BGP Authentication


It's configured on PER-NEIGHBOR, or as described in the Previous Post - on the PER-PEER-GROUP basis.

 (config-router)#neighbor CISQUEROS password cisco

From Jeff Doyle's ROUTING TCP/IP Vol2 (Routing Bible in my opinion, even though I hope it gets updated soon, is't been 12 years!):

The IOS uses MD5 authentication when a BGP neighbor password is configured. MD5 is a one-way message digest or secure hash function produced by RSA Data Security, Inc. It also is occasionally referred to as a cryptographic checksum, because it works in somewhat the same way as an arithmetic checksum. MD5 computes a 128-bit hash value from a plain-text message of arbitrary length (in this case, a BGP message) and a password. This "fingerprint" is transmitted along with the message. The receiver, knowing the same password, calculates its own hash value. If nothing in the message has changed, the receiver's hash value should match the sender's value transmitted with the message. The hash value is impossible to decipher (without a huge amount of computing power) without knowing the password so that an unauthorized router cannot, either maliciously or by accident, peer with a router running neighbor authentication.

No comments:

Post a Comment

Most Popular Posts