How to enable TCP MD5 Authentication for BGP Routing
The Internet is vulnerable to attack through its routing protocols and BGP is no exception. External sources can disrupt communications between BGP peers by breaking their TCP connection with spoofed RST packets. Internal sources, such as BGP speakers, can inject bogus routing information from any other legitimate BGP speaker. Bogus information from either external or internal sources can affect routing behavior over a wide area in the Internet. The TCP MD5 options allows BGP to protect itself against the introduction of spoofed TCP segments into the connection stream. To spoof a connection using MD5 signed sessions, the attacker not only has to guess TCP sequence numbers but also the password included in the MD5 digest.
Click the BGP link in the Routing Configuration section on Nokia Voyager.
Perform the following three steps to enable BGP TCP MD5 authentication on a Nokia Platform.
- Click the BGP link in the Routing Configuration section on Nokia Voyager. Select the remote peer IP Address Link to bring up the BGP peer configuration page
- Select MD5 as the Authentication type from the AUTHTYPE drop-down window; then click APPLY.
- Enter the MD5 shared key (test123 for example) in the KEY edit box; then click APPLY.
Please remember to use strong (i.e., hard to guess) passwords for the shared secret.
Imported from Nokia support database
This solution is about products that are no longer supported and it will not be updated