InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Is authentication possible with BGP? If yes, explain how. |
|
Answer» Yes. MD5 authentication is supported by BGP. BGP allows neighbours to authenticate each other USING MD5 and a shared password. It is set up with the following command neighbour {ip-address | peer-group-name} password password in BGP router setup mode. When authentication is enabled, BGP verifies the source of each routing update and authenticates every TCP segment from its peer. Authentication is required by most ISPs for their EBGP peers. Peering works only if both routers have the same password and are configured for authentication. When a router has a password configured for a neighbour but the neighbour router does not, the console displays a message like this when the routers TRY to create a BGP session. %TCP-6-BADAUTH: No MD5 DIGEST from [peer's IP address]:11003 to [local router's IP address]:179Similarly, if the two routers are configured with different passwords, a message like this will appear on the screen: %TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179 |
|