F3215-HP Load Balancing Module Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

281

282

283

284

285

286

287

288

289

290

277

Enabling 4-byte AS number suppression

When a device that supports 4-byte AS numbers sends an Open message for session establishment, the

Optional parameters field of the message indicates that the AS number occupies four bytes—in the

range of 1 to 4294967295. If the peer device does not support 4-byte AS numbers (for examples, it

supports only 2-byte AS numbers), the session cannot be established.

After you enable the 4-byte AS number suppression function, the peer device can then process the Open

message even though it does not support 4-byte AS numbers, and the BGP session can be established.

If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression function;

otherwise, the BGP peer relationship cannot be established.

To enable 4-byte AS number suppression:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter BGP view.

bgp as-number N/A

3. Enable 4-byte AS number

suppression.

peer { group-name | ip-address }

capability-advertise

suppress-4-byte-as

Disabled by default.

Enabling quick reestablishment of direct EBGP session

When the link to a directly connected EBGP peer is down, the router, with quick EBGP session

reestablishment enabled, tears down the session to the peer, and then reestablishes a session

immediately. If the function is not enabled, the router does not tear down the session until the holdtime

times out. A route flap does not affect the EBGP session state when the quick EBGP session

reestablishment is disabled.

To enable quick reestablishment of direct EBGP session:

Ste

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter BGP view.

bgp as-number N/A

3. Enable quick reestablishment

of direct EBGP session.

ebgp-interface-sensitive

Optional.

Not enabled by default.

Enabling MD5 authentication for BGP peers

You can enable MD5 authentication to enhance security in the following ways:

• Perform MD5 authentication when establishing TCP connections. Only the two parties that have the

same password configured can establish TCP connections.

• Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.

To enable MD5 authentication for BGP peers:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter BGP view. bgp as-number N/A