Friday, 22 March 2019

BGP Authentication


A router authenticates the source of each routing update packet that it receives. Many routing protocols support authentication like OSPF, EIGRP, ISIS, BGP, and RIPv2.



Border gateway protocol (BGP) support authentication mechanism using message digest 5 (MD5) algorithms. When authentication I enabled, any TCP segment belonging to BGP exchange between the peers is verified and accepted only if authentication is successful. If the authentication fails, the BGP neighbor relationship goes down (not be established).








lets see the configuration:-

Topology :

Goal:
  • configure the topology as per the diagram 
  • configure basic iBGP 
  • configure MD5 authentication use password internetworks


R1#show ip interface brief
Interface                   IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
FastEthernet1/0        unassigned      YES unset  administratively down down
GigabitEthernet2/0  unassigned      YES unset  administratively down down
Serial3/0                     1.1.1.1         YES manual up                    up


R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                         up
FastEthernet1/0        unassigned      YES unset  administratively down down
GigabitEthernet2/0    unassigned      YES unset  administratively down down
Serial3/0                      1.1.1.2         YES manual up                      up



R1(config)#router bgp 65011
R1(config-router)#neighbor 1.1.1.2 remote-as 65011
R1(config-router)#network 10.0.0.0
R1(config-router)#network 1.0.0.0
R1(config-router)#no synchronization
R1(config-router)#exit



R2(config)#router  bgp 65011
R2(config-router)#neighbor 1.1.1.1 remote-as 65011

*Mar 22 13:44:19.255: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up


R2(config-router)#network 1.0.0.0
R2(config-router)#network 10.0.0.0
R2(config-router)#no synchronization
R2(config-router)#exit


R1# show ip bgp
BGP table version is 3, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 * i 1.0.0.0          1.1.1.2                  0    100      0 i
 *>                   0.0.0.0                  0         32768 i
 *>  10.0.0.0         0.0.0.0                  0         32768 i

R1#show ip bgp summary
BGP router identifier 10.1.1.1, local AS number 65011
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/1 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.2         4        65011      10      10        3    0    0 00:04:49        1



R2#show ip bgp
BGP table version is 4, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found


     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.0.0.0          0.0.0.0                  0         32768 i
 * i                  1.1.1.1                  0    100      0 i
 *>i 10.0.0.0         1.1.1.1                  0    100      0 i

R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 4, main routing table version 4
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        65011      11      10        4    0    0 00:05:18        2






R1(config)#router bgp 65011
R1(config-router)#neighbor 1.1.1.2 password internetworks
R1(config-router)#neighbor 1.1.1.2 version 4
R1(config-router)#end

R1#

*Mar 22 13:54:42.691: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(179) to 1.1.1.1(47927) tableid - 0

*Mar 22 13:54:42.695: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(179) to 1.1.1.1(47927) tableid - 0

*Mar 22 13:54:43.351: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(32235) to 1.1.1.1(179) tableid - 0


R2#show ip bgp
BGP table version is 2, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.0.0.0          0.0.0.0                  0         32768 i

R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 2, main routing table version 2
1 network entries using 144 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 360 total bytes of memory
BGP activity 3/2 prefixes, 4/3 paths, scan interval 60 secs


Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1           4              65011       0       0        1    0    0 00:02:46                       Active



R2(config)#router bgp 65011
R2(config-router)#neighbor 1.1.1.1 password internetworks
R2(config-router)#neighbor 1.1.1.1 version 4

*Mar 22 13:57:36.931: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

R2(config-router)#end


R2#show ip bgp
BGP table version is 3, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found


     Network          Next Hop            Metric LocPrf Weight Path
 * i 1.0.0.0          1.1.1.1                  0    100      0 i
 *>                   0.0.0.0                  0         32768 i
 *>i 10.0.0.0         1.1.1.1                  0    100      0 i

R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 4/2 prefixes, 6/3 paths, scan interval 60 secs


Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        65011       5       5        3    0    0 00:00:44        2



No comments:

PIM Sparse Mode

PIM Sparse Mode  ( PIM-SM )  PIM  Sparse Mode explicitly builds unidirectional shared trees rooted at a ( RP ) rendezvous point per...