beautypg.com

Enabling md5 authentication for tcp connections – H3C Technologies H3C S12500 Series Switches User Manual

Page 248

background image

232

After you enable the 4-byte AS number suppression function, the peer device can then process the Open

message even though it does not support 4-byte AS numbers, and the BGP session can be established.
If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression function;

otherwise, the BGP peer relationship cannot be established.
To enable 4-byte AS number suppression:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Enter BGP view or BGP-VPN

instance view.

Enter BGP view:
bgp as-number

Enter BGP-VPN instance view:

a.

bgp as-number

b.

ipv4-family vpn-instance
vpn-instance-name

Use either method.

3.

Enable 4-byte AS number

suppression.

peer { group-name | ip-address }

capability-advertise
suppress-4-byte-as

Disabled by default.

Enabling quick reestablishment of direct EBGP session

When the link to a directly connected EBGP peer is down, the router, with quick EBGP session
reestablishment enabled, will tear down the session to the peer, and then reestablish a session

immediately. If the function is not enabled, the router does not tear down the session until the holdtime

times out. A route flap will not affect the EBGP session state when the quick EBGP session reestablishment

is disabled.
To enable quick reestablishment of direct EBGP session:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view or BGP-VPN
instance view.

Enter BGP view:

bgp as-number

Enter BGP-VPN instance view:

a.

bgp as-number

b.

ipv4-family vpn-instance

vpn-instance-name

Use either method.

3.

Enable quick reestablishment
of direct EBGP session.

ebgp-interface-sensitive

Optional.
Not enabled by default.

Enabling MD5 authentication for TCP connections

You can enable MD5 authentication to enhance security in the following ways:

Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
same password configured can establish TCP connections.

Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: