TCP Authentication Option (TCP-AO) for BGP and LDP Sessions
Benefits of TCP-AO
TCP-AO provides the following benefits over TCP MD5:
Stronger algorithms—Supports multiple stronger authentication algorithms such as HMAC-SHA-1-96 and AES-128-CMAC-96 (mandated by RFC5925, The TCP Authentication Option). HMAC-SHA-1-96 is a hash-based MAC and AES-128-CMAC-96 is a cipher-based MAC, thus making the message digest more complex and secure than the digest created by using the MD5 algorithm.
Two-Fold security—In the TCP-AO method, the configured Authentication algorithm is used in two stages: Once to generate an internal traffic key from a user-configured key and then to generate a message digest using the generated traffic key, whereas in the TCP MD5 method, the MD5 algorithm generates a message digest using its user-configured key.
Better Key Management and Agility—You can configure up to 64 keys for a session and you can add them at any time during the lifetime of a session. It provides a simple key coordination mechanism by giving the ability to change keys (move from one key to another) within the same connection without causing any TCP connection closure. Changing TCP MD5 keys during an established connection might cause a flap or restart in the connection.
Suitable for long-lived connections—More suitable for long-lived connections for routing protocols such as BGP and LDP and across repeated instances of a single connection.
What is TCP-AO?
The BGP and LDP protocols use TCP for transport. TCP-AO is a new authentication method proposed through RFC5925, The TCP Authentication Option to enhance the security and authenticity of TCP segments exchanged during BGP and LDP sessions. It also supports both IPv4 and IPv6 traffic.
TCP-AO provides a framework to:
Support multiple stronger algorithms, such as HMAC-SHA1 and AES-128 to create an internal traffic key and message digest.
Add a new user-configured key to re-generate internal traffic keys for an established connection and a mechanism to synchronize key change between BGP or LDP peers.
In earlier releases only the TCP MD5 authentication method was supported for BGP and LDP sessions. The MD5 method supports only the MD5 algorithm, which is less secure that TCP-AO. In addition changing a MD5 key normally result in TCP session disruption, unlike the TCP-AO option. TCP MD5 is defined in RFC2385, Protection of BGP Sessions via the TCP MD5 Signature Option.
While both the TCP-AO and TCP MD5 authentication methods are now supported, you cannot use both at the same time for a given connection.
TCP-AO supports Nonstop Active Routing.
To configure a keychain for TCP-AO (with one key), set the following statement at the [edit security] hierarchy level.
user@router# set authentication-key-chains key-chain key-chain key id secret secretpassword start-time YYYY-MM-DD.HH:MM algorithm ao ao-attribute send-id send-id recv-id recv-id cryptographic-algorithm cryptographic-algorithm tcp-ao-option enabled
To apply TCP-AO to a BGP session (with the configured keychain), set the following statement at the [edit protocols] hierarchy level.
user@router# set bgp group group neighbor neighbor authentication-algorithm ao
user@router# set bgp group group neighbor neighbor authentication-key-chain key-chain
To apply TCP-AO to an LDP session (with the configured keychain), set the following statement at the [edit protocols] hierarchy level.
user@router# set ldp session session authentication-algorithm ao
user@router# set ldp session session authentication-key-chain key-chain
The following diagram explains the difference between TCP Authentication Option (TCP-AO) and TCP MD5 authentication. The first flow shows the configuration and processing flow for TCP-AO and the second flow shows the configuration and processing flow for TCP-MD5.
Below is an explanation of the processing flows shown in Figure 1:
TCP-AO—The user has configured two keys in the keychain- key 0 and key 1 with all required parameters. The keychain supports two algorithms: HMAC SHA1 and AES-128 (mandated per RFC5925). TCP fetches key 0, which is the key that is currently active, as shown by the timestamp in the figure.. In the example, key 0 is configured with HMAC-SHA1.
SHA1 takes the “secret” (from the key 0 configuration) and connection specific parameters for encryption and generates an internal traffic key.
SHA1 again encrypts the internal traffic key and the TCP segment to generate the message digest. The digest is copied to the TCP-AO MAC field of the TCP-AO option in the TCP segment. The segment is then sent to the receiving device.
TCP-MD5—The user has configured a single key because TCP MD5 option supports only one key for a connection. Further, it only supports the MD5 algorithm. The MD5 algorithm takes the “secret” from the key and the TCP segment for encryption and generates a message digest. This message digest is then copied to MD5 digest field in the TCP segment and is sent to the receiving device.