Huawei Quidway NetEngine80E Configuration Manual page 777
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
Table 8-7 Solutions to improving BGP network security
Solution
MD5 and
keychain
authentication
Issue 02 (2014-09-30)
Main Objectives
To check the identity
of BGP peers and
prevent packets from
being tampered with
by unauthorized users.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Main Features
BGP MD5
authentication sets an
MD5 authentication
password for a TCP
connection. The
authentication is
performed by TCP. If
the authentication fails,
no TCP connections
can be established.
BGP keychain
authentication must be
configured on both
ends of a BGP
connection. A TCP
connection can be set
up and BGP messages
can be exchanged only
when the two ends
share the same
password and
encryption algorithms.
8 BGP Configuration
Note
BGP MD5
authentication and
BGP keychain
authentication are
mutually exclusive.
BGP keychain
authentication ensures
higher security than
BGP MD5
authentication.
l The MD5 algorithm
is easy to configure
and generates a
single password
which can only be
changed manually.
MD5
authentication
applies to the
network requiring
short-period
encryption.
l The keychain
algorithm is
complex to
configure and
generates a set of
passwords.
Keychain
authentication
allows passwords to
be changed
automatically based
on configurations.
Therefore,
keychain
authentication is
applicable to
networks requiring
high security.
752
Hide quick links:
Advertisement
