beautypg.com

Enabling md5 authentication for tcp connections, Configuration prerequisites – H3C Technologies H3C SR8800 User Manual

Page 374

background image

358

Step Command

Remarks

3.

Enter IPv6 address family
view.

ipv6-family

N/A

4.

Configure the maximum
number of load balanced

routes.

balance number

By default, no load balancing is
enabled.

Enabling MD5 authentication for TCP connections

IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform

MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection

can be established.
To enable MD5 authentication for TCP connections:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enter IPv6 address family
view.

ipv6-family

N/A

4.

Enable MD5 authentication

when establishing a TCP
connection to the peer/peer

group.

peer { ipv6-group-name |
ipv6-address } password { cipher |

simple } password

Not enabled by default

NOTE:

The MD5 authentication for establishing TCP connections does not apply to BGP packets.

The MD5 authentication requires that the two parties have the same authentication mode and password
to establish a TCP connection; otherwise, no TCP connection can be established due to authentication
failure.

Applying an IPsec policy to an IPv6 BGP peer or peer group

To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using

an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A router

uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the

router accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship

with the sending router.

Configuration prerequisites

Before you applye an IPsec policy to a peer/peer group, complete following tasks:

Create an IPsec proposal.

Create an IPsec policy.

For more information about IPsec policy configuration, see Security Configuration Guide.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: