Configuring BFD Session Authentication Information

This section describes how to configure BFD session authentication information, including the authentication algorithm, authentication key, authentication key ID, and negotiation timeout period, to improve network security.

Usage Scenario

On a network demanding higher security, run the authentication-mode command to configure BFD session authentication information. You are advised to configure BFD negotiation authentication to reduce security risks.

Pre-configuration Tasks

Before configuring BFD authentication information, enable BFD globally.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure BFD negotiation authentication based on service scenarios.

    • For BFD sessions in the multicast scenario:

      1. Run the bfd session-name command to display the BFD session view.

      2. Run the authentication-modemet-sha1 key-id key-id cipher cipher-text nego-packet [ timeout-interval interval-value ] command to configure an authentication mode and key for a BFD session.

        Before configuring BFD authentication information, create a multicast BFD session, bind the session to a main interface, and use the default multicast address for detection.

      3. Run the quit command to return to the system view.

    • For BFD sessions in the BFD for IP scenario:

      • For BFD for IPv4 single-hop BFD sessions:

        Run the bfd single-hop peer-ip ip-address [ vpn-instance vpn-name ] authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet command to configure an authentication mode and key for a BFD session.

      • Run the bfd single-hop peer-ipv6 ipv6-address [ vpn-instance vpn-name ] authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet command to enable the negotiation authentication function for a BFD for IP single-hop session with the specified peer IP address on the IPv6 network and configure the key ID and encryption password.

      • For BFD for IPv4 multi-hop BFD sessions:

        Run the bfd multi-hop peer-ip ip-address [ vpn-instance vpn-name ] authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet command to configure an authentication mode and key for a BFD session.

      • For BFD for IPv6 single-hop BFD sessions:

        Run the bfd multi-hop peer-ipv6 ipv6-address [ vpn-instance vpn-name ] authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet command to configure an authentication mode and key for a BFD session.

    • For BFD sessions in the BFD for LSP scenario:

      • For BFD for LDP LSP passive sessions:

        Run the bfd mpls-passive peer-ip ip-address authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet command to configure an authentication mode and key for a BFD session.

      • For BFD for LDP LSP proactive sessions:

        Run the bfd lsp-tunnel peer-ip ip-address authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet command to configure an authentication mode and key for a BFD session.

  3. Run commit

    The configuration is committed.

Parent Topic: BFD Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >