Table of Contents
BGP Neighbor Authentication Overview
BGP neighbor authentication establishes a neighbor only with a legitimate BGP router. Originally, BGP requires neighbors to explicitly configure each other as neighbors. Therefore, other routers will not become neighbors on their own if they are not authenticated like OSPF or EIGRP. However, authentication of BGP neighbors is important for establishing secure neighbors.
Configuring BGP Neighbor Authentication
Authentication for BGP neighbors is very simple. The command is as follows.
Router(config)#router bgp <AS>
Router(config-router)#neighbor <ip-address> password <password>
<AS>:AS number
<ip-address>:Neighbor IP address
<password>: case-sensitive password
Example of BGP neighbor authentication configuration
Configure neighbor authentication with the following network diagram.
R1およびISP1でネイバー認証の設定を行います。
R1 BGP neighbor authentication
router bgp 100 neighbor 172.16.1.11 password n-study
ISP1 neighbor authentication
router bgp 1 neighbor 172.16.1. 1 password n-study
If the state of the neighbor is Established, the authentication is working correctly. There are two ways in which authentication can go wrong
- Only one of them has the neighbor password command configured.
The following message is displayed
*Mar 1 00:19:16.960: %TCP-6-BADAUTH: No MD5 digest from 172.16.1.11(179) to 172.16.1.1(11000) (RST) - The password that is configured does not match.
The following message is displayed
*Mar 1 00:27:54.015: %TCP-6-BADAUTH: Invalid MD5 digest from 172.16.1.11(179) to 172.16.1.1(11002)
This is not limited to BGP neighbor authentication, but when configuring a password, be careful not to include a space at the end of the string.
How the BGP works
- BGP Basic Configuration and Verification Commands
- BGP Neighbor Status
- BGP Neighbor Authentication
- BGP Well Known Mandatory Attributes
- Illustration: BGP Best Path Selection
- BGP KEEPALIVE timer/Hold time Configuration
- BGP Route Minimum Advertisement Interval Configuration
- BGP Route Dampening
- BGP Route Filter Overview
- BGP Route Filter : distribute-list
- BGP Route Filter : distribute-list Configuration Example
- BGP Route Filter : prefix-list
- BGP Route Filter : prefix-list Configuration Example
- BGP Route Filter : filter-list(AS_PATH ACL)-
- BGP Route Filter : filter-list(AS_PATH ACL) Configuration Example
- BGP Route Filter : Route-map
- BGP Route Filter : route-map Configuration Example
- BGP neighbor allowas-in command
- BGP neighbor as-override command
- BGP Route RIB Failure
- BGP Route Administrative Distance Adjustment
- BGP Route Load Balancing
- BGP Auto Summary
- BGP Route Summary : network command
- BGP Route Summarization : network command configuration example
- BGP Route Summary aggregate-address command
- aggregte-address command : summary-only opiton
- aggregte-address command : attribute-map opiton
- aggregte-address command : as-set opiton
- aggregte-address command : advertise-map opiton
- BGP Selective Aggregation Overview
- BGP Selective Aggregation : suppress-map
- BGP Selective Aggregation : unsuppress-map
- BGP local-as
- BGP neighbor remove-private-AS
- bgp fast-external-fallover
- BGP Prefix Limitation