R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

351

352

353

354

355

356

357

358

359

360

345

To do… Use the command…

Remarks

Enable BGP route

refresh for a peer/peer

group

peer { group-name | ip-address }

capability-advertise route-refresh

Required

Enabled by default.

Enable the non-standard

ORF capability for a

BGP peer/peer group

peer { group-name | ip-address }

capability-advertise orf non-standard

Optional

By default, standard BGP ORF

capability defined in RFC 5291

and RFC 5292 is supported.

If the peer supports only

non-standard ORF, you need to

configure this command.

Enable the ORF

capability for a BGP

peer/peer group

peer { group-name | ip-address }

capability-advertise orf ip-prefix { both |

receive | send }

Required

Disabled by default.

Table 66 Description of the both, send, and receive parameters and the negotiation result

Local

arameter

Peer

arameter

otiation result

send

receive

The ORF sending capability is enabled locally and the

ORF receiving capability is enabled on the peer.

both

receive

send

The ORF receiving capability is enabled locally and the

ORF sending capability is enabled on the peer.

both

both both

Both the ORF sending and receiving capabilities are

enabled locally and on the peer, respectively.

Enabling quick eBGP session reestablishment

If the router receives no keepalive messages from a BGP peer within the holdtime, it disconnects from the

peer.

With quick eBGP connection reestablishment enabled, the router, when the link to a directly connected

eBGP peer is down, will reestablish a session to the eBGP peer immediately.

Follow these steps to enable quick eBGP session reestablishment:

To do… Use the command…

Remarks

Enter system view system-view

—

Enter BGP view bgp as-number

—

Enable quick eBGP session reestablishment

ebgp-interface-sensitive

Optional

Not enabled by default

Enabling MD5 authentication for TCP connections

BGP employs TCP as the transport protocol. To enhance security, configure BGP to perform MD5

authentication when establishing a TCP connection. The two parties must have the same password

configured to establish TCP connections.

BGP MD5 authentication is for TCP connections, not for BGP packets. If the authentication fails, no TCP

connection can be established.