Well, in these days, not many people want to setup BGP MD5 for security concerns. Back in 2005, after some guy reported a threat on BGP sessions with ISP. There were rush to setup MD5.
Actually, the MD5 authentication is not on the BGP session. The authentication is on the TCP session. It provides a method by which each of the TCP peers is able to verify with a higher degree of certainty that packets apparently received from the TCP peer actually originated from the TCP peer. This keeps packets which are spoofed into the session from being used as valid packets in the session, so providing another layer of security to the eBGP session.
Below configuration is sample of MD 5 on Cisco router
neighbor xx.xx.xx.xx remote-as
neighbor xx.xx.xx.xx Full-routes
neighbor xx.xx.xx.xx prefix-list < for Inbound route filter> in
neighbor xx.xx.xx.xx password <actual password>
neighbor xx.xx.xx.xx maximum-prefix 1000
neighbor xx.xx.xx.xx Full-routes
neighbor xx.xx.xx.xx prefix-list < for Inbound route filter> in
neighbor xx.xx.xx.xx password <actual password>
neighbor xx.xx.xx.xx maximum-prefix 1000
And save configuration file.
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
