Categories R&S

BGP – implement and troubleshoot Peerings – Authentication

One quick post about BGP authentication.

 

Requirements:

Use BGP authentication to secure the BGP session between R6 and R10.

 

Diagram:

update_source

 

Configuration and verification:

That’s an easy configuration. Only one command under the BGP process.

R6(config)#router bgp 100
R6(config-router)#neighbor 10.10.1.10 password CISCO

R10(config-router)#neighbor 10.100.1.6 password CISCO
R10#  clear ip bgp *

 

We see the BGP session establish,  and that md5 is used.

BGP neighbor is 10.100.1.6,  remote AS 100, external link
  BGP version 4, remote router ID 10.100.1.6
  BGP state = Established, up for 00:00:11
SNIP
Option Flags: nagle, path mtu capable, md5

 

Let’s see what happens if there is a password mismatch.

R6(config-router)#neighbor 10.10.1.10 password JUNIPER

*Jul  9 19:19:17.567: %TCP-6-BADAUTH: Invalid MD5 digest from 10.10.1.10(43122) to 10.100.1.6(179) tableid - 0

 

Without turning debug on, we immediately received a log message stating a bad authentication.

 

 

That’s all for BGP authentication.

Thank you for reading.

 

 

 

BGP – implement and troubleshoot Peerings – Authentication