Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
BGP - MD5 for prevent att...

BGP - MD5 for prevent attacks

Created: Sep 2, 2021 15:16:53Latest reply: Sep 12, 2021 06:07:33 519 7 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Is possible for enabling MD5 authentication between BGP peers can prevent DoS attacks that target BGP peers?



BGPHuawei HCIPICTDoSDDoS

Like (0) Dislike (0) Favorite(0) Share Report
Previous: [DCN] Understanding three inter-device link aggregation technologies: stacking, M-LAG, and M-LAG Lite
Next: What mechanism does IS-IS use to ensure the reliability of neighbor relationship establishment on a broadcast network?
Featured Answers

Best answer

(1) (0)
DDSN
Admin Created Sep 3, 2021 00:58:33

Hi @zaheernew!


BGP uses TCP as the transport layer protocol. To improve BGP security, you can perform Message Digest 5 (MD5) authentication when establishing a TCP connection. The MD5 authentication of BGP sets only the MD5 authentication password for the TCP connection. The authentication is performed by the TCP. If the authentication fails, no TCP connection is established.


BGP MD5 authentication is designed to prevent TCP attacks. The MD5 algorithm uses the MD5 password and the TCP+BGP packet as the input. The calculated result A is stored in the TCP packet. The peer TCP parses A to check whether the TCP packet is forged. If a forged TCP packet is detected, the peer TCP discards the packet to ensure stable TCP connections.

View more
  • x
  • convention:

zaheernew
zaheernew Created Sep 3, 2021 03:56:32 (0) (0)
Thnaks  
Unicef
Unicef Created Sep 12, 2021 05:20:44 (0) (0)
 
All Answers
(1) (0)
2#
ariase88
ariase88 Admin Created Sep 2, 2021 15:37:19

Thanks for contacting the Huawei community!

We are checking your question and will provide an answer to you shortly...
View more
  • x
  • convention:
(1) (0)
3#
MahMush
MahMush Author Created Sep 2, 2021 17:27:47

Yes.Please refere RFC 2385

Protection  of  BGP  Sessions  via  the  TCP  MD5  Signature  Option  –  defines  a  TCP extension  to  improve  BGP  security  by  specifying  an  option to include an MD5 signature in a TCP message.    This  procedure  provides  much  stronger  authentication  of  BGP  messages. 

View more
  • x
  • convention:

zaheernew
zaheernew Created Sep 3, 2021 03:56:44 (0) (0)
 
(1) (0)
4#
DDSN
DDSN Admin Created Sep 3, 2021 00:58:33

Hi @zaheernew!


BGP uses TCP as the transport layer protocol. To improve BGP security, you can perform Message Digest 5 (MD5) authentication when establishing a TCP connection. The MD5 authentication of BGP sets only the MD5 authentication password for the TCP connection. The authentication is performed by the TCP. If the authentication fails, no TCP connection is established.


BGP MD5 authentication is designed to prevent TCP attacks. The MD5 algorithm uses the MD5 password and the TCP+BGP packet as the input. The calculated result A is stored in the TCP packet. The peer TCP parses A to check whether the TCP packet is forged. If a forged TCP packet is detected, the peer TCP discards the packet to ensure stable TCP connections.

View more
  • x
  • convention:

zaheernew
zaheernew Created Sep 3, 2021 03:56:32 (0) (0)
Thnaks  
Unicef
Unicef Created Sep 12, 2021 05:20:44 (0) (0)
 
(0) (0)
5#
S_Noch
S_Noch Created Sep 12, 2021 06:07:33

BGP - MD5 for prevent attacks-4131833-1
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.