Configuring MD5 Authentication

BGP uses TCP as the transmission protocol, and considers a packet valid as long as the source address, destination address, source port, destination port, and TCP sequence number of the packet are correct. However, most parameters in a packet may be easily obtained by attackers. To protect BGP from attacks, MD5 authentication can be used between BGP peers to reduce the possibility of attacks. The MD5 algorithm is easy to configure, generates a single password that needs to be manually changed.

admin@XorPlus# set protocols bgp neighbor 192.10.10.2 password picos12345
admin@XorPlus# commit

Configuring TTL Security Hop Count

This feature enables BGP to establish connection with external peers residing on networks that are not directly connected. By enabling this feature, the received TTL from a BGP peer is compared with the difference "255 - hop-count". BGP messages coming with a TTL less than this value are not accepted. BGP peering will not be established if the TTL in the session establishment is received with a lower value. Also, by enabling this feature the router will send BGP packets with TTL value of 255 to the neighbor. For a neighbor, either TTL security or ebgp-multihop can be configured, not both together. If there are multiple paths to reach the node, then the hop count should be configured considering the longest route.

admin@XorPlus# set protocols bgp neighbor 192.10.10.2 ttl-security hops 200
admin@XorPlus# commit