peer keychain (BGP-VPN instance IPv6 address family view) (IPv6)

Function

The peer keychain command configures the Keychain authentication for establishing the TCP connection between BGP peers.

The undo peer keychain command deletes the Keychain authentication.

By default, the Keychain authentication is not configured for BGP peers.

Format

peer ipv6-address keychain keychain-name

undo peer ipv6-address keychain

Parameters

Parameter	Description	Value
ipv6-address	Specifies the IPv6 address of a BGP peer.	The prefix is in the format of X:X:X:X:X:X:X:X.
keychain-name	Specifies the name of the Keychain authentication. Before configuring this parameter, run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the authentication will fail, and the BGP peer relationship fails to be established. If the dependent keychain is deleted, the neighbor relationship may be interrupted. Therefore, exercise caution when deleting the keychain.	The value is a string of 1 to 47 case-sensitive characters without any space. When double quotation marks are used around the string, spaces are allowed in the string.

Parameter

Description

Value

ipv6-address

Specifies the IPv6 address of a BGP peer.

The prefix is in the format of X:X:X:X:X:X:X:X.

keychain-name

Specifies the name of the Keychain authentication.

Before configuring this parameter, run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the authentication will fail, and the BGP peer relationship fails to be established.

If the dependent keychain is deleted, the neighbor relationship may be interrupted. Therefore, exercise caution when deleting the keychain.

The value is a string of 1 to 47 case-sensitive characters without any space. When double quotation marks are used around the string, spaces are allowed in the string.

Views

BGP-VPN instance IPv6 address family view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
bgp	write

Usage Guidelines

Usage Scenario

Configuring Keychain authentication improves the security of the TCP connection. You must configure Keychain authentication specified for TCP-based applications on both BGP peers. Note that encryption algorithms and passwords configured for the Keychain authentication on both peers must be the same; otherwise, the TCP connection cannot be set up between BGP peers and BGP messages cannot be transmitted.

Prerequisites

Before configuring the BGP Keychain authentication, a Keychain in accordance with the configured keychain-name must be configured first.

Precautions

The peer keychain command and the peer password command are mutually exclusive.

Example

# Configure the Keychain authentication named Huawei for BGP peers.

<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vpna
[*HUAWEI-vpn-instance-vpna] ipv6-family
[*HUAWEI-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:1
[*HUAWEI-vpn-instance-vpna-af-ipv6] quit
[*HUAWEI-vpn-instance-vpna] quit
[*HUAWEI] bgp 100
[*HUAWEI-bgp] ipv6-family vpn-instance vpna
[*HUAWEI-bgp-6-vpna] peer 2001:DB8:1::1 as-number 100
[*HUAWEI-bgp-6-vpna] peer 2001:DB8:1::1 keychain Huawei