The receive-tolerance command sets the tolerance time for packet receiving for key IDs in the keychain.
The undo receive-tolerance command deletes the configuration of the tolerance time for packet receiving.
By default, no tolerance time for packet receiving is configured.
| Parameter | Description | Value |
|---|---|---|
| value | Specifies the tolerance time for packet receiving. | The integer value ranges from 1 to 14400, in minutes. |
| infinite | Indicates that the tolerance time for packet receiving is infinite, so the key for packet receiving will always be valid. | - |
Usage Scenario
In keychain authentication mode, secure protocol packet transmission is provided by changing the authentication algorithm and key dynamically. Each key ID is configured with an authentication algorithm. When a key ID becomes valid, the corresponding authentication algorithm is used, ensuring the dynamic change of authentication algorithms.
Due to the networking environment or clock asynchronization on the packet sender and receiver, packet transmission may be delayed. The receiver may receive a packet sent from the sender after its key ID for packet receiving becomes invalid. As a result, the receiver discards the packet and packet transmission is interrupted. To resolve such a problem, set a tolerance time to ensure that the validity period of the key ID for packet receiving on the receiver expires after all packets sent from the sender reach the receiver.
Implementation Procedure
After a tolerance time is set, the tolerance time is added to the start time and end time when the key ID for packet receiving becomes valid.
Precautions
The set tolerance time takes effect for all key IDs in the keychain.
# Set the tolerance time for packet receiving to 570 minutes.
<sysname> system-view
[sysname] keychain a mode absolute
[sysname-keychain-a] receive-tolerance 570
# Set the tolerance time for packet receiving as infinite.
<sysname> system-view
[sysname] keychain a mode absolute
[sysname-keychain-a] receive-tolerance infinite