Technical Documentation

Configuring the Authentication Key Update Mechanism for BGP and LDP Routing Protocols

You can configure an authentication key update mechanism for the Border Gateway Protocol (BGP) and Label Distribution Protocol (LDP) routing protocols. This mechanism allows you to update authentication keys without interrupting associated routing and signaling protocols such as Open Shortest Path First (OSPF) and Resource Reservation Setup Protocol (RSVP).

To configure this feature, include the authentication-key-chains statement at the [edit security] level, and include the authentication-key-chain statement for the BGP or LDP routing protocols at the [edit protocols] level.

The following topics provide more details about configuring authentication key updates for BGP and LDP Routing Protocols:

  1. Configuring Authentication Key Updates
  2. Configuring BGP and LDP for Authentication Key Updates

Configuring Authentication Key Updates

To configure the authentication key update mechanism, include the key-chain statement at the [edit security authentication-key-chains] hierarchy level, and specify the key option to create a keychain consisting of several authentication keys.

[edit security authentication-key-chains]key-chain key-chain-name {key key {secret secret-data;start-time yyyy-mm-dd.hh:mm:ss;}}

key-chain—Assigns a name to the keychain mechanism. This name is also configured at the [edit protocols bgp] or the [edit protocols ldp] hierarchy levels to associate unique authentication key-chain attributes as specified using the following options:

  • key—Each key within a keychain is identified by a unique integer value. The range is from 0 through 63.
  • secret—Each key must specify a secret in encrypted text or plain text format. Even if you enter the secret data in plain-text format, the secret always appears in encrypted format.
  • start-time—Start times for authentication key updates are specified in UTC (Coordinated Universal Time), and must be unique within the keychain.

Configuring BGP and LDP for Authentication Key Updates

To configure the authentication key update mechanism for the BGP and LDP routing protocols, include the authentication-key-chain statement at the [edit protocols (bgp | ldp)] hierarchy level to associate each routing protocol with the [edit security authentication-key-chains] authentication keys.

[edit protocols (bgp | ldp)]group group-name {neighbor address {authentication-key-chain key-chain-name;}}

Note: When configuring the authentication key update mechanism for BGP, you cannot commit the 0.0.0.0/allow statement with authentication keys or key chains. The CLI issues a warning and fails to commit such configurations.

For information about the BGP protocol, see the JUNOS Routing Protocols Configuration Guide.


Published: 2010-04-26