H3C S7500 Series Operation Manual page 391

Operation Manual – Routing Protocol
H3C S7500 Series Ethernet Switches
6.6 Adjusting and Optimizing a BGP Network
Adjusting and optimizing BGP network involves the following aspects:
1) BGP clock
BGP peers send Keepalive messages to each other periodically through the
connections between them to make sure the connections operate properly. If a router
does not receive the Keepalive or any other message from its peer in a specific period
(know as Holdtime), the router considers the BGP connection operates improperly
and thus tears down the BGP connection.
When establishing a BGP connection, the two routers negotiate for the Holdtime by
comparing their Holdtime values and take the smaller one as the Holdtime.
2) BGP connection reset
To make a new BGP routing policy taking effect, you need to reset the BGP
connection. This temporarily tears down the BGP connection. In S7500 Series
Ethernet Switches implementations, BGP supports the route-refresh function. With
route-refresh function enabled on all the BGP routers, if BGP routing policy changes,
the local router sends refresh messages to its peers. And the peers receiving the
message in turn send their routing information to the local router. In this way, you can
apply new routing policies and have the routing table dynamically updated
seamlessly.
To apply a new routing policy in a network containing routers that do not support the
route-refresh function, you need first to save all the route updates locally by using the
peer keep-all-routes command, and then use the refresh bgp command to reset the
BGP connections manually. This method can also refresh BGP routing tables and
apply a new routing policy seamlessly.
3) BGP authentication
BGP uses TCP as the transport layer protocol. To improve the security of BGP
connections, you can specify to perform MD5 authentication when a TCP connection
is established. Note that the MD5 authentication of BGP does not authenticate the
BGP packets. It only configures the MD5 authentication password for TCP connection,
and the authentication is performed by TCP. If authentication fails, the TCP
connection cannot be established.
6.6.1 Configuration Prerequisites
You need to perform the following configuration before adjusting the BGP clock.
Enable basic BGP functions
Before configuring BGP clock and authentication, make sure the following information
is available.
Value of BGP timer
6-17
Chapter 6 BGP Configuration