peer keychain (BGP)
Function
The peer keychain command configures the Keychain authentication for establishing the TCP connection between BGP peers.
The undo peer keychain command deletes the Keychain authentication.
By default, the Keychain authentication is not configured for BGP peers.
Format
peer { group-name | ipv4-address | ipv6-address } keychain keychain-name
undo peer { group-name | ipv4-address | ipv6-address } keychain
Parameters
| Parameter | Description | Value |
|---|---|---|
| group-name | Specifies the name of a BGP peer group. | The name is a string of 1 to 47 characters without any space. It is case-sensitive. |
| ipv4-address | Specifies the IPv4 address of a BGP peer. | It is in dotted decimal notation. |
| ipv6-address | Specifies the IPv6 address of a BGP peer. | The address is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| keychain-name | Specifies the name of the Keychain authentication. | The name is a string of 1 to 47 characters. |
ipv6-address is valid only in the BGP view.
Views
BGP view, BGP-VPN instance IPv4 address family view, BGP-VPN instance IPv6 address family view
Usage Guidelines
Usage Scenario
Configuring Keychain authentication improves the security of the TCP connection. You must configure Keychain authentication on both BGP peers. Note that encryption algorithms and passwords configured for the Keychain authentication on both peers must be the same; otherwise, the TCP connection cannot be set up between BGP peers and BGP messages cannot be transmitted.
Before configuring the BGP Keychain authentication, configure a Keychain in accordance with the configured keychain-name. Otherwise, the TCP connection cannot be set up.
Prerequisites
The peer as-number command has been used to create a peer or peer group.
Precautions