The NGE feature is tightly integrated with the NSP NFM-P. The following functions are provided by the NSP NFM-P :
managing and synchronizing encryption and authentication keys within key groups on a network-wide basis
configuring NGE on MPLS services and managing associated key groups
configuring NGE on router interfaces and managing associated key groups
coordinating network-wide rekeying of key groups
The NSP NFM-P acts as the key manager for NGE-enabled nodes and allocates the keys in key groups that are used to perform encryption and authentication. The NSP NFM-P ensures that all nodes in a key group are kept in synchronization and that only the key groups that are relevant to the associated nodes are downloaded with key information.
The NSP NFM-P performs network-wide hitless rekeying for each key group at the rekeying interval specified by the operator. Different key groups can be rekeyed at different times if needed, or all key groups can be rekeyed network-wide at the same time.
For more information about NSP NFM-P management, see the ‟Service Management” section in the NSP NFM‑P User Guide.