Configure Authentication

All BGP protocol exchanges can be authenticated to guarantee that only trusted routers participate in the AS's routing. By default, authentication is disabled on the router. You can configure MD5 authentication on the router. The MD5 algorithm creates an encoded checksum that is included in the transmitted packet. The receiving router uses an authentication key (password) to verify the packet's MD5 checksum.

To configure authentication, include the authentication-key statement:

authentication-key key; 

You can configure authentication globally for all BGP groups (at the [edit protocols bgp] hierarchy level), for all peers in a group (at the [edit protocols bgp group group-name] level), or for an individual peer (at the [edit protocols bgp group group-name neighbor address] level). For routing instances, include the statement at the [edit routing-instances routing-instance-name protocols bgp] hierarchy level, [edit routing-instances routing-instance-name protocols bgp group group-name] hierarchy level, and the [edit routing-instances routing-instance-name protocols bgp group group-name neighbor address] hierarchy level. If you configure authentication for all peers, each individual peer in that group inherits the group's authentication.

The key (password) can be up to 255 characters long. Characters can include any ASCII strings. If you include spaces, enclose all characters in quotation marks (double quotes).

When configuring authentication for all peers in a group, you cannot include the allow statement in the configuration because BGP keys require a destination address.