[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Configuring BGP
The following example shows the configuration of
a single authentication key for the BGP peer group internal peers.
You can also configure BGP authentication at the neighbor or routing
instance levels, or for all BGP sessions. As with any security configuration,
there is a tradeoff between the degree of granularity (and to some
extent the degree of security) and the amount of management necessary
to maintain the system. This example also configures a number of tracing
options for routing protocol events and errors, which can be good
indicators of attacks against routing protocols. These events include
protocol authentication failures, which might point to an attacker
that is sending spoofed or otherwise malformed routing packets to the router in an attempt to elicit a particular
behavior.
- [edit]
- protocols {
-
- bgp {
-
- group ibgp {
- type internal;
-
- traceoptions {
- file bgp-trace size 1m files 10;
- flag state;
- flag general;
- }
- local-address 10.10.5.1;
- log-updown;
- neighbor 10.2.1.1;
- authentication-key "$9$aH1j8gqQ1gjyjgjhgjgiiiii";
- }
-
- group ebgp {
- type external;
-
- traceoptions {
- file ebgp-trace size 10m files 10;
- flag state;
- flag general;
- }
- local-address 10.10.5.1;
- log-updown;
- peer-as 2;
- neighbor 10.2.1.2;
- authentication-key "$9$aH1j8gqQ1gjyjgjhgjgiiiii";
- }
- }
- }
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
