Configuring Md5 Authentication - Huawei Quidway NetEngine80E Configuration Manual

HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
Pre-configuration Tasks
Before configuring BGP security, complete the following task:
l
Data Preparation
To configure BGP security, you need the following data.
No.
1
2
3

8.23.2 Configuring MD5 Authentication

In BGP, MD5 authentication sets an MD5 authentication password for a TCP connection, and
is performed by TCP. If authentication fails, no TCP connection will be established.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
Step 3 Run:
peer { ipv4-address | group-name } password { cipher cipher-password | simple
simple-password }
An MD5 authentication password is set.
Issue 02 (2014-09-30)
packets to BGP of the control layer, without checking the validity of the packets. In this
manner, routers on the control layer process the packets as valid packets. As a result, the
system becomes busy, and Central Processing Unit (CPU) usage is high.
In this case, you can configure GTSM to solve the preceding problem. After GTSM is
configured on a router, the router checks whether the TTL value in the IP header of a packet
is in the pre-defined range after receiving the packet. If yes, the router forwards the packet;
if not, the router discards the packet. This enhances the security of the system.
NOTE
l The NE80E/40E supports BGP GTSM.
l GTSM supports only unicast addresses; therefore, GTSM needs to be configured on all the
routers configured with routing protocols.
Configuring Basic BGP Functions
Data
Each router's peer address or peer group name
MD5 authentication password
Keychain authentication name
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8 BGP Configuration
865