BGP Authentication
Share this page:It’s configured on PER-NEIGHBOR, or as described in the Previous Post - on the PER-PEER-GROUP basis.
** (config-router)#neighbor CISQUEROS password cisco**
From Jeff Doyle’s ROUTING TCP/IP Vol2 (Routing Bible in my opinion, even though I hope it gets updated soon, is’t been 12 years!):
_The IOS uses MD5 authentication when a BGP neighbor password is configured. MD5 is a one-way __message digest or secure hash function produced by RSA Data Security, Inc. It also is occasionally __referred to as a cryptographic checksum, because it works in somewhat the same way as an __arithmetic checksum. MD5 computes a 128-bit hash value from a plain-text message of arbitrary __length (in this case, a BGP message) and a password. This “fingerprint” is transmitted along with the __message. The receiver, knowing the same password, calculates its own hash value. If nothing in the __message has changed, the receiver’s hash value should match the sender’s value transmitted with __the message. The hash value is impossible to decipher (without a huge amount of computing power) __without knowing the password so that an unauthorized router cannot, either maliciously or by _accident, peer with a router running neighbor authentication.