HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
Pre-configuration Tasks
Before configuring BGP4+ security, complete the following task:
l
Data Preparation
Before configure BGP4+ security, you need the following data.
No.
1
2
3
9.16.2 Configuring MD5 Authentication
In Message Digest 5 (MD5) authentication of BGP4+, you only need to set MD5 authentication
passwords for TCP connections, and the authentication is performed by TCP. If the
authentication fails, TCP connections cannot be established.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
Issue 02 (2014-09-30)
The Generalized TTL Security Mechanism (GTSM) is used to prevent attacks by using the
TTL detection. If an attack simulates BGP4+ packets and sends a large number of packets
to a router, an interface through which the router receives the packets directly sends the
packets to BGP4+ of the control layer, without checking the validity of the packets. In this
manner, routers on the control layer process the packets as valid packets. As a result, the
system becomes busy, and CPU usage is high.
In this case, you can configure GTSM to solve the preceding problem. After GTSM is
configured on a router, the router checks whether the TTL value in the IP header of a packet
is in the pre-defined range after receiving the packet. If yes, the router forwards the packet;
if not, the router discards the packet. This enhances the security of the system.
NOTE
l The NE80E/40E supports BGP4+ GTSM.
l GTSM supports only unicast addresses; therefore, GTSM needs to be configured on all the routers
configured with routing protocols.
Configuring Basic BGP4+ Functions
Data
BGP4+ peer address or name of the peer group of each router
MD5 authentication password
Key-Chain authentication name
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 BGP4+ Configuration
1117