Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
•
same password configured can establish TCP connections.
Perform MD5 calculation on TCP segments to avoid modification to the encapsulated BGP packets.
•
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher
text.
Examples
# In BGP view, perform MD5 authentication on the TCP connection between the local router 10.1.100.1
and the peer router 10.1.100.2, and set the plaintext authentication password to aabbcc.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer 10.1.100.2 password simple aabbcc
# Perform similar configuration on the peer.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer 10.1.100.1 password simple aabbcc
# In BGP-VPN instance view, perform MD5 authentication on the TCP connection between the local
router 10.1.100.1 and the peer router 10.1.100.2, and set the plaintext authentication password to
aabbcc.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ip vpn-instance vpn1
[Sysname-bgp-vpn1] peer 10.1.100.2 password simple aabbcc
# Perform similar configuration on the peer.
<Sysname> system-view
[Sysname] bgp 200
[Sysname-bgp] ip vpn-instance vpn1
[Sysname-bgp-vpn1] peer 10.1.100.1 password simple aabbcc
peer preferred-value
Use peer preferred-value to specify a preferred value for routes received from a peer or peer group.
Use undo peer preferred-value to restore the default.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4
address family view/BGP VPNv6 address family view:
peer { group-name | ip-address } preferred-value value
undo peer { group-name | ip-address } preferred-value
In BGP IPv6 unicast address family view:
peer { group-name | ip-address | ipv6-address } preferred-value value
undo peer { group-name | ip-address | ipv6-address } preferred-value
In BGP-VPN IPv6 unicast address family view:
peer { group-name | ipv6-address } preferred-value value
371