---

---

Router Security Configuration Guide UNCLASSIFIED 210 UNCLASSIFIED Version 1.0g 7.5.  IP Quality of Service and RSVP The Resource reSerVation Protocol (RSVP) is the Internet standard protocol for setting up Quality-of-Service (QoS) parameters for traffic in routed IP networks.   Many releases of Cisco IOS 12.0 and later support RSVP and QoS guarantees.  As bandwidth-hungry network clients, such as IP video-conferencing systems, begin to gain wide acceptance, users will begin to demand quality-of-service assurances.    Quality-of-service support offers the potential for substantial denial-of-service attacks.  On routers that support RSVP but that do not need to provide any QoS guarantees, all RSVP messages should be denied on external interface using IP access-lists.  For more information about access lists, consult Section 4.3. In general, RSVP configuration will probably be a contentious issue, and configuring it securely will be challenging.  While the RSVP protocol itself includes provisions for authentication and authorization, key management and deployment issues for RSVP security have not been resolved.  Also, Cisco IOS 12.1 now supports centralized application of RSVP policies, but the security issues associated with this facility have not yet been explored.  Extensive guidance already exists for integrating IP QoS (RSVP) with ATM QoS, but the security issues involved in that integration have not been fully explored.