Configuring BFD Authentication for PIM
Specify the BFD authentication algorithm for the PIM protocol.
Associate the authentication keychain with the PIM protocol.
Configure the related security authentication keychain.
Beginning with Junos OS Release 9.6, you can configure authentication for Bidirectional Forwarding Detection (BFD) sessions running over Protocol Independent Multicast (PIM). Routing instances are also supported.
The following sections provide instructions for configuring and viewing BFD authentication on PIM:
Configuring BFD Authentication Parameters
BFD authentication is only supported in the Canada and United States version of the Junos OS image and is not available in the export version.
To configure BFD authentication:
Viewing Authentication Information for BFD Sessions
You can view the existing BFD authentication configuration by
using the show bfd session detail and show bfd session
extensive commands.
The following example shows BFD authentication configured for the ge-0/1/5 interface. It specifies the keyed SHA-1 authentication algorithm and a keychain name of bfd-pim. The authentication keychain is configured with two keys. Key 1 contains the secret data “$ABC123/” and a start time of June 1, 2009, at 9:46:02 AM PST. Key 2 contains the secret data “$ABC123/” and a start time of June 1, 2009, at 3:29:20 PM PST.
[edit protocols pim]
interface ge-0/1/5 {
family inet {
bfd-liveness-detection {
authentication {
key-chain bfd-pim;
algorithm keyed-sha-1;
}
}
}
}
[edit security]
authentication key-chains {
key-chain bfd-pim {
key 1 {
secret “$ABC123/”;
start-time “2009-6-1.09:46:02 -0700”;
}
key 2 {
secret “$ABC123/”;
start-time “2009-6-1.15:29:20 -0700”;
}
}
}
If you commit these updates to your configuration, you see output
similar to the following example. In the output for the show
bfd session detail command, Authenticate is displayed
to indicate that BFD authentication is configured. For more information
about the configuration, use the show bfd session extensive command. The output for this command provides the keychain name,
the authentication algorithm and mode for each client in the session,
and the overall BFD authentication configuration status, keychain
name, and authentication algorithm and mode.
show bfd session detail
user@host# show bfd session detail
Detect Transmit
Address State Interface Time Interval Multiplier
192.0.2.2 Up ge-0/1/5.0 0.900 0.300 3
Client PIM, TX interval 0.300, RX interval 0.300, Authenticate
Session up time 3d 00:34
Local diagnostic None, remote diagnostic NbrSignal
Remote state Up, version 1
Replicated
show bfd session extensive
user@host# show bfd session extensive
Detect Transmit
Address State Interface Time Interval Multiplier
192.0.2.2 Up ge-0/1/5.0 0.900 0.300 3
Client PIM, TX interval 0.300, RX interval 0.300, Authenticate
keychain bfd-pim, algo keyed-sha-1, mode strict
Session up time 00:04:42
Local diagnostic None, remote diagnostic NbrSignal
Remote state Up, version 1
Replicated
Min async interval 0.300, min slow interval 1.000
Adaptive async TX interval 0.300, RX interval 0.300
Local min TX interval 0.300, minimum RX interval 0.300, multiplier 3
Remote min TX interval 0.300, min RX interval 0.300, multiplier 3
Local discriminator 2, remote discriminator 2
Echo mode disabled/inactive
Authentication enabled/active, keychain bfd-pim, algo keyed-sha-1, mode strict
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.