User Manuals : DIRAC User Manual : DIRAC Functional Description : DIRAC Information Model : Crypto Segments and Crypto Configurations
Hitachi Energy
Crypto Segments and Crypto Configurations
In the DIRAC system:
a Crypto Segment item defines the encryption for a specific MPLS tunnel;
a Crypto Configuration item defines the encryption for a specific MPLS tunnel endpoint executed by a specific Crypto Engine.
The command “crypto-segment --list” displays following information:
Segment - Crypto Segment Identifier
Status - status of Crypto Segment
Profile - crypto profile [0..5]
Layer - layer/protocol for which Crypto Segment is used: MPLS or LAYER2
Active Master Key - hash key (first 32 digits in hex) of the Active Master Key
Activated At - date&time when the Active Master Key was activated
The command “crypto-configuration --list” displays following information:
Ce Id - SENC1 Crypto Engine identifier for which the Crypto Configuration is used
Segment - Crypto Segment Identifier
Label In - LSP label in incoming direction
Label Out - LSP label in outgoing direction
L2 - if the Crypto Configuration is used for L2 encryption: yes/no
Vlan - if the Crypto Configuration is based on VLAN subinterfaces: yes/no
Profile - crypto profile
Active Master Key - hash key (first 32 digits in hex) of the Active Master Key
Activation Time - date&time when the Active Master Key was activated
Fallback Master Key - hash key (first 32 digits in hex) of the Fallback Master Key
For a detailed description of the CLI commands output see section Crypto Commands.