System information
Configuring BGP
12-23
Enabling Message Digest 5 Authentication Between Peers
You can enable Message Digest 5 (MD5) authentication between two BGP peers,
causing each segment sent on the TCP connection between them to be verified. You
must configure the same password on both BGP peers; otherwise, the connection
between them is not made. The authentication feature uses the MD5 algorithm
command that causes the generation and checking of the MD5 digest on every
segment sent on the TCP connection. Configuring a password for a neighbor
terminates an existing session and establishes a new one. If you specify a BGP peer
group using the name argument, all the members of the peer group inherit the
characteristic configured with this command.
To enable MD5 authentication, use the neighbor password command in Router BGP
Configuration mode, as shown below:
MOT(config-bgp)#neighbor {<ip-address> | <name>} password <string>
where:
ip-address is the IP address of the BGP-speaking neighbor.
name is the name of the BGP peer group.
string is a case-sensitive password of up to 80 alphanumeric characters. The first
character cannot be a number.
Example
The commands in the following example enable the authentication feature between a
router and the BGP neighbor at 122.35.3.1. The password that must also be
configured for the neighbor is mypassword.
MOT(config)#router bgp 109
MOT(config-bgp)#neighbor 122.35.3.1 password mypassword
Setting the Routing Updates Interval
To set the minimum interval between the sending of BGP routing updates to
neighbors or peer groups, use the neighbor advertisement-interval command in
Router BGP Configuration mode. Lower values for the advertisement interval cause
route changes to be reported more quickly. However, this may cause the routers to use
more bandwidth.