3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

441

442

443

444

445

446

447

448

449

450

442 CHAPTER 35: BGP CONFIGURATION

■ You can specify a fake AS number to hide the real one as needed. The fake AS

number applies to EBGP peers only, that is, EBGP peers in other ASs can only

find the fake AS number.

■ The peer substitute-as command is used only in specific networking

environments. Inappropriate use of the command may cause routing loops.

Tuning and

Optimizing BGP

Networks

This task involves the following parts:

1 Configure BGP timers

After establishing a BGP connection, two routers send keepalive messages

periodically to each other to keep the connection. If a router receives no keepalive

message from the peer after the holdtime elapses, it tears down the connection.

When establishing a BGP connection, the two parties compare their holdtimes,

taking the shorter one as the common holdtime.

2 Reset BGP connections

After modifying a route selection policy, you have to reset BGP connections to

make the new one take effect, causing a short time disconnection. The current

BGP implementation supports the route-refresh capability. With this capability

enabled on all BGP routers in a network, when a policy is modified on a router, the

router advertises a route-refresh message to its peers, which then resend their

routing information to the router. Therefore, the local router can perform dynamic

route update and apply the new policy without tearing down BGP connections.

If a router not supporting route-refresh exists in the network, you need to

configure the peer keep-all-routes command to save all route updates, and then

use the refresh bgp command to soft reset BGP connections, which can refresh

the BGP routing table and apply the new policy without tearing down BGP

connections.

3 Configure BGP authentication

BGP employs TCP as the transport protocol. To enhance security, you can

configure BGP to perform MD5 authentication when establishing a TCP

connection. BGP MD5 authentication is not for BGP packets. It is used to set

passwords for TCP connections. If the authentication fails, the TCP connection can

not be established.

Prerequisites Before configuring this task, you have configured BGP basic functions

Configuration Procedure To tune and optimize BGP networks, use the following commands:

To do... Use the command... Remarks

Enter system view system-view -

Enter BGP view bgp as-number -