This topic explains how Message Digest 5 (MD5) authentication protects a BGP neighbor session.
Authentication between BGP neighbors can be negotiated between BGP-speaking routers using optional parameters in the Open message. If you are using MD5 authentication, every TCP segment on the BGP session will be transmitted to the configured neighbor along with a checksum. The checksum is calculated together with a secret known by the two routers using the MD5 algorithm. The common secret is never transmitted on the network. If the receiver, which is using the same common secret, calculates the same checksum from the TCP segment, then the receiver can be pretty sure that the information is transmitted from the correct source and the information has not been altered.
Authentication of BGP sessions is a vital tool to avoid denial-of-service (DoS) attacks.
1-42 Configuring BGP on Cisco Routers (BGP) v3.2 © 2005, Cisco Systems, Inc.
Was this article helpful?