index_210
Router Security Configuration Guide
UNCLASSIFIED
210
UNCLASSIFIED
Version 1.0g
7.5. IP Quality of Service and RSVP
The Resource reSerVation Protocol (RSVP) is the Internet standard protocol for
setting up Quality-of-Service (QoS) parameters for traffic in routed IP networks.
Many releases of Cisco IOS 12.0 and later support RSVP and QoS guarantees. As
bandwidth-hungry network clients, such as IP video-conferencing systems, begin to
gain wide acceptance, users will begin to demand quality-of-service assurances.
Quality-of-service support offers the potential for substantial denial-of-service
attacks. On routers that support RSVP but that do not need to provide any QoS
guarantees, all RSVP messages should be denied on external interface using IP
access-lists. For more information about access lists, consult Section 4.3.
In general, RSVP configuration will probably be a contentious issue, and configuring
it securely will be challenging. While the RSVP protocol itself includes provisions
for authentication and authorization, key management and deployment issues for
RSVP security have not been resolved. Also, Cisco IOS 12.1 now supports
centralized application of RSVP policies, but the security issues associated with this
facility have not yet been explored. Extensive guidance already exists for integrating
IP QoS (RSVP) with ATM QoS, but the security issues involved in that integration
have not been fully explored.