F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
495
Ste
p
Command
Remarks
589. Enable quick reestablishment of
direct EBGP session.
ebgp-interface-sensitive
Optional.
Not enabled by default.
1509BEnabling MD5 authentication for BGP peers
You can enable MD5 authentication to enhance security in the following ways:
• Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
same password configured can establish TCP connections.
• Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.
To enable MD5 authentication for BGP peers:
Ste
p
Command
Remarks
590. Enter system view.
system-view N/A
591. Enter BGP view or BGP-VPN
instance view.
• Enter BGP view:
bgp as-number
• Enter BGP-VPN instance view:
a. bgp as-number
b. ipv4-family vpn-instance
vpn-instance-name
Use either approach.
592. Enable MD5 authentication
for BGP peers.
peer { group-name | ip-address } password
{ cipher | simple } password
Not enabled by default.
1510BConfiguring BGP load balancing
If multiple BGP routes that have the same AS_PATH, ORIGIN, LOCAL_PREF, and MED attributes to a
destination exist, you can use the balance command to configure the maximum number of BGP routes for
load balancing to improve link utilization.
To configure BGP load balancing:
Ste
p
Command
Remarks
593. Enter system view.
system-view N/A
594. Enter BGP view or BGP-VPN
instance view.
• Enter BGP view:
bgp as-number
• Enter BGP-VPN instance view:
a. bgp as-number
b. ipv4-family vpn-instance
vpn-instance-name
Use either approach.
595. Configure the maximum number
of BGP routes for load balancing.
balance [ ebgp | ibgp ] number
By default, load balancing is
not enabled.
1511BForbidding session establishment with a peer or peer group
This task allows you to temporarily tear down the BGP session to a specific peer or peer group. To recover
the session, execute the undo peer ignore command. In this way, you can implement network upgrade
and maintenance without deleting and then configuring the peer or peer group.
To forbid session establishment with a peer or peer group: