R3303-HP HSR6800 Routers Layer 3 - IP Routing Configuration Guide
379
Configuring the maximum number of ECMP routes
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family view
or IPv6 BGP-VPN instance
view.
ipv6-family [ vpn-instance
vpn-instance-name ]
N/A
4. Configure the maximum
number of ECMP routes.
balance [ ebgp | ibgp ] number
By default, no load balancing is
enabled.
Enabling MD5 authentication for TCP connections
IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform
MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection
can be established.
The MD5 authentication for establishing TCP connections does not apply to BGP packets.
The MD5 authentication requires that the two parties have the same authentication mode and password
to establish a TCP connection; otherwise, no TCP connection can be established due to authentication
failure.
To enable MD5 authentication for TCP connections:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter IPv6 address family
view.
ipv6-family N/A
4. Enable MD5 authentication
when establishing a TCP
connection to the peer or peer
group.
peer { ipv6-group-name |
ipv6-address } password { cipher |
simple } password
Not enabled by default.
Applying an IPsec policy to an IPv6 BGP peer or peer group
To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using
an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device
uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the
device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship
with the sending device.
Configuration prerequisites
Before applying an IPsec policy to a peer or peer group, complete the following tasks: