Enabling md5 authentication for tcp connections, Configuring bgp load balancing, Enabling md5 authentication for tcp – H3C Technologies H3C S7500E Series Switches User Manual

6-38

With quick eBGP connection reestablishment enabled, the router, when the link to a directly connected

eBGP peer is down, will reestablish a session to the eBGP peer immediately.

Follow these steps to enable quick eBGP session reestablishment:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter BGP view

bgp as-number

—

Enable quick eBGP session

reestablishment

ebgp-interface-sensitive

Optional

Not enabled by default

Enabling MD5 Authentication for TCP Connections

BGP employs TCP as the transport protocol. To enhance security, you can configure BGP to perform

MD5 authentication when establishing a TCP connection. The two parties must have the same

password configured to establish TCP connections. BGP MD5 authentication is not for BGP packets,

but for TCP connections. If the authentication fails, no TCP connection can be established.

Follow these steps to enable MD5 authentication for TCP connections:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter BGP view

bgp as-number

—

Enable MD5 authentication when

establishing a TCP connection to the

peer/peer group

peer { group-name |

ip-address } password { cipher

| simple } password

Optional

Not enabled by default

Configuring BGP Load Balancing

If multiple paths to a destination exist, you can configure load balancing over such paths to improve

link utilization.

Follow these steps to configure BGP load balancing:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter BGP view

bgp as-number

—

Configure the maximum number of BGP

routes for load balancing

balance number

Optional

Load balancing is not

enabled by default.