Enabling md5 authentication for tcp connections, Configuring bgp load balancing – H3C Technologies H3C SR8800 User Manual

230

Enabling MD5 authentication for TCP connections

BGP employs TCP as the transport protocol. To enhance security, you can configure BGP to perform MD5

authentication when establishing a TCP connection. The two parties must have the same password

configured to establish TCP connections.
BGP MD5 authentication is not for BGP packets, but for TCP connections. If the authentication fails, no

TCP connection can be established.
To enable MD5 authentication for TCP connections:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enable MD5 authentication when
establishing a TCP connection to the

peer/peer group.

peer { group-name | ip-address }
password { cipher | simple }
password

Optional
Not enabled by default

Configuring BGP load balancing

If multiple paths to a destination exist, you can configure load balancing over such paths to improve link

utilization.
To configure BGP load balancing:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Configure the maximum number of

BGP routes for load balancing.

balance number

Optional.
By default, load balancing is
not enabled.

Forbiding session establishment with a peer or peer group

To forbid session establishment with a peer or peer group:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Forbid session establishment with a
peer or peer group.

peer { group-name | ip-address }
ignore

Optional
Not forbidden by default