2.8 Authentication of Transactions Between Peers

Transactions between clients and servers are authenticated using a Shared Secret. The NOAM level Shared Secret is used encrypt/decrypt RADIUS messages that have the RADIUS client connection on one site and the corresponding RADIUS server connection on another site (refer to Network Options for further information). By contrast, the SOAM Shared Secret must match the Shared Secret configured on the RADIUS peer node connection (refer to Shared Secret Configuration Sets for further information).

A RADIUS client and Server that exchange RADIUS messages must use the same Shared Secret when generating and validating authentication information. The recipient of a message uses the provisioned Shared Secret that is associated with the Source IP Address of the packet. For DSR, Shared Secrets are defined via a Shared Secret Configuration Set, an instance of which is assigned to RADIUS connections. Multiple RADIUS connections can be configured with the same Shared Secret if required by the operator.

DSR supports generating and validating the Message-Authenticator attribute before forwarding messages to and after receiving messages from the peer.