Routing Protocols
-
TCP authentication option (TCP-AO) for resource public key infrastructure (RPKI) validation sessions (ACX7100-32C, PTX10001-36MR, PTX10003, PTX10004, PTX10008, PTX10016, QFX5130-32CD, and QFX5220)—Starting in Junos OS Evolved Release 22.2R1, you can use the TCP authentication option to authenticate RPKI validation sessions for securing the Internet's routing infrastructure, such as the BGP. Using RPKI, legitimate holders of Internet number resources can control the operation of Internet routing protocols to prevent route hijacking and other attacks.
To enable a TCP authentication option chain to authenticate an RPKI validation session, use the configured
authentication-algorithm
ao and authentication-key-chain
keychain at the [edit routing-options validation group group_name session address
] and [edit routing-options validation group group_name
] hierarchy level.