Manuals / Nokia / Cell Phone / Cell Phone

Nokia IPSO 4.0 manual BGP Support for Virtual IP for Vrrp, 412

Models: IPSO 4.0

1 510
Download 510 pages 5.58 Kb
Page 412
Image 412

9

The TCP MD5 option allows BGP to protect itself against the introduction of spoofed TCP segments into the connection stream. To spoof a connection using MD5 signed sessions, the attacker not only has to guess TCP sequence numbers, but also the password included in the MD5 digest.

Note

TCP MD5 authentication is not available for BGP session over IPv6.

BGP Support for Virtual IP for VRRP

The Nokia IPSO implementation of BGP supports advertising the virtual IP address of the VRRP virtual router. You can force a route to use the virtual IP address as the local endpoint for TCP connections for a specified internal or external peer autonomous system. You must also configure a local address for that autonomous system for the VRRP virtual IP option to function. Only the VRRP master establishes BGP sessions. For more information on VRRP, see “VRRP Overview” on page 183.

Note

You must use monitored-circuit VRRP when configuring virtual IP support for BGP or any other dynamic routing protocol. Do not use VRRPv2 when configuring virtual IP support for BGP.

Note

BGP support for advertising the virtual IP address of the VRRP virtual router is only available for IPv4 BGP sessions, not for IPv6. In a VRRPv2 pair, if you select the Virtual Address option on the Advanced BGP page, it affect only IPv4 BGP peers. In a VRRPv3 pair, this option is not available for IPv6 BGP peers.

Perform the following procedure to configure an a peer autonomous system, corresponding local address, and to enable support for virtual IP for VRRP.

1.Click BGPs under Configuration > Routing Configuration in the tree view.

2.Enter a value between 1 and 65535 in the Peer Autonomous System Number edit box.

3.Click the Select the peer group type drop-down list and click either Internal or External.

If the peer autonomous system number is different from the local autonomous system of this router, click External.

If the peer autonomous system number is the same as that of the local autonomous system of this router, click Internal. You must also select Internal if the local autonomous system is part of a confederation. For more information on confederations, see “Confederations” on page 409.

4.Click Apply.

5.Click the Advanced BGP Options link on the BGP page.

412

Nokia Network Voyager for IPSO 4.0 Reference Guide

Page 411 Page 413
Page 412
Image 412
Nokia IPSO 4.0 manual BGP Support for Virtual IP for Vrrp, 412
Page 411 Page 413