HP VPN Firewall Appliances Network Management Configuration Guide
821
Ste
p
Command
Remarks
3. Enter IPv6 address
family view or IPv6
BGP-VPN instance view.
ipv6-family [ vpn-instance
vpn-instance-name ]
N/A
4. Enable 4-byte AS
number suppression.
peer { group-name | ip-address }
capability-advertise
suppress-4-byte-as
Disabled by default.
IPv6 BGP-VPN instance view does not
support the group-name argument.
Configuring the maximum number of ECMP routes
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family view
or IPv6 BGP-VPN instance view.
ipv6-family [ vpn-instance
vpn-instance-name ]
N/A
4. Configure the maximum number
of ECMP routes.
balance [ ebgp |
ibgp ]number
By default, no load balancing is enabled.
Support for the maximum argument
depends on the device model.
Enabling MD5 authentication for TCP connections
IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform
MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection
can be established.
The MD5 authentication for establishing TCP connections does not apply to BGP packets.
The MD5 authentication requires that the two parties have the same authentication mode and password
to establish a TCP connection; otherwise, no TCP connection can be established due to authentication
failure.
To enable MD5 authentication for TCP connections:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family view.
ipv6-family N/A
4. Enable MD5 authentication when
establishing a TCP connection to the
peer or peer group.
peer { ipv6-group-name |
ipv6-address } password
{ cipher | simple } password
Not enabled by default.
Applying an IPsec policy to an IPv6 BGP peer or peer group
To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using
an IPsec policy.