A peer may support the use of one or more pre-shared keys (PSKs). An instance of MKA operates for each PSK that is administratively configured as active.
A pre-shared key may be created by NSP, or entered in CLI manually.
Each PSK is configured with two fields. The two fields are:
CKN (connectivity association name)
CAK value
The CAK name (CKN) is required to be unique per port among the configured sub-ports, and can be used to identify the key in subsequent management operations.
Each static CAK configuration can have two pre-shared key entries for rollover. The active PSK index dictates the CAK that is used for encrypting the MKA PDUs.
NSP has additional functionality to roll over and configure the PSK. The rollover via NSP can be based on a configured timer.