Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

 

Related Documentation

 

algorithm (BGP BFD Authentication)

Syntax

algorithm algorithm-name;

Hierarchy Level

[edit logical-systems logical-system-name protocols bgp bfd-liveness-detection authentication],[edit logical-systems logical-system-name protocols bgp group group-name bfd-liveness-detection authentication],[edit logical-systems logical-system-name protocols bgp group group-name neighbor address bfd-liveness-detection authentication],[edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp bfd-liveness-detection authentication],[edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name bfd-liveness-detection authentication],[edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name neighbor address bfd-liveness-detection authentication],[edit protocols bgp bgp bfd-liveness-detection authentication],[edit protocols bgp group group-name bfd-liveness-detection authentication],[edit protocols bgp group group-name neighbor address bfd-liveness-detection authentication],[edit routing-instances routing-instance-name protocols bgp bgp bfd-liveness-detection authentication],[edit routing-instances routing-instance-name protocols bgp group group-name bfd-liveness-detection authentication],[edit routing-instances routing-instance-name protocols bgp group group-name neighbor address bfd-liveness-detection authentication]

Release Information

Statement introduced in Junos OS Release 8.1.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Support for BFD authentication introduced in Junos OS Release 9.6.

Statement introduced in Junos OS Release 12.1 for the QFX Series.

Description

Configure the algorithm used to authenticate the specified BFD session.

Options

algorithm-name

Authentication algorithm name: simple-password, keyed-md5, keyed-sha-1, meticulous-keyed-md5, meticulous-keyed-sha-1.

simple-password—Plain-text password. One to 16 bytes of plain text are used to authenticate the BFD session. One or more passwords can be configured. This method is the least secure and should be used only when BFD sessions are not subject to packet interception.

keyed-md5—Keyed Message Digest 5 hash algorithm for sessions with transmit and receive intervals greater than 100 ms. To authenticate the BFD session, keyed MD5 uses one or more secret keys (generated by the algorithm) and a sequence number that is updated periodically. With this method, packets are accepted at the receiving end of the session if one of the keys matches and the sequence number is greater than or equal to the last sequence number received. Although more secure than a simple password, this method is vulnerable to replay attacks. Increasing the rate at which the sequence number is updated can reduce this risk.

meticulous-keyed-md5—Meticulous keyed Message Digest 5 hash algorithm. This method works in the same manner as keyed MD5, but the sequence number is updated with every packet. Although more secure than keyed MD5 and simple passwords, this method can take additional time to authenticate the session.

keyed-sha-1—Keyed Secure Hash Algorithm I for sessions with transmit and receive intervals greater than 100 ms. To authenticate the BFD session, keyed SHA uses one or more secret keys (generated by the algorithm) and a sequence number that is updated periodically. The key is not carried within the packets. With this method, packets are accepted at the receiving end of the session if one of the keys matches and the sequence number is greater than the last sequence number received.

meticulous-keyed-sha-1—Meticulous keyed Secure Hash Algorithm I. This method works in the same manner as keyed SHA, but the sequence number is updated with every packet. Although more secure than keyed SHA and simple passwords, this method can take additional time to authenticate the session.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

 

Related Documentation

 

Published: 2013-08-15

Supported Platforms

 

Related Documentation

 

Published: 2013-08-15

Previous Page Next Page