R0106-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7)
346
# Reference IPsec transform set tran2.
[RouterC-ipsec-profile-policy002-manual] transform-set tran2
# Set the SPIs of the inbound and outbound SAs to 54321.
[RouterC-ipsec-profile-policy002-manual] sa spi outbound esp 54321
[RouterC-ipsec-profile-policy002-manual] sa spi inbound esp 54321
# Set the keys for the inbound and outbound SAs using ESP to gfedcba.
[RouterC-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba
[RouterC-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba
[RouterC-ipsec-profile-policy002-manual] quit
5. Configure IPsec to protect IPv6 BGP packets between Router A and Router B:
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp] peer 1::2 ipsec-profile policy001
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] peer 1::1 ipsec-profile policy001
[RouterB-bgp] quit
6. Configure IPsec to protect IPv6 BGP packets between Router B and Router C:
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp] peer ebgp ipsec-profile policy002
[RouterC-bgp] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] peer ebgp ipsec-profile policy002
[RouterB-bgp] quit
Verifying the configuration
# Display detailed information about IPv6 BGP peers on Router B.
[RouterB] display bgp peer ipv6 verbose
Peer: 1::1 Local: 2.2.2.2
Type: IBGP link
BGP version 4, remote router ID 1.1.1.1
BGP current state: Established, Up for 00h05m54s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
Port: Local - 24896 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec
Peer optional capabilities:
Peer support BGP multi-protocol extended
Peer support BGP route refresh capability
Peer support BGP route AS4 capability
Address family IPv6 Unicast: advertised and received