[quagga-users 1469] Re: bgp session md5 password

Mike Tancsa mike at sentex.net
Mon Feb 16 15:30:47 GMT 2004 

At 11:32 AM 16/02/2004, Rick Payne wrote:

>--On Monday, February 16, 2004 4:21 pm +0100 Mathieu Arnold <mat at mat.cc> 
>wrote:
>
>>I'm not sure if it's possible, because, it seem to need a support from the
>>underlying os, but anyway, what's the status of this ?
>
>There's no support in quagga. I had a look at doing that, but haven't had 
>time to complete it yet.
>
>There is a wrapper and a kernel patch for various linux kernel versions. I 
>don't know what other OS kernels have support.


It is mostly functional in FreeBSD!  It is able to talk to a cisco and the 
cisco verifies the hash correctly.  The FreeBSD side however does not yet 
verify the hash, but just accepts it as is. Bruce Simpson just MFC'd the 
patches on the weekend back to RELENG_4. He also made patches available to 
quagga on his development page.  So far so good!

See
http://people.freebsd.org/~bms/dump/tcpdump-rfc2385/
and
http://people.freebsd.org/~bms/dump/quagga-tcpmd5/

For the quagga patches, put them in /usr/ports/net/quagga/files and add

CONFIGURE_ARGS+=--enable-tcp-signature

to the port's Makefile


Then, add to your appropriate ipsec.conf file something like,
#local and remote IP. Must use SPI of 0x1000 and the common passwd
add 99.0.1.1 99.0.1.2 tcp 0x1000 -A tcp-md5 "test1234" ;

and in quagga,
router bgp 65502
  bgp log-neighbor-changes
  neighbor 99.0.1.2 remote-as 65501
  neighbor 99.0.1.2 password test1234
  neighbor 99.0.1.2 update-source 99.0.1.1

bgpd# show ip bgp sum
BGP router identifier 99.0.1.1, local AS number 65502
1 BGP AS-PATH entries
0 BGP community entries

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ 
Up/Down  State/PfxRcd
99.0.1.2        4 65501     341     340        0    0    0 05:37:11        2

Total number of neighbors 1
bgpd#



On the Cisco side

router bgp 65501
  no synchronization
  bgp router-id 99.0.1.2
  bgp log-neighbor-changes
  redistribute connected
  redistribute static
  neighbor 99.0.1.1 remote-as 65502
  neighbor 99.0.1.1 description test connection to Quagga
  neighbor 99.0.1.1 update-source FastEthernet1/0
  neighbor 99.0.1.1 password test1234
  no auto-summary


7204VXR-NPE300#show ip bgp sum
BGP router identifier 99.0.1.2, local AS number 65501
BGP table version is 3, main routing table version 3
2 network entries using 202 bytes of memory
2 path entries using 96 bytes of memory
1 BGP path attribute entries using 60 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 358 total bytes of memory
BGP activity 10/8 prefixes, 10/8 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ 
Up/Down  State/PfxRcd
99.0.1.1        4 65502     339     342        3    0    0 05:36:48        0
7204VXR-NPE300#


         ---Mike

More information about the Quagga-users mailing list