Avaya Configuring IP Exterior Gateway Protocols (BGP and EGP) Manual de usuario Pagina 80
- Pagina / 308
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Configuring IP Exterior Gateway Protocols (BGP and EGP)
5-22
308628-14.00 Rev 00
When BGP-4 TCP MD5 authentication is enabled, a router computes an MD5
signature for each TCP packet, based on the TCP packet and a per-peer secret key.
The router adds this MD5 signature to the TCP packet containing a BGP message
and sends it with the packet, but it does not send the secret key. The receiver of the
TCP packet also knows the secret key and can verify the MD5 signature. A third
party trying to masquerade as the sender, however, cannot generate an authentic
signature because it does not know the secret key. Configurations can
concurrently have BGP peers with authentication enabled and authentication
disabled.
The per-peer secret keys provide the security. Peers configured with common
secret keys can authenticate each other and exchange routing information. If the
keys are compromised (for example, by transfer of the configuration file), then the
authentication itself is compromised. To prevent this, the secret keys can be stored
in encrypted form in the configuration file and MIB, using the Technician
Interface secure shell to encrypt the per-peer secret keys. The secure shell uses
DES to encrypt the secret keys, and the DES key (the NPK/MEK) is stored in the
router’s nonvolatile RAM (NVRAM). The Node Protection Key/Message
Encryption Key (NPK/MEK) is configured using the Technician Interface secure
shell or the Site Manager WEP Key Manager. The TCP MD5 secret keys can
optionally be similarly encrypted.
Entering and Storing MD5 Authentication Keys
To configure BGP TCP MD5 authentication, set the wfBgpPeerTcpAuthentication
MIB object to MD5. You can then enter an optional, variable-length ASCII
authentication key for each BGP-4 peer. This key is stored in the
wfBgpPeerTcpMd5Key MIB object. Entering the authentication key also enables
authentication for the peer connection. Both peers must be configured with the
same authentication key. When an authentication key is stored in the MIB or the
configuration file, it can optionally be encrypted using DES with the NPK/MEK
key, as selected by the wfBgpPeerTcpMd5KeyStorage MIB object.
You can enter the authentication keys through Site Manager or the BCC. Use the
Technician Interface secure shell to enter the NPK/MEK.
- Configuring IP Exterior 1
- Gateway Protocols (BGP and 1
- Trademarks 2
- Statement of Conditions 2
- Contents 5
- 308628-14.00 Rev 00 10
- 308628-14.00 Rev 00 11
- Before You Begin 15
- Text Conventions 16
- Set Trap Monitor Filters 17
- Acronyms 18
- Hard-Copy Technical Manuals 19
- How to Get Help 20
- Chapter 1 21
- Border Gateway Protocol (BGP) 23
- BGP Concepts and Terminology 24
- Peer-to-Peer Sessions 25
- Interior BGP Routing 26
- IBGP Route Reflector 27
- Equal-Cost Multipath 28
- BGP Updates 28
- Path Attributes 29
- BGP/OSPF Interaction 30
- BGP-4 Confederations 30
- BGP Implementation Notes 31
- Chapter 2 33
- <mask> 34
- Starting BGP 35
- Chapter 3 37
- Deleting BGP from the Router 39
- Starting EGP 40
- Deleting EGP from the Router 42
- Customizing EGP 42
- Next-hop address 0 44
- Next-hop mask 0 44
- Chapter 4 45
- The IP global prompt appears 46
- Defining a Static Route 53
- Chapter 5 59
- Enabling and Disabling BGP 60
- Supplying a BGP Identifier 62
- Identifying the Local AS 63
- Enabling Multihop Connections 69
- Configuring BGP as a Soloist 72
- Best-Route Selection 86
- <name> 91
- Chapter 6 95
- Negotiating the BGP Version 100
- Keeping the Connection Alive 101
- Using the BCC 102
- Using Site Manager 102
- Specifying a Holddown Time 104
- Setting the Route Echo Switch 110
- Chapter 7 117
- Defining a BGP Accept Policy 118
- Using Site Manage 126
- (continued) 129
- (continued) 131
- Chapter 8 141
- Configuring a Route Reflector 141
- Configuring an RR Client 149
- 2.2.2.3): 150
- Chapter 9 153
- Chapter 10 163
- Customizing EGP Services 163
- EGP Concepts and Terminology 164
- EGP Implementation Notes 167
- Customizing EGP on the Router 168
- Supplying a Local AS Number 169
- Configuring a Neighbor 170
- Specifying the Gateway Mode 172
- Choosing the Acquisition Mode 174
- Choosing the Poll Mode 175
- Setting Neighbor Timers 176
- Appendix A 177
- Site Manager Parameters 177
- BGP Configuration Parameters 178
- BGP Global Parameters 178
- BGP-3 Global Parameter 186
- BGP-4 Global Parameter 186
- BGP Peer Parameters 186
- BGP Event Message Parameters 198
- EGP Parameters 200
- EGP Neighbor Parameters 201
- IP Parameters 204
- IP Interface Parameters 206
- IP Global Parameters 220
- Static Route Parameters 227
- Adjacent Host Parameters 230
- Appendix B 235
- Routing Policies 235
- Appendix C 289
- Commands 296
- Regular Expression Symbols 300
Relacionado con productos y manuales para Software Avaya Configuring IP Exterior Gateway Protocols (BGP and EGP)
Software Avaya CS1000 Manual de usuario
(456 paginas)
(456 paginas)
Software Avaya Configuring IP Services Manual de usuario
(415 paginas)
(415 paginas)
Software Avaya Business Communication Manager 5.0 - Configuration - Devices Manual de usuario
(258 paginas)
(258 paginas)
Software Avaya Configuring IP Services Manual de usuario
(466 paginas)
(466 paginas)
Software Avaya FireWall-1 Manual de usuario
(68 paginas)
(68 paginas)
Software Avaya PeriReporter Manual de usuario
(122 paginas)
(122 paginas)
Software Avaya PeriProducer 3.00 (Software Release 3.00) - Business Communications Manager aviso
(48 paginas)
(48 paginas)
Software Avaya BayRS Version 15.7.0.0 Manual de usuario
(400 paginas)
(400 paginas)
Software Avaya Business Communications Manager - Intelligent Contact Center Manual de usuario
(258 paginas)
(258 paginas)
Software Avaya BCM50 Guía de configuración
(568 paginas)
(568 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.058 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales