[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Routing Protocols

The main task of a router is to use its routing and forwarding tables to forward user traffic to its intended destination. Attackers can send forged routing protocol packets to a router with the intent of changing or corrupting the contents of its routing table or other databases, which in turn can degrade the functionality of the router and the network. To prevent such attacks, routers must ensure that they form routing protocol relationships (peering or neighboring relationships) to trusted peers. One way of doing this is by authenticating routing protocol messages. We strongly recommend using authentication when configuring routing protocols. The JUNOS software supports HMAC-MD5 authentication for BGP, Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), Routing Information Protocol (RIP), and Resource Reservation Protocol (RSVP). HMAC-MD5 uses a secret key that is combined with the data being transmitted to compute a hash. The computed hash is transmitted along with the data. The receiver uses the matching key to recompute and validate the message hash. If an attacker has forged or modified the message, the hash will not match and the data will be discarded.

In this example, we configure BGP and, as the interior gateway protocol (IGP), IS-IS. If you use OSPF, configure it similarly to the IS-IS configuration shown.

This section includes the following topics:

For more information about configuring BGP and IS-IS, see the JUNOS Routing Protocols Configuration Guide.

[Contents] [Prev] [Next] [Index] [Report an Error]