Configuring Bgp Security; Establishing The Configuration Task - Huawei S6700 Series Configuration Manual
Ip routing
Hide thumbs
Also See for S6700 Series:
- Configuration manual (295 pages) ,
- Hardware description (115 pages) ,
- Hardware installation and maintenance manual (183 pages)
Table of Contents
Advertisement
S6700 Series Ethernet Switches
Configuration Guide - IP Routing
immediately after the link recovers. Instead, the BFD session waits for the WTR timer to expire
before going Up. If the link fails again before the WTR timer expires, BFD does not send a link
fault message to BGP, and the BGP session status is stabilized.
The default value of wtr-value is 0, which means that the WTR timer will not be started.
Step 8 (Optional) Run:
peer ipv4-address bfd block
A peer is prevented from inheriting the BFD function of the peer group to which it belongs.
If a peer joins a peer group enabled with BFD, the peer inherits the BFD configuration of the
group and creates a BFD session. To prevent the peer from inheriting the BFD function of the
peer group, perform this step.
----End
Checking the Configuration
After configuring BFD for BGP, you can run the following command to check the
configurations.
l
7.18 Configuring BGP Security
Authentication can be implemented during the establishment of a TCP connection to enhance
BGP security.
7.18.1 Establishing the Configuration Task
Before configuring BGP security, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and efficiently.
Applicable Environment
MD5 authentication, keychain authentication, or GTSM can be configured on a BGP network
to enhance BGP security.
l
Issue 01 (2012-03-15)
NOTE
The peer bfd block command and the peer bfd enable command are mutually exclusive. After the peer
bfd block command is run, the BFD session is automatically deleted.
Run the display bgp bfd session { [ vpnv4 vpn-instance vpn-instance-name ] peer ipv4-
address | all } command to check information about the BFD session between BGP peers.
MD5 authentication
BGP uses TCP as the transport protocol and considers a packet valid as long as the source
address, destination address, source port, destination port, and TCP sequence number of
the packet are correct. Most parameters in a packet can be easily obtained by attackers. To
protect BGP against attacks, MD5 authentication can be used during TCP connection
establishment between BGP peers to reduce the possibility of attacks.
To prevent the MD5 password set on a BGP peer from being decrypted, you need to update
the MD5 password periodically.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7 BGP Configuration
438
Advertisement
Table of Contents
