< Home

Configuring LDP MD5 Authentication

LDP authentication can be configured to improve the security of the connection of an LDP session. LDP authentication is configured on LSRs at both ends of an LDP session.

Context

MD5 authentication can be configured for a TCP connection over which an LDP session is established, improving security. Note that the peers of an LDP session can be configured with different authentication modes, but must be configured with a single password.

LDP MD5 authentication generates a unique digest for an information segment to prevent LDP packets from being modified. LDP MD5 authentication is stricter than common checksum verification for TCP connections.

You can configure either LDP MD5 authentication or LDP keychain authentication based on their separate characteristics:

  • The MD5 algorithm is easy to configure and generates a single password which can be changed only manually. MD5 authentication applies to the network requiring short-period encryption.
  • Keychain authentication involves a set of passwords and uses a new password when the previous one expires. Keychain authentication is complex to configure and applies to a network requiring high security.

Keychain authentication and MD5 authentication cannot be both configured on a single LDP peer.

Procedure

  1. Access the system view. 

    system-view

  2. Access the MPLS-LDP view. 

    mpls ldp

  3. Configure MD5 authentication and set a password. 

    md5-password { plain | cipher } peer-lsr-id password

    The password can be set in either explicit text or cipher text. An explicit text password is a pre-configured character string that is directly recorded in a configuration file. A cipher text password is a character string that is encrypted using a specified algorithm and recorded in a configuration file.

    By default, LDP MD5 authentication is not performed between LDP peers.

    • When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in explicit text if you select explicit text mode, which has a high risk. To ensure device security, change the password periodically.
    • Configuring LDP keychain authentication leads to reestablishment of an LDP session and deletes the LSP associated with the LDP session.

Parent Topic: Configuring LDP Security Features
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >