11
High-Availability
226
Nokia IP45 Security Platform User’s Guide v4.0
Use the following commands to configure the routing policies for the created BGP Peer:
set bgp neighbor <value ip_address>
dont-capability negotiate <on | off>
ebgp-multihop <on | off>
keepalive <value> holdtime <value>
maximum-prefix <value <value> [warning-only <on | off>|] off>
next-hop-self <on | off>
no-shutdown
passive <on | off >
peer-group < value <value> | off >
port < value <value> | off>
prefix-list <value> direction <in |out | both> state <on | off>
route-map <value> direction <in |out | both> state <on | off>
route-reflector-client <on | off>
update-source <value> state <on | off>
weight <value <value>| off>
shutdown
distribute-list <value> direction <in |out | both> state <on |
off>
Configuring a Remote BGP Peer with MD5 Authentication
You can invoke MD5 authentication with a remote BGP peer such that each segment sent on the
TCP connection between the peers is verified. This feature must be configured with the same
password on both BGP peers or the connection between them is not established. The
authentication feature uses the MD5 algorithm. Invocation of this feature enables Nokia IP45 to
generate and check the MD5 digest of every segment sent on the TCP connection. If
authentication is invoked and a segment fails authentication, a message appears on the console.
Note
MD5 authentication with remote BGP peer is implemented external to the BGP routing
process on Nokia IP45. This authentication mechanism has stronger coupling with VPN
modules. Therefore, this feature is not supported for clear text BGP updates.
Use the following commands to configure BGP remote peers:
add bgp remote-peer <value ip_address>
vpn-peer <value ip_address>
priority <normal | high>
[gateway <value>
password <value>]
Configuring a Local Loopback Interface
Loopback interfaces enable your BGP connection to stay connected to the interface used to
reach the neighbor. Configure this loopback interface IP address as the source address for the
BGP process to communicate with a remote BGP peer.