Enabling md5 authentication for tcp connections – H3C Technologies H3C SecPath F1000-E User Manual

799

Configuring the maximum number of load-balanced routes

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enter IPv6 address family view
or IPv6 BGP-VPN instance

view.

ipv6-family [ vpn-instance
vpn-instance-name ]

N/A

4.

Configure the maximum
number of load balanced

routes.

balance number

By default, no load balancing is
enabled.

Enabling MD5 authentication for TCP connections

IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform

MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection

can be established.
To enable MD5 authentication for TCP connections:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enter IPv6 address family
view.

ipv6-family

N/A

4.

Enable MD5 authentication
when establishing a TCP

connection to the peer/peer

group.

peer { ipv6-group-name |
ipv6-address } password { cipher |

simple } password

Not enabled by default.

NOTE:
•

The MD5 authentication for establishing TCP connections does not apply to BGP packets.

•

The MD5 authentication requires that the two parties have the same authentication mode and password
to establish a TCP connection; otherwise, no TCP connection can be established due to authentication

failure.

Applying an IPsec policy to an IPv6 BGP peer or peer group

To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using
an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device

uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the

device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship

with the sending device.