MSDP Authentication

MSDP supports the message-digest algorithm 5 (MD5) and keychain authentication to improve the security and reliability of MSDP packet forwarding. The application scenario of MD5 or keychain authentication is the same as that of basic MSDP applications. MD5 and keychain authentication cannot be both configured.

• MD5 authentication

  MSDP uses TCP as the transport layer protocol. To enhance MSDP security, you can configure MD5 to authenticate TCP connections. If a TCP connection fails to be authenticated, the TCP connection cannot be established.

• Keychain authentication

  Keychain authentication works at the application layer. This authentication method ensures smooth service transmission and improves security by periodically changing the authentication password and encryption algorithm. Keychain authenticates both MSDP packets and the TCP connection setup process. For details about keychain, see the "Keychain" chapter in HUAWEI NetEngine 8000 F Series Feature Description - Security.

  

  The encryption algorithm used for MD5 authentication poses security risks. Therefore, you are advised to use an authentication mode based on a more secure encryption algorithm.