< Home

Configuring MSDP Peer

Context

An MSDP peer relationship is identified by the local and remote MSDP peer addresses. You must create an MSDP peer on both the local and remote ends.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run msdp [ vpn-instance vpn-instance-name ]

    The MSDP view is displayed.

  3. Run peer peer-address connect-interface interface-type interface-number

    An MSDP peer is created.

    • peer-address: specifies the address of the remote MSDP peer.

    • interface-type interface-number: specifies the local interface connected to the remote MSDP peer.

  4. (Optional) Run peer peer-address description text

    The description of the remote MSDP peer is configured.

    This configuration helps to identify remote MSDP peers and manage connections to the remote MSDP peers.

  5. (Optional) Run timer retry interval

    The MSDP peer connection retry interval is set.

    A TCP connection needs to be quickly set up between MSDP peers in one of the following situations:

    • An MSDP peer is created.
    • The disconnected MSDP peers need to be reconnected.
    • A faulty MSDP peer attempts to restore services.

    This command sets the interval at which MSDP peers retry to set up a connection.

  6. (Optional) Configure an MSDP authentication mode.

    To improve the security of a TCP connection, MSDP supports two authentication modes: message digest algorithm 5 (MD5) and keychain. The two authentication modes are mutually exclusive on an MSDP peer. You must configure the same password on both ends in MD5 authentication or configure the same encryption algorithm and password on both ends in keychain authentication. Otherwise, the TCP connection cannot be set up.

    MD5 is not a secure authentication algorithm. The more secure Keychain algorithm is recommended for MSDP authentication.

    • Run peer peer-address password { cipher cipher-password | simple simple-password }

      MSDP MD5 authentication is configured.

      If simple is selected, the password is saved in the configuration file in plain text, which brings security risks. It is recommended that you select cipher to save the password in cipher text.

    • Run peer peer-address keychain keychain-name

      MSDP keychain authentication is configured.

      keychain-name in this command is defined in the keychain command. For details, see Keychain Configuration in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security.

      Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support keychain authentication.

  7. (Optional) Run shutdown peer-address

    The session with the remote MSDP peer is closed.

    After the session with the remote MSDP peer is closed, SA messages are not exchanged between the MSDP peers, but the MSDP configuration is still saved. You can run the undo shutdown peer-address command to reestablish a TCP connection with the remote MSDP peer.

Parent Topic: Configuring Basic MSDP Functions
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >