Usage Scenario
BGP uses TCP as the transport layer protocol. To enhance BGP security, MD5 authentication can be implemented for BGP packets exchanged during the establishment of a TCP connection. MD5 authentication sets the MD5 authentication password for the TCP connection, and the authentication is performed by TCP.
A password can be set either in cipher text or plain text. A plain text password is a configured character string that is directly recorded in a configuration file. A cipher text password is a character string that is encrypted by using a special algorithm and then recorded in a configuration file.
Prerequisites
The peer as-number command has been used to create a peer.
Configuration Impact
BGP uses TCP as the transport layer protocol. To enhance BGP security, MD5 authentication can be implemented for BGP packets exchanged during the establishment of a TCP connection. MD5 authentication, however, does not authenticate BGP packets. Instead, it sets the MD5 authentication password for the TCP connection, and the authentication is performed by TCP. If authentication fails, no TCP connection is established.
Precautions
The encryption algorithms MD5 has a low security, which may bring security risks. If protocols allowed, using more secure encryption algorithms.
MD5 authentication and Keychain authentication are mutually exclusive on a peer.
If the passwords of BGP peers at both ends are the same, the BGP peer relationship will not be re-established. If the interval configurations at both ends exceed the BGP peer hold time or passwords at both ends are different, the BGP peer relationship is disconnected due to timeout.
If you want to add a BGP peer on which the
peer password command has been run to a peer group on which the command has also been run and enable the BGP peer to inherit the authentication configuration of the peer group, run the
undo peer password command first before running the
peer group command to add the BGP peer to the peer group.
The space is not allowed in the password.