Routing Protocols
-
TCP-AO for RPKI validation sessions (MX204, MX240, MX480, MX960, MX10003, MX10008, MX10016, MX2008, MX2010, MX2020, PTX1000, PTX10002, PTX10008, PTX10016, and vRR) )—Starting in Junos OS Release 22.2R1, you can use TCP Authentication Option (TCP-AO) to authenticate resource public key infrastructure (RPKI) validation sessions for securing the Internet's routing infrastructure, such as BGP. Using RPKI, legitimate holders of Internet number resources can control the operation of Internet routing protocols to prevent route hijacking and other attacks.
To enable a TCP-AO chain to authenticate an RPKI validation session, use
authentication-algorithm
ao
and the configuredauthentication-key-chain
keychain at the [edit routing-options validation group group_name session address
and [edit routing-options validation group group_name
hierarchy levels.