Enabling md5 authentication for tcp connections, Configuring a large-scale ipv6 bgp network, Configuration prerequisites – H3C Technologies H3C S10500 Series Switches User Manual

337

To do…

Use the command…

Remarks

Configure the maximum number of
load balanced routes

balance number

Required
By default, no load balancing is

enabled.

Enabling MD5 authentication for TCP connections

IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform

MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection

can be established.
Follow these steps to enable MD5 authentication for TCP connections:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter BGP view

bgp as-number

—

Enter IPv6 address family view

ipv6-family

—

Enable MD5 authentication when
establishing a TCP connection to

the peer or peer group

peer { ipv6-group-name |
ipv6-address } password { cipher |

simple } password

Required
Not enabled by default

NOTE:
•

The MD5 authentication for establishing TCP connections does not apply to BGP packets.

•

The MD5 authentication requires that the two parties have the same authentication mode and password
to establish a TCP connection; otherwise, no TCP connection can be established due to authentication

failure.

Configuring a large-scale IPv6 BGP network

In a large-scale IPv6 BGP network, configuration and maintenance become inconvenient because of too

many peers. Configuring peer groups makes management easier and improves route distribution

efficiency. Peer group includes iBGP peer group, where peers belong to the same AS, and eBGP peer
group, where peers belong to different ASs. If peers in an eBGP group belong to the same external AS,

the eBGP peer group is a pure eBGP peer group, and if not, a mixed eBGP peer group.
In a peer group, all members have a common policy. Using the community attribute can make a set of

IPv6 BGP routers in multiple ASs have the same policy because community sending between IPv6 BGP

peers is not limited by AS.
To assure connectivity between iBGP peers, make them fully meshed, but it becomes impractical when
too many iBGP peers exist. Using route reflectors or confederation can solve this issue. In a large-scale

AS, both of them can be used.
Confederation configuration of IPv6 BGP is identical to that of BGP4, so it is not mentioned here.

Configuration prerequisites

•

Make peer nodes accessible to each other at the network layer

•

Enable BGP and configure a router ID.