimal.